Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Process Monitor
  New Posts New Posts RSS Feed: Procmon 2.1 Uses 100% CPU on 2K SP4
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Procmon 2.1 Uses 100% CPU on 2K SP4
 Post Reply Post Reply Page  <1234>
Author
Message Reverse Sort Order
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17492 		Post Options Post Options   Quote molotov Quote  Post ReplyReply Direct Link To This Post Topic: Procmon 2.1 Uses 100% CPU on 2K SP4
    Posted: 20 October 2008 at 4:39pm
Thanks for reporting that the software that you were using, that seems to have caused issues when used with Procmon.

I never saw the pop-up alerts for Procmon to use Services.exe and SMSS.exe when logged on to my Power User account
Can you elaborate on what you mean by this?   The firewall product is intercepting IPC among processes, and holding it up until the user can respond, but not giving the user a chance to respond?? Confused
Daily affirmation:
net helpmsg 4006
Back to Top
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		Post Options Post Options   Quote PaulG Quote  Post ReplyReply Direct Link To This Post Posted: 20 October 2008 at 4:34pm
My problem is a conflict between ZoneAlarm Suite 7.0.483 and
Process Monitor. As soon as I exited ZoneAlarm Suite when logged on to my Administrative account I had no problem running Process Monitor.  I never saw the pop-up alerts for Procmon to use Services.exe and SMSS.exe when logged on to my Power User account. I had the same problem intermittently when logged on my Adminstrative account but when I was able to make ZoneAlarm remenber allowing use of Services and SMSS then Process Monitor worked in my Adminisrative account. It did hang
the system the 3rd or 4th time I tried it while logged on to my
Power User account. I should mention that I do not use
ZoneAlarm's AntiVirus but Norton instead as well as loading
Norton System Doctor, and TaskInfo a Task Manager
like program. 
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17492 		Post Options Post Options   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 18 October 2008 at 4:07pm
What would letting it run longer prove?
Perhaps, that it really is doing necessary processing (what that may be, I do not know) as opposed to being stuck in some endless loop.

I wonder if perhaps ETW is damaged on your system?  I've not heard of that happening, and I don't know what to suggest... Are there any entries in the event logs that might seem helpful?

So far, no one else has indicated they experienced a similar issue on Win2K.  Procmon 2.0 would not run on Win2K, and others discovered this within hours of Procmon 2.0's release.  This might suggest that what you experience may not be widespread, or perhaps even specific to your system.  Or, maybe others simply need more time to chime in... Wink


Edited by molotov - 18 October 2008 at 4:08pm
Daily affirmation:
net helpmsg 4006
Back to Top
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		Post Options Post Options   Quote PaulG Quote  Post ReplyReply Direct Link To This Post Posted: 18 October 2008 at 3:56pm
I let Procmon run with 100% usage for some time probably at least 30 minutes.  What would letting it run longer prove? Is there a way to capture what caused it to resume normal activity?
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17492 		Post Options Post Options   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 18 October 2008 at 3:01pm
It certainly appears that Procmon's driver is busy doing something.

I would say that the 100% CPU usages has gone on for a couple of minustes now.
Are you able to just let it run for a while (30 minutes? a few hours?)

Process Monitor is not responding according to Task Manager.
When it's doing what it's doing, that is normal behavior for Procmon (seems the UI thread is doing other work as well or is waiting for disconnection from ETW).
Daily affirmation:
net helpmsg 4006
Back to Top
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		Post Options Post Options   Quote PaulG Quote  Post ReplyReply Direct Link To This Post Posted: 17 October 2008 at 11:24pm
The message I mentioned earlier when I stopped Process Monitor capture was not accurate. I suppose you figured out the correct message but to be accurate the message is "Disconnecting from Event Tracking for Windows (ETW)  This may take up to a minute.

off to other things. Thanks again
Back to Top
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		Post Options Post Options   Quote PaulG Quote  Post ReplyReply Direct Link To This Post Posted: 17 October 2008 at 11:06pm
Need to do other things right now. Thanks for your response. Will check back later.
Back to Top
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		Post Options Post Options   Quote PaulG Quote  Post ReplyReply Direct Link To This Post Posted: 17 October 2008 at 11:03pm
here is another stack list
ntoskrnl.exe!KiDispatchInterrupt+0x7b
ntoskrnl.exe!KiReleaseSpinLock+0xae4
ntoskrnl.exe!ExFreePoolWithTag+0x16f
PROCMON20.SYS+0x1ff8
PROCMON20.SYS+0x2001
PROCMON20.SYS+0x20da
ntoskrnl.exe!PsSetCreateThreadNotifyRoutine+0xa8
ntoskrnl.exe!KiDispatchInterrupt+0x422
Back to Top
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		Post Options Post Options   Quote PaulG Quote  Post ReplyReply Direct Link To This Post Posted: 17 October 2008 at 11:00pm
Don't know if it is an issue but there seems to be two instances of TID for PROCMON20.SYS one at +0x756 with no CPU or CSwitch Delta values and the active one with 90 to 95% CPU usage and 300 plus CSwitch Delta
Back to Top
PaulG View Drop Down
Newbie
Newbie


Joined: 25 May 2007
Location: United States
Online Status: Offline
Posts: 31 		Post Options Post Options   Quote PaulG Quote  Post ReplyReply Direct Link To This Post Posted: 17 October 2008 at 10:45pm
I have no idea if this is an issue but I have VMware Server v2.0 running although there are no VMs running.
Back to Top
 Post Reply Post Reply Page  <1234>

Forum Jump Forum Permissions View Drop Down