But the basic “capture and filter” scenario I’ve outlined above will get you 90% of the information that most people might want to see. In case you haven’t noticed, Process Monitor is very powerful and somewhat complex. Process Monitor (and Process Explorer) won’t fix anything – they’re both tools to help you answer “what’s happening?” with additional data that might help you also learn why. What happens next depends on what you’ve found.
PROCESS MONITOR VS PROCESS EXPLORER WINDOWS
Of course, our old friend Process Explorer is still valuable, as it will tell us even more about the specific process that we’ve located, such as any Windows Services that it might be providing. the process in question was “services.exe.” Double-click any line there and you’ll get more detailed information about that specific event and the process that caused it. For example, I’ve double-clicked on that “system.LOG” file here. Once you’ve identified a file you want to understand more about, double-click it, and the main procmon window will automatically filter the data to include only accesses of that file. I would assume that a for simple “Why is my disk thrashing?” analysis, the default “Total Events” is likely to be the best place to start. You can also sort by any of the other column headers in the file summary dialog so as to see which file took the most time, had the most reads or writes, or did any of several other activities. In this case, you can see that “C\:WINDOWS\system32\config\system.LOG” was the most-accessed file during this capture (taken when I logged into this machine). The default is sorted by “Total Events.” Scroll the data to the left to see the rightmost Path column (which you can also widen by grabbing its right-most column header bar and dragging right). Rather than trying to analyze the raw data (which you’re more than welcome to do), Procmon includes a couple of handy summarization tools.Ĭlick File Summary… for a report of the file I/O activity within the recorded data. If your concern is a start-up problem, you could include it at Windows Startup time by simply adding it to the Startup sub menu.Īfter procmon has run “a while,” collecting data during the behavior you’re concerned about, click it, and once again, press CTRL+E to stop data collection. Running Procmonīecause Process Monitor automatically begins collecting data once you run it, all you need to do is start it. Unlike Process Explorer, which simply shows you process information in relatively real time, Process Monitor works by collecting data for a period of time and then gives you various tools to review and analyze the data collected. Make sure that Enable Advanced Output is not checked on the Filter menu. Press CTRL+E to stop the data collection for now. Procmon allows us to monitor almost all of the activity of processes running on your machine, including who’s accessing the disk.Īfter downloading and running procmon, it’ll start collecting data immediately: To figure out what’s really going on, we’re going to start by downloading a powerful (if extremely geeky) utility called Process Monitor, or “procmon” (not to be confused with another great utility, Process Explorer, or “procexp”). It’s not really telling you anything valuable.
When it comes to disk activity, you can pretty much ignore CPU usage.
2% CPU usage or even much less is plenty to keep the disk busy. 98% idle makes total sense, even if the disk is thrashing as you describe. For a CPU, “waiting” means “doing nothing,” which in Process Explorer is considered idle. The CPU is much faster than the disk, which means it’s actually spending most of its time waiting for the disk to read or write data. It’s quite possible for your CPU to be doing “nothing” while your disk thrashes. Let’s start by clarifying the CPU-usage issue. We’ll look at using Process Monitor to see if we can determine just exactly who’s doing what to your machine. FileMon has been replaced by a significantly more powerful utility, Process Monitor. In the past, I’ve recommended a tool called FileMon to determine what’s been writing to your disk. Your assumption that CPU usage is telling you something is incorrect. One thing I can tell you is, it’s not outside of Windows.
0 kommentar(er)
