Background
Reading through Mark Russinovich’s Blog I got a wind of Kernrate. The specific Blog is:
The Case of the System Process CPU Spikes
Link
Kernrate tool allows one to Profile Applications & Device Drivers CPU Usage \ Consumption. It accomplishes this by measuring code as it makes it with through the OS\Windows Kernel.
Installation Media
Depending of your OS, there are a couple of avenues to get KernRate.
Windows 7 • Windows Server 2008 • Windows Server 2008 R2 • Windows Vista (all versions) • Windows Server 2003 with Service Pack 1 (SP1) or later • Windows Server 2003 x64 editions • Windows XP Service Pack 3 (SP3) or later
- Windows Device Driver Kit
Link
MS Windows 2003
- Windows Server 2003 Resource Kit
Link
Installation
Windows Device Kit
Download & Extract
- Once downloaded you will have a copy of GRMWDK_EN_7600_1.ISO
- Extract the ISO File (BTW, 7-Zip is a good tool for extracting compressed files)
- Run kitsetup.exe
- Install Steps
Install Steps
- Choose the following features [Tools & Help (Documentation Collection)]
- Press OK once you’re satisfied with your selection
- Choose the “Install Path” – In our case, we selected “D:\WinDDK\7600.16385.1\”
- End-User License Agreement – Agree to the “License Agreement”
- During the Install, the progress of the Install is indicated from an “Install Progress” bar
- Once Install is completed indicated through the 100% Complete Indicator, click on the “Finish” button
Installation – Windows Server 2003 Resource Kit Tools
If you choose to install via “Windows Server 2003 Resource Kit Tools”
- Download “Link“
- Install “Windows Server 2003 Resource Kit Tools”
- Note install folder
Invocation
To execute the installed Application, please do the following:
- Start Command Shell
- Using cmd.exe in administrator mode
- Depending on the “Install Location” selected during the Installation, proceed to the base of the Install
- Navigate to Tools\Other folder
- Depending on your “Processor & OS Architecture”, choose from the following choices – amd64 (64-bit Intel or AMD Architecture), i386 ( 32-bit), ia64 (Itanium [HP\Intel Collaboration).
- Execute kernrate.exe
Allow the System to run for at least 15 minutes or so. Try your best to have it running
while the system is under heavy load.
Once you think you have generated enough data, press Ctrl-C to terminate your kernrate session.
The Application quickly aggregates and shows the captured data.
Parameters
|
Environment Information:
Explanation:
- Machine Hardware make-up – Number of Processors (note that the number reported is not the number of physical processors, but Logical Processors), Physical Architecture (AMD64, Intel, etc), Physical Memory, PageFile, PageFile location, OS Version, etc.
- Listing of any parameters passed to Kernrate
- Processor Utilization breakdown for each time-slice that was measured – Kernel, User (Application), Idle, DPC, Interrupt
- Summarized Stats for “Available Physical Memory”, “Available Pagefile”, “Available Virtual”, Non-Paged, Paged Pool, Free System PTE
- Summarized Stats for “Context Switches”, “System Calls”, “Page Faults”, “I/O Reads”, “I/O Writes”
- Percentile breakdown for each Module that was operated on by the Kernel Code
Privileges:
- Local Security Policies \ “Profile System Performance” – If not granted then the following error message: 0xc0000061 –> “STATUS_PRIVILEGE_NOT_HELD” is displayed
Output Result:
Once CTRL-C is pressed, here is what we see:
Overall Summary:
Modules:
References
- The Case of the System Process CPU Spikes
Link - Analyze Driver Performance
Link - Kernrate User Guide
Link - Where in the World is KernRate?
Link - How to troubleshoot high CPU in the System Process
Link - Nynaeve – An Introduction to Kernrate
Link - Kernrate Utility RtlAdjustPrivilege Error
Link - System CPU Usage
Link - Troubleshooting CPU Spikes in the System Process (Ricardo Vicente)
Link - 3 Steps to TroubleShooting Device Drivers
Link
First of all thank you for your instructive post.
However, I am having a problem for wich I haven’t found an answer anywhere on the net, i would really appreciate it if you might know something about it:
i have now finally found and downloaded the kernrate that is compatibe with my x64 system, and it works, i open it and wait but when I press ctrl+c do collet the data the programm just closes almost instantly, so i can’t see the result..
And i am thinking that maybe the data log is stored in a folder, it would make sense, but i have no idea in which one it might be stored, i searched in all the folders that might contain the data but found nothing.
I believe a driver is hogging my CPU but I just can’t find out which one without kernrate as far as i know, so any help would be greatly appreciated 😀
Fabian:
Thanks for your generous compliment.
It has been a while since that post went up.
I have a new machine running MS Windows 7.
I am re-installing Windows Driver Kit Version 7.1.0 after downloading it from http://www.microsoft.com/en-us/download/details.aspx?id=11800.
Will share my experience once I go through the process.
Sorry, but might not have one till tomorrow (Wednesday 9/30/2015)
Daniel
Fabian:
I just tried things out and everything worked well.
Are you possibly connecting remotely to the machine that is having problems.
If so, it might just be that the control key (CTRL-D) is not getting across properly.
Can you please try on a local machine.
Another tool that is useful is XPERF ( http://blogs.msdn.com/b/ntdebugging/archive/2008/04/03/windows-performance-toolkit-xperf.aspx ).
Please let me know if you find the problem or if there is another possible path that we can try out.
In sincere gratitude,
Daniel
Thank you very much for your quick response, wow, since the post was kind of old i wasn’t even expecting an answer at all ! 😀
I am also using windows 7 on a local machine..
Maybe I should explain a little bit more : when i press ctrl-c, the program shows the results, but only for half a second until it scrolls down to the end (where it says “end of run”), then it immediately closes..
So this leaves me no time to see anything, and since the program doesn’t seem to be saving the results somewhere, it doesn’t help me..
Is there really no folder where kernrate keeps the collected data in some basic text document??
Meanwhile I will check out the other tool tough, and come back here to keep you informed.
Fabian:
Did you open up a command window by running cmd.exe in Administrative mode?
And, then run kernrate.exe.
Daniel
I did, but it doesnt change anything as far as i know, kernrate.exe still closes as soon as it gets the results, and cmd.exe is unaffected by this operation..
Fabian:
Can we do a quick remote session using Team Viewer. It is available at https://www.teamviewer.com/en/index.aspx.
or you can call my cell at the phone number, I will email you to your personal email address.
Thanks,
Daniel
Did you ever figure out how to solve the problem of the data disappearing quickly i have the exact same problem and no luck with solution.
Brent:
Did you create a new Command Shell and attempt to run from the command line.
If so, can you please email me that screenshot.
Daniel, I had to comment and pat you on the back for your willingness to help Fabian and others. I’ve been using the internet since ’89 and I’ve never seen anyone sat “or you can call my cell”! Spectacular offer and I hope you never lose that helping nature.
Now back to tracking down my own rogue process…
Andrew:
Thanks for your beautiful words.
Something about “Candles not being dimming through lighting others candles” is relatable.
With Wordsmiths like you around, eternity will never be boring – Pope Francis.
Hi, do you know if this is possible to run on server 2012? I’m continuing to have performance issues with my sql server and not sure of the exact problem. Thanks in advance.
Sorry if this is repetitive …I didn’t see my comment post. I’m looking to run this on Server2012. I’ve tried searching for it but haven’t had much luck. I’m having a lot of performance problems between our RD servers and our sql server. We are running in a virtual mode (if that matters). I did see some process threads I want to investigate but process explorer shows them as “unable to access”. I’m hoping that kernrate will help.
Thanks in advance!
Rene:
yes, Kernrate should work in MS Windows 2012.
Specifically, which Application ( MS SQL Server or another application) are you benchmarking?
As you are running in a virtualized environment, you have other worries such as Storage, Memory, and CPU.
All of those are shared and can exhibit varying performance based on what other clients on the same hardware are doing.
Are you using Task Manager & Resource Monitor, as well?
Also, anything showing up in you MS Windows Event Viewer.
And, specifically if your Application is MS SQL Server, what does it say in terms of what is dragging down performance.
I mean to say your Wait Stats.
How big is your Database and what type of Virtualized hardware have you provisioned?
Thanks for asking,
Daniel
I have the same problem like Fabian and Brent, the data disappearing quickly that i can read nothing. is there any solution?
Ali:
Please make sure that you initiate the application from a Windows Command Shell.
1) From Windows Shell enter cmd.exe and also choose to run in Administrator Mode
2) From the command shell
Please see the Invocation section.
Daniel
it works, thanks a lot
Ali:
You are welcome.
Salam