Mode :
Check : XHTML 1.0 Strict

Monitor

The OpenWNT Monitor Utility. Based on OpenVMS terminology.

<<< Overview


  • Usage: A list of all command line parameters.
  • Screen explanation: There is more information in this small window than you might expect.
  • Keys: How to interact with the program.
  • Used named objects: Enumeration of the used performance objects and counters. Also shows the used registry values.
  • Miscellaneous: To be done somewhere down the road, things which may drive you crazy, ...
  • Versions: Study the past if you would define the future. Confucius

Usage:

monitor [-m nodename] [-n nicindex] [-t s[.mmm]] [-a] [-v] [-q quitfile] [-s] [-h]

-m
As nodename you can specify all values that RegConnectRegistry() accepts.
-n
Specify the network interface index. Zero based.
-t
Refresh period in seconds. Default is 1.0 second.
-a
Use only ASCII characters.
-v
Vertical view (37x49). Standard is (80x25).
-q
If this file exists, the application will terminate.
-s
Square root adjusts for network bar graphs.
-h
Set priority class to High.

The used codepage and color are derived from the current settings of the Windows Command Processor. To change this settings use the commands chcp and color. It's also possible to change the colors with the properties dialog from the system menu of the Command Processor window.

Screen explanation:

  Node: SV0730298A            OpenWNT Monitor Utility         3-APR-2009 10:44:07
  Statistic: CURRENT             SYSTEM STATISTICS                        8.02 up
                                                       Thread States
            ┌ CPU Busy (37) ───────────┐        INIT:     0     READY:     0
            │▒▒▒▒▒▒▒▒                 │        RUN:      0     STDBY:     0
  CPU     0 ├--------------------------┤ 100    TERM:     0     WAIT:   1245
            │▒▒▒▒▒                     │        TRANS:    0     UNKNW:     0
            └──────────────────────────┘            Total:   73 Processes
            Cur Top: lsass (19)                            1245 Threads + 4

            ┌ Page Fault Rate (1833) ──┐        ┌ Available Size (480M) ───┐
            │▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│        │▒▒▒▒▒▒                    │2047M
  MEMORY  0 ├--------------------------┤ 500  0 ├--------------------------┤
            │▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│        │▒▒▒▒▒▒▒▒▒                 │ 142M
            └──────────────────────────┘        └ Nonpaged Pool (47M) ─────┘
            Cur Top: lsass (951)

            ┌ Data I/O Rate (181) ─────┐        ┌ Network Send Bps (717K) ─┐
            │▒▒▒▒▒▒▒▒▒                 │        │▒▒                        │
  I/O     0 ├--------------------------┤ 500  0 ├--------------------------┤ 119M
            │▒▒▒▒                      │        │                          │
            └──────────────────────────┘        └ Receive Bps (118K) ──────┘
            Cur Top: services (87)

Node
Node is the nodename of the computer being monitored (=target machine). Names longer than 20 characters are truncated.
Date
Date is the current date of the target machine.
Time
Time is the current time of the target machine displayed in local time of the host machine.
System Up Time
System Up Time is the elapsed time (in days) that the computer has been running since it was last started. This counter displays the difference between the start time and the current time.
CPU Busy
CPU Busy or % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. This counter is the primary indicator of processor activity, and displays the average percentage of busy time observed during the sample interval.
CPU Busy (Kernel)
CPU Busy (Kernel) or % Privileged Time is the percentage of elapsed time that the process threads spent executing code in privileged mode. When a Windows system service in called, the service will often run in privileged mode to gain access to system-private data. Such data is protected from access by threads executing in user mode. Calls to the system can be explicit or implicit, such as page faults or interrupts.
CPU Busy (Cur Top)
CPU Busy (Current Top) is the name and the percentage of elapsed time that the process with the highest utilization spends to execute. Names longer than 16 characters are truncated.
Thread State
Thread State is the sum of the states of all threads except the idle threads. The states are named Initialized, Ready, Running, Standby, Terminated, Wait, Transition and Unknown. A Running thread is using a processor; a Standby thread is about to use one. A Ready thread wants to use a processor, but is waiting for a processor because none are free. A thread in Transition is waiting for a resource in order to execute, such as waiting for its execution stack to be paged in from disk. A Waiting thread has no use for the processor because it is waiting for a peripheral operation to complete or a resource to become free. These are instantaneous counts, not an average over the time interval.
Processes
Processes is the number of processes in the computer at the time of data collection. This is an instantaneous count, not an average over the time interval. Each process represents the running of a program.
Threads
Threads is the number of threads in the computer at the time of data collection. This is an instantaneous count, not an average over the time interval. A thread is the basic executable entity that can execute instructions in a processor.
Idle Threads
Idle Threads are counted separately. This is the same as the number of logical CPUs on the target machine.
Page Fault Rate
Page Fault Rate is the average number of pages faulted per second. This value includes both hard faults (those that require disk access) and soft faults (where the faulted page is found elsewhere in physical memory.) Most processors can handle large numbers of soft faults without significant consequence. However, hard faults, which require disk access, can cause significant delays.
Hard Fault Rate
Hard Fault Rate is the rate at which pages are read from or written to disk to resolve hard page faults. This counter is a primary indicator of the kinds of faults that cause system-wide delays. It includes pages retrieved to satisfy faults in the file system cache (usually requested by applications) non-cached mapped memory files.
Page Fault Rate (Cur Top)
Page Fault Rate (Current Top) is the name and the average number of pages faulted per second of the process with the highest page fault rate. Names longer than 16 characters are truncated.
Available Size
Available Size is the amount of physical memory, in bytes, available to processes running on the computer. It is calculated by adding the amount of space on the Zeroed, Free, and Standby memory lists. Free memory is ready for use; Zeroed memory consists of pages of memory filled with zeros; Standby memory is memory that has been removed from a process' working set (its physical memory) on route to disk, but is still available to be recalled. This counter displays the last observed value only; it is not an average.
Physical Memory
Physical Memory is the amount of physical random access memory, in bytes, available for the system.
Resident Pool
Resident Pool is the current size, in bytes, of the sum of resident paged pool and nonpaged pool. The paged pool is an area of system memory (physical memory used by the operating system) for objects that can be written to disk when they are not being used. Space used by the paged and nonpaged pools is taken from physical memory, so a pool that is too large denies memory space to processes. This value displays the last observed value only; it is not an average. NT3.1: Not available.
Nonpaged Pool
Nonpaged Pool is the size, in bytes, of the nonpaged pool, an area of system memory (physical memory used by the operating system) for objects that cannot be written to disk, but must remain in physical memory as long as they are allocated. This value displays the last observed value only; it is not an average.
Data I/O Rate
The rate at which all processes are issuing read and write I/O operations per second. This counter counts all I/O activity generated by the process to include file, network and device I/Os. NT3.x & 4.0: Shows only File Data Operations per second. It is the combined rate of read and write operations on all logical disks on the computer.
Data I/O Rate (Cur Top)
Data I/O Rate (Current Top) is the name and the read and write I/O operations rate per second of the process with the highest rate. Names longer than 16 characters are truncated. NT3.x & 4.0: Not available.
Network Bandwidth
Network Bandwidth is an estimate of the current bandwidth of the selected network interface in bytes per second. For interfaces that do not vary in bandwidth or for those where no accurate estimation can be made, this value is the nominal bandwidth.
Network Send Bps
Network Send Bps is the rate at which bytes are sent over the selected network adapter, including framing characters.
Network Receive Bps
Network Receive Bps is the rate at which bytes are received over he selected network adapter, including framing characters.

Numeric values bigger than 99999 are divided by 1024 (maybe multiple times) and annotated with one of the following characters:

K Kilo 1024*1 = (210)1 = 210 = 1024
M Mega 1024*K = (210)2 = 220 = 1048576
G Giga 1024*M = (210)3 = 230 = 1073741824
T Tera 1024*G = (210)4 = 240 = 1099511627776
P Peta 1024*T = (210)5 = 250 = 1125899906842624
E Exa 1024*P = (210)6 = 260 = 1152921504606846976
Z Zetta 1024*E = (210)7 = 270 = 1180591620717411303424
Y Yotta 1024*Y = (210)8 = 280 = 1208925819614629174706176 = ~1024

All values are truncated. Appears noticeable in the Physical Memory value.

Keys:

ESC
Quit the program
F2
Increment network interface index
F3
Decrement network interface index
F5
Update immediately (refresh)

Used named objects:

To know which performance objects and counters you will need is error-prone and time-consuming. First we take a list of names and convert them to numeric values with a second list of alternating numeric strings and names in the registry. There is no distinction between objects and counters. If one or more numeric values are missing, I will use some hard coded numeric values. Then we take all object numbers and convert them to a space separated string for the actual data query.

You may ask: How does Microsoft handle this problem? As far as I can say, they don't have this problem really. Perfmon shows only things which are available in contrast to monitor which needs specific counters. On the other side, Task Manager is probably custom-built. I've never tried to use it under a different OS version.

Object names

  • System
  • Memory
  • Processor
  • Process
  • Thread
  • Network Interface

Counter names

  • % Processor Time
  • % Privileged Time
  • Thread State
  • ID Process
  • System Up Time
  • Pages/sec
  • Page Faults/sec
  • Available Bytes
  • Pool Nonpaged Bytes
  • Pool Paged Resident Bytes (available after NT3.1)
  • IO Data Operations/sec (available after NT4)
  • Elapsed Time
  • Bytes Received/sec
  • Bytes Sent/sec
  • Current Bandwidth
  • File Data Operations/sec (used in NT4 or earlier versions)

Registry values

  • HKLM\HARDWARE\RESOURCEMAP\System Resources\Physical Memory\.Translated
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009\Counter{s}
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\TotalInstanceName

Miscellaneous:

Open issues:

This is only a small utility and I have many ideas to improve it. But my limited time and other interests prevent their implementation - sorry. Below you find some improvements which I think are valuable.

  • Terminal output (\x1b[2J, ...) is not dynamically selectable
  • Max PF/Data rate is always 500
  • Data are not recordable/replayable
  • No debugging output for troubleshooting
  • The name of the NIC isn't visible
  • No continue switch, if target machine isn't available (e.g. reboot)
  • A reconnect key to update computer name, time bias for daylight-saving, ...
  • Network alternatively replaced by server or redirector
  • ...

Adjustments:

When you do performance monitoring the thread which collects the performance data is always running. That looks a bit confusing to have a CPU usage of 0% and always one thread running. To correct this circumstance the program makes the following adjustment:

  1. If there is a thread in the RUNNING state, move him to WAIT.
  2. If there is a thread in the READY state, move him to RUNNING.

I know - it's wrong to ignore the state STANDBY but I've never seen a thread in this state.

Monitoring WINPE 2.x, 3.x

Copy/integrate the following DLLs from Vista (PE2) or Windows7 (PE3) in the SYSTEM32 directory.

  • perfctrs.dll
  • perfnet.dll
  • perfos.dll
  • perfproc.dll

Then call: reg.exe IMPORT perf.txt

Tested and in use for AMD64 and x86. The perf.txt is originally named perf.reg. It has been renamed to protect your registry.

WindowsNT 3.1

The problem with WindowsNT 3.1 is, that the registry key HKLM\HARDWARE\RESOURCEMAP\System Resources\Physical Memory with the value .Translated isn't present. To fix this, it's necessary to create this key and value in a volatile section on startup. The type must be a REG_RESOURCE_LIST.

The counter Pool Paged Resident Bytes don't exist. It can be replaced by a "hack" in the Counter value with the counter Pool Paged Bytes.

Oddness:

Like every utility it starts with a small and easy prototype. As things grow up (currently about 140k pure C code) more and more stumbling blocks and curiosities appear. Some of them turn out as your own fault or misunderstanding but some of them are still there. Here is my list of the remaining oddness. Remember not every point appears in every version.

  • Under heavy I/O load, some counter counts backward (no wraps). Perfmon stops drawing that counter in this situation.
  • The appearance of characters greater than 127 is also font dependent and not only codepage dependent.
  • The idle thread(s) are always running even on full loaded machines.
  • The exceptional processing of the registry value Counter\Counters in SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009
  • If the machine name was changed, this information will not be updated in the performance data.
  • It's not possible to manipulate your working set to avoid the initial page faults under XP.
  • The faster the program runs, the more threads will be in your process.
  • The start time of the system process is 0 but only in the first data collection.

Versions:

This is version 1.0.0.0. Everything before is incomplete.

arrow upBack to the top

Last modification: 1/21/2010 12:13:18 PM