Link to home
Create AccountLog in
Avatar of Frank Helk
Frank HelkFlag for Germany

asked on

Changing process CPU affinity via Image File Execution Options ?

I'm in need to restrict a process in windows to one CPU core. I need to do that
  • right at startup,
  • as a persistent measure, and
  • independent of the way it is started.

I've found out that there's some fun possible by manipulating the registry at HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options ("IFEO") but the only details I've found were
  • malware related uses of (IFEO\whatever.exe\ -> Debugger)
  • brute force replacing Notepad.exe with Notepad++ (IFEO\Notepad.exe\ -> Debugger (again ...)), and
  • permanently forcing a given priority level (IFEO\whatever.exe\PerfOptions  -> CpuPriorityClass)

Now for the questions:

  • Is there any way to set CpuAffinity thru this way ?
  • Is there any documentation of the (presumed numerous) options available for the IFEO registry path inhabitants ?
Avatar of Frank Helk
Frank Helk
Flag of Germany image

ASKER

Additional finding:

I've used the tool "Process Monitor"  from the sysinternals suite to log access to the IFEO tree members, and found some more values in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options (but not yet any in subtrees):

  • BindingConfiguration
  • BreakOnInitializeProcessFailure
  • CFGOptions
  • CWDIllegalInDLLSearch
  • Debugger
  • DebugProcessHeapOnly
  • DelegatedNtdll
  • DisableExceptionChainValidation
  • DisableHeapLookaside
  • DpiAwareness
  • ExecuteOptions
  • ForceNativeDump
  • ForceWakeCharge
  • FrontEndHeapDebugOptions
  • GdiScaling
  • GlobalFlag
  • GlobalFlag2
  • KeepActivationContextsAlive
  • LoadCHPEBinaries
  • MaxDeadActivationContexts
  • MaxLoaderThreads
  • MinimumStackCommitInBytes
  • MitigationAuditOptions
  • MitigationOptions
  • NodeOptions
  • PerProcessSystemDpi
  • RaiseExceptionOnPossibleDeadlock
  • RpcRuntimeConfigFlags
  • SearchPathMode
  • ShutdownFlags
  • TracingFlags
  • TrackActivationContextReleases
  • UnloadEventTraceDepth
  • UseFilter
  • UseImpersonatedDeviceMap
  • UseLargePages

I suppose that list not to be comprehensive .... but I'd like to have as much information as possible about these options  ... and their hidden brothers and sisters. I presume the strings of them are all in ntoskrnl.exe, but yet have to check that over ...
Additonal note: The demand is for third party processes I can't modify.

Solution:

  • I've built a tiny .NET CLI process that takes a CPU mask and the real command line as arguments.
  • Without arguments it just informs about the allowed values of the CPU mask.
  • Right after start with arguments it restricts itself to the given CPU mask
    (key point is the manipulation of Process.GetCurrentProcess().ProcessorAffinity)
  • After that it spawns the target process as child process - which inherits the CPU restrictions - and wents to sleep until that child process ends.

That works like a charm with the only drawback of an additional (low ressource demand) process lingering around until the taget process ends.
ASKER CERTIFIED SOLUTION
Avatar of Frank Helk
Frank Helk
Flag of Germany image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer