|
Viewing processes in explorer... |
Post Reply 
|
Page <1234 6> |
| Author |
 Share Topic Printable Version Delicious Digg Facebook Furl Google MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search  Topic Options
|
Freeway 
Newbie 
Joined: 20 February 2007 Online Status: Offline Posts: 29 |
 Post Options
 Quote Reply
 Topic: Viewing processes in explorer...Posted: 01 March 2007 at 9:46pm |
|
I performed all of the steps again and ran kernrate again and hopefully this one will show symbols
http://files.filefront.com//;6840886;;/ |
|
 |
|
|
molotov
Moderator Group 
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 01 March 2007 at 5:51pm |
|
Hmm... Still no symbols, and no symbol server mentioned in the output. I'll try to devise some other technique to get the desired information. I don't know why the batch file didn't work for you - it tested well on my systems... But that's always how things go.
And the output from that run was no different than the most recent assessment...
At least we're seeing consistency...
 |
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
Freeway
Newbie
Joined: 20 February 2007 Online Status: Offline Posts: 29 |
Post Options
Quote Reply
Posted: 01 March 2007 at 3:46pm |
|
alright i ran the batch file and ran kernrate again, hopefully it will work
 http://files.filefront.com//;6838647;;/ yesterday I wasnt having too many spikes at all but today I dont even have to be doing anything on my computer or anything and they will start and keep up for 30 or so minutes |
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 01 March 2007 at 3:36pm |
|
... and for what it's worth, the last one had output similar to the previous 3...
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 01 March 2007 at 3:35pm |
|
No symbols yet. Looks like the space that the forum software inserted in "microsoft" got carried over to the command that was input to set _NT_SYMBOL_PATH:
The command to set _NT_SYMBOL_PATH should be all on one line, with just one space - between the 't' in set, and the first '_' in _NT_SYMBOL_PATH.
Also, make sure symsrv.dll is in the C:\Program Files\KrView\Kernrates folder.
I've attached a batch file you might use that will set _NT_SYMBOL_PATH, go to the kernrates folder, check for symsrv.dll and if it is there it will invoke kernrate with the appropriate params, and then open the kernrates folder in explorer.
Edit: Removed batch file Edited by molotov - 01 March 2007 at 6:53pm |
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
Freeway
Newbie
Joined: 20 February 2007 Online Status: Offline Posts: 29 |
Post Options
Quote Reply
Posted: 01 March 2007 at 3:01pm |
|
heres another one, after I followed the steps in the link you posted, this one is just with "system" spiking for the most part, cpu usage is staying above 50% and jumping between that and 80%
http://files.filefront.com//;6838446;;/ |
|
|
|
|
Freeway
Newbie
Joined: 20 February 2007 Online Status: Offline Posts: 29 |
Post Options
Quote Reply
Posted: 01 March 2007 at 11:35am |
|
no its my own machine, its named that way because I didnt change the name of it in the windows welcome screen when I reformatted and installed windows again
|
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 01 March 2007 at 7:50am |
|
The last three have all been very similar, with roughly 80% of the time being spend in the HAL module, roughly 12% of the time being spent in the ACPI module, roughly 5.5% of the time being spent in the ntkrnlpa module, and the rest of the time (trivial) being spent in various other modules.
Looks like the HAL is trying to do a lot of I/O? Top functions called are:
--HAL!WRITE_PORT_UCHAR
--HAL!READ_PORT_UCHAR
--HAL!WRITE_PORT_USHORT
--HAL!READ_PORT_USHORT
Interestingly, the function that ntkrnlpa spends most of its time in is wctomb, the "convert wide character to multibyte character" function.
I'm not sure these are totally accurate as kernrate indicates that export symbols are used because debugging symbols for the modules is not available. This is likely because _NT_SYMBOL_PATH has not been set prior to capturing the traces.
See steps 1 ,2, and 3 in this post for instructions on doing so, keeping in mind that the forum software appears to insert spaces into lengthy character sequences. The command line for kernrate seems to support prepending a symbolpath ("-j" option) but the syntax and help is unclear as to whether / how this might support the symbol server. So, _NT_SYMBOL_PATH seems to be a good choice.
Is the machine you're having problems with a virtual machine (its name is VM-199085)? Edited by molotov - 01 March 2007 at 8:09am |
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
Freeway
Newbie
Joined: 20 February 2007 Online Status: Offline Posts: 29 |
Post Options
Quote Reply
Posted: 28 February 2007 at 9:33pm |
|
I zipped both output and stdouterr:
http://files.filefront.com//;6832934;;/ |
|
|
|
|
Freeway
Newbie
Joined: 20 February 2007 Online Status: Offline Posts: 29 |
Post Options
Quote Reply
Posted: 28 February 2007 at 5:49pm |
|
no, I dont have microsoft excel, and Ill run that new command once the spikes happen again
|
|
|
|
|
Post Reply
|
Page <1234 6> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
