On one of many computer systems with newly put in Windows 10, a consumer started to complain of fixed hanging up and sluggish work of the OS. The Task Manager exhibits that about 50% of the CPU sources are used by System (ntoskrnl.exe) course of. In this text I’ll attempt to describe the primary diagnostics strategies of excessive CPU utilization by totally different processes and methods to seek out out the issue Windows element or system driver.
The state of affairs when System course of consumes greater than a half of CPU sources of the system will not be regular. Ntoskrnl.exe is the executable of the OS kernel. It is the core system course of. The OS kernel runs system drivers of the units, that are more likely to be the supply of the issue (not all drivers are correctly examined by builders).
As a rule, the issue of leakage in the motive force code and excessive utilization of CPU, reminiscence or disk sources seems after the set up of recent , new driver model (together with computerized driver updates, which will be ) or after Windows replace.
To perceive which driver or module causes excessive CPU utilization, you should use a free software Process Explorer. Download it and run as administrator.
Find System in the record of working processes, right-click it and open its Properties.
Go to the Threads tab. Sort the record of modules loaded by the kernel by the speed of CPU utilization (CPU column). In Start Address column, the identify of a element or a driver is proven, which causes excessive load (the screenshot under will not be from the issue system, in my case it was the ntoskrnl.exe course of).
To discover out a driver that causes excessive CPU load, you may also use a free Microsoft software kernrate.exe (Kernrate Viewer). The software is part of WDK (Windows Device Kit). After WDK set up, you could find the software in the folder …ToolsOtheramd64.
Run kernrate.exe with out parameters and wait until the information are collected (10-15 minutes), then terminate the software by urgent Ctrl-C. Look on the record of modules in Result for Kernel Mode part.
As you may see, in our instance b57nd60x module is inflicting excessive CPU utilization. Using Google or Sigcheck software (see the of utilizing the Sigcheck to detect the motive force recordsdata associated with the module), you may detect that the issue is induced by Broadcom NetXtream Gigabit Ethernet NDIS6.zero Driver.
You also can analyze CPU utilization throughout system boot utilizing Windows Performance Toolkit (WPT). You should set up the WPT and run knowledge assortment in the Windows Perfomance Recorder (First degree triangle + CPU utilization -> Start) graphic console.
Or you can begin amassing knowledge for evaluation utilizing the command :
xperf -on latency -stackwalk profile -buffersize 1024 -MaxFile 256 -FileMode Circular && timeout -1 && xperf -d cpuusage.etl
You should save the file and open it in Windows Performance Analyzer (WPA). Expand the System course of stack. In this instance, you may see that athrx.sys driver (Atheros Wireless Network Adapter) causes excessive CPU load.
So, the issue driver is detected. What’s subsequent?
To remedy the issue, set up the later (or older) driver model, or utterly disable (disconnect) the if the issue persists with any driver model. The up to date driver will be moreover stress-tested utilizing the .