Can you please check and see if this is fixed with the newest version? Please let us know whether it is fixed or you are still experiencing the problem.
Thank you.
PM sent.
Can you please check and see if this is fixed with the newest version? Please let us know whether it is fixed or you are still experiencing the problem.
Thank you.
PM sent.
Can you please check and see if this is fixed with the newest version (6.3.294583.2937)? Please let us know whether it is fixed or you are still experiencing the problem.
Thank you.
PM sent.
Can you please check and see if this is fixed with the newest version (7.0.313494.4115)? Please respond to this topic letting us know whether it is fixed or if you are still experiencing the problem.
Thank you.
PM sent.
Thank you for checking this. I have updated the tracker.
Looks like memory leak to me. After a restart (Can’t have a program eat 16GB of my RAM) the usage grows steadily. Now, at almost 4 days up time, the usage is ~2400 MB.
Thanks. I’ve updated the tracker with the updated information.
HackAR, if you don’t mind, could you follow the advice given here and make a Complete Memory Dump when the memory usage is very high. If you have any questions at all please let me know.
Thank you.
Complete memory dump is not an option. This would include several crypt keys, I’m not willing to submit to anyone
May I offer any other help? VS2010 is installed. I might try a debugging tool of your choice also.
P.S. 5d 05h uptime: ~3300 MB usage.
In that case please follow the steps on this page.
Please do not overlook the additional note just before the ‘licence’ heading as it may be important.
Also, note that you will need to rename cmdguard.sys and reboot before attaching the debugger. This is because cmdguard protects the memory of CIS from access in V7. This may also then require running the diagnostics program and allowing it to think it has fixed the problem, and possibly a second reboot after running diagnostics too. This is not entirely clear as I have not tested it.
If you run into trouble while trying to use this mouse1 may be available to help within the next couple of days. However, at the moment neither of us has entirely tested this entire procedure. Let me know how it goes, but if it’s too frustrating it’s best to wait until mouse1 better understands all steps of the procedure.
Thank you.
Ok, I got parts of Windows SDK 7.1 installed, including Debugging Tools. I will try to follow the procedure later, since it requires a reboot. It might take few days, but I’m on it
Hi I have just checked how to disable cmdagent memory protection in V7. This should allow the debugger to be attached.
The easiest way is to go into Killswitch and look on the drivers list for cmdguard.sys, and set the startup type to disabled, then reboot. To reverse set it back to the original startup type (system start) and reboot. (You can also rename the file in System32\drivers and reboot, but this is a bit more fiddly).
Unfortunately this will disable the auto-sandbox - but you could use HIPS in safe mode to provide protection instead. If you do you will need to make the debugger an exception under HIPS Rules ~ Comodo Internet Security Group ~ Edit ~ Protection tab ~ Memory access ~ Modify ~ Exclusions.
If the leak does not occur with cmdguard.sys disabled, then it must be in a routine which interacts with cmdguard, which will itself help the devs to find it.
BTW do you use any Oracle software - I remember a memory leak that only occurred in the presence of a bit of Oracle software - some version of the database I think?
Oracle? Like Java? Yes, I use Java. The DB I use is PostgreSQL. Wouldn’t touch any Oracle DBs…
Weird… Killswitch won’t start. Crashes after “Starting…” without notification. I did use it previously on this system though.
Btw, after crossing the 4 GB, the usage dropped by about 3.9 GB, but private (reserved) memory is still 4+ GB. And both are rising
Sorry about this, if you have a dump file please report it as a separate bug.
You should be able to use Process Hacker instead: http://processhacker.sourceforge.net/
Don’t think it affected Java. Not sure about PostgreSQL - does it share drivers with Oracle at all?
Ok. Restarted the system and now waiting for memory usage to grow.
What info do you need? Without debug symbols the available info will be limited though.
Please follow the intsructions in the link quoted below:
You should end up with proof of the leak and an indication of the function etc.
What I have done:
I will give it some time and reattach WinDbg again and take a look at the heap.
Btw, since I don’t have the debug symbols, I don’t think it’ll show me what function is causing it. But I’ll post whatever I get
I guess I got something:
Allocations statistics for
heap @ 0000000008dd0000
group-by: TOTSIZE max-display: 20
size #blocks total ( %) (percent of total busy bytes)
f8 26cea - 25982b0 (71.86)
5c 23123 - c9a894 (24.09)
58 1d5d - a17f8 (1.21)
6e 172e - 9f5c4 (1.19)
138 30b - 3b568 (0.44)
66 4f4 - 1f938 (0.24)
9c 2db - 1bd74 (0.21)
150 11a - 17220 (0.17)
fa00 1 - fa00 (0.12)
8a 1bf - f0f6 (0.11)
2c8 36 - 9630 (0.07)
10f8 5 - 54d8 (0.04)
32d8 1 - 32d8 (0.02)
1000 3 - 3000 (0.02)
72 4c - 21d8 (0.02)
201a 1 - 201a (0.01)
ae 20 - 15c0 (0.01)
800 2 - 1000 (0.01)
300 5 - f00 (0.01)
180 a - f00 (0.01)
0000000015e0bfa0 0013 0013 [07] 0000000015e0bfb0 000f8 - (busy)
? cmdstat!DllInstall+19b9c0
and “!heap -flt s 5c”
0000000016210540 0009 0009 [07] 0000000016210550 0005c - (busy)
? cmdstat!DllInstall+264718
address 0000000015e0bfb0 found in
_HEAP @ 8dd0000
HEAP_ENTRY Size Prev Flags UserPtr UserSize - state
0000000015e0bfa0 0013 0000 [07] 0000000015e0bfb0 000f8 - (busy)
? cmdstat!DllInstall+19b9c0
Anything else?