Utility: driver's CPU usage

I can't find any Windows utility that can monitor driver's CPU usage, alà taska manager or Process Explorer.

Does it exist? Googled allready, found nothing.....

 

Don't know any simple GUI utility for that but maybe you can use the command line profiling tool Kernrate / KrView. It is somewhat complicated to use in the beginning and whether it is useful for you depends on what exactly you want to find out. Kernrate won't tell you how many CPU time has been spent in a particular kernel module (aka driver) in total since Windows start. But if you want to measure CPU usage during a specific time frame then Kernrate will do the job.

The output of a basic kernel profile could look like this, but you can add more details via command line options if required:

Code:

Kernel Source Profile (PID = 0): Source= Time, Using Kernrate Default Rate of 25000 events/hit
***> Press ctrl-c to finish collecting profile data
===> Finished Collecting Data, Starting to Process Results

------------Overall Summary:--------------

P0     K 0:00:07.890 ( 26%)  U 0:00:01.328 (  4%)  I 0:00:20.609 ( 69%)  DPC 0:00:00.046 (  0%)  Interrupt 0:00:00.062 (  0%)
       Interrupts= 20824, Interrupt Rate= 718/sec.

P1     K 0:00:05.500 ( 18%)  U 0:00:00.906 (  3%)  I 0:00:23.421 ( 78%)  DPC 0:00:00.140 (  0%)  Interrupt 0:00:00.109 (  0%)
       Interrupts= 20272, Interrupt Rate= 699/sec.

TOTAL  K 0:00:13.390 ( 22%)  U 0:00:02.234 (  3%)  I 0:00:44.031 ( 73%)  DPC 0:00:00.187 (  0%)  Interrupt 0:00:00.171 (  0%)
       Total Interrupts= 41096, Total Interrupt Rate= 1417/sec.


Total Profile Time = 29828 msec

                                  Total      Avg. Rate
    Context Switches     ,       396270,         13664/sec.
    System Calls         ,       584312,         20149/sec.
    Page Faults          ,         1446,         50/sec.
    I/O Read Operations  ,         1200,         41/sec.
    I/O Write Operations ,          671,         23/sec.
    I/O Other Operations ,         3343,         115/sec.
    I/O Read Bytes       ,        53078,         44/ I/O
    I/O Write Bytes      ,        43118,         64/ I/O
    I/O Other Bytes      ,       425902,         127/ I/O

-----------------------------
Results for Kernel Mode:
-----------------------------

OutputResults: KernelModuleCount = 117

Time   22675 hits, 25000 events per hit --------
 Module                                Hits       msec  %Total  Events/Sec
p3                                    14734      29840    64 %    12344168
win32k                                 5472      29840    24 %     4584450
ntoskrnl                               1484      29840     6 %     1243297
hal                                     719      29840     3 %      602379
nv4                                     104      29840     0 %       87131
…    (output truncated)

Note: P3 is the (ACPI) idle loop.

 

Interesting tool I was unaware of Kenjin, thank's.
I believe you Blutarsky, would have more success Googling *event tracing.* That's where I think you're headed.

GF

 

It happens sometimes you're hunting for something stealing CPU resources and discover that no application is consuming CPU. It may be something at service (not appearing in task list) or kernel level.

It simply could be a driver I use to encrypt disk contents during a massive file copy, or something else.

Nevertheless, with task manager and process explorer I'm unable to check if or what driver is stealing CPU.....

Don't understand why MS or MS/Russinovich didn't stuff some code to spot drivers beheaviour. Too complicated?

 

The easiest thing to do is use Process Explorer. If there's a driver taking up a lot of CPU, this will be reflected by the "system process". You can double click on the process and go to the Threads tab, which may show a thread associated with a particular driver using the most CPU.

 

In this case Kernrate would help. Start a profiling run, then do whatever produces the high CPU usage and then stop it and examine output. It should show you how much CPU each module used during the profiling run. If you have the .pdb file for the driver it could even tell in which function how many time was spent.

As Notok pointed out, Process Explorer can show driver CPU usage to a certain extent, i.e. usage of system threads that drivers create. However not all drivers create system threads. When driver executes in the context of normal processes PE can show this only accumulated as total kernel time and not per single driver.