Maybe you thought all you wanted to do was run a program, but Windows NT starts many processes as a normal matter of doing business. Few of these ever become a system bottleneck because all they do is provide numerous housekeeping and bookkeeping functions in the background. Figure 3.38 shows the number of each of several important object types, as counted in the Object object.
Figure 3.38 Object counts on a Windows NT system
Here's a brief introduction to those objects not already mentioned. Event objects are used by Windows NT and its applications to synchronize operations by permitting a thread to suspend execution until an anticipated event occurs, such as the completion of an asynchronous file operation. Mutex objects are used to assure that only one thread is executing a particular piece of code at a time, such as updating a common data structure. Section objects are areas of memory that can be viewed as a contiguous sequence of addresses. A semaphore object grants a limited number of threads concurrent access to a shared resource, such as a buffer pool with limited entries; if more threads than the specified limit try to access the resource, they are automatically suspended until a resource becomes available. If these objects are given a name when they are created, they can be shared by multiple processes.
Object counts are important because each object takes space in nonpaged memory, which we'll talk about more in Chapter 5, "Detecting Memory Bottlenecks." Also, we unfortunately don't have a counter for Open File objects. However, the Server object does have an Files Open counter, and we have a tool which monitors application file activity. We'll discuss that tool in Chapter 10, "Tuning Windows NT Applications."
There are 14 processes and 88 threads in Figure 3.38. That's just about as few as you can get, because this snapshot is taken on a laptop that is not connected to a network. One of these processes is Performance Monitor, so let's be sure we understand who the others are, and what role they play in the operation of Windows NT.
Table 3.3 Processes in Windows NT with No Network Connection
Process name | Function |
clipsrv | Clipbook Server |
csrss | Client Server Runtime Subsystem, handles windows and graphics functions for all subsystems |
EventLog | Fields all requests to enter events into the system event log |
Idle | Provides an idle thread for each processor that gets control when the processor is not executing programs |
lsass | Local Security Administration Subsystem, handles certain security administration functions on the local computer |
nddeagnt | Network DDE Agent, handles requests for network DDE services |
netdde | Handles requests for network DDE data |
progman | Program Manager handles application startup, switching, and termination functions |
screg | Service Controller/Registry, handles network API service control functions and remote Registry requests |
spoolss | Spooler Subsystem handles despooling of printer data from disk to printer |
System | Contains system threads that handle lazy writing by the file system cache, virtual memory modified page writing, working set trimming, and similar system functions |
winlogon | Handles logon and logoff of users and remote Performance Monitor data requests |
|
When connected to a network there are additional processes. The number varies from system to system.