How to get the cause of high CPU usage by DPC (Deferred Procedure Call) and interrupts?

Ok, you found this guide, because you see this:




in Process Explorer/Hacker or you run the DPC Latency Checker tool an see this:



(Attention: If you use Windows 8, don't use the "DPC Latency Checker tool". Due to internal Kernel changes in Windows 8, the "DPC Latency Checker tool" shows DPC spikes of over 1000µs all other the time. Those VALUES are not correct!)

The developers of the tool try to create a Windows 8 compatible version.


Here I will tell you a ) to see which driver causes the high CPU usage and b ) which driver causes the spikes.

To get started you need the Windows Performance Tools Kit. Read here how to install it:

http://www.msfn.org/board/index.php?showtopic=146919

Now open a command prompt with admin rights (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token), go to C:\temp (cd\temp) and run the following commands:



xperf -on latency -stackwalk profile now wait a time while the high DPC and Interrupt usage occurs.

to stop the trace run the following command:
  xperf -d DPC_Interrupt.etl This closes the trace and writes the result to the file DPC_Interrupt.etl.

In the next step, make a double click on the etl file to run the Viewer.

Now wait until the 2 passes are over.

Go to "Trace"->"Configure Symbol Paths" and type in the following:
  srv*C:\symbols*http://msdl.microsoft.com/download/symbols Click ok, to close the dialog.

Now go to the graphs "DPC CPU Usage" or "Interrupt CPU Usage" (depending where you high CPU usage) and select the intervall, make a right click and select "Load Symbols" and next click summary table.



Now, you have to accept the license agreement to download the public debugging symbols.

(NOTE, THE PDBs ARE SOMETIME VERY HUGE. BE AWARE THAT IT MAY TAKE SOME TIME IF YOU HAVE A SLOW INTERNET CONNECTION)

Here you'll see summary of the calls



For me the cause is the NDIS.sys. This is a part of the networking system. The usage comes for me, when I have nearly 100% network speed usage on my 100MBit LAN adapter of my notebook.

In your case, you should see the driver which causes the issues.

An alternative way is to use the xperf commandline tool to dump the values into a text file:
  xperf -I DPC_Interrupt.etl -a dpcisr > dpc.txt Open the generated dpc.txt with notepad. Under CPU Usage Summing By Module For the Whole Trace you can see a summary of all DPC usage for each CPU core. Look here which driver is causing the high CPU usage.

Look in the dumped text files for µsec values which are over 256µsec. They can be critical.

An alternativ to xperf is the tool LatencyMon



It shows you the same statistic you see in the text file, but it shows you the values in realtime. So you can see which driver is the cause.

You can download this tool from here:

http://www.resplendence.com/downloads

If the NDIS.sys driver is shown as possible cause, check your (W)LAN drivers for updates. For usbport.sys, check your chipset and USB device drivers for updates. if you see ACPI/HAL you may run into power saving feature issues. So update the BIOS and change the Power Plan in Windows.

To see which driver versions you use run this command:
  xperf -I DPC_Interrupt.etl -a fileversion > fileversion.txt Now open the fileversion.txt and look for the driver version you use. Do a Bing/google search if you can find updated drivers.

If you see UNKNOWN as cause you run drivers which use dynamic code. 1 known driver which uses such dynamic code is the DuplexSecure SPTD driver which is used in tools like DAEMON-Tools. If you see the UNKNOWN as a possible cause look if you have the SPTD driver installed. If yes, download the latest installer, run the installer and select "Uninstall" and reboot. Now run the xperf commands again and look if you see the real driver.

Ok, I hope, this helps you to determine which driver is causing high DPC, interrupt usage and spikes which causes sound glitches.