Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Troubleshooting : ntoskrnl.exe hogging the CPU

May 24, 2015, 7:18 am
$
0
0
Author: pinscomputer
Subject: ntoskrnl.exe hogging the CPU
Posted: 24 May 2015 at 2:18pm

have you tried to install any applications or only the operating system and core drivers?
 
if you tried to install applications, which ones?
Search

Troubleshooting : ntoskrnl.exe hogging the CPU

May 24, 2015, 8:31 am
$
0
0
Author: RZK
Subject: ntoskrnl.exe hogging the CPU
Posted: 24 May 2015 at 3:31pm

Originally posted by pinscomputer pinscomputer wrote:


have you tried to install any applications or only the operating system and core drivers?
 
if you tried to install applications, which ones?


Yes, I have a few things installed. I forgot to mention but I didn't install any drivers; the OS did when it was updating. Then it started happening. I figured it might have been a missing driver somewhere and went looking, but found nothing missing.

Edited by RZK - Yesterday at 3:32pm

Troubleshooting : ntoskrnl.exe hogging the CPU

May 24, 2015, 8:38 am
$
0
0
Author: MagicAndre1981
Subject: ntoskrnl.exe hogging the CPU
Posted: 24 May 2015 at 3:38pm

Microsoft hasn't uploaded the debug symbols for Build 10122, so I can't really see the cause. Submit this issue via the Feedback tool in Win10 and attach the ETL there to the report.

The only thing I can see is that rundll32.exe calls aeinv.dll which scans for your installed software and sends a report to Microsoft so that MS can detect software incompatibilities.

Troubleshooting : ntoskrnl.exe hogging the CPU

May 24, 2015, 8:42 am
$
0
0
Author: RZK
Subject: ntoskrnl.exe hogging the CPU
Posted: 24 May 2015 at 3:42pm

Originally posted by MagicAndre1981 MagicAndre1981 wrote:

Microsoft hasn't uploaded the debug symbols for Build 10122, so I can't really see the cause. Submit this issue via the Feedback tool in Win10 and attach the ETL there to the report.

The only thing I can see is that rundll32.exe calls aeinv.dll which scans for your installed software and sends a report to Microsoft so that MS can detect software incompatibilities.


Hmm, ok... I used the 8.1 WPA tools to get that etl file, either way. Guess that's what you get for living on the edge. I'll submit a report to Microsoft then. Thanks for the help.

Troubleshooting : ntoskrnl.exe hogging the CPU

May 24, 2015, 9:57 am

Troubleshooting : ntoskrnl.exe hogging the CPU

May 24, 2015, 10:39 am
$
0
0
Author: MagicAndre1981
Subject: ntoskrnl.exe hogging the CPU
Posted: 24 May 2015 at 5:39pm

@RZK

this has nothing to do with the WPA version. The 8.1 version works in 10, only the 8.0 version did not work in 8.1.

@pinscomputer

the April version is 10074 and the symbols don't work for 10122.

Troubleshooting : ntoskrnl.exe hogging the CPU

May 24, 2015, 11:22 am
$
0
0
Author: RZK
Subject: ntoskrnl.exe hogging the CPU
Posted: 24 May 2015 at 6:22pm

Originally posted by MagicAndre1981 MagicAndre1981 wrote:

@RZK

this has nothing to do with the WPA version. The 8.1 version works in 10, only the 8.0 version did not work in 8.1.



Yes, I just mentioned that in passing, nothing else.

I used Process Explorer in the meantime and it told me ACPI.sys is what's hogging the CPU, but I guess that was obvious by now. I went around and found many possible culprits, from the ethernet card to the BIOS itself needing an update - but I'm on the latest BIOS version and both network cards have the manufacturer's drivers or the ones installed by Windows Update.

I also reverted back to the previous build, 10074. The issue remains the same.

Edited by RZK - 19 hours 60 minutes ago at 7:01pm

Miscellaneous Utilities : [Bug] VMMap handling of no longer available PID's

May 24, 2015, 2:52 pm
$
0
0
Author: bbanelli
Subject: [Bug] VMMap handling of no longer available PID's
Posted: 24 May 2015 at 9:52pm

Greetings to all,

this is my first post here so I hope I'm doing it right - kindly correct me if I have missed anything crucial.

VMMap 3.12 on Windows 7 x64

If PID is no longer available, VMMap produces random (very large) results. In addition to that, it seems that text boxes become corrupt as well (please see attached images).





In addition to that, should't desired behavior with handling invalid/unavailable PID's be last known valid state (with a timestamp, perhaps)? In other words, if PID becomes unavailable, could VMMap display last known state while PID was reachable? I understand there is a timeline but it looks "nasty" and impractical when PID is unavailable...

With my best,

Bruno



Edited by bbanelli - 17 hours 7 minutes ago at 9:54pm
Search

Miscellaneous Utilities : Diskmon and SSDs

May 24, 2015, 4:11 pm
$
0
0
Author: Dax1792
Subject: Diskmon and SSDs
Posted: 24 May 2015 at 11:11pm

There is some limited information about the file system statistics on MSDN
A slightly expanded version with a link to a definition of sub-read and sub-write operations.
 
 
 
Your method looks completely reasonable to me.


Edited by Dax1792 - 15 hours 39 minutes ago at 11:22pm

Troubleshooting : ntoskrnl.exe hogging the CPU

May 24, 2015, 11:36 pm
$
0
0
Author: MagicAndre1981
Subject: ntoskrnl.exe hogging the CPU
Posted: 25 May 2015 at 6:36am

create a xperf trace in Build 10074, here we have the symbols.

Troubleshooting : ntoskrnl.exe hogging the CPU

May 25, 2015, 4:06 am
$
0
0
Author: RZK
Subject: ntoskrnl.exe hogging the CPU
Posted: 25 May 2015 at 11:06am

Originally posted by MagicAndre1981 MagicAndre1981 wrote:

create a xperf trace in Build 10074, here we have the symbols.


Here it is: http://1drv.ms/1FaOeVv

Edited by RZK - 3 hours 49 minutes ago at 11:12am

Miscellaneous Utilities : [Bug] VMMap handling of no longer available PID's

May 25, 2015, 11:04 am
$
0
0
Author: Dax1792
Subject: [Bug] VMMap handling of no longer available PID's
Posted: 25 May 2015 at 6:04pm

Send bug reports to the email address in the Help. This forum isn't monitored actively by anyone that matters. 

Miscellaneous Utilities : [Bug] VMMap handling of no longer available PID's

May 25, 2015, 1:08 pm
$
0
0
Author: pinscomputer
Subject: [Bug] VMMap handling of no longer available PID's
Posted: 25 May 2015 at 8:08pm

how are you launching VMMAP?
 
what is making the PID of the process monitored by VMMAP to become "no longer available"?

Process Explorer : How to find what is using my resouces

May 25, 2015, 2:30 pm
$
0
0
Author: eddferrell
Subject: How to find what is using my resouces
Posted: 25 May 2015 at 9:30pm

Hello,

I have a server, (2008 R2) that is just dragging along. I have looked through all of the event logs but cannot find what is using causing all of the slowness. I have downloaded and ran both Process Explorer and Process Monitor but I am over my level of knowledge trying to interpret what they are telling me. 

I see a file "timeout.exe" that seems to be starting and stopping quite often. I also see in Process monitor that there are a lot of non-success items listed. It is affecting both the client speeds and if I am just using the server itself.

I know this is a very general request but can someone tell me what to look for as i try to find the culprit. I'm more than happy to forward any logs or reports if anyone can point me in the right direction.

I would really appreciate any help offered.
Thanks,
Edd F.

Miscellaneous Utilities : [Bug] VMMap handling of no longer available PID's

May 25, 2015, 3:01 pm
$
0
0
Author: bbanelli
Subject: [Bug] VMMap handling of no longer available PID's
Posted: 25 May 2015 at 10:01pm

Originally posted by Dax1792 Dax1792 wrote:

Send bug reports to the email address in the Help. This forum isn't monitored actively by anyone that matters. 
Thanks, I will do that, didn't really want to bother Mr. Russinovich, I could only guess he is swamped with mails.

Originally posted by pinscomputer pinscomputer wrote:

how are you launching VMMAP?
Hi pinscomputer, thank you for you feedback.

I run it from Explorer.
 
Quote what is making the PID of the process monitored by VMMAP to become "no longer available"?
Process gets shut down (gracefully) after it finishes what it has to do, but should that make any difference?
Search

Process Explorer : How to find what is using my resouces

May 25, 2015, 9:59 pm
$
0
0
Author: MagicAndre1981
Subject: How to find what is using my resouces
Posted: 26 May 2015 at 4:59am

in the process tree dialog inside ProcessMonitor you can see which other process calls the timeout calls.


What in detail is slow in your Windows?


Edited by MagicAndre1981 - 10 hours 37 minutes ago at 5:00am

Troubleshooting : ntoskrnl.exe hogging the CPU

May 26, 2015, 3:09 am
$
0
0
Author: RZK
Subject: ntoskrnl.exe hogging the CPU
Posted: 26 May 2015 at 10:09am

Originally posted by MagicAndre1981 MagicAndre1981 wrote:

yes, you have ACPI.sys issues. The hal.dll!HalpAcpiPmRegisterWritePort indicates Power Management issues.

This is hard to debug. Try a newer BIOS, try to increase the CPU fan speed to cool down the CPU.


Thank you for the help. The BIOS is the latest version but I haven't tried a CPU fan controller... I suspect it's the actual fan that's faulty but I need to open the laptop to be sure. I'll report back.

Internals : Problem finding KiFastCallEntry fnct's location

May 26, 2015, 3:40 am
$
0
0
Author: AlexeyBg
Subject: Problem finding KiFastCallEntry fnct's location
Posted: 26 May 2015 at 10:40am

Hi all,

I'm debugging a certain problem in a Wireless IHV library on Win 8.1. I'm trying to figure out why a specific function returns an error, so I've debugged it in the assembly window in WinDbg. At a certain point I've reached the syscall instruction and would want to continue the step-by-step debugging on the kernel side.

Obviously, I've missed quite a few developments that took place in the recent years. Last time I did something like that the system calls were done by issuing int 2e instruction. But since then, syscall / sysentry technique has replaced it. So I've done some reading to catch up.

But something is still not working.
To begin with, when trying to read from the MSR representing the entry point's address, I keep getting zero as a result:

0: kd> rdmsr 0x176
msr[176] = 00000000`00000000

There's a note in WinDbg's help saying that this command is for kernel mode only, so (even though it sounded strange), I tried this from a breakpoint in a driver as well. Same result, though...

I also tried finding the KiFastCallEntry function by name, but this didn't work either. I have forced the reloading of kernel symbols by .reload /f command and most kernel symbols have indeed been downloaded. Yet, the following attempts fail:

0: kd> u ntoskrnl!KiFastCallEntry
Couldn't resolve error at 'ntoskrnl!KiFastCallEntry'
0: kd> u nt!KiFastCallEntry
Couldn't resolve error at 'nt!KiFastCallEntry'

What am I doing wrong? Any help would be highly appreciated.
Thank you!


Edited by AlexeyBg - 4 hours 54 minutes ago at 10:43am

PsTools : Using psexec and windows task scheduler

May 26, 2015, 6:47 am
$
0
0
Author: pdas
Subject: Using psexec and windows task scheduler
Posted: 26 May 2015 at 1:47pm

Hi,
I have a similar issue. When I call a bat file manually containing psexec it works fine. However it does nothing when called form the task scheduler.  

Original
================================================
PsExec \\USADC-VSHYPD12.quintiles.net -d "D:\Oracle\Middleware\user_projects\epmsystem1_PLN\bin\stop.bat"

After reading various websites I tried below without success

Modified
========
at 08:00 /interactive D:\Oracle\ServiceMaintenance\PsExec \\USADC-VSHYPD12.quintiles.net -i -h -s -u yHypDevSvc -p Pr0dsup01 -accepteula -e cmd.exe /c -d "D:\Oracle\Middleware\user_projects\epmsystem1_PLN\bin\stop.bat" >%START_LOG%

at 08:00 created some multiple tasks in the scheduler as well. Any help would be greatly appreciated.

PsTools : PsExec does not work with Windows Task Scheduler

May 26, 2015, 6:53 am
$
0
0
Author: pdas
Subject: PsExec does not work with Windows Task Scheduler
Posted: 26 May 2015 at 1:53pm

When I call a bat file manually containing psexec it works fine. However it does nothing when called form the task scheduler, I am using Windows Server 2008 R2.

Scripts are posted in uploads/49931/Scripts.zip for reference.

Original
================================================
PsExec \\USADC-VSHYPD12.quintiles.net -d "D:\Oracle\Middleware\user_projects\epmsystem1_PLN\bin\stop.bat"

After reading various websites I tried below without success

Modified
========
at 08:00 /interactive D:\Oracle\ServiceMaintenance\PsExec \\USADC-VSHYPD12.quintiles.net -i -h -s -u yHypDevSvc -p Pr0dsup01 -accepteula -e cmd.exe /c -d "D:\Oracle\Middleware\user_projects\epmsystem1_PLN\bin\stop.bat" >%START_LOG%

at 08:00 created some multiple tasks in the scheduler as well. Any help would be greatly appreciated.



Edited by pdas - 1 hour 39 minutes ago at 1:58pm
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>