Occasionally I come across servers (Windows 2003 and 2008) with high processor % interrupt time. Is there a way to see what program or device is causing the interrupts?
Windows – How to find out what is causing interrupts on Windows
debugginginterruptskernelperformancewindows
Best Answer
After digging through the documentation (based on the other answers here), this is the process I ended up using:
Capture the ETW log of the problem
The easiest way to do this is using the Windows Performance Recorder. I'm not sure when it first appeared, but seems to be built in on recent versions of Windows. Set the profile to
CPU usage.or, using an elevated command prompt, navigate to the folder which contains it and use the command-line tool xperf:
Note, you will need to close Process Monitor or any other app which uses ETW or you will get the following error:
xperf: error: NT Kernel Logger: Cannot create a file when that file already exists. (0xb7).Stop tracing / save the log
Open the trace in
Windows Performance Analyzer(part of Windows Performance Toolkit); some places mention usingxperfviewinstead.Expand
Computation->CPU Usage (Sampled)->DPC and ISR Usage by Module, Stack, right-click andadd graph to analysis viewThis pointed right to the driver in question. In this case, HDAudBus.sys is using a constant 10.82% of my cpu via interrupts, which is exactly what Process Explorer was showing me.