Exploring Windows’ Administrative Tools: Part 2

Fred Langa

Windows’ Performance Monitor is the key to understanding the details of your PC’s operation.

This tool (built into XP, Vista, and Win7) lets you see, in real time and in collected data logs, how your PC reacts as different programs run — or fail to run!

In Part 1 of “Exploring Windows’ Administrative Tools” (May 10 Top Story), you saw how a few easy tweaks can give you two-click access to hundreds of Windows’ most powerful diagnostic, tuning, and administrative features. In this installment, we’ll explore one of the most powerful of these tools — Performance Monitor.

Here’s how to access the version built into your copy of Windows:

In an admin-level account, click Start, type perfmon in the Start Menu’s search box, and press Enter. Figure 1 shows Performance Monitor’s initial dialog box in Windows 7.

Performance Monitor's opening screen

Figure 1. Like the proverbial iceberg's tip, Performance Monitor's initial dialog only hints at what lies beneath.

Because most Windows Secrets readers are now using Windows 7, I’ll focus on its Performance Monitor. But Vista’s version is nearly identical and XP’s is similar, though simpler. I’ll also include abundant links for additional general and version-specific information at the end of this article.

Literally thousands of monitoring options

Although it has a single name, Performance Monitor actually aggregates a cornucopia of separate subtools and monitoring functions. Windows refers to these monitoring functions as counters because each one counts or aggregates various performance metrics.

There are hundreds of counters included with Performance Monitor, and many of those counters can be used more than once the same monitoring session — for example, monitoring the CPUs in a multicore system, the hard drives in a multidrive setup, network traffic on PCs with more than one connection, and more. In total, Performance Monitor is capable of tracking thousands of counters!

Performance Monitor (PerfMon for short) can display the vast amount of data it generates in real-time moving charts and graphs or store that information in log files for later analysis.

The logged data is useful for serious technical troubleshooting. You can set up PerfMon to track the counters of interest and then run your PC as you normally would — perhaps to recreate a task known to cause trouble. Checking the logs afterward can reveal exactly what went wrong and when.

There’s just one catch: selecting the right counters and setting up the data logs can be quite complicated.

PerfMon’s real-time displays are easier to use. They let you see what’s going on with your system as it happens. As such, the real-time displays are a great way to learn how your system works and how it responds to varying conditions. The downside is that you have to keep your eyes on the running counters to catch trouble as it happens — and that’s not always possible.

Still, given the enormous complexity of PerfMon, exploring the real-time displays is perhaps the best way to learn about the tool.

Win7’s simpler, preconfigured monitoring tool

PerfMon, in all Windows versions, is extravagantly configurable. If you take the time to learn it in detail and set up the counters you want to monitor, PerfMon can track and graph just about any metric you care to name. But it’s so complex that it’s difficult to get your mind around at first. (At least, it was for me.)

Fortunately, Windows 7 also offers Resource Monitor (ResMon for short), a selected, preconfigured subset of some of PerfMon’s most important counters. A subtool within PerfMon, ResMon displays its counters in a slick, standalone graphical interface that makes it easy to see at a glance what’s happening with a Win7 system’s CPU, disk, network, and memory.

Even though ResMon presents only a small subset of PerfMon’s counters, its clarity and relative simplicity make it a great starting place for understanding what Windows’ performance monitoring is all about. ResMon is found only in Win7, but its underlying concepts pertain to all versions of Windows.

Let’s take a closer look at what ResMon can do.

If you’re running Win7, open PerfMon as described earlier and, at the bottom of the pane labeled Overview of Performance Monitor (as shown above in Figure 1), click the blue link: Open Resource Monitor.

(As you’d expect with Windows, there also are several shortcut or back-door ways to access ResMon. For example, you can type resmon in the Start Menu’s text-entry box; or open Task Manager, click its Performance tab, and then click the Resource Monitor button. These kinds of alternate access methods are good to know, but they obscure ResMon’s true place as a subset of the main Performance Monitor tool. That’s why I’m suggesting the long-form, “front door” approach for now.)

In any case, when Resource Monitor opens, it will look something like what’s shown in Figure 2.

ResMon's counters screen

Figure 2. Win7's Resource Monitor gives a polished, real-time, graphical view of key system stats.

Select the Overview tab and then put the ResMon window off to one side of your screen. Use your PC in typical ways — search your disk for a file, go online, open a large application, etc. — and watch what happens in the ResMon display.

Now poke around the tabs.

  • CPU shows aggregate (CPU — Total) usage plus stats and graphs for each of the processors (or cores) in your PC.
  • Memory shows how much system RAM is in use and how it’s divvied up.
  • Disk shows overall throughput and the responsiveness of each hard drive in the system.
  • Network shows the type and number of connections in use and the throughputs of each active connection.

Note that most of the labels and other display elements in ResMon offer explanatory tips or balloon help when you hover your cursor over them. You’ll also find detailed assistance and explanations via the Help menu at the top of the ResMon window.

Using ResMon to cure hangs and delays

Now that you’re generally familiar with what’s in ResMon and how it works, here’s a real-life, practical use you can try the next time your system hangs or suffers a slowdown.

Programs often depend on separate, semi-independent software tasks, processes, or threads to occur in a specific order. Think of the process as a chain of dependencies where process A has to complete before process B can continue, process C has to wait for B to finish, and so on. Because each process has to wait for the previous one(s) to complete, the list of dependent elements is called a wait chain.

When a program hangs, it’s often because of a failure in the wait chain: some task or thread or process is stuck and is holding up all the program elements waiting behind it.

ResMon can let you analyze the wait chain of a hung program to see what’s causing the blockage and to terminate the stalled element. In many cases, your hung program might then recover and operate normally. Yes, ResMon can sometimes cure software hangs with just a few clicks!

Here’s how:

  • Step 1. With ResMon open and running, click the CPU tab and find the troublesome application in the Processes section’s Image column. (An “image” in this case is simply the name of a program or process.)
  • Step 2. Right-click the app or process and select Analyze Wait Chain. For example, see Figure 3, in which I pretended that Word was hung. (It wasn’t actually hung, but I selected it anyway to illustrate how the Analyze Wait Chain function works.)

    The Analyze Wait Chain option

    Figure 3. ResMon's Analyze Wait Chain function shows (and lets you control) other processes and programs that the selected software depends on.

  • Step 3. When the Analyze Wait Chain dialog opens, you’ll see all the processes on which the selected program depends. If there are many such dependencies, PerfMon will organize them in a hierarchical tree. Programs or processes that are causing a blockage will be shown in red.

    As Figure 4 shows, my copy of Word was running fine. The Analyze Wait Chain dialog shows only Word’s normal dependency on the Windows I/O system, and nothing was shown in red.

    Word wait chain OK

    Figure 4. In this example, the Analyze Wait Chain dialog shows nothing amiss with my copy of Word. A problem dependency would have been shown in red.

    Some Analyze Wait Chain dialog boxes come up empty, meaning that the software you right-clicked is more or less standalone — it’s not currently dependent on any other process or program to complete its task.

  • Step 4. If you find a red-flagged dependency in the Analyze Wait Chain dialog, select the checkbox next to the wayward process’s name and then click the End process button at the bottom of the dialog box. You also can select multiple processes and kill them, all at once, if you need to.

With luck, the offending process(es) will then restart and your software will recover from its hang!

(And if not, at least you’ll know exactly what software component broke — a priceless bit of information when you’re tracking down a hard-to-diagnose hang.)

Digging deeper, version by version

PerfMon’s hundreds of counters in thousands of permutations would take an entire book to cover in detail — way beyond the scope of this article. But now that you have an idea of what PerfMon (and ResMon) can do, let me point you to the very best, free, official documentation I could find, so you can delve as deeply as you need or want to.

The basics:

  • Performance monitoring getting-started guide (TechNet article)
  • Overview of Windows Performance Monitor (TechNet article)
  • Windows Performance Monitor (TechNet article)
  • How to: Use PerfMon in Windows 7 (MSDN blog)

Beyond the basics:

  • Using Performance Monitor (TechNet article)
  • Performance Monitor counters (TechNet article)
  • Working with performance logs (TechNet article)
  • Creating data collector sets (TechNet article)
  • Scheduling and managing data in Windows Performance Monitor (TechNet article)
  • Wait Chain Traversal (MSDN technical topic)
  • Bugslayer: Wait Chain Traversal (MSDN Magazine article)

Vista-specific information:

Most of the information above also applies to Vista, but there are some differences nicely detailed in the TechNet article, “Windows Vista performance and reliability monitoring step-by-step guide.”

XP-specific information:

  • Understanding Performance (MS online XP documentation)
  • XP’s Performance Monitor (MS online documentation)
  • XP’s System Monitor (MS online documentation)
  • How to create a log using System Monitor in Windows XP (MS support article 248345)
  • How to manage System Monitor counters in Windows XP (MS support article 305610)

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

The Windows 7, Vol 3 (Excerpt)

Subscribe and get our monthly bonuses - free!

The Windows 7 Guide, Volume 3: Advanced maintenance and troubleshooting provides advanced tools for keeping Microsoft's premier operating system up and running smoothly. Get this excerpt and other 4 bonuses if you subscribe FREE now!

= Paid content

All Windows Secrets articles posted on 2012-06-13:

Fred Langa

About Fred Langa

Fred Langa is senior editor. His LangaList Newsletter merged with Windows Secrets on Nov. 16, 2006. Prior to that, Fred was editor of Byte Magazine (1987 to 1991) and editorial director of CMP Media (1991 to 1996), overseeing Windows Magazine and others.