Mr Snrub
Content Type
Profiles
Forums
Events
Posts posted by Mr Snrub
-
-
Should be, this is actually a very common scenario for Citrix Server installations that use M: as the boot drive letter - however when multiple disks (not partitions) are involved then it can be a bit trickier.Question 1 - Is it ok running windows off a drive letter other than C?
I would guess that the BIOS enumerated the drives and the one you selected was the second of the 2 it found - sometimes it can help to unplug (or disable in the BIOS) extra hard disk or optical drives (even card readers sometimes) so that there is no chance for another drive letter to be assigned for %systemdrive%.Question 2 - Have I put the SATA cables in the wrong order or something?To check if you might run into problems, temporarily disable the other disk in the BIOS (or unplug it) and verify the system boots and Windows reports it is still on E:.
One possible issue you might find is that the first disk has the boot loader and is marked active, but the OS is installed on the second disk - if you remove/disable either disk then the system won't boot.
0 -
I am closing this thread by request as it got derailed and there is a lot of information for the OP in the reply posts to chew over.
Clearly it's a matter of opinion as to which tweaks (a) can be made safely without immediate or down-the-line side effects and (B) will actually make a difference to performance, or just the system startup time.
0 -
That would be Visio (I have the 2003 version at home) - I pretty much use it solely for network diagrams, occasionally office floor plans.@Mr Snrub: What did you use to make the flow chart?0 -
24/8Mbps connection - not very accurate for the closest speedtest site it seems:
A bit more believable when testing a few hundred kilometers away at the southern end of Sweden:
0 -
Internet connection is 24Mbps down/8Mpbs up with 5 public IP addresses.
I use a (UPnP) NAT router anyway, so only 1 IP is typically used - but there is a switch connected to the cable modem so I can hook clients in there if another public IP is ever needed.
WLAN is WPA-encrypted, provided through the same GigE router, which simplified my network cabling a bit.
Client1 is my wife's primary machine, for gaming & graphics work.
Client2 is my machine, for gaming, debugging, etc.
Client3 is my wife's secondary machine for legacy apps that don't like 64-bit Windows (probably retiring soon as a gift to a friend).
Client4 is the machine in the guest bedroom for visitors, with a handful of games installed.
Server1 is my old client machine, acts as a file server primarily and is from where the Squeezebox streams its music, also runs Virtual Server as my sandbox for hotfix testing, debugging and "poking to see what it does" scenarios.
I have the website running in a VM for portability as I'm too lazy to try to figure out how to set up SQL Express every time I want to reinstall or upgrade the OS on the bare metal - once I upgrade my current rig it will become the new server, and is hypervisor-capable - that's the time at which I will have the website running on W2K8.
(Vista clients + W2K8 file server on GigE network using SMB 2.0 leads to very nice file transfer speeds - the XP client being wireless would not benefit much from an upgrade, it is rarely used and it's handy to have a legacy Windows client that isn't a VM for debugging.)
HTPC is a recent addition, replacing the DVD player and allowing playback of (all region) DVDs, HD-DVDs and BDs as well as streamed content.
XBox 360 Elite was the most recent addition, purchased for its HDMI output and in readiness for Fable II.
(Certain types of game just play so much better on a console & big screen TV, but I'll always use my PC for FPS & RTS games.)
0 -
If it's a straight batch file then you could add the following to make a conditional jump if the installed OS is not 64-bit:
if "%programfiles(x86)%XXX"=="XXX" goto 32BIT
Follow this line with your 64-bit specific parts, and where the 32-bit part starts have the following label:
:32BIT
The following is a complete batch file which just echos to the screen which platform it believes is present, as an example:
@echo offif "%programfiles(x86)%XXX"=="XXX" goto 32BIT
echo 64-bit Windows installed
goto END
:32BIT
echo 32-bit Windows installed
:END
Edit:
An alternative could be to check the environment variable PROCESSOR_ARCHITECTURE, e.g.
if "%PROCESSOR_ARCHITECTURE%"=="AMD64" goto 64BIT
(Yes, on Intel Core2 Duo CPUs this variable is still reported as AMD64.)
0 -
I used Zone Alarm Pro years ago, but found that it got slower and filled with more features that I didn't want in a personal firewall solution and so dumped it once the license expired.
Now I just use the built-in Windows Firewall, and rely on:
- NAT router to drop external attack attempts before they even reach any clients
- Windows Defender and anti-virus for malware detection
- UAC to prompt when a program is trying to do "something administrative" (I use Vista)
- common sense when browsing, downloading & receiving emails with attachments I don't expect or recognise
(As the NAT router takes care of the perimeter, the Windows Firewall is just protecting each client from its peers, just in case something managed to get in and hit one of the clients.)
0 -
Only a minidump, so not much info to extract, but it's the same bugcheck and underlying reason - an attempt to free a memory allocation which has already been freed.
Can't see from this dump what driver was freeing the memory, but as before it could be the victim not the cause - this allocation was last used for a File object, where before it was related to networking (TCP).Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.080413-2111
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Aug 26 16:14:51.406 2008 (GMT+2)
System Uptime: 0 days 4:47:58.968
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 02130007, Memory contents of the pool block
Arg4: 88c100d8, Address of the block of pool being deallocated
STACK_TEXT:
bacebcd4 8054b583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
bacebd24 805c1014 88c100d8 00000000 88e84ee0 nt!ExFreePoolWithTag+0x2a3
bacebd4c 805bb46e 00000000 88e84ef8 00000001 nt!ObpFreeObject+0x142
bacebd64 805bb8b8 88e84ef8 00000001 80562f20 nt!ObpRemoveObjectRoutine+0xe8
bacebd7c 8053876d 00000000 00000000 8a5bd020 nt!ObpProcessRemoveObjectQueue+0x36
bacebdac 805cff64 00000000 00000000 00000000 nt!ExpWorkerThread+0xef
bacebddc 805460de 8053867e 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
1: kd> !pool 88c100d8
Pool page 88c100d8 region is Unknown
88c10000 size: 98 previous size: 0 (Allocated) File (Protected)
88c10098 size: 38 previous size: 98 (Free) ....
*88c100d0 size: 98 previous size: 38 (Free ) *File (Protected)
Pooltag File : File objects
88c10168 size: a0 previous size: 98 (Free ) AfdC (Protected)
88c10208 size: 20 previous size: a0 (Allocated) ReTa
...
// Here is the raw dump of the problematic pool allocation:
1: kd> dc 88c100d0 88c10168-1
88c100d0 02130007 e56c6946 88b72330 00000000 ....Fil.0#......
88c100e0 00000000 00000000 bad0b0b0 c2000800 ................
88c100f0 00000000 00000000 00700005 8a077cf0 ..........p..|..
88c10100 00000000 88cdb350 00000002 00000000 ....P...........
88c10110 00000000 00000000 00000000 00000000 ................
88c10120 00000000 00040000 00000000 00000000 ................
88c10130 00000000 00000000 00000000 00000000 ................
88c10140 00000000 00000000 00000000 00000000 ................
88c10150 00000000 00040000 00000000 88c1015c ............\...
88c10160 88c1015c 00000000
// The pool allocation immediately before is also freed (looks like some USB communication driver allocation), but doesn't appear to have been a typical overrun as the header after is still intact:
1: kd> dc 88c10098 88c100d0-1
88c10098 00070013 00000000 89373c88 89309c50 .........<7.P.0.
88c100a8 88b9c748 00000000 00000010 88d816a0 H...............
88c100b8 022a0004 70627375 8a5246a8 0000020e ..*.usbp.FR.....
88c100c8 00000144 00000100 D.......
The following driver I thought was installed by VMWare for its emulated NIC, but it is still loaded in this dump, and look at the date on it...
I don't think this is an onboard device from the last time I checked the specs, so if you don't have one of these installed it may be a good idea to see if it's in Device Manager, and maybe even rename/delete the file on disk to prevent it being loaded.1: kd> lmvm el90xbc5start end module name
b94dd000 b94ed400 el90xbc5 (deferred)
Image path: el90xbc5.sys
Image name: el90xbc5.sys
Timestamp: Tue Jul 17 01:40:19 2001 (3B537B63)
CheckSum: 0001DD13
ImageSize: 00010400
File version: 4.5.0.0
Product version: 5.0.0.0
File flags: 8 (Mask 3F) Private
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: 3Com Corporation
ProductName: 3Com EtherLink PCI
InternalName: EL90XBC5.SYS
OriginalFilename: EL90XBC5.SYS
ProductVersion: 5.00
FileVersion: 4.05.00.0000
FileDescription: 3Com EtherLink PCI Driver
LegalCopyright: Copyright 1994-2001, 3Com Corporation.
Though it's not a filter driver so I don't see how it should be interfering... I'd stick with the ZoneAlarm plan for now.
0 -
I was quoting you to agree with your statement ("QFT") - the paragraph you pasted above was actually a reference to the suggestions from others along the lines: "while (1) {smaller = better};".I've seen code that is pretty big that takes into account the register pairing and chache predictions execute quicker than small chunks of code. Smaller code is not always better.I would agree only with "less lines of machine code in a given execution path (i.e. disregarding exception handling code) would run faster than a larger number of lines in the same path" and "more lines of (source or machine) code increases the risk of introducing bugs".
However, the (security, stability, extra feature) benefits of the changes/extensions to code (IMO) outweigh the potential performance hit and risk of bugs (as the internal, alpha and beta testing phases before the release candidates will identify and nail the vast majority of the bugs anyway).
Here's an example. If I have misunderstood you then I apologize.
(Sorry, I should have rearranged the paragraphs or spaced better in my response.)
0 -
In your situation I would have gone into the BIOS and disabled the unused hardware so it is not even presented to Windows when it comes to device enumeration.Okay, let me give you a real-world example. My dual-PIII used to take over 2 minutes to boot, and most of that 2 minutes the bar just scrolled and scrolled, with no HDD activity. I opened up Device Manager and disabled the onboard SCSI controller that i wasn't using since i have a SATA card. Now it takes 40 seconds, half of which are the hardware checks - Windows itself boots in 20 seconds.In your opinion, should i be so nice to let Windows handle it, and enable the SCSI controller back so i have time for a snack till my computer boots?.
The example you gave was machine-specific, and if there isn't an option in the BIOS to disable the onboard SCSI controller then sure, Device Manager would be the way forward - but that has zero impact on system performance and I would say the delay is down to the driver or BIOS, not the OS.
Any post-install customization takes you further from the "out of the box" configuration and into territory where all sorts of issues (possibly way, way down the line) can occur - disabling devices in Device Manager to me is a last resort, and disabling Windows services via the Services Control Panel applet is something to look at for servers to be deployed in DMZs or secured environments as a security hardening procedure, not for performance.
Yes, you can eke out a relatively small decrease in startup time and virtual memory consumption with knowledge of the OS, your system and what you have changed - but I wouldn't do this for other users' systems (only 3rd party service tweaking when they are causing problems, like someone who had Norton and Norman anti-virus installed at the same time which deadlocked the system ~30 seconds after startup and neither would uninstall properly).
0 -
Is it an old SmartStart CD with a recent server, or vice versa?
I've noticed that HP tend to drop the older servers from more recent SmartStart CDs.
Does this not have the drivers you need?
0 -
While the thread is still a "healthy debate" and keeping an eye on the temperature...
I wanted to +1 this.If you want to disable services on your own computer, go for it. If you're doing work for others, chances are you'll end up disabling something that's going to cause them problems later. While this might end up giving Poolsharkzz more customers in the long run, I think it's just wrong, and isn't worth the "OMG 3 seconds faster boot" that you get.The focus appears to have been on components being stripping components from the install media, deselected during install or disabled post-install with a view to saving resources with the expectation that this implicitly leads to better performance.
Those "erring on the side of caution" are suggesting that care is taken to measure correctly that there is in fact any difference in performance and also that the end user is aware of and understands what was changed so that future issues that crop up can have their root cause identified more readily.
(In the corporate world this awareness changes more to "security hardening" and "group policies" having strange side effects - the latter at least can be filtered out for troubleshooting.)
Trying to increase performance through tweaks requires a good understanding of what the components do for you or the system, a simple paragraph that describes what a service does with a recommendation that "it should be okay to disable this - try it and see" doesn't cut it IMO.
I feel that Black Viper's list is a collection of such statements that people often follow blindly and acts as a placebo.
Performance needs to be measured accurately, with a baseline and changes being made individually to observe their impact - also as Zxian mentioned "startup times" are nowhere near as important as "operational speed" - with S3 sleep mode boot times become completely irrelevant for workstations and I see this being the future, and for most applications once they are loaded into memory their performance is unlikely to be affected by other consumers of virtual memory (as unneeded ones will already have been paged to disk anyway).
Trying to measure how optimized a system is based on the amount of memory (physical or virtual) is committed, how long it takes to start up or where CPU cycles are being spent (when not at 100% for long periods of time) can turn out to be inaccurate, so a false economy to try to "fix".
0 -
The problem in this dump is a "double free" of a nonpaged pool allocation - a driver has already freed up an allocation and then tries to free it again, so it's not a corruption and not something you can trap easily with a crash dump (if at all).
The culprit driver here looks like Zone Labs' vsdatant.sys - I'm guessing Zone Alarm or the security suite.
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.080413-2111
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Thu Aug 21 04:48:05.484 2008 (GMT+2)
System Uptime: 0 days 4:15:37.190
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 02060001, Memory contents of the pool block
Arg4: 888ac380, Address of the block of pool being deallocated
DEFAULT_BUCKET_ID: DRIVER_FAULT
STACK_TEXT:
bacf78b8 8054b583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
bacf7908 ae962782 888ac380 00000000 bacf7950 nt!ExFreePoolWithTag+0x2a3
bacf7918 ae962450 888f9c68 888f9cfc 888f9cfc tcpip!TCPClose+0x16
bacf7950 ae8ef0c1 8a0af5e8 888f9c68 ae8ee9cd tcpip!TCPDispatch+0x101
bacf795c ae8ee9cd 8a0af5e8 888f9c68 00000002 vsdatant+0x450c1
bacf7990 ae8ef04a 8a0af5e8 888f9c68 888f9c68 vsdatant+0x449cd
bacf79b4 ae8eeee7 897e87a0 ae8ef057 888f9c68 vsdatant+0x4504a
bacf79bc ae8ef057 888f9c68 8a0ab5e0 8a0a60d8 vsdatant+0x44ee7
bacf79ec 8053721f 00000000 bacf7a28 80537283 vsdatant+0x45057
bacf7a40 bab384c9 ae999690 bab384d4 ae998000 nt!ExNotifyCallback+0x43
bacf7a58 ae965c0b 02999680 ae965c16 898636f4 TDI!CTEScheduleDelayedEvent+0x35
bacf7a70 ae95b65a 8a0b0da8 02cf7ab0 00000001 tcpip!LoopXmit+0x6a
bacf7aa0 ae95b79f ae9994c0 0100007f 88bf0880 tcpip!SendIPPacket+0x193
bacf7bec 888e5d68 00000000 89032c68 00000000 tcpip!IPTransmit+0x289e
bacf7c48 804ef18f 8a0af5e8 888f9c68 888f9c68 0x888e5d68
bacf7cbc 80583af8 888e5d68 00000000 00000000 nt!IopfCallDriver+0x31
bacf7cf4 805bb466 008e5d80 00000000 888e5d68 nt!IopDeleteFile+0x132
bacf7d10 805266ca 888e5d80 00000000 8052667e nt!ObpRemoveObjectRoutine+0xe0
bacf7d28 ae88bc0f 88944468 889443f0 ae888cb6 nt!ObfDereferenceObject+0x4c
bacf7d3c ae88bbbc 889443f0 ae88a7a8 bacf7d68 afd!AfdFreeConnectionResources+0x38
bacf7d4c ae88886a 88944468 8a12a1f0 8a215740 afd!AfdFreeConnection+0x5c
bacf7d68 80576ad5 8a215740 00000000 8056485c afd!AfdDoWork+0x51
bacf7d7c 8053876d 8a12a1f0 00000000 8a5bd8b8 nt!IopProcessWorkItem+0x13
bacf7dac 805cff64 8a12a1f0 00000000 00000000 nt!ExpWorkerThread+0xef
bacf7ddc 805460de 8053867e 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
vsdatant+450c1
ae8ef0c1 c20c00 ret 0Ch
1: kd> !pool 888ac380
Pool page 888ac380 region is Nonpaged pool
888ac000 size: 228 previous size: 0 (Free) GeN-
888ac228 size: 70 previous size: 228 (Allocated) GeN-
888ac298 size: 8 previous size: 70 (Free) AfdC
888ac2a0 size: d0 previous size: 8 (Allocated) FMsl
888ac370 size: 8 previous size: d0 (Free) File
*888ac378 size: 30 previous size: 8 (Free) *TCPc
Pooltag TCPc : TCP/IP network protocol, Binary : TCP
888ac3a8 size: c58 previous size: 30 (Free) Ddk
1: kd> dc 888ac378 888ac3a8-1
888ac378 02060001 63504354 88adb188 00000000 ....TCPc........
888ac388 bad00101 02040001 00000000 888ac394 ................
888ac398 888ac394 899a9c18 888f9c68 00000000 ........h.......
1: kd> lmvm vsdatant
start end module name
ae8aa000 ae9090e0 vsdatant (no symbols)
Loaded symbol image file: vsdatant.sys
Image path: \SystemRoot\System32\vsdatant.sys
Image name: vsdatant.sys
Timestamp: Wed Jul 09 17:33:32 2008 (4874DA4C)
CheckSum: 00068FDC
ImageSize: 0005F0E0
File version: 7.0.483.0
Product version: 7.0.483.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04e4
CompanyName: Zone Labs, LLC
ProductName: TrueVector Device Driver
InternalName: vsdatant
OriginalFilename: vsdatant.sys
ProductVersion: 7.0.483.000
FileVersion: 7.0.483.000
FileDescription: TrueVector Device Driver
LegalCopyright: Copyright © 1998-2006, Zone Labs, LLC
Virtual memory and running process summary shows no particular issue:
1: kd> !vm*** Virtual Memory Usage ***
Physical Memory: 523883 ( 2095532 Kb)
Page File: \??\C:\pagefile.sys
Current: 1572864 Kb Free Space: 1528732 Kb
Minimum: 1572864 Kb Maximum: 3145728 Kb
Available Pages: 248404 ( 993616 Kb)
ResAvail Pages: 436781 ( 1747124 Kb)
Locked IO Pages: 229 ( 916 Kb)
Free System PTEs: 173801 ( 695204 Kb)
Free NP PTEs: 32766 ( 131064 Kb)
Free Special NP: 0 ( 0 Kb)
Modified Pages: 202 ( 808 Kb)
Modified PF Pages: 202 ( 808 Kb)
NonPagedPool Usage: 7565 ( 30260 Kb)
NonPagedPool Max: 65536 ( 262144 Kb)
PagedPool 0 Usage: 9806 ( 39224 Kb)
PagedPool 1 Usage: 3665 ( 14660 Kb)
PagedPool 2 Usage: 3688 ( 14752 Kb)
PagedPool 3 Usage: 3643 ( 14572 Kb)
PagedPool 4 Usage: 3636 ( 14544 Kb)
PagedPool Usage: 24438 ( 97752 Kb)
PagedPool Maximum: 92160 ( 368640 Kb)
Shared Commit: 5223 ( 20892 Kb)
Special Pool: 0 ( 0 Kb)
Shared Process: 3566 ( 14264 Kb)
PagedPool Commit: 24438 ( 97752 Kb)
Driver Commit: 4490 ( 17960 Kb)
Committed pages: 210183 ( 840732 Kb)
Commit limit: 876542 ( 3506168 Kb)
Total Private: 166545 ( 666180 Kb)
0a7c war3.exe 57184 ( 228736 Kb)
0750 firefox.exe 27261 ( 109044 Kb)
0080 iexplore.exe 27193 ( 108772 Kb)
01d4 avp.exe 10246 ( 40984 Kb)
039c vsmon.exe 8637 ( 34548 Kb)
07a4 RTHDCPL.exe 4920 ( 19680 Kb)
02f4 svchost.exe 4683 ( 18732 Kb)
0444 HDSentinel.exe 4172 ( 16688 Kb)
0360 explorer.exe 4046 ( 16184 Kb)
075c zlclient.exe 2977 ( 11908 Kb)
0598 winlogon.exe 2025 ( 8100 Kb)
05d0 lsass.exe 1099 ( 4396 Kb)
0408 vmware-authd.ex 1095 ( 4380 Kb)
02ec IDMan.exe 1064 ( 4256 Kb)
0500 svchost.exe 980 ( 3920 Kb)
0704 avp.exe 978 ( 3912 Kb)
0524 xRaidSetup.exe 865 ( 3460 Kb)
01f8 spoolsv.exe 861 ( 3444 Kb)
0680 svchost.exe 783 ( 3132 Kb)
0428 nvsvc32.exe 698 ( 2792 Kb)
044c svchost.exe 640 ( 2560 Kb)
06ec rundll32.exe 636 ( 2544 Kb)
07f8 SoundMan.exe 509 ( 2036 Kb)
06b8 svchost.exe 504 ( 2016 Kb)
0580 csrss.exe 492 ( 1968 Kb)
05c4 services.exe 470 ( 1880 Kb)
0688 svchost.exe 433 ( 1732 Kb)
0d58 alg.exe 330 ( 1320 Kb)
0c90 ping.exe 288 ( 1152 Kb)
0480 vmnat.exe 232 ( 928 Kb)
02b0 vmnetdhcp.exe 195 ( 780 Kb)
036c smss.exe 42 ( 168 Kb)
0004 System 7 ( 28 Kb)
0484 war3.exe 0 ( 0 Kb)
Did you have a problem with Warcraft 3?
There are 2 processes war3.exe, one has an elapsed time of ~4 days and has 0 handles, implying the process did not close properly - the second instance has been running ~18 hours:
1: kd> !process 0 0 war3.exePROCESS 892f1020 SessionId: 0 Cid: 0484 Peb: 7ffd5000 ParentCid: 0f88
DirBase: 0b180440 ObjectTable: 00000000 HandleCount: 0.
Image: war3.exe
PROCESS 8924d020 SessionId: 0 Cid: 0a7c Peb: 7ffde000 ParentCid: 0e80
DirBase: 0b180460 ObjectTable: e60de848 HandleCount: 2920.
Image: war3.exe
You also have VMWare installed, so it might be these 2 products (Zone Labs and VMWare) not playing nicely:
1: kd> lmvm vm*start end module name
b178e000 b1798480 vmci (export symbols) vmci.sys
Loaded symbol image file: vmci.sys
Image path: \??\C:\WINDOWS\system32\Drivers\vmci.sys
Image name: vmci.sys
Timestamp: Thu Jun 19 02:45:11 2008 (4859AC17)
CheckSum: 000102A1
ImageSize: 0000A480
File version: 6.5.0.3129
Product version: 6.5.0.3129
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: VMware, Inc.
ProductName: VMware kernel driver
InternalName: vmci.sys
OriginalFilename: vmci.sys
ProductVersion: e.x.p build-99530
FileVersion: e.x.p
FileDescription: VMware kernel driver
LegalCopyright: Copyright © 1998-2008 VMware, Inc.
b335e000 b3364000 vmnetbridge (no symbols)
Loaded symbol image file: vmnetbridge.sys
Image path: \SystemRoot\system32\DRIVERS\vmnetbridge.sys
Image name: vmnetbridge.sys
Timestamp: Thu Jun 19 03:26:56 2008 (4859B5E0)
CheckSum: 00015E55
ImageSize: 00006000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b54b5000 b54b9c00 vmnetuserif (no symbols)
Loaded symbol image file: vmnetuserif.sys
Image path: \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys
Image name: vmnetuserif.sys
Timestamp: Thu Jun 19 03:26:32 2008 (4859B5C8)
CheckSum: 00015C3F
ImageSize: 00004C00
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b9b43000 b9b46b00 VMkbd (no symbols)
Loaded symbol image file: VMkbd.sys
Image path: \??\C:\WINDOWS\system32\drivers\VMkbd.sys
Image name: VMkbd.sys
Timestamp: Thu Jun 19 04:19:43 2008 (4859C23F)
CheckSum: 00005A54
ImageSize: 00003B00
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba067000 ba069f00 VMNET (export symbols) VMNET.SYS
Loaded symbol image file: VMNET.SYS
Image path: \SystemRoot\system32\DRIVERS\VMNET.SYS
Image name: VMNET.SYS
Timestamp: Thu Jun 19 03:26:22 2008 (4859B5BE)
CheckSum: 0000772F
ImageSize: 00002F00
File version: 4.0.2.0
Product version: 4.0.2.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: VMware, Inc.
ProductName: VMware virtual network driver (32-bit)
InternalName: VMnet.sys
OriginalFilename: VMnet.sys
ProductVersion: 4.0.2.0 build-99530
FileVersion: 4.0.2.0
FileDescription: VMware virtual network driver (32-bit)
LegalCopyright: Copyright © 1998-2008 VMware, Inc.
bada4000 bada6680 vmnetadapter (no symbols)
Loaded symbol image file: vmnetadapter.sys
Image path: \SystemRoot\system32\DRIVERS\vmnetadapter.sys
Image name: vmnetadapter.sys
Timestamp: Thu Jun 19 03:26:25 2008 (4859B5C1)
CheckSum: 0000BC14
ImageSize: 00002680
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
badbe000 badc0000 VMparport (no symbols)
Loaded symbol image file: VMparport.sys
Image path: \??\C:\WINDOWS\system32\Drivers\VMparport.sys
Image name: VMparport.sys
Timestamp: Thu Jun 19 02:44:23 2008 (4859ABE7)
CheckSum: 0001193F
ImageSize: 00002000
File version: 6.5.0.3129
Product version: 6.5.0.3129
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: VMware, Inc.
ProductName: VMware parallel port driver
InternalName: VMparport.sys
OriginalFilename: VMparport.sys
ProductVersion: e.x.p build-99530
FileVersion: e.x.p
FileDescription: VMware parallel port driver
LegalCopyright: Copyright © 1998-2008 VMware, Inc.
Onboard Marvell Yukon NIC driver seems pretty recent:
1: kd> !sysinfo machineidMachine ID Information [From Smbios 2.4, DMIVersion 36, Size=1197]
BiosVendor = Award Software International, Inc.
BiosVersion = F10H
BiosReleaseDate = 04/24/2008
SystemManufacturer = Gigabyte Technology Co., Ltd.
SystemProductName = 965G-DS3
SystemFamily =
SystemVersion =
SystemSKU =
BaseBoardManufacturer = Gigabyte Technology Co., Ltd.
BaseBoardProduct = 965G-DS3
BaseBoardVersion =
1: kd> lmvm yk*
start end module name
b9420000 b9466880 yk51x86 (no symbols)
Loaded symbol image file: yk51x86.sys
Image path: \SystemRoot\system32\DRIVERS\yk51x86.sys
Image name: yk51x86.sys
Timestamp: Tue May 20 15:03:14 2008 (4832CC12)
CheckSum: 00054588
ImageSize: 00046880
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
Depending on how consistent the dumps are (always have the same stack or the same drivers in the stack, same bugcheck code, etc.) this could be a RAM fault as it's nonpaged pool (resident in physical memory), but I would be more inclined to believe a driver fault.
I would go down the route of either uninstalling VMWare to see if the problem goes away, or the Zone Labs software so long as you are behind a NAT router.
Or wait until the next dump is produced and we can check for consistency (i.e. always network-related activity on the crashing thread stack).
A few hours testing overnight with memtest86 would not be a bad idea either.
0 -
I would agree that threads that are in the RUNNING or READY TO RUN states would be consuming and queued to consume CPU cycles respectively, but a process in the "Running" state does not mean it is consuming CPU time.Ummm, can you explain how it's not possible to reduce your system memory usage and CPU cycles and not gain performance? Computers 101:Any running process on your system is consuming memory and CPU cycles -- which is that much less available to anything else running on your system at any given time. You want to reduce the overall overhead, no? Running these little leeches 24/7 comes at a price -- you don't get something for nothing in this world.
System Memory and CPU Cycles are at the very heart of this matter - and his Uncle's system is quite weak in both areas - by today's standards - or yester-year's standards - or most standards - and he really cannot do anything about it - and he needed some help.
A process can be seen as a "container" for threads, which actually execute on processors.
A thread in the WAIT state will not be scheduled for execution - it is an indication that it is waiting for something else to occur before its state is changed and it is poked to continue execution.
So unused, passive processes (such as a lot of services) don't waste CPU cycles.
As for memory consumed, Windows is a virtual memory-based OS and if a process consumes physical RAM and does not use it then over time it will be paged to disk (to the page file) and have a tiny footprint (working set).
Checking the CPU usage and working sets of processes shortly after a boot is not a good way to measure them.
By all means disable services that you know you do not need (WZC on systems with no wireless or 802.1x requirements), but be wary of disabling anything & everything - you don't necessarily know what the system itself, or future products you come to install, require.
0 -
You live & learn, cheersActually, untrue. When you dump the box it only reads the "Initial size" number, and as such this has the possibility for not being large enough for a kernel dump (can be up to 2GB, if this is x86), and definitely not enough for a complete dump.Though in practicality I don't think I've seen a kernel dump larger than ~800MB even from x64 Server systems.
0 -
Before a user logs on, the profile that is used is the SYSTEM.could you explain how it is possible to have another keyboard-layout at login-screen different to what is setup normally?To define the locale settings for the SYSTEM account and Default Users accounts on XP with the default Control Panel layout:
- click "Date, Time, Language and Regional Options"
- click "Change the format of numbers, dates, and times"
- configure the regional settings as required, including the keyboard and input language via the Details button on the Language tab
- click the Advanced tab
- check the box "Apply all settings to the current user account and to the default user profile", the following popup box appears:
"You chose to apply these settings to the default user profile.
These settings will affect the logon screen and all new user accounts. Some system services may require you to restart your computer before the changes will take effect."
- click OK on the message, then OK or Apply on the previous window, then restart
0 -
That's fine as is it, no need to change it from those settings - the page file is on the boot drive and can grow to at least 2098MB (2048+50) - which is also the largest you could possibly need for a kernel dump on a 32-bit system too.
0 -
It scans through files on disk and creates a catalog containing keys on which you can search, so you can locate files by contents, not just names.Anyway, wat is the purpose of indexing service??0 -
This was the main reason, I believe, for introducing User Principal Names (UPNs): http://support.microsoft.com/kb/243280My users have enough problems remembering the username and password let alone have to type domain\usernameUsers have an easier time remembering email addresses, so these can be added to their user accounts in AD to make their logon life easier - might be something worth looking into.
0 -
I must have failed to explain the use of idel time correctly - the OS does not use all idle time to achieve its goals - in fact very little proportionally, plus if the system is given something else to do (user-initiated or based on a schedule) then prefetching and indexing have much lower process and I/O priorities so they get suspended again until the system has been idle for some time.I replied short because there were many things to reply to, but anyway I think you caught my idea.Of course some housekeeping must be done, but I disagree that the computer (CPU, RAM, HDD) has to work all the time (as said, to make my money's worth).
...
Idle time can be put to good use in many ways (cancer research/distributed computing etc.) but this and similar (in my opinion unnecessary) tasks are imposed onto 99 % of the users that don't (care to/need to/are afraid to) tweak.
There isn't an endless amount of work to be done when idle, and systems spend a huge percentage of their time idle (servers and workstations alike) - there is plenty of proof for this given the number of dumps observed which record the "true" idle time statistics.
Don't think of the OS using idle time in terms of SETI or Folding @ Home projects - those are designed to use all idle CPU cycles.
It would make the concepts of SpeedStep and ACPI redundant!
Okay, so your file system was designed in an organized fashion - you're most likely in the minority of users worldwide - but you're also missing the point of the Windows Search service in Vista being designed around iFilters - so content of any type can be indexed, not just files.To give another example, I don't use indexing service(s) because my stuff is organized. When I need to search, 99% of the time it is in one folder with less then 100 items. Very rare, I search in 3-4 folders at once. And for that 0,01% when I do a full all-drive search, I just start it and get over with it when it's done, which never takes too long. But If I happen to see my hard drives grind all the time while the computer is idle (or half of the time, or quarter of the time), I would be very annoyed.But that's just me. Anyway, I think that indexing is extremely wasteful even for the average user (if such a thing exists). The disorganized one. Not knowing (or wanting to know) basic characteristics of file types or the filesystem.
So the Office team produced iFilters for their products, and now you can search inside emails held in Outlook with the same interface - 3rd parties can produce iFilters for their proprietary file formats to leverage the power of the functionality provided by the OS, instead of having to write their own engine.
Files can be tagged with metadata for use in searching, so you can locate images and videos through Search too - so for those times when a photo falls in multiple categories and your file system rigidly makes you put it into one folder, or have multiple copies of the same photo.
So I would disagree that the indexing service is a waste for most users - quite the opposite.
How do you know they were unnecessary, and did you look at the actual schedule to see how often they would run?And a semi-example: in a fresh Vista install, at friend's, I saw around 10 scheduled tasks. (semi-example because I don't remember them exactly.) IMHO at least 7 of them were completely unnecessary. Bureaucratic stuff.0 -
Or create a brand new group "Restricted Users", make the others members of this group, then use this new group for your explicit Deny ACLs?
Much easier to control who is then actively banned from doing specific functions without risking too much impact, as Deny takes precedence over Allow.
0 -
Indexing, backups or system scans can "access" a large number of files to update that time stamp to the same (or very close) value.
Something like Windows (or another) Desktop Search tool, some backup or system restore utility, or anti-virus full system scan, for example.
0 -
I put some instructions for setting up Process Monitor here - and if you scroll up a little bit on that page there is a link to a quick search for finding where you can upload to various free file hosting sites.
It is MUCH easier to read ProcMon logs if you don't have lots of processes running at the same time while taking the trace, btw.
Keep the trace as short as possible - start logging, reproduce the error message and then stop logging as quickly as possible.
0 -
That's kind of pedantic - when your system has had nothing to do for a period of time, it starts to do something proactive, and it does not use all idle time to constantly shuffle data from disk into RAM.
Snipped to the extreme, just to show you what you're saying. If it works, then PC isn't idle.it works when your PC is idle
I might be taking this example a bit literally, but easier than: right-click the task bar and un-tick the box "Show window previews (thumbnails)" on the Properties tab?2/When new features comes in the way of productivity. You can get the fastest machine that money can buy, Vista doesn't make your human work faster.As an example the little windows preview on the task bar. It doesn't help to have a postage stamp sized view of a screen, and it's rather disturbing. IMO, higher productivity comes with a minimal amount of events on your screen, especialy moving objects, unexpected balloons or dialogs, self-changing stuffs etc.
Now because it's my personal opinion, I won't say that they shouldn't exist since other users may like it, but it should be easier to disable/enable
But it's also not safe to assume people have the knowledge of how to locate the manufacturer's websites to get the drivers, or the website is available when needed, or that they have internet access, or that the driver packages can be silently installed (in the case of corporate deployments)...This, I'v never understood: Why do they need to stash all the drivers known to mankind on every computers?Every hardware sold comes with it's driver on a cd-rom which is always better and updated. Lost cd-rom? You'll find them on the firm website. While installing, it's fine to have as many drivers as possible on hand on the DVD, but why copying all the drivers on the HDD, for just the few pieces of hardware you will buy in the future and will come with new drivers anyway? Perfect non-sens IMO.
Plus those annoying situations when doing rebuilds and you fall at hurdle 1 because of the lack of in-box disk controller driver, or at hurdle 2 because of the lack of in-box NIC driver meaning you can't connect to the Internet to get the remaining drivers...
The value of a large collection of in-box drivers is immeasurable when they are needed, and the cost (even when not needed) is comparatively trivial.
In quote 1 you seem to be pushing for an easier user experience, then in the second quote exactly the opposite?
QFT - smaller code implies less boundary checking which implies possibly more (not less) vectors for malware or stability problems.I've seen code that is pretty big that takes into account the register pairing and chache predictions execute quicker than small chunks of code. Smaller code is not always better.I would agree only with "less lines of machine code in a given execution path (i.e. disregarding exception handling code) would run faster than a larger number of lines in the same path" and "more lines of (source or machine) code increases the risk of introducing bugs".
Hhowever, the (security, stability, extra feature) benefits of the changes/extensions to code (IMO) outweigh the potential performance hit and risk of bugs (as the internal, alpha and beta testing phases before the release candidates will identify and nail the vast majority of the bugs anyway).
0
Can malware replace legit Windows files?
in Malware Prevention and Security
Posted
Another trick that has been used is to have lookalike executable names - dllh0st.exe, for example.
If suspicious of a running process, use Task Manager or Process Explorer to view the command line rather than just the process name - that can often give clues as to what a process is.