Mapping Windows Memory Usage

I like to keep an eye on how Windows is using system resources. To that end, I still use Helmut Buhler’s excellent 8GadgetPack utilities. They don’t really tell you anything that Task Manager can’t but you can keep them in view all the time, and they don’t exact much system overhead, either. For a rough and ready picture of what’s up with Windows memory (RAM), those tools (e.g. Task Manager and the CPU Monitor gadget) can tell you how much RAM is on your PC, how much is in use, and how much is free. The gadget also reports page file info: total, free, used as well. But when it comes to digging deeper into how Windows uses memory, the Sysinternals tool for mapping Windows memory usage –namely, RamMap – is what you need. Let me explain…

For Mapping Windows Memory Usage, Try RamMap

If you look at the lead-in graphic, I’ve superimposed the CPU Usage gadget (aka CPU Monitor) at center far right, with the Sysinternals RamMap tool beneath it. This pretty much shows things as they work and contrasts the minimal level of detail available from Task Manager and the Corresponding CPU gadget to the more detailed and nuanced RamMap.

TLDR version: Use Task Manager or the CPU Gadget to get a gross overview of memory and paging file stuff; use RamMap to get more details about what’s consuming memory and what state that memory is in.

In large part differences are a matter of details. Task Manager and the CPU Gadget tell you how much RAM is used (blue numbers under the Used, Free, Total column heads in white: 23.6GB) and free (~8GB). It also tells you that the page file is not in use (yellow numbers right underneath RAM entries). That’s pretty much it.

RamMap, OTOH, provides a lot more memory status categories: Active, Standby, Modified, Modified No Wire, Transition, Zeroed, Free, and Bad (you want to see THAT one in a memory map). You get a much more informed and detailed view here (and under other tabs besides “Use Counts” in the leftmost position, shows by default).

How “Used” and “Free” Fit RamMap Categories

Here’s something worth knowing: Used Memory in Task Manager/CPU Gadget combines the RamMap totals under Active, Standby and Modified. Free memory in Task Manager/CPU Gagdet combines the RamMap totals under the Zero and Free headings.

But when RamMap runs you can also see how those numbers change as processes execute, tasks get handled, services do their thing and so forth. It’s much more detailed and useful if you want that level of detail, especially if you’re hunting a memory leak of some kind.

Good stuff! Grab yourself a copy today (or you can simply run the web-based executable, to make sure you’re always using the latest and greatest version).

Facebooklinkedin
Facebooklinkedin

ThinkPad T14s Thunderbolt Mystery Resolved

OK, then: poking around on the Lenovo eval unit I just got a couple of weeks ago, I’ve realized that this make/model is NOT a Copilot+ PC. Thus, it’s lacking in advanced AI support features by virtue of its relative age. Turns out the Intel Core Ultra5 125U is a Meteor Lake CPU, and although its NPU delivers 40 TOPS, it still doesn’t qualify as a Copilot+ unit. Thus, my ThinkPad T14s Thunderbolt mystery resolved itself also. The CPU dates back to late 2023, before the Thunderbolt Share license program started up.

OK: ThinkPad T14s Thunderbolt Mystery Resolved NOPE!

Copilot mentions checking the user manual as one way to ascertain if Thunderbolt Share is supported on a ThinkPad model. So I just downloaded that PDF, and scanned it for all “Thunderbolt” references. Sure enough: nowhere is Thunderbolt Share mentioned. Given that none of the marketing materials for the unit mentions Thunderbolt Share, either, I’m inclined to posit that such support is absent.

Go figure! When I asked Lenovo to send me another review unit, I’d requested one with Thunderbolt Share capability. But hey: you don’t always get what you ask for on the first try. Time to try again, methinks…

Careful What You Wish For…

My issue probably means I didn’t communicate well with the reviews team. I think I know how to fix that. I’ll pack this unit up and send it back, then specify a definite CPU make and model (or higher). I believe if I ask for a Snapdragon X model, that will probably cover all the bases needed. Let me try that, and see what happens. Stay tuned: I’ll report back.

Note added March 26 (1 day later): I did hear from a Lenovo SME, who confirmed that neither the ThinkPad P16 Gen 1 Mobile Workstation nor the ThinkPad T14s Gen 5 hold a license for Intel’s Thunderbolt Share. I saw a strong hint of that in the software’s behavior, for sure, but it’s now confirmed: that little man isn’t there.

 

 

Facebooklinkedin
Facebooklinkedin

Thunderbolt Share Gets Interesting

OK, then. I asked Lenovo to send me another Thunderbolt 4 capable laptop so I could try out the new Intel Thunderbolt Share app. Looks like I’m at least temporarily stymied, and have learned some things I don’t especially like, either. Indeed, Thunderbolt Share gets interesting from the get-go possibly because of licensing issues. Right now, I’m stymied because when I run a TB4 cable between my 2 TB-equipped laptops right now, I can never get past the “Waiting for connection” screen shown above. Sigh.

Thunderbolt Share Gets Interesting Because…?

Notice the disclaimers beneath “Connect both Computers” in the foregoing screencap. I may be stuck on the clause that reads:

At least one PC or Thunderbolt accessory must be Thunderbolt Share licensed by the manufacturer

From what I can tell, the newest of my pair of PCs — the only one that could possibly qualify here — had its Windows image burned on November 20, 2024. Given that Thunderbolt Share made its debut in May of the same year, it’s entirely possible that Lenovo didn’t license this program for the ThinkPad T14s Gen5. At any rate it’s not working between my only TB4-capable laptops right now. I’ve asked Lenovo for help, and we’ll see what happens. But there’s more…

Thunderbolt Share Won’t Open in RDP Session

My usual way of working on test and eval PCs is to RDP using  Remote Desktop Connection (mstsc.exe) on my primary desktop. That’s what I tried first to get into Thunderbolt Share on the two target machines. Guess what? Thunderbolt Share won’t launch from inside an RDP session. I have to physically use the target PCs to get the app to run. I have to laugh…

Once launched,  it keeps running if I then remote into either the P16 or the T14s. But of course, it’s stuck at “Waiting for connection” right now. So I’m getting nowhere, fast. That means my plans to compare TB4 cable transfer speeds against GbE and Wi-Fi transfers are on hold for now. Stay tuned. I hope to get this straightened out soon.

Facebooklinkedin
Facebooklinkedin

Remove Package Kills Spurious Reclaimables

Over the past year or so, I’ve blogged 7 times about “spurious reclaimables” in Windows 11. They persist in the component store even after DISM /StartComponentCleanup. You can see this in the lead-in graphic. Right now, in fact, the current Beta and GA releases show this behavior. Indeed, it comes from older packages that the preceding DISM command can’t (or won’t) clean out. Reading the CBS.log carefully, someone at ElevenForum  figured out that a single remove package kills spurious reclaimables dead.

Running Remove Package Kills Spurious Reclaimables

A line in the CBS log file that caught long-time member and guru @Bree‘s eye. It showed up in the CBS.log via DISM … /AnalyzeComponentStore. It reads (in part):

Package_for_RollupFix~31bf3856ad364e35~amd64~~26100.1742.1.10] is a top-level package and is deeply superseded

In the component store, a top-level package is a primary package. It contains all the bit and pieces — namely files, resources, and instructions — to install or enable some specific Windows update or feature. It’s called top-level because it may contain (or be a parent to, in hierarchical terms) other, related packages and features.

What caught Bree’s attention was the “deeply superseded” phrase in the descriptive text. Normally, DISM /StartComponentCleanup doesn’t remove top-level packages from WinSxS. “What if,” he reasoned, “this were removed because of its obsolete status?” And indeed, it turns out that removing this package also removes a child package as well. And these two nogoodniks turn out to be the very same two packages that show up as spurious reclaimables when running DISM /AnalyzeComponentStore.

Doing Away With Deeply Superseded Package

If your Windows 11 still shows 2 reclaimable packages after a successful  DISM /StartComponentCleanup operation, try this DISM command to remove the deeply superseded package (if it’s not the cause, this command will simply fail but won’t harm the component store):

dism /online /remove-package /packagename:Package_for_RollupFix~31bf3856ad364e35~amd64~~26100.1742.1.10

It worked on all the Windows 11 systems I tried it on, including current Beta and GA releases (5 in all). You can also regain about 1.2-1.3GB of space in the component store by following up with a DISM /StartComponentCleanup command. Cheers!

Facebooklinkedin
Facebooklinkedin

Extirpating WinGetUI Requires Registry Cleanup

Here’s an odd one. A few months back, I tried out a pre-release version of UniGetUI that still fell under the WinGetUI umbrella. The package info involved — as you can see in the lead-in graphic — was ID=MartiCliment.UniGetUI.Pre-Release Version=1.5.2. I thought I’d deleted same, and it showed up in none of Programs and Features, Settings > Apps, or Revo Uninstaller. Yet it kept showing up in WinGet‘s upgrade and list commands anyway. TLDR; extirpating WinGetUI requires registry cleanup to “make it go away.” Sigh.

Why Extirpating WinGetUI Requires Registry Cleanup

Apparently, adding packages to Windows leaves all kinds of traces in the file structure, as well as settings and pointers that get instantiated in the registry. Furthermore, it looks like WinGet relies what it finds in the registry to create its view of what’s installed on a Windows PC. Thus, I had to remove all registry entries that included the string “WinGetUI” and/or “UniGetUI” (except for stuff not related to the application or its package info, such as pointers to Word files I’d written about those tools).

And indeed, that did the trick. Neither WinGet Upgrade nor WinGet List Marti.Climent.UniGetUI,Pre-Release posits pointers to something I know isn’t there. The next screengrab provides visual proof. Good-oh!

After removing all WinGetUI references in the registry, WinGet no longer sees the older package.

It just goes to show that some uninstall facilities work better than others. For all its good features, it appears that WinGetUI/UniGetUI does not clean the registry upon uninstall deeply enough to tell WinGet that it’s gone, gone, gone. You’d think that wouldn’t happen with a WinGet-related and -focused follow-on tool. But here’s a counter-example that says otherwise.

That’s the way things go here in Windows-World, where not all is as it seems, not always works exactly the way it should. Sigh. When that happens, we clean up manually and keep on truckin’…

Facebooklinkedin
Facebooklinkedin

New Key Provides Quick Pro Access

I’m still working with — and on — my new Lenovo review laptop. It’s a ThinkPad T14s Gen 5. That’s a Copilot+ PC with an Intel Core Ultra 5 125u CPU, 16 GB RAM, 0.5 TB NVMe Gen4 SSD, and a snazzy touch screen (WUXGA: 1920×1200). Yesterday, I had to correct one of its few as-shipped deficits: it shipped with Windows 11 Home installed. Because I like to use Remote Desktop Access to work on Windows PCs here at Chez Tittel, I needed to switch to Windows 11 Pro. That’s OK: thanks to my MVP VS Subscriptions, a new key provides quick Pro access. How quick? Let me tell you…

How a New Key Provides Quick Pro Access

Windows 11 Home and Pro share the same core operating system files. Indeed, even in a Home installation, Pro features and functions are present if unavailable. That’s why providing a valid Pro key unlocks such features, with no need to download or install new files.

The process took all of 10 seconds, most of which involved communication with the Microsoft Windows activation servers. I typed “Activation” into Settings, then clicked “Activation settings.” This took me to Settings > System > Activation, where I clicked the Change button to the right of the Change product key option. After entering a MAK key for Windows 11 Pro (copied from my VS subscription), the legend immediately changed to Windows 11 Pro. That’s what you see in the lead-in graphic for this story.

The whole shebang took nearly no time at all. And now, I’m happily working with the T14s through Remote Desktop Connection on my left-hand monitor, as I’m typing this blog post in the right-hand one. Exactly what I wanted.

According to Copilot, the same speedy transition applies to other up-licensing as well. With the right key change, it’s just as fast to get to Windows 11 Education or Windows 11 Enterprise versions as well. And FWIW, Windows 10 works the same way. Good-oh!

 

Facebooklinkedin
Facebooklinkedin

ThinkPad T14s Gen 5 Intake & First Impressions

Last August, Lenovo sent me a similar ThinkPad. Turns out, it was the Snapdragon X equivalent of what I’ve got now — namely, the ThinkPad T14s Gen 5. This time around, it comes equipped with an Intel Core Ultra 5 125U, 16 GB RAM LPDDR5 RAM, and a 0.5TB Gen4 NVMe SSD. It’s not quite as impressive as its Snapdragon counterpart, but it does come with an online price of just over US$1200 at the Lenovo Store. It showed up yesterday afternoon here at Chez Tittel. Here, I’ll share info about the Think T14s Gen 5 intake & first impressions. TLDR summary: nifty little biz laptop.

Detailing ThinkPad T14s Gen 5 Intake & First Impressions

It’s still a thrill to unbox new Lenovo computers these days, thanks to their all-paper packages designed for quick, easy access. The first thing I noticed was the boot time (after I plugged the 65W USB-C charger in: the unit was at 0% charge). On first boot, it takes less than 10 seconds to get from power on to spinning balls (Task Manager reports “Last BIOS time” at 11.4 second), and less than 10 seconds more to get to the desktop. Closing the lid puts the unit immediately to sleep, and it takes less than 4 seconds to scan me with its IR Windows Hello camera and log me back in when I open it. Good-oh!

My recollection is that the Snapdragon X model was a little bit faster than this Intel Core Ultra 5 125U CPU. That said, the unit is pretty darn snappy, and does everything I ask it to do with verve and dispatch. CrystalDiskMark reports top speeds of ~7 GBps read/~5GBps write from its capable Gen5 SK Hynix SSD (random 4K r/w performance is 409/334 [QD32] and 65/129 [QD1] MBps). That’s on par with my beefiest test laptop — the big and beastly P16 Gen 1 Mobile Workstation.

I used PatchMyPC Home Updater to get most of my typical collection of tools and apps installed. The T14s did a nice job throughout, and the whole process took less than 20 minutes to complete. Then, I went to update Windows 11 24H2, as I’ll recite under the next heading…

Updating Windows 11 24H2 Takes Time

For some odd reason, WU installed a boatload of stuff when I did my usual “first boot” update check — 2 CUs, 23 drivers, the most recent MSRT, and various Defender updates (signatures and platform). This took long enough that it reminded me of pre Windows-7 days when installing Windows took nowhere near as long as catching up the OS image on updates after that first step was over. This was unusual, but not unheard of.

And now, I’ve got this nifty little unit ready to rock’n’roll for further inspection, testing and use. I’m glad to have it because I want to compare OTA Ethernet and GbE network file transfer to Intel’s Thunderbolt Share application. This PC gives me my vital “second Thunderbolt 4 PC” so I can check that out. Stay tuned!

 

Facebooklinkedin
Facebooklinkedin

KB5053643 Kills Mouse, Keyboard

Last Thursday, I downloaded and installed a new Preview CU for Windows 10 — namely KB55053634. After lunch Friday, I finally got around to rebooting to complete that process. Eventually, it succeeded. But first, just to make things incredibly exciting KB5053634 kills mouse, keyboard — my vital USB peripherals — dead. Here’s the story of what I had to do to bring those devices back to life, and actually log in to Windows 10.

KB5053643 Kills Mouse, Keyboard: Now What?

Because I couldn’t get past the lock screen without a valid input device, that turned out to be a little more vexing than one might guess. So first, of course, I rebooted again. Still no joy: the keyboard didn’t respond to keypresses (a good test on my Comfort Curve 4000 is to toggle the Function Lock or Scroll Lock keys because those also toggle handy little green indicator LEDs). Nor did a mouse click open the PIN input box as usual.

So I tried again. Still no dice. Then I thought: “maybe the device needs a cold, hard boot?” That means powering off the PSU, waiting 1-2 minutes, powering back up, and pressing the power button. And indeed, that did the trick. Once I went through that maneuver, the hardware got completely reset, reinitialized and enumerated. It was enough to restore my key USB peripherals to working order.

What (Would Have Been) Next?

If the cold boot or hard boot didn’t work, I’d have had to jump into UEFI, turn off Secure Boot, and then target bootable repair media to get something running on that PC. I’ve done it many times before and will no doubt do it again. But hey: I was glad not to have to do it this time. Cold, hard boot did the trick.

Makes me feel like I dodged a bullet. Remember to give that a try if you find yourself bereft of mouse and/or keyboard after installing a Windows update or upgrade. If you’re lucky like I was, that will bring the USB drivers back into play, and let your PC get back to work. Cheers!

Facebooklinkedin
Facebooklinkedin

Ghost in the Machine Needs Printout

I have to chuckle when I read about these kinds of things. For much of the week I’ve been reading online (see list of articles near the end) about printers waking up and printing stuff on their own. On  Windows 11 PCs running Build 2263.4825, it seems that those with specific printers may start printing garbage output spontaneously. ICYMI, “ghost in the machine” is a British philosopher’s shorthand phrase for Descartes mind-body dualism. In this case, I’m twisting that metaphor further to impute independent action to a Windows print driver gone wrong. That’s why I aver that the Ghost in the Machine needs printout.

Why the Ghost in the Machine Needs Printout…

Newer printers (mid-2010s and afterward) that support driverless printing technologies such as Mopria  (a printer maker alliance that includes Canon, HP, Samsun and Xerox) and AirPrint (an Apple technology widely used by printer makers, too) also support dual-mode printers. For the ghost to start printing on its own, such devices much support both USB print and IPP over USB protocols (IPP is the Internet Printing Protocol). After updating Windows via KB5050092 (release 1/29/2025) such printers may start spewing pages, no user print requests nor print spooler files needed.

You can read about this specral phenomenon from a plethora of sources including:

BleepingComputer Recent Windows updates make USB printers print random text (March 12)

Windows Forum Windows 11 Printing Glitch (March 13)

PC Gamer Haunted printers turning on by themselves and printing nonsense (March 12)

I’m not the only industry follower who’s picked up on the “ghost in the machine” metaphor, apparently. And you thought Windows was a brute and soulless beast, I’ll bet…NOT! Anybody who works with the OS for any length of time knows full well it’s possessed of a host of spirits that range all the way from the most angelic to the deepest of deviltry. I’ll let you decide how magnificent or malefic this particular haunt might be for yourself.

One more thing: the uber-cutesy graphic that starts off this blog post is Copilot’s response to a prompt that reads “show a PC printer possessed by a ghost.” Another clear case of you get what you pay for, IMO.

 

 

Facebooklinkedin
Facebooklinkedin

PowerShell-Based Defender Commands

The other day, my Canary Channel X380 Yoga hung up on Windows Update. In other words, after  some kind of WU download difficulty, it wouldn’t download from those servers. There are lots of ways to unstick WU, but one of the easiest is to get Windows Defender to update. Personally, I prefer to use a single PowerShell command with no arguments or parameters, rather than navigating into Windows Security to see if that might help. Indeed, there is a plethora of Defender controls in PowerShell. The one I used is just a single instance in a collection of over a dozen items.

Finding PowerShell-Based Defender Commands

You can see the command I used to ask PowerShell to update Defender in the lead-in graphic. It’s named Update-MpSignature, and it takes no mandatory arguments or parameters. What you’re looking at there, in fact, is the general PowerShell Module Browser at MS Learn. It’s dialed into Defender commands, shown in the breadcrumbs up top: Learn/Windows/PowerShell/Defender. As you will soon find out, there is a baker’s dozen of such things there under this heading.

Other Defender Commands get their own listings, but also appear in a handy-dandy table (simplified contents reproduced verbatim below). Indeed, each one also has its individual command reference, for which you find links in said table.

As you can see there are lots of interesting and sometimes useful ways to interact with Defender in PowerShell. They’re worth exploring and getting to know. I used a simple one to unstick WU this week, but there are lots of other tools here, ready to help you manipulate Defender in Windows Terminal or via automation scripts. Have at it!

Facebooklinkedin
Facebooklinkedin

Author, Editor, Expert Witness