Where in the world is Kernrate.exe for AMD64 / x64?

Recently, I was doing something that made the NTOSKRNL a little angry.  I was backing up a large amount of data (400GB) from a USB drive to a SATA drive array.

I started this backup at night and, at first, the speed of the copy was about 10MB per second.  When I woke up the next day, it was still copying and the speed dropped anywhere from 1MB to 4MB per second.  To discern why, I opened up Process Explorer to have a look:

At this point, I got the properties of the System Process which yielded this:

 

This didn’t tell me much so I took to choosing the "Stack" button to see what was transpiring.  But, whoops, that didn’t work as evidenced by the error below:

This perplexed me so I took a look at an article I remembered being written by Mark Russinovich which can be found here.  Sure enough I found the reason:

"The System process is a special type of process on Vista ‘(and evidently XP x64)’ called a “protected process” that doesn’t allow any access to its threads or memory. Protected processes were introduced to support Digital Rights Management (DRM) so that hi-definition content providers can store content encryption keys with a reduced risk of an administrative user using DRM-stripping tools to reach into the process and read the keys."

So with that problem in place I decided to take Mark’s lead and pull out the Kernrate tool.  It can be found here but be WARNED – it does NOT work on x64 versions.  (Hence the title of this blog)  It will look like it works, but because it runs in the WOW64, it doesn’t really have access to those kernel level functions as evidenced here:

I went to the MSDN site and downloaded the DDKs and WDKs for Server 2003 based on this post (which at the time seemed meaningful and worthwhile).  However, I didn’t find what was stated so I decided to use the "chat" feature of my MSDN subscription.  I interacted with a polite and helpful person named Kimi, but ultimately our joint venture in finding the right version of Kernrate was not productive.  Fortunately, I also found this post where "Steve" (someone who commented at the bottom) stated the Kernrate tool for amd64 or x64 could be used.  So I ended up downloading the Server 2008 WDK which can be found here and installed just the help docs and tools (I did not install the samples since I’m not a programmer).

Low and behold, I directed my command prompt to the C:\WinDDK\6001.18001\tools\other\amd64 directory and then ran Kernrate (without any arguments).  I received a bunch of date, but most importantly, I got a listing of the modules that were taking up resources:

Now I’m going to go on and figure out why the performance is so terrible after a few hours of copying.  But at least now you know where to get the Kernrate.exe utility for x64 and amd64 systems.

Take Care>>>Dustin

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

7 Responses to Where in the world is Kernrate.exe for AMD64 / x64?

  1. suriya says:

    i’m facing same problem. thank you

  2. Chris Knighting says:

    I am also having the same issue on an SBS 2008 server, and I cannot find the kernrate exe fromt he links you posted. is there any way you can help out and let me know where the exe is? i followed ther link and installed the windows driver kit but i do not see thsi file anywhere.

    thanks for your help in advance

  3. Pingback: Microsoft – Windows – Performance Tools – Kernrate | Daniel Adeniji's – Learning in the Open

  4. Daniel Morse says:

    Dustin, I’m glad to see that you answer comments.

    Regarding the usage of the 2008 WDK and Visual Studio, could you please be more explicit? I have no experience with these programs, but I believe Kernrate.exe is something I need to try (even though I’m pulling teeth).

    I downloaded Visual Studio Express 2012. Must I have professional? I don’t have an MSDN subscription…does this screw me?

    Just to provide insight of my situation/understanding:
    Running Windows 7
    C:\Program Files (x86)\Windows Kits\8.0\Tools\x86
    Is where the WDK is installed, and I tried to relate my command prompt to what you used with respect to this path.
    Furthermore, which cmd dialog box to use? Start> MS Visual Studio 2012>Visual Studio Tools>VS2012 x86 Native Command Prompt ?

    Help me Dustin Lema, you might be one of the best out of very few hopes.

    Thank you.

  5. Vulpix says:

    Thank god for this blog post!

    2014 and it’s still impossible to find out where this sonova kernrate.exe is! But sure enough!

    I followed your advice and got the WDK for W7 – and sure enough. Kernrate was there, and it works.

    Thank you.

    Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you.

    There.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s