I'm working with a Windows kernel driver (written with WDF) that I'm not the author of, but I have access to the source code. That driver seems to leak kernel memory over time that eventually causes a BSOD.
So while analyzing a full memory dump after a BSOD, I ran:
!wdfdriverinfo drvr.sys 0x41
that showed an unusually high number of the WDFMEMORY objects - almost 20k.
I'm wondering if there's an automated way to find out what is causing this memory leak? (Aside from the static code analysis.)
!wdfpoolusagedebugger extension would be useful to you debugging pool related issues. For more info, see https://learn.microsoft.com/en-us/windows-hardware/drivers/debuggercmds/-wdfkd-wdfpoolusage