If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Everything For You
I recently discovered the Everything application and have installed it
on my PCs. What I have found is rather illuminating and maybe disturbing. Start it up, add all the drives including your NAS and external USB etc. Let if initialize. Then click on the column Date Modified. (Until the date is ordered for most recent at the top) Watch how Windows and a bunch of other apps chew away at your drives by continually writing to your drives. I would be nice if a log could be generated so after leaving this going for a day or three you could study what the heck is going on in the background while you are merrily going about your own business. |
Ads |
#2
|
|||
|
|||
Everything For You
Digger wrote:
I recently discovered the Everything application and have installed it on my PCs. What I have found is rather illuminating and maybe disturbing. Start it up, add all the drives including your NAS and external USB etc. Let if initialize. Then click on the column Date Modified. (Until the date is ordered for most recent at the top) Watch how Windows and a bunch of other apps chew away at your drives by continually writing to your drives. I would be nice if a log could be generated so after leaving this going for a day or three you could study what the heck is going on in the background while you are merrily going about your own business. SysInternals' Process Monitor https://docs.microsoft.com/en-us/sys...nloads/procmon Define its filters on what you want to monitor. The log can become rather huge resulting in slowing down your PC. So, remember to turn it off when done using it. You cross-posted to multiple newsgroups. Process Monitor supports Winodws Vista, and upward. There might be an older version of Process Monitor that supported Windows XP. |
#3
|
|||
|
|||
Everything For You
VanguardLH wrote:
Digger wrote: I recently discovered the Everything application and have installed it on my PCs. What I have found is rather illuminating and maybe disturbing. Start it up, add all the drives including your NAS and external USB etc. Let if initialize. Then click on the column Date Modified. (Until the date is ordered for most recent at the top) Watch how Windows and a bunch of other apps chew away at your drives by continually writing to your drives. I would be nice if a log could be generated so after leaving this going for a day or three you could study what the heck is going on in the background while you are merrily going about your own business. SysInternals' Process Monitor https://docs.microsoft.com/en-us/sys...nloads/procmon Define its filters on what you want to monitor. The log can become rather huge resulting in slowing down your PC. So, remember to turn it off when done using it. You cross-posted to multiple newsgroups. Process Monitor supports Winodws Vista, and upward. There might be an older version of Process Monitor that supported Windows XP. The ProcMon output can be sent to disk, rather than be stored in RAM. That solves the space problem, from collecting too much data such that RAM overflows (I had that happen once, it wasn't pretty). ProcMon stores up to 199 million events, which means the tool isn't unlimited. I've recorded a Macrium backup run, about 20 minutes worth, and that's a pretty big log file right there. I've never overflowed the 199 million event limit, that I'm aware of. The problem is, slogging through the output, looking for "intelligence". ******* Computers work at various "detail" levels. ProcMon is closer to a "debugger" than anything else. It's not WinDBG, which could generate an even finer record (instruction level). ProcMon keeps track at a sort of kernel call level. A higher level view, is when a computer uses "accounting", which is an attempt to "bill people for cycles used". Maybe it tells you that Notepad opened recipe.txt at 3:19 and closed at 3:20. Which doesn't tell you anything about what happened in the intervening interval. Logic analyzer - instruction level - 3 billion events per second (no storage!) WinDBG - instruction level - good for single stepping/breakpoints ProcMon - CreateFile/ReadFile/WriteFile/Registry - voluminous, storage limits USN journal - Commit/Write/Delete of files, dump-able by the OS fsutil.exe . Perhaps only 16MB event horizon of file info kept. Used by Everything.exe to update the view list. accounting - User program start/stop/cycles_used - not entirely informative Event Viewer - See selected services start and stop, sometimes. There just isn't a level which is all that practical. If you know the answer to the question, maybe you could write a program to log the info you wanted. But using the existing options isn't entirely satisfying. Process Monitor will open your eyes. You'll see the same 10,000 registry entries being checked once a second (on a modern version of Windows). It's this kind of bilge that fills up the ProcMon trace, and makes it so painful to examine later. And prevents capturing three days worth, because of the bilge. For a "special study", a person would write a version of ProcMon with the registry workings excluded from the ETW trace, and that could make some progress towards a fine-grained accounting. ******* Just about everything computers do, is like watching paint dry. In virtually every case, you need some sort of filter to eliminate "boring stuff", yet without losing some detail that turns out to be important later. And ProcMon is a good start, even if it isn't suitable for a 3 day study in one (large) output file. You can of course, try it and see what happens, but the output file could be quite large. Paul |
#4
|
|||
|
|||
Everything For You
To download the tools, go to Windows Sysinternals Documentation, downloads and additional resources
http://technet.microsoft.com/en-us/sysinternals/default. And, if you (Digger) want to learn more about how to use the Systems Internals Suite go to "How-To Geek - What Are the SysInternals Tools and How Do You Use Them" https://www.howtogeek.com/school/sysinternals-pro/ https://www.howtogeek.com/school/sysinternals-pro/lesson1/ Process Explorer is a better real-time tool than Process Monitor. __________________________________________________ ______ "Paul" wrote in message ... VanguardLH wrote: Digger wrote: I recently discovered the Everything application and have installed it on my PCs. What I have found is rather illuminating and maybe disturbing. Start it up, add all the drives including your NAS and external USB etc. Let if initialize. Then click on the column Date Modified. (Until the date is ordered for most recent at the top) Watch how Windows and a bunch of other apps chew away at your drives by continually writing to your drives. I would be nice if a log could be generated so after leaving this going for a day or three you could study what the heck is going on in the background while you are merrily going about your own business. SysInternals' Process Monitor https://docs.microsoft.com/en-us/sys...nloads/procmon Define its filters on what you want to monitor. The log can become rather huge resulting in slowing down your PC. So, remember to turn it off when done using it. You cross-posted to multiple newsgroups. Process Monitor supports Winodws Vista, and upward. There might be an older version of Process Monitor that supported Windows XP. The ProcMon output can be sent to disk, rather than be stored in RAM. That solves the space problem, from collecting too much data such that RAM overflows (I had that happen once, it wasn't pretty). ProcMon stores up to 199 million events, which means the tool isn't unlimited. I've recorded a Macrium backup run, about 20 minutes worth, and that's a pretty big log file right there. I've never overflowed the 199 million event limit, that I'm aware of. The problem is, slogging through the output, looking for "intelligence". ******* Computers work at various "detail" levels. ProcMon is closer to a "debugger" than anything else. It's not WinDBG, which could generate an even finer record (instruction level). ProcMon keeps track at a sort of kernel call level. A higher level view, is when a computer uses "accounting", which is an attempt to "bill people for cycles used". Maybe it tells you that Notepad opened recipe.txt at 3:19 and closed at 3:20. Which doesn't tell you anything about what happened in the intervening interval. Logic analyzer - instruction level - 3 billion events per second (no storage!) WinDBG - instruction level - good for single stepping/breakpoints ProcMon - CreateFile/ReadFile/WriteFile/Registry - voluminous, storage limits USN journal - Commit/Write/Delete of files, dump-able by the OS fsutil.exe . Perhaps only 16MB event horizon of file info kept. Used by Everything.exe to update the view list. accounting - User program start/stop/cycles_used - not entirely informative Event Viewer - See selected services start and stop, sometimes. There just isn't a level which is all that practical. If you know the answer to the question, maybe you could write a program to log the info you wanted. But using the existing options isn't entirely satisfying. Process Monitor will open your eyes. You'll see the same 10,000 registry entries being checked once a second (on a modern version of Windows). It's this kind of bilge that fills up the ProcMon trace, and makes it so painful to examine later. And prevents capturing three days worth, because of the bilge. For a "special study", a person would write a version of ProcMon with the registry workings excluded from the ETW trace, and that could make some progress towards a fine-grained accounting. ******* Just about everything computers do, is like watching paint dry. In virtually every case, you need some sort of filter to eliminate "boring stuff", yet without losing some detail that turns out to be important later. And ProcMon is a good start, even if it isn't suitable for a 3 day study in one (large) output file. You can of course, try it and see what happens, but the output file could be quite large. Paul |
Thread Tools | |
Display Modes | |
|
|