1. Press Ctrl+Alt+Delete and select Task Manager.
2. Click the Performance tab.
3. Monitor the following over time:
   • Under Physical Memory (K), verify to see whether the Available value decreases. If it decreases, you might have a memory leak.
   • Under Kernel Memory (K), observe changes in Paged and Non-paged memory to identify whether it’s a kernel-paged or non-paged memory leak.
4. If you identify a leak, click the Processes tab, and select View.
5. Select Columns and enable the following:
   • Page Faults
   • Virtual Memory Size
   • Paged Pool
   • Non-paged Pool
   • Handle Count
   • Thread Count
6. On the Processes tab, click Mem Usage to bring the process using the most memory to the top.
   
   NOTE: If you identify a process that is using high memory and not releasing it, use the following information to help troubleshoot the issue. You might also need to provide a process dump to help identify the cause.  

PoolMon and PerfMon 
For a more in depth and accurate analysis, run PoolMon and PerfMon at the same time.

PoolMon

1. Prepare to run PoolMon:
   1. Poolmon.exe is contained in the Microsoft Windows Driver Kit (WDK). You can download it from the Microsoft WDK site.
   2. Install PoolMon on the computer you want to test by following the Microsoft product instructions.
2. Run PoolMon. The following example outlines a procedure for using PoolMon to detect a memory leak:
   1. Press Windows+R, type cmd, and press Enter.
   2. Go to the PoolMon directory.
   3. Type the following command and press Enter:
      
      IMPORTANT: To obtain the most accurate results, follow the instructions below accurately. Starting PoolMon changes the data, so you must let it run until it reaches a steady state and the data is reliable.
      
      poolmon -b -p -r -n <filename>.log
      
      Let PoolMon run for at least a few hours; sometimes it might need to run for a few days.
   4. Stop PoolMon, wait for 30 minutes, and then restart PoolMon.
      
      IMPORTANT: Repeat it every 30 minutes for at least two hours. 
       
   5. If needed, use the following script to take multiple snapshots over time:
      
      @ECHO off
      :LOOP
      ECHO %DATE %TIME% >>filename.log
      Poolmon -b -p -r -n filename.log
      Ping -n seconds 127.0.0.1 >NULL
      GOTO LOOP
      
      NOTE: For the seconds value, we recommend every 15 minutes. 
       
   6. When data collection is complete, examine the following values for each tag, and note any that continually increase:
      • Diff (allocations minus free bytes)
      • Bytes (number of bytes allocated minus number of bytes freed)
   7. Examine the allocations that were increasing, and determine whether the bytes are now freed. Allocations that have still not been freed, or have continued to increase in size, are the likely cause.