Friday, February 29, 2008

Display services running in the Svchost.exe process group

Last time, we explained how to view additional information for each process via Task Manager's Processes tab. In Task Manager, you'll notice a process named Svchost.exe. This process doesn't appear as an application in the Applications tab--it only appears in the Process tab, and there can be multiple instances of it on a system.

Svchost.exe is a generic Windows 2000 process that runs services from Dynamic Link Libraries (DLLs). When the system starts, Svchost.exe loads the services listed in this registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
\Svchost

Each entry in this key specifies a service group and is a REG_MULTI_SZ value, which means it can contain multiple string values. These values define service names for services that are members of the group. The service names themselves come from the Svchost registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service

The Processes tab doesn't display the individual services that are part of the service group, nor can you add an optional column to view the services. However, you can view the service groups' individual services using the Tlist.exe utility included with the Windows 2000 Resource Kit.

After you install Tlist.exe from the Resource Kit, open a command console and issue the command:

Tlist.exe -s or tasklist /M

Scan the resulting output and look for instances of Svchost.exe. Each Svchost line will include a list of the services running under that instance of the process.

Knowing what processes are running on a system and being able to identify those processes is an important step when troubleshooting system problems or attempting to recover a hung system without rebooting. Once you identify the hung process, you can kill the process from the Task Manager.

Friday, February 01, 2008

L2 Cache Feature in Pentium III & Xeon Processor Based Server / PC

Although below mentioned article I posted on server watch forum way back in 2003 but today again I faced similar experience with Intel Core 2 Duo processor in my laptop. This time performance boost is almost of 4 times.

02-16-2003, 04:12 AM
It was a great experience today for me when I was enquired about L2 on die cache with Windows XP by my booss. I just shocked by knowing the fact that by default Windows XP enable 256KB Cache in kernel its hardly matter that how much Cache is available in your server. I did small research on this & found some amazing fact which I enclosed here.

The L2, or second-level, cache, is an integral part of your CPU. But still NT Kernel didn’t detect it. What I mean is that all Microsoft family OS based on NT Kernel like Windows 2000 Server family, Windows NT, Windows 2000 Professional and even though Windows XP. You didn’t Observe it by any tool but it could be displayed only in one Registry Key. Use Regedt32 or regedit & navigate to this hive
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Session Manager\ Memory Management\SecondLevelDataCache

You definitely observe

Type: REG_DWORD
Value: 0x00000000

This is because when HAL (at the time of installation ) cannot retrieve this from the hardware or BIOS, it sets this parameter value to 0, indicating that a built-in default size of 256 KB of L2 cache should be used. But Most Pentium II and III systems use 512 KB or more of L2 cache memory. The Xeon chips support 1 MB and 2 MB caches. You can get significantly better performance if this is set to match the actual amount of L2 cache. Setting the value higher than the actual amount of L2 cache available may prevent the system to be unstable. Check your documentation carefully. Multiprocessor systems have processors with identical speeds and caches.

Hive: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Session Manager
Key: Memory Management
Name: SecondLevelDataCache
Type: REG_DWORD
Value: 0x00000000 256K L2 cache
Value: 0x00000200 512K L2 cache
Value: 0x00000400 1M L2 cache
Value: 0x00000800 2M L2 cache

Microsoft states that the above is erroneous and that the second level (L2) cache is recognized by the NT/W2K/XP and is fully utilized regardless of the setting of this parameter. Thus I would not twiddle with it, although if Microsoft is correct, it doesn't matter Don't know what to believe. But I found relative performance enhancement after making this change.
__________________
Mukesh Kesharwani
CISSP, CISM, CNA, MCSE, MCP+I, SCSA, CUA,