Monitor

The OpenWNT Monitor Utility. Based on OpenVMS terminology.

Usage: A list of all command line parameters.
Screen explanation: There is more information in this small window than you might expect.
Keys: How to interact with the program.
Used named objects: Enumeration of the used performance objects and counters. Also shows the used registry values.
Miscellaneous: To be done somewhere down the road, things which may drive you crazy, ...
Versions: Study the past if you would define the future. Confucius

Usage:

monitor [-m nodename] [-n nicindex] [-t s[.mmm]] [-a] [-v] [-q quitfile] [-s] [-h]

-m: As nodename you can specify all values that RegConnectRegistry() accepts.
-n: Specify the network interface index. Zero based.
-t: Refresh period in seconds. Default is 1.0 second.
-a: Use only ASCII characters.
-v: Vertical view (37x49). Standard is (80x25).
-q: If this file exists, the application will terminate.
-s: Square root adjusts for network bar graphs.
-h: Set priority class to High.

The used codepage and color are derived from the current settings of the Windows Command Processor. To change this settings use the commands chcp and color. It's also possible to change the colors with the properties dialog from the system menu of the Command Processor window.

Screen explanation:

Node: SV0730298A OpenWNT Monitor Utility 3-APR-2009 10:44:07 Statistic: CURRENT SYSTEM STATISTICS 8.02 up Thread States ┌ CPU Busy (37) ───────────┐ INIT: 0 READY: 0 │▒▒▒│▒▒▒▒▒ │ RUN: 0 STDBY: 0 CPU 0 ├--------------------------┤ 100 TERM: 0 WAIT: 1245 │▒▒▒▒▒ │ TRANS: 0 UNKNW: 0 └──────────────────────────┘ Total: 73 Processes Cur Top: lsass (19) 1245 Threads + 4 ┌ Page Fault Rate (1833) ──┐ ┌ Available Size (480M) ───┐ │▒│▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│ │▒▒▒▒▒▒ │2047M MEMORY 0 ├--------------------------┤ 500 0 ├--------------------------┤ │▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│ │▒▒▒▒▒▒▒▒▒ │ 142M └──────────────────────────┘ └ Nonpaged Pool (47M) ─────┘ Cur Top: lsass (951) ┌ Data I/O Rate (181) ─────┐ ┌ Network Send Bps (717K) ─┐ │▒▒▒▒▒▒▒▒▒ │ │▒▒ │ I/O 0 ├--------------------------┤ 500 0 ├--------------------------┤ 119M │▒▒▒▒ │ │ │ └──────────────────────────┘ └ Receive Bps (118K) ──────┘ Cur Top: services (87)

Node: Node is the nodename of the computer being monitored (=target machine). Names longer than 20 characters are truncated.
Date: Date is the current date of the target machine.
Time: Time is the current time of the target machine displayed in local time of the host machine.
System Up Time: System Up Time is the elapsed time (in days) that the computer has been running since it was last started. This counter displays the difference between the start time and the current time.
CPU Busy: CPU Busy or % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. This counter is the primary indicator of processor activity, and displays the average percentage of busy time observed during the sample interval.
CPU Busy (Kernel): CPU Busy (Kernel) or % Privileged Time is the percentage of elapsed time that the process threads spent executing code in privileged mode. When a Windows system service in called, the service will often run in privileged mode to gain access to system-private data. Such data is protected from access by threads executing in user mode. Calls to the system can be explicit or implicit, such as page faults or interrupts.
CPU Busy (Cur Top): CPU Busy (Current Top) is the name and the percentage of elapsed time that the process with the highest utilization spends to execute. Names longer than 16 characters are truncated.
Thread State: Thread State is the sum of the states of all threads except the idle threads. The states are named Initialized, Ready, Running, Standby, Terminated, Wait, Transition and Unknown. A Running thread is using a processor; a Standby thread is about to use one. A Ready thread wants to use a processor, but is waiting for a processor because none are free. A thread in Transition is waiting for a resource in order to execute, such as waiting for its execution stack to be paged in from disk. A Waiting thread has no use for the processor because it is waiting for a peripheral operation to complete or a resource to become free. These are instantaneous counts, not an average over the time interval.
Processes: Processes is the number of processes in the computer at the time of data collection. This is an instantaneous count, not an average over the time interval. Each process represents the running of a program.
Threads: Threads is the number of threads in the computer at the time of data collection. This is an instantaneous count, not an average over the time interval. A thread is the basic executable entity that can execute instructions in a processor.
Idle Threads: Idle Threads are counted separately. This is the same as the number of logical CPUs on the target machine.
Page Fault Rate: Page Fault Rate is the average number of pages faulted per second. This value includes both hard faults (those that require disk access) and soft faults (where the faulted page is found elsewhere in physical memory.) Most processors can handle large numbers of soft faults without significant consequence. However, hard faults, which require disk access, can cause significant delays.
Hard Fault Rate: Hard Fault Rate is the rate at which pages are read from or written to disk to resolve hard page faults. This counter is a primary indicator of the kinds of faults that cause system-wide delays. It includes pages retrieved to satisfy faults in the file system cache (usually requested by applications) non-cached mapped memory files.
Page Fault Rate (Cur Top): Page Fault Rate (Current Top) is the name and the average number of pages faulted per second of the process with the highest page fault rate. Names longer than 16 characters are truncated.
Available Size: Available Size is the amount of physical memory, in bytes, available to processes running on the computer. It is calculated by adding the amount of space on the Zeroed, Free, and Standby memory lists. Free memory is ready for use; Zeroed memory consists of pages of memory filled with zeros; Standby memory is memory that has been removed from a process' working set (its physical memory) on route to disk, but is still available to be recalled. This counter displays the last observed value only; it is not an average.
Physical Memory: Physical Memory is the amount of physical random access memory, in bytes, available for the system.
Resident Pool: Resident Pool is the current size, in bytes, of the sum of resident paged pool and nonpaged pool. The paged pool is an area of system memory (physical memory used by the operating system) for objects that can be written to disk when they are not being used. Space used by the paged and nonpaged pools is taken from physical memory, so a pool that is too large denies memory space to processes. This value displays the last observed value only; it is not an average. NT3.1: Not available.
Nonpaged Pool: Nonpaged Pool is the size, in bytes, of the nonpaged pool, an area of system memory (physical memory used by the operating system) for objects that cannot be written to disk, but must remain in physical memory as long as they are allocated. This value displays the last observed value only; it is not an average.
Data I/O Rate: The rate at which all processes are issuing read and write I/O operations per second. This counter counts all I/O activity generated by the process to include file, network and device I/Os. NT3.x & 4.0: Shows only File Data Operations per second. It is the combined rate of read and write operations on all logical disks on the computer.
Data I/O Rate (Cur Top): Data I/O Rate (Current Top) is the name and the read and write I/O operations rate per second of the process with the highest rate. Names longer than 16 characters are truncated. NT3.x & 4.0: Not available.
Network Bandwidth: Network Bandwidth is an estimate of the current bandwidth of the selected network interface in bytes per second. For interfaces that do not vary in bandwidth or for those where no accurate estimation can be made, this value is the nominal bandwidth.
Network Send Bps: Network Send Bps is the rate at which bytes are sent over the selected network adapter, including framing characters.
Network Receive Bps: Network Receive Bps is the rate at which bytes are received over he selected network adapter, including framing characters.

Numeric values bigger than 99999 are divided by 1024 (maybe multiple times) and annotated with one of the following characters:

K	Kilo	1024*1	= (2¹⁰)¹ = 2¹⁰ =	1024
M	Mega	1024*K	= (2¹⁰)² = 2²⁰ =	1048576
G	Giga	1024*M	= (2¹⁰)³ = 2³⁰ =	1073741824
T	Tera	1024*G	= (2¹⁰)⁴ = 2⁴⁰ =	1099511627776
P	Peta	1024*T	= (2¹⁰)⁵ = 2⁵⁰ =	1125899906842624
E	Exa	1024*P	= (2¹⁰)⁶ = 2⁶⁰ =	1152921504606846976
Z	Zetta	1024*E	= (2¹⁰)⁷ = 2⁷⁰ =	1180591620717411303424
Y	Yotta	1024*Y	= (2¹⁰)⁸ = 2⁸⁰ =	1208925819614629174706176	= ~10²⁴

All values are truncated. Appears noticeable in the Physical Memory value.

Keys:

ESC: Quit the program
F2: Increment network interface index
F3: Decrement network interface index
F5: Update immediately (refresh)

Used named objects:

To know which performance objects and counters you will need is error-prone and time-consuming. First we take a list of names and convert them to numeric values with a second list of alternating numeric strings and names in the registry. There is no distinction between objects and counters. If one or more numeric values are missing, I will use some hard coded numeric values. Then we take all object numbers and convert them to a space separated string for the actual data query.

You may ask: How does Microsoft handle this problem? As far as I can say, they don't have this problem really. Perfmon shows only things which are available in contrast to monitor which needs specific counters. On the other side, Task Manager is probably custom-built. I've never tried to use it under a different OS version.

Object names

System
Memory
Processor
Process
Thread
Network Interface

Counter names

% Processor Time
% Privileged Time
Thread State
ID Process
System Up Time
Pages/sec
Page Faults/sec
Available Bytes
Pool Nonpaged Bytes
Pool Paged Resident Bytes (available after NT3.1)
IO Data Operations/sec (available after NT4)
Elapsed Time
Bytes Received/sec
Bytes Sent/sec
Current Bandwidth
File Data Operations/sec (used in NT4 or earlier versions)

Registry values

HKLM\HARDWARE\RESOURCEMAP\System Resources\Physical Memory\.Translated
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009\Counter{s}
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\TotalInstanceName

Miscellaneous:

Open issues:

This is only a small utility and I have many ideas to improve it. But my limited time and other interests prevent their implementation - sorry. Below you find some improvements which I think are valuable.

Terminal output (\x1b[2J, ...) is not dynamically selectable
Max PF/Data rate is always 500
Data are not recordable/replayable
No debugging output for troubleshooting
The name of the NIC isn't visible
No continue switch, if target machine isn't available (e.g. reboot)
A reconnect key to update computer name, time bias for daylight-saving, ...
Network alternatively replaced by server or redirector
...

Adjustments:

When you do performance monitoring the thread which collects the performance data is always running. That looks a bit confusing to have a CPU usage of 0% and always one thread running. To correct this circumstance the program makes the following adjustment:

If there is a thread in the RUNNING state, move him to WAIT.
If there is a thread in the READY state, move him to RUNNING.

I know - it's wrong to ignore the state STANDBY but I've never seen a thread in this state.

Monitoring WINPE 2.x, 3.x

Copy/integrate the following DLLs from Vista (PE2) or Windows7 (PE3) in the SYSTEM32 directory.

perfctrs.dll
perfnet.dll
perfos.dll
perfproc.dll

Then call: reg.exe IMPORT perf.txt

Tested and in use for AMD64 and x86. The perf.txt is originally named perf.reg. It has been renamed to protect your registry.

WindowsNT 3.1

The problem with WindowsNT 3.1 is, that the registry key HKLM\HARDWARE\RESOURCEMAP\System Resources\Physical Memory with the value .Translated isn't present. To fix this, it's necessary to create this key and value in a volatile section on startup. The type must be a REG_RESOURCE_LIST.

The counter Pool Paged Resident Bytes don't exist. It can be replaced by a "hack" in the Counter value with the counter Pool Paged Bytes.

Oddness:

Like every utility it starts with a small and easy prototype. As things grow up (currently about 140k pure C code) more and more stumbling blocks and curiosities appear. Some of them turn out as your own fault or misunderstanding but some of them are still there. Here is my list of the remaining oddness. Remember not every point appears in every version.

Under heavy I/O load, some counter counts backward (no wraps). Perfmon stops drawing that counter in this situation.
The appearance of characters greater than 127 is also font dependent and not only codepage dependent.
The idle thread(s) are always running even on full loaded machines.
The exceptional processing of the registry value Counter\Counters in SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009
If the machine name was changed, this information will not be updated in the performance data.
It's not possible to manipulate your working set to avoid the initial page faults under XP.
The faster the program runs, the more threads will be in your process.
The start time of the system process is 0 but only in the first data collection.

Versions:

This is version 1.0.0.0. Everything before is incomplete.

Back to the top

Preface

Library

Projects

Tools

Links

Miscellaneous