Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Process Monitor
  New Posts New Posts RSS Feed: Procmon 2.1 Uses 100% CPU on 2K SP4
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Procmon 2.1 Uses 100% CPU on 2K SP4
 Post Reply Post Reply Page  <1234>
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		  Quote PaulG Quote  Post ReplyReply Direct Link To This Post Topic: Procmon 2.1 Uses 100% CPU on 2K SP4
    Posted: 17 October 2008 at 9:50pm
In Process Explorer System Properties Process Monitor has most CPU Usage  about 85-90% followed by kmixer.sys  with about 2-4%. In main Explorer window everything else has less thasn about 10% CPU Usage
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17287 		  Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 17 October 2008 at 10:02pm
Process Monitor has most CPU Usage  about 85-90%
Presumably, you mean procmon20.sys+0xnnn.  Double-click this item, select all of the items in the "Stack for thread nnnn" dialog that displays, and click the Copy button.  Then paste the stack in a reply.
Daily affirmation:
net helpmsg 4006
Back to Top
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		  Quote PaulG Quote  Post ReplyReply Direct Link To This Post Posted: 17 October 2008 at 10:40pm
ntoskrnl.exe!KiDispatchInterrupt+0x7b
VIDEOPRT.SYS!VideoPortQueueDpc+0x1e
ntoskrnl.exe!KeUpdateSystemTime+0x14c
PROCMON20.SYS+0x1ff8
PROCMON20.SYS+0x20da
ntoskrnl.exe!PsSetCreateThreadNotifyRoutine+0xa8
ntoskrnl.exe!KiDispatchInterrupt+0x422

I have now logged in using my administrative account and have the same problem. I believe this is what you asked for. I used the latest download symbols and not the MS server version if that makes any difference.
Back to Top
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		  Quote PaulG Quote  Post ReplyReply Direct Link To This Post Posted: 17 October 2008 at 10:45pm
I have no idea if this is an issue but I have VMware Server v2.0 running although there are no VMs running.
Back to Top
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		  Quote PaulG Quote  Post ReplyReply Direct Link To This Post Posted: 17 October 2008 at 11:00pm
Don't know if it is an issue but there seems to be two instances of TID for PROCMON20.SYS one at +0x756 with no CPU or CSwitch Delta values and the active one with 90 to 95% CPU usage and 300 plus CSwitch Delta
Back to Top
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		  Quote PaulG Quote  Post ReplyReply Direct Link To This Post Posted: 17 October 2008 at 11:03pm
here is another stack list
ntoskrnl.exe!KiDispatchInterrupt+0x7b
ntoskrnl.exe!KiReleaseSpinLock+0xae4
ntoskrnl.exe!ExFreePoolWithTag+0x16f
PROCMON20.SYS+0x1ff8
PROCMON20.SYS+0x2001
PROCMON20.SYS+0x20da
ntoskrnl.exe!PsSetCreateThreadNotifyRoutine+0xa8
ntoskrnl.exe!KiDispatchInterrupt+0x422
Back to Top
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		  Quote PaulG Quote  Post ReplyReply Direct Link To This Post Posted: 17 October 2008 at 11:06pm
Need to do other things right now. Thanks for your response. Will check back later.
Back to Top
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		  Quote PaulG Quote  Post ReplyReply Direct Link To This Post Posted: 17 October 2008 at 11:24pm
The message I mentioned earlier when I stopped Process Monitor capture was not accurate. I suppose you figured out the correct message but to be accurate the message is "Disconnecting from Event Tracking for Windows (ETW)  This may take up to a minute.

off to other things. Thanks again
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17287 		  Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 18 October 2008 at 3:01pm
It certainly appears that Procmon's driver is busy doing something.

I would say that the 100% CPU usages has gone on for a couple of minustes now.
Are you able to just let it run for a while (30 minutes? a few hours?)

Process Monitor is not responding according to Task Manager.
When it's doing what it's doing, that is normal behavior for Procmon (seems the UI thread is doing other work as well or is waiting for disconnection from ETW).
Daily affirmation:
net helpmsg 4006
Back to Top
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		  Quote PaulG Quote  Post ReplyReply Direct Link To This Post Posted: 18 October 2008 at 3:56pm
I let Procmon run with 100% usage for some time probably at least 30 minutes.  What would letting it run longer prove? Is there a way to capture what caused it to resume normal activity?
Back to Top
 Post Reply Post Reply Page  <1234>

Forum Jump Forum Permissions View Drop Down

Privacy Statement