|
How do I analyze excessive Windows kernel mode CPU |
Post Reply 
|
| Author | |
MartinBa 
Newbie 
Joined: 01 February 2011 Status: Offline Points: 8 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: How do I analyze excessive Windows kernel mode CPUPosted: 07 November 2011 at 2:51pm |
|
Greetings!
NOTE: X posting this from OP @ superuser: http://superuser.com/q/354768/50211 -- Feel free to answer there or here ... My Windows XP machine recently started to semi freeze on me every odd reboot after a few minutes of usage (different programs / no additional prg start at all). That is, while Windows remained responsive theoretically (e.g. Mouse Cursor moved normally and I could click, and the click was eventually recognized) actions taken by the user were only responded to after minutes (literally). Example: Hitting the Num-lock key on the keyboard normally toggles the Num-lock LED on the keyboard. This also is the case with my semi-frozen machine, but only after a minute or two. One time, I managed to launch Process Explorer and, after a few minutes, the System information graph clearly indicated 100% CPU usage on the red line (kernel mode) and the green line stayed on zero. In this state, though the graph was still updated on screen, the machine could not be operated anymore. (Well, unless you are willing to wait for a few minutes after every click.) So, now I'm wondering what the problem could be, as I did not install anything new on this machine for weeks, certainly not prior to seeing this behavior. (Rebooting helps sometimes, sometime I need a second or third reboot before the machine becomes usable for a longer period of time.) Now, how can I find out what is actually causing the excessive kernel mode usage? |
|
 |
|
|
tamahome
Senior Member 
Joined: 06 January 2006 Status: Offline Points: 289 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 November 2011 at 4:08pm |
|
You don't see the System process or Interrupts using high cpu?
|
|
|
|
|
MartinBa
Newbie
Joined: 01 February 2011 Status: Offline Points: 8 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 November 2011 at 4:20pm |
I'll admit I only tried this once and haven't gotten around to try it more. (Lack of time and PC usage due to small Kid :-) I only had the System Information graphs open, and it definitely showed the red line at 100% and the green line at ~0%. Further investigation in processexplorer wouldn't be possible anyway, as the system is not responsive anymore. I assume the System process was at 0%, as that normally shows up on the green line, no? I never have used the Interrupts entry up to now, but I'll check whether I can make use of it next time I try. Both entries still wouldn't tell me what's wrong, no? |
|
|
|
|
tamahome
Senior Member
Joined: 06 January 2006 Status: Offline Points: 289 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 November 2011 at 4:25pm |
|
If the System process was using a lot of cpu, you could look at the threads and see which driver it was. You can also try poking around with procmon or xperf. I'm sure Andre will chime in. |
|
|
|
|
MartinBa
Newbie
Joined: 01 February 2011 Status: Offline Points: 8 |
Post Options
Thanks(0)
Quote Reply
Posted: 25 November 2011 at 8:27pm |
|
I have now significantly updated my question on SU
Here's the summary of my findings: Update: I have now managed to get a bit more detail with Process Explorer. This is a 2 core CPU and the 100% kernel usage is only on one core. The process list shows DPCs - Deferred Procedure Calls at 50% (that's 100% on one core). So the question is now: What's DPC and how do I fix them?? Next update: OKIES ... using this and that I have been able to get xperf running on my Windows XP, and the sample dumps I took display just fine on my Win7 laptop.Yes, you need a Win7/Vista computer to view the dumps taken on Windows XP. However, I am now facing the following problem, I can enable xperf tracing, So it seems I'm out of luck here. I would rather throw out the whole rig than start manually disabling drivers ... :-) Any other ideas appreciated! |
|
|
|
|
MagicAndre1981
Moderator Group 
Joined: 08 January 2007 Location: Germany Status: Offline Points: 1505 |
Post Options
Thanks(0)
Quote Reply
Posted: 25 November 2011 at 11:15pm |
|
Run it this way:
xperf -on latency -buffersize 1024 && timeout -1 && xperf -d DPC.etl does this allow you to dump the data into an ETL file? Edited by MagicAndre1981 - 25 November 2011 at 11:15pm |
|
|
|
|
MartinBa
Newbie
Joined: 01 February 2011 Status: Offline Points: 8 |
Post Options
Thanks(0)
Quote Reply
Posted: 26 November 2011 at 8:34pm |
|
Thanks for the suggestion.
I very much doubt this'll work, as the ampersand (&) is just a way to specify to the shell/cmd.exe to run these processes one after the other. The cmd still needs to start the process (and it only starts it once the previous one has finished), so it would hang the same. cheers, Martin |
|
|
|
|
MagicAndre1981
Moderator Group
Joined: 08 January 2007 Location: Germany Status: Offline Points: 1505 |
Post Options
Thanks(0)
Quote Reply
Posted: 28 November 2011 at 1:10pm |
|
use start /HIGH to start the second xperf. Does this help?
|
|
|
|
|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Topic Options
tamahome wrote: