Thread: Shutdown longer than usual
View Single Post
  #11  
Old November 22nd 19, 01:16 AM posted to alt.comp.os.windows-10
Rene Lamontagne
external usenet poster
  
Posts: 2,549
Default Shutdown longer than usual
On 2019-11-20 1:14 a.m., Paul wrote:
Paul wrote:
Rene Lamontagne wrote:
On 2019-11-19 7:04 p.m., Rene Lamontagne wrote:
On 2019-11-19 4:01 p.m., Paul wrote:
Rene Lamontagne wrote:
About 5 or 6 months ago running the then current Windows 10 ver
1903 my system used to do a shutdown in 6 or 7 seconds.
Now I find it taking about 19 to 26 seconds, Faststart is disabled
and so is hibernation and Hiberfil is uninstalled.
Everything is disabled in Task manager-startup and I have no
other programs running in the background.
Any hints, or as Paul would say breadcrumbs for me to look at.
This is not a great hardship but makes me wonder what is the cause.

Rene


Process Monitor from Sysinternals, can capture both
a shutdown and a startup session.

You could change the backing store to disk rather than RAM.
Select the option to capture the next startup. Leave the
tool running and shut down. Both the shut down and the
startup should be captured. Then have a look at the
ProcMon events, for the problem.


Never really having used ProcMon before I am struggling migthily to
learn how it works, I have set it to store to a disk file and have
set it to capture events which when I shutdown and restart with it
running I do get a file called in my case stop.pml on the desktop
which covers about 2 minutes and about 43,00 files. Is this what I
need and what should I be looking for



Note that some events on a computer, resist debugging.
When I discovered that Windows 10 was initializing RAM
somehow at startup, and taking 20 seconds to do so,
there was a "gap" in the trace. No activity for 20 seconds
in terms of things starting or stopping. I had to surmise
a compute-bound activity was happening (no disk access).
And perhaps, an activity proportional to the size of
the system RAM. A small VM for example, would start a
lot faster.

So while ProcMon can give you a trace, it's not gdb or
Windbg and doesn't trace at that level. And some activities
will remain elusive and require conjecture.

Â*Â*Â* Paul


Do I need to look for some kind of shutdown event or some specific
time frame in seconds?

Rene



Should be 143,000 and still counting at 47%!!!

Rene

There should be two separate files.

When you start ProcMon running, after the desktop comes
back up from the reboot, it should prompt for a storage name
for the boot-up trace it has collected.
That would be the second trace. That's my recollection
at least.

Procmon works, by injecting procmon23.dll or similar, into
the System32 folder. So it uses a DLL. It sets the hidden bit
on it, so you aren't supposed to be able to see it. You can probably
use a "dir" command and ask for a listing of hidden items, and then
you might see it in the listing. And the other thing about that,
is it doesn't remove that DLL either :-/ Like, when it's finished.

It also, doesn't always work. Don't ask me why.

I'll have a go in Windows 10 1909 in a minute, and refresh my memory
on how this works.

Â*Â* Paul

I placed a copy of procmon.exe in my Downloads folder

I set the backing store to "pocketlink.pml". Then I stopped
and restarted the program.

I then left the procmon trace running while I reached over
to select "Reboot" from the Menu.

This is placed in the drivers folder. They're
using a new version.

C:\Windows\System32\drivers\

dir /ah procmon*

Â*Â* PROCMON23.SYS
Â*Â* PROCMON24.SYSÂ* === added now

At startup, I waited roughly two minutes before
starting procmon.exe. It prompts to save bootlog.pml,
which consists of five files (a gigabyte of them).

Now, if I stop Procmon and drag and drop either pocketlint.pml
or bootlog.pml onto the program icon, I get some timestamp ranges.

pocketlint.pml 1:46:51Â* === shutdown trace, procmon still running
Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â* 1:47:01Â*Â*Â*Â*Â*Â* at shutdown. Yours may be longer than this.
Bootlog.pmlÂ*Â*Â* 1:47:27Â* === boot trace, capped off by starting
Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â* 1:50:13Â*Â*Â*Â*Â*Â* procmon.exe after the system comes
Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â*Â* Â*Â*Â* back up.

To return the tool to a benign state, I'd now switch
off the backing file for normal (RAM based) tracing.
I only use the backing file, for long traces.

By changing the name of the file, to pocketlint_keep.pml,
that would prevent future overwrite. Like, before running
ProcMon again in a minute or two. I've already zipped up
the files for safe keeping. They zip up pretty well, and
the whole trace only takes 75MB of storage in a compressed
state.

Â*Â* Paul

Tried following through with Procmon but did not come up with anything
specific But did notice a lot of Malwarebytes, Macrium reflect and AMD
Radeon entries , so just for kicks I uninstalled all 3 of them and have
my shutdown time to 17 seconds, Reinstalled them and it now is staying
the same at a solid 17 seconds after about 5 or 6 reboots and shutdowns,
so guess I will leave well enough alone.
I don't know what caused the 26 to 28 second shutdowns but I won't lose
too much sleep over it (maybe 10 seconds a night). :-)

Rene
Ads