This morning my laptop went to a crawl. I looked, and sure enough, there was an AntiVirus scan running. Argh! But it looked like the processor wasn't being hit that hard because the System Idle Process was still relatively high. Time to put into practice some knowledge I picked up yesterday from the first day of a two-day training webinar on Windows Internals.
Well, the problem is how Task Manager calculates the percentage for System Idle Process. It's algorithm is really simple: sum up all the percentages for the other processes, then subtract that sum from 100. But there are other things that can consume CPU cycles. Namely:
- Hardware interrupts and their resulting Interrupt Service Routines (ISRs)
- Deferred Procedure Calls (DPCs)
Task Manager doesn't show them. So it can appear that the system isn't doing anything, because the System Idle Process is at or near 99%, yeah you'd have an easier time of opening Microsoft Word on a brick wall. Sysinternals Process Explorer does show both of these because of the fact that Task Manager does not. (And on a side note, Process Explorer can replace Task Manager... I did that long ago on my laptop.)
Note that in this case, Interrupts and DPCs are taking up about 3% of the CPU. When the AV scan was running, it wasn't unusual to see these numbers fluctuate higher. After all, AV scans result in a lot of disk activity. And so while it appears that the AV scan was only consuming about 17% of the CPU (and it was spiking to 55-60%) when you add in what was going on from a hardware perspective, it was actually causing a far greater impact and explained the sluggishness I was seeing.
If you're not familiar with ISRs and DPCs, this blog post represents a decent starting point. Hardware interrupts take priority over threads. When an interrupt occurs, it's passed to the appropriate ISR. That ISR handles the interrupt at a very high priority. If the high priority work is done but there is still some work to be done, the ISR can queue that additional work at a lower priority using a DPC. That DPC also has a higher priority than a thread. So that means interrupts and DPCs can monopolize the processor(s). And that means poorly written code in a driver can kill you. Of course, if you're just looking at Task Manager, you won't see what is really going on. System Idle Process will look just fine but your computer still isn't very responsible. If those are the symptoms you're seeing, pull up Process Explorer and see if that's what is going on.