Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Process Monitor
  New Posts New Posts RSS Feed: Process Profiling every one second
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Process Profiling every one second
 Post Reply Post Reply
Author
Message Reverse Sort Order
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17492 		Post Options Post Options   Quote molotov Quote  Post ReplyReply Direct Link To This Post Topic: Process Profiling every one second
    Posted: 14 December 2008 at 3:51am
Hi Christophe,

The Process Profiling events are generated every second.  There is not a way to turn this off (though of course you can use filters to exclude the events).

Thread Profiling events are controlled by the Profiling Events menu item.
Daily affirmation:
net helpmsg 4006
Back to Top
csmathon View Drop Down
Newbie
Newbie
Avatar

Joined: 01 December 2008
Location: Ireland
Online Status: Offline
Posts: 11 		Post Options Post Options   Quote csmathon Quote  Post ReplyReply Direct Link To This Post Posted: 13 December 2008 at 8:28pm
Hi all,
 
On my Procmon settings, I see that Profiling events are disable, but procmon still generat then every second.
If I enable Profiling events generation, they are generated every second as expected.
 
So to summarys, if I disable the Profiling events or enable then every second, I have the same behaviour.
 
My questions:
   Is this normal?
   Does Procmon need it? For what (Process treee, process summary...)?
 
I noticed this with Procmon 2.02 and 2.03
 
Regards
while(!(succeed=try()));
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17492 		Post Options Post Options   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 15 August 2008 at 5:27pm
You're welcome, Jon.
 
For a bit more discussion about the whole flashing LED / optical drive thing, have a look at:
Daily affirmation:
net helpmsg 4006
Back to Top
jhalliday View Drop Down
Newbie
Newbie


Joined: 15 August 2008
Online Status: Offline
Posts: 3 		Post Options Post Options   Quote jhalliday Quote  Post ReplyReply Direct Link To This Post Posted: 15 August 2008 at 5:19pm
molotov,
 
Thanks again for your help. You seem to be a wealth of good information :) I pulled the power to my optical drive and the flashing stopped. I was just concerned that my HD was getting thrashed for no reason, but if it's just polling the optical drive, I don't really care.
 
Also, thanks for helping me understand a bit about what Procmon is doing with the process profiling. I will have to read up more on this area.
 
Anyways, my problem is solved, and you're the man ;)
 
Thanks,
Jon
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17492 		Post Options Post Options   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 15 August 2008 at 4:58pm
The process profiling events happen every second because that's how Process Monitor works.
 
when the filter is set to not show Profiling events, the "event" count in the status bar at the bottom of the application still moves up by exactly the count of rows I pasted in my original post once every second
By default, the filter is non-destructive (it doesn't remove events from the backing store, just the display).  Try Filter -> "Drop Filtered Events", to have Procmon not put the events excluded by the filter in the backing store, while capturing.
 
As far as I can tell, this is happening whether Process Monitor is open or not.
No.
 
The source of the activity you're concerned about ("the LED was flashing briefly while the computer was totally idle") is not Procmon, nor "profiling events".  (The activity was present before you used Procmon, and the profiling events are a "characteristic" of running Procmon.)
 
If there is a CD or DVD in an optical drive, remove it.  If the LED activity persists, try shutting down and removing power to the optical drives, and restarting.  See if the behavior changes.


Edited by molotov - 15 August 2008 at 5:00pm
Daily affirmation:
net helpmsg 4006
Back to Top
jhalliday View Drop Down
Newbie
Newbie


Joined: 15 August 2008
Online Status: Offline
Posts: 3 		Post Options Post Options   Quote jhalliday Quote  Post ReplyReply Direct Link To This Post Posted: 15 August 2008 at 4:54pm
molotov,
 
Thanks for your information. It still leaves me with another question or two that maybe you can shed some light on.
 
First, why do the events seem to happen at exactly one second intervals? Is Process Monitor polling?
 
Second, when the filter is set to not show Profiling events, the "event" count in the status bar at the bottom of the application still moves up by exactly the count of rows I pasted in my original post once every second. In other words, even when I'm not viewing Profiling events, all those above processes are being profiled every one second. As far as I can tell, this is happening whether Process Monitor is open or not.
 
So I guess a second question would be:
What application would cause all my processes to be "profiled" even while process monitor isn't running?
 
It's entirely possible (and probable) that I'm missing something fundamental here, so bear with me :)
 
Thanks again,
Jon
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17492 		Post Options Post Options   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 15 August 2008 at 11:23am
Hi Jon,
 
The Process Profiling events are normal and expected when you choose to display the profiling events - they are events that Process Monitor shows, to provide details about the running processes.  You can see which processes are running, and various properties of them at the time of the event (user time, kernel time, etc.).


Edited by molotov - 15 August 2008 at 11:24am
Daily affirmation:
net helpmsg 4006
Back to Top
jhalliday View Drop Down
Newbie
Newbie


Joined: 15 August 2008
Online Status: Offline
Posts: 3 		Post Options Post Options   Quote jhalliday Quote  Post ReplyReply Direct Link To This Post Posted: 15 August 2008 at 7:26am
Hello,
 
I just did a new Windows Vista Ultimate install, and I happened to glance down at my hard drive LED after doing numerous updates and software installs. I noticed that exactly every one second the LED was flashing briefly while the computer was totally idle. I left for a while thinking that Windows was building some kind of index, but hours later this behavior was still going on.
 
I then decided to download the trusty ol' FileMon, which I now see has been replaced with Process Monitor for Vista. I set the filter in Process Monitor to show only files and didn't see any culprits writing or reading at one second intervals.
 
After playing around a bit with the file, registry, and process filters, I set the filter to only show "Profiling Events". Unfortunately, I'm not at all sure what these are and what they mean, but every second exactly a large group of "Process Profiling" operations occur. I can't gather from the log what is causing these profiling events to occur.
 
Below are the profiling events that occur every second:
 
------------------------------------
 
79721 2:08:48.1496890 AM Idle 0 Process Profiling  SUCCESS User Time: 0.0000000, Kernel Time: 2256.3828639, Private Bytes: 0, Working Set: 24,576
79723 2:08:48.1496930 AM smss.exe 448 Process Profiling  SUCCESS User Time: 0.0000000, Kernel Time: 0.0468003, Private Bytes: 352,256, Working Set: 811,008
79724 2:08:48.1496948 AM csrss.exe 512 Process Profiling  SUCCESS User Time: 0.0624004, Kernel Time: 3.1824204, Private Bytes: 1,736,704, Working Set: 5,111,808
79725 2:08:48.1496966 AM wininit.exe 560 Process Profiling  SUCCESS User Time: 0.0312002, Kernel Time: 0.1404009, Private Bytes: 1,302,528, Working Set: 3,923,968
79726 2:08:48.1496983 AM csrss.exe 572 Process Profiling  SUCCESS User Time: 0.4680030, Kernel Time: 1.4352092, Private Bytes: 1,884,160, Working Set: 6,467,584
79727 2:08:48.1496999 AM services.exe 604 Process Profiling  SUCCESS User Time: 0.1560010, Kernel Time: 1.5756101, Private Bytes: 2,756,608, Working Set: 5,742,592
79728 2:08:48.1497015 AM lsass.exe 616 Process Profiling  SUCCESS User Time: 0.7488048, Kernel Time: 0.6084039, Private Bytes: 4,075,520, Working Set: 2,834,432
79729 2:08:48.1497030 AM lsm.exe 632 Process Profiling  SUCCESS User Time: 0.0000000, Kernel Time: 0.0312002, Private Bytes: 2,105,344, Working Set: 4,227,072
79730 2:08:48.1497046 AM svchost.exe 768 Process Profiling  SUCCESS User Time: 0.4056026, Kernel Time: 2.4492157, Private Bytes: 3,346,432, Working Set: 6,250,496
79731 2:08:48.1497061 AM nvvsvc.exe 816 Process Profiling  SUCCESS User Time: 0.0156001, Kernel Time: 0.0156001, Private Bytes: 1,204,224, Working Set: 3,342,336
79732 2:08:48.1497076 AM svchost.exe 844 Process Profiling  SUCCESS User Time: 0.1716011, Kernel Time: 0.1872012, Private Bytes: 3,899,392, Working Set: 6,758,400
79733 2:08:48.1497094 AM svchost.exe 904 Process Profiling  SUCCESS User Time: 5.4912352, Kernel Time: 0.6708043, Private Bytes: 39,727,104, Working Set: 30,076,928
79734 2:08:48.1497110 AM svchost.exe 940 Process Profiling  SUCCESS User Time: 0.1716011, Kernel Time: 0.3744024, Private Bytes: 16,719,872, Working Set: 12,201,984
79735 2:08:48.1497127 AM svchost.exe 968 Process Profiling  SUCCESS User Time: 5.2260335, Kernel Time: 7.8312502, Private Bytes: 67,825,664, Working Set: 72,265,728
79736 2:08:48.1497143 AM svchost.exe 980 Process Profiling  SUCCESS User Time: 0.9672062, Kernel Time: 1.6224104, Private Bytes: 22,626,304, Working Set: 27,451,392
79737 2:08:48.1497158 AM winlogon.exe 1084 Process Profiling  SUCCESS User Time: 0.0936006, Kernel Time: 0.2340015, Private Bytes: 2,199,552, Working Set: 5,738,496
79738 2:08:48.1497173 AM AUDIODG.EXE 1108 Process Profiling  SUCCESS User Time: 0.0936006, Kernel Time: 0.2808018, Private Bytes: 12,271,616, Working Set: 15,433,728
79739 2:08:48.1497188 AM svchost.exe 1148 Process Profiling  SUCCESS User Time: 0.0000000, Kernel Time: 0.0936006, Private Bytes: 2,326,528, Working Set: 5,120,000
79740 2:08:48.1497203 AM SLsvc.exe 1188 Process Profiling  SUCCESS User Time: 0.5304034, Kernel Time: 0.5304034, Private Bytes: 7,213,056, Working Set: 11,288,576
79741 2:08:48.1497219 AM svchost.exe 1264 Process Profiling  SUCCESS User Time: 0.0624004, Kernel Time: 0.3900025, Private Bytes: 5,836,800, Working Set: 9,564,160
79742 2:08:48.1497235 AM svchost.exe 1364 Process Profiling  SUCCESS User Time: 0.1404009, Kernel Time: 0.6084039, Private Bytes: 13,549,568, Working Set: 14,376,960
79743 2:08:48.1497249 AM aswUpdSv.exe 1472 Process Profiling  SUCCESS User Time: 0.0156001, Kernel Time: 0.0000000, Private Bytes: 974,848, Working Set: 446,464
79744 2:08:48.1497265 AM ashServ.exe 1500 Process Profiling  SUCCESS User Time: 4.1496266, Kernel Time: 1.4664094, Private Bytes: 26,537,984, Working Set: 9,822,208
79745 2:08:48.1497280 AM rundll32.exe 1628 Process Profiling  SUCCESS User Time: 0.0624004, Kernel Time: 0.6552042, Private Bytes: 4,403,200, Working Set: 6,938,624
79746 2:08:48.1497295 AM Dwm.exe 1916 Process Profiling  SUCCESS User Time: 4.0716261, Kernel Time: 1.1388073, Private Bytes: 86,372,352, Working Set: 95,535,104
79747 2:08:48.1497316 AM Explorer.EXE 2000 Process Profiling  SUCCESS User Time: 2.9640190, Kernel Time: 5.8812377, Private Bytes: 31,453,184, Working Set: 47,251,456
79748 2:08:48.1497332 AM spoolsv.exe 460 Process Profiling  SUCCESS User Time: 0.0468003, Kernel Time: 0.4368028, Private Bytes: 6,533,120, Working Set: 9,199,616
79749 2:08:48.1497353 AM taskeng.exe 484 Process Profiling  SUCCESS User Time: 0.0312002, Kernel Time: 0.2028013, Private Bytes: 9,957,376, Working Set: 9,744,384
79750 2:08:48.1497368 AM svchost.exe 476 Process Profiling  SUCCESS User Time: 0.8424054, Kernel Time: 0.3744024, Private Bytes: 13,201,408, Working Set: 15,802,368
79751 2:08:48.1497383 AM MSASCui.exe 2156 Process Profiling  SUCCESS User Time: 0.1092007, Kernel Time: 0.2028013, Private Bytes: 5,935,104, Working Set: 8,933,376
79752 2:08:48.1497399 AM svchost.exe 2172 Process Profiling  SUCCESS User Time: 0.0312002, Kernel Time: 0.1248008, Private Bytes: 5,619,712, Working Set: 9,408,512
79753 2:08:48.1497414 AM sqlservr.exe 2256 Process Profiling  SUCCESS User Time: 0.4056026, Kernel Time: 0.4368028, Private Bytes: 49,442,816, Working Set: 2,039,808
79754 2:08:48.1497429 AM rundll32.exe 2360 Process Profiling  SUCCESS User Time: 0.0156001, Kernel Time: 0.2496016, Private Bytes: 3,543,040, Working Set: 5,525,504
79755 2:08:48.1497446 AM gnotify.exe 2388 Process Profiling  SUCCESS User Time: 0.0780005, Kernel Time: 0.2028013, Private Bytes: 5,378,048, Working Set: 11,702,272
79756 2:08:48.1497461 AM Ctxfihlp.exe 2416 Process Profiling  SUCCESS User Time: 0.0312002, Kernel Time: 0.0624004, Private Bytes: 3,883,008, Working Set: 7,254,016
79757 2:08:48.1497476 AM ashDisp.exe 2452 Process Profiling  SUCCESS User Time: 0.0000000, Kernel Time: 0.0624004, Private Bytes: 3,600,384, Working Set: 1,843,200
79758 2:08:48.1497491 AM taskeng.exe 2464 Process Profiling  SUCCESS User Time: 0.0312002, Kernel Time: 0.0468003, Private Bytes: 2,129,920, Working Set: 5,644,288
79759 2:08:48.1497507 AM svchost.exe 2520 Process Profiling  SUCCESS User Time: 0.0000000, Kernel Time: 0.1560010, Private Bytes: 2,232,320, Working Set: 5,218,304
79760 2:08:48.1497521 AM sqlwriter.exe 2536 Process Profiling  SUCCESS User Time: 0.0312002, Kernel Time: 0.0312002, Private Bytes: 3,895,296, Working Set: 7,303,168
79761 2:08:48.1497537 AM svchost.exe 2592 Process Profiling  SUCCESS User Time: 0.0312002, Kernel Time: 0.0312002, Private Bytes: 4,468,736, Working Set: 6,393,856
79762 2:08:48.1497552 AM svchost.exe 2648 Process Profiling  SUCCESS User Time: 0.0780005, Kernel Time: 0.0312002, Private Bytes: 5,300,224, Working Set: 8,253,440
79763 2:08:48.1497569 AM svchost.exe 2664 Process Profiling  SUCCESS User Time: 0.0000000, Kernel Time: 0.0000000, Private Bytes: 614,400, Working Set: 2,211,840
79764 2:08:48.1497585 AM CTXFISPI.EXE 2864 Process Profiling  SUCCESS User Time: 0.0312002, Kernel Time: 0.0624004, Private Bytes: 9,777,152, Working Set: 8,491,008
79765 2:08:48.1497600 AM SearchIndexer.exe 2872 Process Profiling  SUCCESS User Time: 0.1404009, Kernel Time: 0.2652017, Private Bytes: 41,926,656, Working Set: 13,889,536
79766 2:08:48.1497615 AM ashMaiSv.exe 3412 Process Profiling  SUCCESS User Time: 0.0780005, Kernel Time: 0.1092007, Private Bytes: 3,600,384, Working Set: 1,466,368
79767 2:08:48.1497641 AM ashWebSv.exe 3484 Process Profiling  SUCCESS User Time: 0.1248008, Kernel Time: 0.3588023, Private Bytes: 23,130,112, Working Set: 12,931,072
79768 2:08:48.1497665 AM ieuser.exe 4092 Process Profiling  SUCCESS User Time: 0.0624004, Kernel Time: 0.2184014, Private Bytes: 4,194,304, Working Set: 8,818,688
79769 2:08:48.1497681 AM wmiprvse.exe 3612 Process Profiling  SUCCESS User Time: 0.0468003, Kernel Time: 0.0624004, Private Bytes: 3,072,000, Working Set: 5,664,768
-----------------------------------------------
 
Having no idea why all these processes are getting "profiled" every second or what Process Profiling even is, I decided to download and run the avast! antivirus program. avast! didn't turn up any viruses, but I figure it's because I installed it after detecting this problem.
 
Is there any way I can determine what is causing these profiling events?
 
If anyone can shed any light on my situation I would really appreciate it.
 
Thanks,
Jon
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down