Wednesday, July 29, 2015

windows xp - Tracking down System CPU usage


My System process (Not system idle process) is using 5-10% CPU constantly.


Using Sysinternals process explorer, I've identified the offending thread as having an ID of 8 and the following stack trace:


ntkrnlpa.exe!NtBuildNumber+0x33
ntkrnlpa.exe!MmIsDriverVerifying+0xb9a
ntkrnlpa.exe!ZwYieldExecution+0x941
ntkrnlpa.exe!KeRemoveQueue+0x276
ntkrnlpa.exe!MmTrimAllSystemPagableMemory+0x669b

How can I take the above information and determine which DLL/Driver/??? is the culprit?


Edit: Interestingly, after a reboot, the System process is still eating up CPU (It's the same Thread Id (8) which is using CPU but I'm assuming that's pure coincidence). The stack trace, however, is noticeably different:


ntkrnlpa.exe!KiDispatchInterrupt+0xa7
ntkrnlpa.exe!ZwYieldExecution+0x3744
ntkrnlpa.exe!NlsOemLeadByteInfo+0x19a74
ntkrnlpa.exe!PsRemoveCreateThreadNotifyRoutine+0x214
ntkrnlpa.exe!KiDispatchInterrupt+0x72e

Answer



Please configure your symbols so that you get more useful information, also look into the stacks if you can.


Other than that, you can try this procedure so that I could try to look into it (or you could yourself)... :)


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...