Chapter 8: Analyzing Your System | Hacking Windows Vista: ExtremeTech

Did you ever wonder how fast your computer actually is? Sure, you may have an Intel 2.8 GHz Core Duo in your box, but the CPU is not the only factor in determining the speed of your computer. The true speed of your computer is determined by the combined speed of all your hardware, such as the read and write speed of your hard drive, front side bus speed, RAM speed, and even your graphics card GPU. Microsoft has attempted to provide users with a clearer picture of their computer's performance in Windows Vista with the new System Performance Rating benchmarking tool. This chapter will help you understand your Windows System Performance Rating as well as perform a more detailed analysis of the capabilities of your computer, and you learn how you can make your computer faster.

Before you can jump into improving the speed of your computer, it is important to understand the limitations of your hardware and also to identify potential bottlenecks in your system. Using the tools discussed in this chapter, you will be able to run different tests that will help you in the upcoming chapters decide which hacks will work best for your computer.

Monitoring Your System Hardware

Monitoring the status of your system with various tools will help you understand what is going on behind the scenes, much like the instrument panel of a car. If you are driving home and you notice that the temperature gauge is maxed out and the instrument panel is flashing with all sorts of warning icons, it is very easy to understand that your car is not performing at its best. Monitoring your system, for example, will reveal if you are running low on memory, if your CPU is overloaded, or if your system has too many programs running at the same time. These are all useful and important things to know, and having that information available enables you to check your system's operations and to change settings to get optimal performance.

A variety of performance monitoring software is available. Let's get started by using the Reliability and Performance Monitor in Windows Vista.

Using the Reliability and Performance Monitor

Windows has a great diagnostic tool that's built right in called the Reliability and Performance Monitor. This cool utility can give you stats on just about every aspect of Windows. Similar to other system monitoring tools, its purpose is to help you diagnose problems and improve the performance of your computer. With the release of Windows Vista, the Reliability and Performance Monitor has been improved and is now even more useful.

To start the application, simply click the Start button, type perfmon.msc in the Search box, and then press Enter. The Performance Diagnostic Console requires administrative rights to run. Depending on your User Account Protection settings, you might have to confirm the action by clicking Continue or keying in your admin account password when prompted.

Tip

The Windows Performance Diagnostic Console gets the data for the counter from the system registry by default. A special flag for perfmon.msc allows you to change the data source to get the data directly from the Windows Management Interface instead. This is useful if you are getting some strange results and would like to get a second opinion on what is really going on. Simply type perfmon.msc /sysmon_wmi in the Search box on the Start panel to use the Windows Performance Diagnostic Console alternate data source.

After the Performance Diagnostic Console loads, you will see the Resource Overview screen that is filled with the most common system stats, as shown in Figure 8-1.

image from book
Figure 8-1: Reliability and Performance Monitor's Resource Overview screen

By default, you are presented with a moving graph of the CPU, Disk, Network, and Memory usage. Just below the graphs you will find more detailed breakout sections that can be expanded to show exactly how much each process is using the CPU, Network, and Memory as well as which processes and files are using the disk. The Resource Overview screen alone provides a wealth of information that can help you analyze your system, but there are also two more components-the Performance Monitor and the Reliability Monitor-that are very useful. I will get to those shortly; first let's go into more detail on the different detailed component monitors.

Using the detailed CPU overview

Like all the detailed views, the detailed CPU overview view can be expanded using the arrow on the right of the bar, if it is not already expanded. Here you will find a list of all the processes running on your machine, similar to the Processes tab of Task Manager, as shown in Figure 8-2.

image from book
Figure 8-2: The detailed CPU overview

On the top of the bar, you will find the current usage of your CPU as well as a maximum usage rate. The list of processes is below, sorted by average CPU usage. Unlike the active process list in Task Manager, this list shows you only the average usage rate. This is very useful when you're looking for an application that has an overall meaningful impact on your CPU usage. Additionally, you are shown the number of threads and CPU cycles the process is currently using.

The information you gain about your computer from the detailed CPU overview will help you identify applications you run that have a big impact on the performance of your computer. If you have a process listed that has a very high average CPU time, try to identify what the process is by using the Description column or even a search engine if necessary. You might find that a simple application such as a desktop weather application that runs in the background is using a big portion of your CPU. With this information, you may decide to uninstall such an application to speed up your system.

Using the detailed Disk overview

The detailed Disk overview shows the read and write speed in bytes per minute of the various processes running, as shown in Figure 8-3. The list of open read and write per processes also shows the file that is in use. The Disk bar shows the total speed of all the disk operations as well as the percent of the time the disk is active.

image from book
Figure 8-3: The detailed Disk overview

These numbers enable you to see if an application is hogging your disk and slowing down all the other processes on your computer because it is reading and writing so much data. This is especially useful when trying to identify what your hard drive is doing when you hear it going crazy and the hard drive read/write light seems like it is constantly on.

Using the detailed Network overview

The detailed Network overview shows which processes on your system are using the network, as shown in Figure 8-4. The top bar shows you the current network speed and the percent your network connections are utilized. Each open network connection is listed below with the name of the process using the connection. Additionally, you will find the network address the process has connected to as well as the amount of data sent and received in bytes per minute.

image from book
Figure 8-4: The detailed Network overview

Have a slow Internet connection? Are the lights on your cable or DSL modem going crazy? These network usage stats will help you diagnose a process that is bogging down your network connection, such as a free peer-to-peer VoIP (Voice over IP) application. These applications can use your network connection even if you are not on a call. Other users' calls may be routed through your computer, resulting in your network connection slowing down. Using the information in the detailed Network overview, you can easily identify how much data is transferring both ways for every process on your computer.

Note

With the detailed Network overview, it is easy to find out if your network connection has a high utilization rate by looking at the header bar. Keep in mind that you network card in your computer usually has a greater capacity and is capable of higher speeds than your Internet connection. If you have a 100MB network card in your computer and that is connected to a 10MB broadband Internet connection, when your network card utilization is at 10 percent, your Internet connection is at 100 percent utilization.

Using the detailed Memory overview

The detailed Memory overview shows you how much of the various types of memory each running process is using, as shown in Figure 8-5. The top bar shows the number of hard memory faults per second and the percentage of total physical memory that is in use. The memory overview is one of the most useful overviews in the Reliability and Performance Monitor.

image from book
Figure 8-5: The detailed Memory overview

Take a look at the number of hard memory faults and total percentage of physical memory that is in use. If you are getting any more than a few hard memory faults per second, you might need more memory for your computer. A memory fault occurs when something a program needs is not in memory and the memory manager has to get it and put it there. Usually it has to make room for the new data to be placed in memory by kicking some other processes' data out of physical memory and into the paging file. This can be a slow operation.

Also consider the amount of private memory a process is using. A process that is using a huge amount of private memory can steal your system resources from other processes, which results in more memory faults and a slow-down of your computer.

Using the Performance Monitor to get more system stats

The Performance Monitor is one of the classic features of the Performance Diagnostic Console that has been around since Window NT and has been refined over the years to be a very comprehensive tool. In Windows Vista, hundreds of different monitors are built in that allow you to monitor just about every aspect of the operating system and your hardware. If you want, you can even view information about how fast your laptop's battery is charging or discharging. Similar to other system monitoring tools, the Performance Monitor is provided to help you detect problems and improve your system performance.

Once you have the Performance Diagnostic Console open, click Performance Monitor under Monitoring Tools to use the monitor. When the Performance Monitor loads, you are greeted with a graph of data as well as a list of active counters. You see a graph of the Processor utilization percentage. This is a pretty but rather useless chart because you already have this information on the overview screens. The real power of the Performance Monitor can be found in the performance counters.

To add more performance counters, simply click the icon with the + symbol on it, or press Ctrl+I and the Add Counters window appears, as shown in Figure 8-6.

image from book
Figure 8-6: Adding a performance counter

When the Add Counters window appears, you will notice that the counters are organized in different component categories. Navigate through the list box and click the down arrow to see the individual counters available for the selected subject. Because some of the counter names are vague, you can turn on the bottom description pane to find out more details about a specific counter by checking the Show Description box in the lower-left corner of the window.

Let's say that you want to monitor remote desktop connections made to your computer. You can easily accomplish this with the right performance counter.

With the Add Counters window open, navigate through the list of subjects and expand Terminal Services.
You will find three counters: Active Sessions, Inactive Sessions, and Total Sessions. Select Active Sessions.
Depending on the counter, you may be required to select which instance of the object you want to track. If your computer has a multi-core CPU chip and you were using a CPU Utilization counter, the Instances of selected object list box will display and allow you to choose what core of the CPU you want to track. For the selected Active Sessions counter, there are no instance options, so that box remains grayed out.
After you have the counter selected, click the Add button.
When a new counter has been added, you can always add more counters on the same screen. Select the Total Sessions counter and click Add again.
Click OK to close the Add Counter window and return to the Performance Monitor screen.

Tip

When selecting performance counters, you can hold down the Ctrl key and select multiple counters at once. Then just click the Add button and all of the selected counters are added instead of your having to individually click each counter and then click Add. Additionally, if you want to add all the counters in a category, select the category name and click Add.

Tip

When adding performance counters to the Performance Monitor, it is possible to add counters from a remote computer. If your computer is on a corporate domain and you have administrative rights, or if you have an administrative account on another home computer, you can easily remotely monitor the performance. When the Add Counters window is open, simply type the name of the computer in the Select counters from computer box. Alternatively, you can click the Browse button and select the computer if the remote computer's name is broadcast across your network. After entering the computer name, press Enter to connect. If you get an error, make sure that you have the correct permissions on your domain to use this feature and that your user-name and password for the account you are currently logged on to is the same on both computers, if this is in a home or non-domain environment.

You will now see the Terminal Services Active Sessions and Total Sessions counters listed on the graph, in addition to the CPU utilization performance counter. However, the line graph makes it hard to read these performance counters. The next section shows you how you can customize the performance counter data display.

Viewing the data

The Performance Monitor allows you to view the data in many different ways. The default screen is the line graph, as shown in Figure 8-7. This display method is adequate for a few performance counters, but when you have more than three or four, figuring out what line is for what counter starts to become a little confusing. Additionally, for certain counters such as Active Sessions and Total Sessions mentioned earlier, the line graph just does not make it easy to understand the data. Fortunately, Microsoft provides two other methods for viewing the data.

image from book
Figure 8-7: The default screen of Performance Monitor

Another method of viewing the data is to use the histogram display, as shown in Figure 8-8. To change to this display method, select Histogram bar on the view drop-down list that currently shows Line selected. This method of displaying the data is not much better than the default, but because it relies on one scale, the counters that report large numbers will dwarf counters that report small numbers. This limitation makes it almost impossible to read some of the performance counters.

image from book
Figure 8-8: Performance Monitor's histogram bar view

To make everyone happy, there is also a Report viewing method, which simply lists the counter numbers in text, as shown in Figure 8-9. You can activate this viewing method by choosing Select Report from the View drop-down list or by pressing Ctrl+R.

image from book
Figure 8-9: Performance Monitor's report view

Setting the update interval

Now that you have all your performance counters set up and displaying data, you need to select the interval time of how often the data will be updated. How often you want the counters to be updated depends on your purpose for monitoring your hardware. For example, if you are trying to track how much data your computer is sending through your network adapter every day or hour, it is not necessary to have that counter update every second. You will just be wasting CPU cycles because you are making the computer constantly update that performance counter. However, if you are interested in current memory or CPU utilization, you will want a much faster update time.

To change the update interval, perform the following steps:

While in the Performance Monitor section of the Reliability and Performance Monitor, click the Properties button, which looks like a hand pointing to a notebook. Alternatively, you can press Ctrl+Q.
After the System Monitor Properties window loads, click the General tab.
Locate the Graph elements section and update the Sample Every text box. This number is in seconds.
Click OK to close the window and save your changes.

Now Performance Monitor will poll the data sources at your specified interval.

Analyzing and detecting problems

The Performance Monitor and the various performance counters make it possible to detect many problems and shed light on how to make your system run faster. You should familiarize yourself with the following tips that deal with specific performance counters; these will prove to be invaluable in your analysis and decision-making. The following are some of the things to look out for when monitoring your system:

Physical Disk: Disk Read Bytes/sec and Disk Write Bytes/sec-These two performance counters can tell you if your physical disk is set up and functioning correctly. In order to determine this, consult the Web site or the manual of the manufacturer of your hard drive. Look up the range of read/write speeds. If the readings that you are getting are far below what you should be getting, then your hard disk could be damaged or set up incorrectly. Run diagnostic software on the disk and make sure that it is set up properly in Device Manager with the correct transfer mode. Remember that most hard drives read at different speeds when they are reading from different parts of the disk. This is why there may be some discrepancies between your readings.
Paging File: % Usage and % Usage Peak-These two performance counters can tell you how well your system is using the page file. If you set the size of the page file manually, these counters are very critical to deciding what size the page file should be. As a rule, if the page file % Usage is above 95 percent or if the Usage Peak is near 100 percent, consider increasing the size of the page file if you have set the size manually.
Memory: Available MBytes and Paging File: % Usage-These two performance counters help you decide if you should put more RAM in your computer. If the number of your available megabytes is low and your paging file usage percentage is very high, then you should consider purchasing more RAM for your computer.
Processor: % Processor Time-This performance counter monitors the activity and work your processor is doing. If your CPU is consistently working at or above 85 percent, and you are not running any computation-intensive applications in the background, this would indicate that you should consider upgrading your CPU. The CPU is having a hard time keeping up with all your programs. You can also try closing open applications that are running in the background to make your computer more responsive and faster.

Saving your performance counter setup

After you have spent some time adding all the performance counters that you would like to use, it is possible to save this configuration so that every time that you start the Performance Diagnostic Console and use the Performance Monitor, your performance counters are automatically loaded.

To save the performance counters selected:

Click the File menu object on the menu bar and select Save As.
Type a filename, specify a location, and click Save.

When you want to use your performance counters again, just navigate to the location where you saved the file and double-click it. The Performance Diagnostic Console loads and takes you directly to the Performance Monitor tool.

Using the Reliability Monitor

Like the Performance Monitor, the Reliability Monitor is a system monitoring tool that is designed to help you diagnose problems and improve the performance of your computer. The Reliability Monitor is especially geared to helping you solve various types of system failures that can lead to poor performance in all areas. The Reliability Monitor works by tracking all the software installs, uninstalls, application failures, hardware failures, Windows failures and general miscellaneous failures to compile a System Stability Chart and System Stability Report, as shown in Figure 8-10.

image from book
Figure 8-10: Reliability Monitor's System Stability Chart and System Stability Report

Any of the icons on the System Stability Chart can be selected to move the scope of the System Stability Report to a specific time period. This is very useful because it allows you to see what happened the same day or just before some kind of failure occurred. Depending on this information, you will have a clue as to what may have been the cause of the failure.

Reading the System Stability Report

Every day your computer is given a system stability index rating based on the system activities of the day. The score is out of a possible 10 points. Depending on what has happened in the past, this score goes up or down. For example, if you have a Windows failure, your score goes down. As days pass, if you do not have any more failures, your score gradually goes back up again. However, if another failure occurs, it drops even more.

I recently had an issue with installing new video drivers for my laptop. I was trying to get the new Glass look in Windows Vista to work and was installing some drivers that were not exactly made for my laptop model. After I installed the new drivers, I had to reboot and was welcomed by the blue screen error. I rebooted again and the same thing happened. These system failures killed my System Stability index. Before I had these problems I had a rating of 9.44; after my driver fiasco, I had an index of 4.78. As you can see, your reliability rating can drop very quickly if you have multiple major errors, such as a blue screen.

When you notice that your System Stability index goes down, you are going to want to know why so that you can fix the problem and get the performance of your system back in line. The System Stability Report is perfect for understanding exactly what happened.

With your mouse, select a time period on the System Stability Chart in which your score dropped significantly. Depending on presence of the information, warning, or error icons in the grid for the specific day, you will be able to know what sections of the report you should expand to see the details of what happened. Figure 8-10 shows a red error icon in the Application Failures grid item on the selected day. This tells you to expand the Application Failures section of the report to see the details. After expanding the section, you will see which application failed and how it failed. Similarly, if this were a hardware failure, you would see the component type, device name, and why it failed. If it were a Windows or miscellaneous failure, you would see the failure type and details of what happened.

As you can see, reading the System Stability Report is a quick and easy way to see what exactly is going on. Next, you are going to use the new Event Viewer in Windows Vista to get even more detailed information on the state of the computer.

Using Event Viewer

Event Viewer in Windows Vista is a centralized source for reading all the system's various log files. When a component such as the Windows Firewall service has an error, a notification, or a warning, it can be viewed in Event Viewer. When a third-party application causes your computer to crash, the details of the event can also be found in Event Viewer. Even when any user logs on to your computer, the details of the event can be found in Event Viewer. As you can see, Event Viewer is the ultimate source to find out what is happening and has happened to your computer.

How can Event Viewer help with increasing the performance of your computer? Event Viewer enables you to identify hardware and software failures that you may not even know have been occurring. If you want to increase the performance of your computer, you need to fix any problems first. Skipping ahead without fixing the problems first is like tweaking your car engine for speed but not fixing the flat tires. Even if you increase the performance of other components of your computer, any errors or failures can offset any improvements in speed.

Using Event Viewer is very easy. Event Viewer is part of every version of Windows Vista but requires an account with administrative privileges to run. To start Event Viewer, click the Start button, type Eventvwr.msc in the Search box, and then press Enter.

After Event Viewer shows up onscreen, you will see the Overview and Summary screen, as shown in Figure 8-11. The Summary of Administrative Events section provides an aggregated view of all your events. This groups them together from all your system logs and also gives you time-period stats on the different types of events. Expand the different event types, such as Critical, Error, and Warning, to see a more detailed aggravated view of all events that match that event type. You can also double-click the event types and events to view more details. Doing so will create a custom view for you automatically. I will get into those in more detail shortly. First, let's lay the groundwork for using Event Viewer.

image from book
Figure 8-11: Windows Vista's Event Viewer

Reading logs and events

The various system logs are organized in two grouping folders:

Windows Logs: Windows Logs enable you to find events covering Windows core applications, security, setup, and the system.
Application and Services Logs: You can find events such as hardware and specific software applications under Applications and Services Logs.

When you expand the top-level grouping folders and select a sub-event topic, you are presented with a list of all the events sorted by date by default. Simply select an event to view the details.

Reading the event log is very easy to do. When an event is selected, you will see details of the event in the bottom pane. The most important pieces of information for each event are the source, ID, and description. If you do not see the description of the event on your screen, expand the Details pane up to review the description. Alternatively, you can double-click the event to bring up the Details pane in a new window.

If you have identified any events that signaled an error or warning, it is a good idea to research the event to find out if it is important to fix or not. The most popular way to investigate an event is to do a search on either Google or Yahoo with the event ID. With the new version of Event Viewer in Windows Vista, you can also click the More Information link on the Details view of an event. This will show you whether Microsoft has any information on the specific event.

Creating custom views

Using Event Viewer can be overwhelming because of the massive amount of data that you have access to. Custom Views is Microsoft's answer to data overload. Instead of looking through multiple log files, you can create a custom view in which you specify parameters for specific types of events. You can use the view to find all events that you specified no matter what log they are in. You first encountered a custom view on the Event Logs Summary screen. All the information in the Summary of administrative events section is populated by a custom view.

Creating your own custom view is easier than manually navigating through all the different log sources, and custom views are more flexible than the Event Log Summary screen. Follow these steps to create your own custom view:

With Event Viewer open, click Action in the menu bar and select Create Custom View.
The Create Custom View window loads, showing all the parameters of the view. You will see two tabs: Filter and XML. You will use the Filter tab because it automatically produces the XML for you.
Select the Time Period for your view. I like to use Last 7 Days for this option.
Check the boxes for the Event Levels you want to view, such as Critical, Error, and Warning.
Expand the Event Log drop-down box and then select the log sources that you want to search in.
You have the option to set a specific object to view events for, such as a specific application or device. Alternatively, you can just leave this setting as <All Event Sources>.
To find all the events with a certain ID, enter the Event ID. You can also exclude a specific event from the view by adding a minus sign in front of the ID (for example, −2030).
The last few settings are used less frequently. Here you can also specify the Task Category, Keywords for the event, and a specific computer user the event occurred with.
After finalizing the settings, click OK.
The Save As Custom View screen will pop up. Type a Name and click OK.

After your new custom view has been generated, you can open it by expanding Custom Views and selecting it from the list.

Using Task Manager

The Windows Task Manager is a critical part of Windows that makes it possible for users to have full control over what their system is doing. Providing the ability to monitor individual programs and control any program or process, Task Manager is very useful. No special software must be installed to use Task Manager; just press Ctrl+Alt+Del and then click Start Task Manager. You can also click the Start button, type taskmgr in the Search box, and then press Enter.

After Windows Task Manager has started, you will notice a list of active applications running on your computer. Additionally, you will see tabs that list processes, CPU performance data, networking performance data, and active user data.

Monitoring processes

All the applications on the computer that are running under your account, those that are hidden and those that are not, can be found on the list on the Processes tab. On this list, you will be able to see how much memory each process is using as well as how much of the CPU each process is using. By clicking the column headings, you can sort the rows either numerically or alphabetically.

Tip

By default, Task Manager shows you only the processes that were started under your username. When viewing the Processes tab, click the Show Processes from All Users button to view all processes. You will find that there are a lot of processes that run under the System account. Those are primarily system components.

There are many useful columns on the Processes tab:

The Image Name column shows the name of the process.
The User Name columns shows who started the process.
The CPU column shows what percentage of the CPU the process is using
The Mem Usage column shows how much memory a process is using.

If you find a process that is taking up a lot of your memory or eating up a big portion of your CPU, you might want to consider ending the process if it is not a critical one. Ending a process is very easy. Just select the row of the process you want to end, and click the End Process button.

Viewing performance data

The Performance tab, as shown in Figure 8-12, shows a lot of the same information that the Performance application shows. This tab is another place where you can view memory and CPU information, but in a far less detailed manner.

image from book
Figure 8-12: Windows Task Manager's performance information

The Networking tab is a great way to monitor the network performance. Each networking device on your computer has its own graph showing the percent that it is utilized. Although it does not keep track of bandwidth sent and received, it does show the speed that the hardware is working and if it is connected.

Configuring Task Manager to display CPU utilization

When Windows Task Manager is started, a small histogram is displayed in the system tray that shows the CPU utilization. This little feature can be very useful if you would always like to keep an eye on your CPU utilization but do not want Task Manager always on top of all your windows. With a little bit of work, it is possible to start up the Windows Task Manager automatically on every start and run it minimized and hidden from the taskbar except for the system tray.

Click the Start button, navigate to All Programs, and locate the Startup listing.
Right-click Startup and select Open. A new window opens with the contents of your personal startup folder. Any shortcuts that you place in this folder will be automatically loaded when Windows starts.
After the Startup folder is opened, right-click in the open white space, select New, and then navigate to Shortcut.
When the new shortcut wizard loads, type taskmgr.exe in the text box asking for the location of the file, and then click Next.
Type a name for the shortcut and click Finish.
Now you are shown the startup folder again and a new icon for Task Manager. To make Task Manager start minimized, right-click the new icon and select Properties.
Change the Run type where it says Normal Window to Minimized, and then click OK.
Now the shortcut is all set up. However, there is one last change to make and you will need to open up Task Manager to do this. After you have opened up Windows Task Manager, click the Options menu bar item and select Hide When Minimized so that when the program starts, only the CPU histogram will be shown and the program will not appear on the taskbar.

Your system is now configured to start up the CPU meter on every boot in the system tray. Should you change your mind at a later time and no longer want the Task Manager CPU meter to show up, simply delete the shortcut from the Startup folder.

Other performance monitoring utilities

In Chapter 3 I talked about how you can use the new Windows Sidebar to add all sorts of cool gadgets to the side of your screen. As more and more people begin to use Windows Vista, you are going to see more and more cool performance monitoring gadgets. Already there are several great performance monitoring gadgets that dock on your sidebar that allow you to see all types of performance information, such as drive space and CPU and memory usage. You can find these gadgets on Microsoft's Windows Live Gallery at http://www.gallery.live.com in the Tools and Utilities section.