A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Everything For You



 
 
Thread Tools Display Modes
  #1  
Old May 13th 19, 05:31 PM posted to microsoft.public.windowsxp.general,alt.windows7.general
Digger[_2_]
external usenet poster
 
Posts: 1
Default Everything For You

I recently discovered the Everything application and have installed it
on my PCs.

What I have found is rather illuminating and maybe disturbing.

Start it up, add all the drives including your NAS and external USB etc.

Let if initialize.

Then click on the column Date Modified. (Until the date is ordered for
most recent at the top)


Watch how Windows and a bunch of other apps chew away at your drives by
continually writing to your drives.

I would be nice if a log could be generated so after leaving this going
for a day or three you could study what the heck is going on in the
background while you are merrily going about your own business.

Ads
  #2  
Old May 13th 19, 07:01 PM posted to microsoft.public.windowsxp.general,alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 9,981
Default Everything For You

Digger wrote:

I recently discovered the Everything application and have installed it
on my PCs.

What I have found is rather illuminating and maybe disturbing.

Start it up, add all the drives including your NAS and external USB etc.

Let if initialize.

Then click on the column Date Modified. (Until the date is ordered for
most recent at the top)

Watch how Windows and a bunch of other apps chew away at your drives by
continually writing to your drives.

I would be nice if a log could be generated so after leaving this going
for a day or three you could study what the heck is going on in the
background while you are merrily going about your own business.


SysInternals' Process Monitor
https://docs.microsoft.com/en-us/sys...nloads/procmon
Define its filters on what you want to monitor. The log can become
rather huge resulting in slowing down your PC. So, remember to turn it
off when done using it.

You cross-posted to multiple newsgroups. Process Monitor supports
Winodws Vista, and upward. There might be an older version of Process
Monitor that supported Windows XP.
  #3  
Old May 13th 19, 09:57 PM posted to microsoft.public.windowsxp.general,alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 8,780
Default Everything For You

VanguardLH wrote:
Digger wrote:

I recently discovered the Everything application and have installed it
on my PCs.

What I have found is rather illuminating and maybe disturbing.

Start it up, add all the drives including your NAS and external USB etc.

Let if initialize.

Then click on the column Date Modified. (Until the date is ordered for
most recent at the top)

Watch how Windows and a bunch of other apps chew away at your drives by
continually writing to your drives.

I would be nice if a log could be generated so after leaving this going
for a day or three you could study what the heck is going on in the
background while you are merrily going about your own business.


SysInternals' Process Monitor
https://docs.microsoft.com/en-us/sys...nloads/procmon
Define its filters on what you want to monitor. The log can become
rather huge resulting in slowing down your PC. So, remember to turn it
off when done using it.

You cross-posted to multiple newsgroups. Process Monitor supports
Winodws Vista, and upward. There might be an older version of Process
Monitor that supported Windows XP.


The ProcMon output can be sent to disk, rather than be stored in
RAM. That solves the space problem, from collecting too much data
such that RAM overflows (I had that happen once, it wasn't pretty).

ProcMon stores up to 199 million events, which means the tool isn't
unlimited. I've recorded a Macrium backup run, about 20 minutes worth,
and that's a pretty big log file right there.

I've never overflowed the 199 million event limit, that I'm aware of.

The problem is, slogging through the output, looking for "intelligence".

*******

Computers work at various "detail" levels. ProcMon is closer to a "debugger"
than anything else. It's not WinDBG, which could generate an even finer
record (instruction level). ProcMon keeps track at a sort of kernel call level.

A higher level view, is when a computer uses "accounting", which is an
attempt to "bill people for cycles used". Maybe it tells you that
Notepad opened recipe.txt at 3:19 and closed at 3:20. Which doesn't
tell you anything about what happened in the intervening interval.

Logic analyzer - instruction level - 3 billion events per second (no storage!)
WinDBG - instruction level - good for single stepping/breakpoints

ProcMon - CreateFile/ReadFile/WriteFile/Registry - voluminous, storage limits

USN journal - Commit/Write/Delete of files, dump-able by the OS fsutil.exe .
Perhaps only 16MB event horizon of file info kept. Used by
Everything.exe to update the view list.

accounting - User program start/stop/cycles_used - not entirely informative

Event Viewer - See selected services start and stop, sometimes.

There just isn't a level which is all that practical. If you know
the answer to the question, maybe you could write a program to log
the info you wanted. But using the existing options isn't entirely
satisfying.

Process Monitor will open your eyes. You'll see the same 10,000 registry
entries being checked once a second (on a modern version of Windows). It's
this kind of bilge that fills up the ProcMon trace, and makes it so painful
to examine later. And prevents capturing three days worth, because of the
bilge. For a "special study", a person would write a version of ProcMon
with the registry workings excluded from the ETW trace, and that could make
some progress towards a fine-grained accounting.

*******

Just about everything computers do, is like watching paint dry.
In virtually every case, you need some sort of filter to eliminate
"boring stuff", yet without losing some detail that turns out to be
important later.

And ProcMon is a good start, even if it isn't suitable for a 3 day study in
one (large) output file. You can of course, try it and see what happens,
but the output file could be quite large.

Paul
  #4  
Old May 14th 19, 02:05 AM posted to microsoft.public.windowsxp.general,alt.windows7.general
James Davis[_2_]
external usenet poster
 
Posts: 2
Default Everything For You

To download the tools, go to Windows Sysinternals Documentation, downloads and additional resources
http://technet.microsoft.com/en-us/sysinternals/default.

And, if you (Digger) want to learn more about how to use the Systems Internals Suite go to "How-To Geek - What Are the SysInternals
Tools and How Do You Use Them"

https://www.howtogeek.com/school/sysinternals-pro/
https://www.howtogeek.com/school/sysinternals-pro/lesson1/

Process Explorer is a better real-time tool than Process Monitor.
__________________________________________________ ______

"Paul" wrote in message ...

VanguardLH wrote:
Digger wrote:

I recently discovered the Everything application and have installed it on my PCs.

What I have found is rather illuminating and maybe disturbing.

Start it up, add all the drives including your NAS and external USB etc.

Let if initialize.

Then click on the column Date Modified. (Until the date is ordered for most recent at the top)

Watch how Windows and a bunch of other apps chew away at your drives by continually writing to your drives.

I would be nice if a log could be generated so after leaving this going for a day or three you could study what the heck is going
on in the background while you are merrily going about your own business.


SysInternals' Process Monitor
https://docs.microsoft.com/en-us/sys...nloads/procmon
Define its filters on what you want to monitor. The log can become
rather huge resulting in slowing down your PC. So, remember to turn it
off when done using it.

You cross-posted to multiple newsgroups. Process Monitor supports
Winodws Vista, and upward. There might be an older version of Process
Monitor that supported Windows XP.


The ProcMon output can be sent to disk, rather than be stored in
RAM. That solves the space problem, from collecting too much data
such that RAM overflows (I had that happen once, it wasn't pretty).

ProcMon stores up to 199 million events, which means the tool isn't
unlimited. I've recorded a Macrium backup run, about 20 minutes worth,
and that's a pretty big log file right there.

I've never overflowed the 199 million event limit, that I'm aware of.

The problem is, slogging through the output, looking for "intelligence".

*******

Computers work at various "detail" levels. ProcMon is closer to a "debugger"
than anything else. It's not WinDBG, which could generate an even finer
record (instruction level). ProcMon keeps track at a sort of kernel call level.

A higher level view, is when a computer uses "accounting", which is an
attempt to "bill people for cycles used". Maybe it tells you that
Notepad opened recipe.txt at 3:19 and closed at 3:20. Which doesn't
tell you anything about what happened in the intervening interval.

Logic analyzer - instruction level - 3 billion events per second (no storage!)
WinDBG - instruction level - good for single stepping/breakpoints

ProcMon - CreateFile/ReadFile/WriteFile/Registry - voluminous, storage limits

USN journal - Commit/Write/Delete of files, dump-able by the OS fsutil.exe .
Perhaps only 16MB event horizon of file info kept. Used by
Everything.exe to update the view list.

accounting - User program start/stop/cycles_used - not entirely informative

Event Viewer - See selected services start and stop, sometimes.

There just isn't a level which is all that practical. If you know
the answer to the question, maybe you could write a program to log
the info you wanted. But using the existing options isn't entirely
satisfying.

Process Monitor will open your eyes. You'll see the same 10,000 registry
entries being checked once a second (on a modern version of Windows). It's
this kind of bilge that fills up the ProcMon trace, and makes it so painful
to examine later. And prevents capturing three days worth, because of the
bilge. For a "special study", a person would write a version of ProcMon
with the registry workings excluded from the ETW trace, and that could make
some progress towards a fine-grained accounting.

*******

Just about everything computers do, is like watching paint dry.
In virtually every case, you need some sort of filter to eliminate
"boring stuff", yet without losing some detail that turns out to be
important later.

And ProcMon is a good start, even if it isn't suitable for a 3 day study in
one (large) output file. You can of course, try it and see what happens,
but the output file could be quite large.

Paul

 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 12:05 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright 2004-2019 PCbanter.
The comments are property of their posters.