The other day I was playing around with the Image File Execution Options and Sysinternals' Process Monitor, in Vista. I saw an interesting query take place. Using notepad.exe as an example, I saw a query for a key called "PerfOptions" in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe] when I ran notepad. The result was NAME NOT FOUND, so I decided to rectify that. After adding a key named "PerfOptions", I ran notepad again. In Process Monitor, I saw queries for four values:
- IoPriority
- PagePriority
- CpuPriorityClass
- WorkingSetLimitInKB
Because of recent explorations with process priorities*, CpuPriorityClass grabbed me right away. Looking at the SetPriorityClass function, one can see the different values for the dwPriorityClass parameter. I created a REG_DWORD named CpuPriorityClass in PerfOptions, and set the value to 0x80 in the hopes that notepad would launch with "HIGH_PRIORITY_CLASS". Instead, it launched with a priority of NORMAL_PRIORITY_CLASS (8) - the setting had not made any impact. Then, I set the value to 8 and launched notepad. Notepad launched with a priority of 8. I changed the value to 4, and that had no impact. I changed the value to 0 - no impact. I tried 10 - no impact. I couldn't see any tie in to any other listings of process priorities that I knew about, so I decided to try trial and error, starting from 0, with the following results:
| CpuPriorityClass Value | Priority of Notepad | Priority Class |
| 1 | 4 | Idle |
| 3 | 13 | High |
| 5 | 6 | BelowNormal |
| 6 | 10 | AboveNormal |
| Anything else^ | 8 | Normal |
^= I'm currently running a PowerShell script to iterate through all possible values (there's only about 2^32...) so it may be a while before the CpuPriorityClass value for REALTIME_PRIORITY_CLASS, should it exist, be uncovered. There may also be other values that can be used to specify a priority class that's been uncovered. I'll update or post a new topic if I uncover anything new...
The PowerShell script (don't laugh, it's my first substantial attempt at one):
$cpc=0
set-itemproperty "hklm:\software\microsoft\windows nt\currentversion\image file execution options\notepad.exe\perfoptions" cpupriorityclass $cpc
do
{
$pp = [diagnostics.process]::start("notepad.exe", "")
$ppc = $pp.PriorityClass
$pp.Kill()
if( $ppc -ne "Normal" )
{
Write-Host $cpc $ppc
}
$cpc++
set-itemproperty "hklm:\software\microsoft\windows nt\currentversion\image file execution options\notepad.exe\perfoptions" cpupriorityclass $cpc
}
while( $cpc -lt 4294967295 )
Hopefully, I'll find time to do some digging into the other values in PerfOptions - IoPriority, PagePriority, and WorkingSetLimitInKB. IoPriority and PagePriority sound like they may have something to do with memory prioritization and IO prioritization in Vista. WorkingSetLimitInKB sounds self-explanatory, but how it's applied or how it's used, and other circumstances, are quite vague.
*= SetThreadPriority, Vista, and Autostart Locations, Setting the Priority of a Service Process via Script
Posts
No comments:
Post a Comment