Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Process Explorer
  New Posts New Posts RSS Feed: DLL's loaded in System process show 0 bytes
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

DLL's loaded in System process show 0 bytes
 Post Reply Post Reply Page  123>
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
jeffbry View Drop Down
Newbie
Newbie


Joined: 18 August 2008
Online Status: Offline
Posts: 15 		  Quote jeffbry Quote  Post ReplyReply Direct Link To This Post Topic: DLL's loaded in System process show 0 bytes
    Posted: 18 August 2008 at 6:37pm
When viewing the system process and the DLL's loaded, they all show 0 bytes for any of the memory columns.  When i choose another process, I can see memory size.  Is there another way to see memory size for DLL's running under system process?
 
thanks.. Jeff


Edited by jeffbry - 18 August 2008 at 6:38pm
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17287 		  Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 18 August 2008 at 6:42pm
Hi Jeff,
 
What version of Process Explorer are you using, and on what OS?
 
Are you launching Process Explorer from an account that is a member of the Administrators group?
 
When you refer to "any of the memory columns", can you give a specific example of a column in the DLL View that exhibits this behavior?
Daily affirmation:
net helpmsg 4006
Back to Top
jeffbry View Drop Down
Newbie
Newbie


Joined: 18 August 2008
Online Status: Offline
Posts: 15 		  Quote jeffbry Quote  Post ReplyReply Direct Link To This Post Posted: 18 August 2008 at 7:07pm
11.20 on 2003 SP2 X86
 
I am a domain admin on this box.
 
I add the columns for WS Total Bytes, WS Private Bytes, WS Shareable Bytes and WS Shared Bytes from the DLL tab under columns.
 
When i choose system process and view lower pane for DLL, all the files show 0 bytes.  If I choose some other process, I can see values in the different columns for the different DLL's.
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17287 		  Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 18 August 2008 at 7:51pm
Please note the current version is 11.21.
 
For the SYSTEM process, the items displaying the lower pane DLL view are drivers.  The values likely don't have any meaning for the SYSTEM process (as the modules reside in the kernel, what distinction is there between private and shared, since there is presumably nothing to share with?).
 
What were you hoping to discover, by inspecting those values for the modules loaded into the SYSTEM address space?
Daily affirmation:
net helpmsg 4006
Back to Top
jeffbry View Drop Down
Newbie
Newbie


Joined: 18 August 2008
Online Status: Offline
Posts: 15 		  Quote jeffbry Quote  Post ReplyReply Direct Link To This Post Posted: 18 August 2008 at 10:22pm
I am trying to figure out why the system process is consuming 1.9GB of memory (as seen from task manager and PE).  I have tried booting the system with no services running, so it must be a driver or DLL loading.
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17287 		  Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 18 August 2008 at 10:25pm
why the system process is consuming 1.9GB of memory (as seen from task manager and PE).
What value are you inspecting?
Daily affirmation:
net helpmsg 4006
Back to Top
jeffbry View Drop Down
Newbie
Newbie


Joined: 18 August 2008
Online Status: Offline
Posts: 15 		  Quote jeffbry Quote  Post ReplyReply Direct Link To This Post Posted: 18 August 2008 at 10:39pm
For the System Process (PID 4)
 
in Task Manager
Mem Usage = 1,975,145 K

in PE
Virtual Size = 1,983,636 K
Working Set = 1,975,145 K
WS Shareable = 1,969,412 K

 
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17287 		  Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 18 August 2008 at 10:54pm
Are you able to do local kernel debugging on the server, and issue WinDbg's !memusage and !vm commands?
Daily affirmation:
net helpmsg 4006
Back to Top
jeffbry View Drop Down
Newbie
Newbie


Joined: 18 August 2008
Online Status: Offline
Posts: 15 		  Quote jeffbry Quote  Post ReplyReply Direct Link To This Post Posted: 18 August 2008 at 11:28pm
yes, though I dont have /debug in boot.ini at the moment.
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17287 		  Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 19 August 2008 at 1:16am
Note that the local kernel debugging message that displays is
WARNING: Local kernel debugging requires booting with kernel
debugging support (/debug or bcdedit -debug on) to work optimally.
So, you may be able to get some info without /debug.
Daily affirmation:
net helpmsg 4006
Back to Top
 Post Reply Post Reply Page  123>

Forum Jump Forum Permissions View Drop Down

Privacy Statement