Memory Leak and utilization troubleshooting tools and usage!

Hello Friends, As far as I am concerned this is one of the most toughest part of my job till today. There is no perfect answer of an actual performance issues. Mostly some assumptions and correlating reports from some of the below tools give a fade view of what actually happening in terms of High CPU or memory utilization in Windows world.

Common tools I use, other than SCOM reports that mostly wont help that much, was system default or some sysinternal process and memory tools.

There were numerous reason behind every resource constraints, it can be a memory leakage, application demanding for memory or a cache. Below are the few Tools I generally use to track and find the memory and/or processor utilization

1. Perfmon : Performance and monitoring tools, we can use to check the real-time resource utilization of a server. We have Data collector set (depend on the service installed, we have few custom generated data collector set other than default system Diagnostics and System Performance)

2. Task Manager and Resource Monitor : Task manager is a another simple but powerful resource, resource manager (from task scheduler screen), help us track various process, memory and net work utilization to get us some idea about the cause of memory/processor utilization.

3. Process Explorer : Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded. Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work. (
4. Process Monitor : is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. (
5. RAMmap : Use RAMMap to gain understanding of the way Windows manages memory, to analyze application memory usage. This also help us clear the meta file(

6. VMMap : It shows a breakdown of a process’s committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types (

7. Handle v4.1 : Is a command-line utility, same Like Process explorer. Handle is a utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program.(

For us one of the recent high memory utilization isolated to meta file, this server process millions of tiny files everyday as part of server operation.

used below command to gather the working set and its owner, the interesting fact was the sum of this is not matching with the total memory utilization.

Get-WmiObject win32_process -filter “name = ‘cscript'”| Select-Object Name,@{n=’Owner’;e={$_.GetOwner().User}}, WS | sort name

Later we used VMmap and RAM map analyse the memory utlization on each process. Interesting fact was! it was not a memory leak but system cache causing this issue. around 6 GB of meta files caused the memory utilization to 90% always!..

Solution to this was setting system cache to some percentage using DynCache (, Prococes as show below

1) Copy DynCache.exe to %SystemRoot%\System32.
2) From a command prompt, run:
sc create DynCache binpath= %SystemRoot%\System32\DynCache.exe start= auto type= own DisplayName= “Dynamic Cache Service”
This will create a Service that take care of system cache cleaning
3) Import the DynCache.reg registry file.
4) Modify MaxSystemCacheMBytes to “2024” (alternatively you could use % of memory. Any value below 90, consider as %. For example if you set 60 for this key, up to 60% of the memory would be alocated to store system cache. )
5) Start sc start DynCache

NB: If you wish to uninstall this service, execute the following commands:
sc stop DynCache
sc delete DynCache



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s