Jaa


Finally a Windows Task Manager Performance tab blog!

Good morning AskPerf!  How many times have we looked at Windows Task Manager and wondered what the values on the Performance tab meant?  Why do they not add up?  What is the difference between Free and Available Memory, etc., etc., etc.?  In today’s post, we will take a look at these values and explain what each one means.

Below is a screenshot of the Performance tab from a Windows 2008 R2 Server with 16GB RAM and a 16GB page file:

clip_image002

 

Resource Monitor’s Memory tab looked like this:

clip_image004

The Performance tab is divided into the following sections:

  • CPU Usage – This indicates the percentage of processor cycles that are not idle at the moment. If this graph displays a high percentage continuously (and if you are not able to find any process chewing it up, it could be due to interrupts / DPCs. Use Process Explorer to get more details regarding them.  It may also mean that processor is overloaded on the system) Depending the number of CPUs on the system, we can see multiple graphs per CPU on the right.
  • CPU Usage History - Indicates how busy the processor has been. The graph only shows values since the time the Task Manager was opened.
  • Memory - Indicates the percentage of the physical memory that is currently being used.
  • Physical Memory Usage History - Indicates how much physical memory is being utilized. It also shows values since Task Manager was opened.
  • Physical Memory (MB) - Indicates the total and available physical memory, as well as the amount of memory used by system cache.
  • Kernel Memory (MB) - Indicates the memory used by the operating system and the drivers running in kernel mode (Paged and Non-paged pool).
  • System - Provides totals for the number of handles, threads, and processes currently running. A process is a single executable program. A thread is an object within a process that runs program instructions. A handle is a reference to a resource used by the operating system. A process may have multiple threads, each of which in turn may have multiple handles.

We need to keep in mind that the Memory Usage graph (showed in Windows Vista/2008/7/2008R2) is the sum of all the process’s private working set.  On older Operating Systems (XP/2003), the PF Usage value seen is the Total System Commit.  This represents the potential page file usage, i.e how much pagefile would be used if all the private committed virtual memory in the system had to be paged out to the disk.

Now taking a detailed look at the Physical Memory section:

  • Total - This counter shows the total amount of RAM that is usable by the operating system. Note that there can be a difference between the Installed RAM and the Total RAM due to Physical Memory shadow setting in BIOS, memory mapped to PCI Device etc. To know more about the reasons for this difference click here.
  • Cached - This represents the sum of the system working set, standby list, and modified page list. If you want to find the matching counters in Perfmon, and then load up the following objects under Memory – Cache Bytes, Modified pages list bytes, Standby cache core bytes, standby cache normal priority byte and standby cache reserve bytes.
  • Available - This is amount of physical memory that is currently available for use by the operating system, the drivers and the processes. It is equal to the sum of the standby pages, the free pages and the zero page lists.
  • Free - This is the sum of the free pages and the zero page lists.

Under the Kernel Memory section, we have:

  • Paged - This is the currently used Pool paged byte in MB.
  • Nonpaged - This is the currently allocated Nonpaged Pool bytes in MB.

For more details, click here.

Here’s some information about different states of a Page in Memory (Reference: Windows Internal 5th Edition):

  • Active - (also called Valid) The page is part of a working set (either a process working set or the system working set) or it’s not in any working set (for example, nonpaged kernel page) and a valid PTE usually points to it.
  • Standby - The page previously belonged to a working set but was removed (or was perfected directly into the standby list). The page wasn’t modified since it was last written to disk. The PTE still refers to the physical page but is marked invalid and in transition.
  • Modified - The page previously belonged to a working set but was removed. However, the page was modified while it was in use and its current contents haven’t yet been written to disk or remote storage. The PTE still refers to the physical page but is marked invalid and in transition. It must be written to the backing store before the physical page can be reused.
  • Modified no-write - Same as a modified page, except that the page has been marked so that the memory manager’s modified page writer won’t write it to disk. The cache manager marks pages as modified no-write at the request of file system drivers. For example, NTFS uses this state for pages containing file system metadata so that it can first ensure that transaction log entries are flushed to disk before the pages they are protecting are written to disk.
  • Free - The page is free but has unspecified dirty data in it. These pages can’t be given as a user page to a user process without being initialized with zeros, for security reasons.
  • Zeroed - The page is free and has been initialized with zeros by the zero page thread (or was determined to already contain zeros).
  • ROM - The page represents read-only memory.
  • Bad - The page has generated parity or other hardware errors and can’t be used. This is also used internally by the system for pages that may be transitioning from one state to another or are on internal look-aside.

With that, we have come to the end of this post.  Please feel free to post additional questions below.  Until next time.

-Digvijay