| Building a Windows XP Chopper |
 |
 |
|
This is an old article I wrote years ago, and I've continually been surprised at how much traffic it continues to receive via one of my old domains. I've decided to migrate it here to my main blog. I've done some very minor editing and link fixing but it pretty much looks the way it was years ago. It is basically a highly irresponsible experiment in how lean you can make a Windows XP installation, while still retaining a fair amount of usability (take that word with a grain of salt), only for highly adventurous people. Unfortunately due to recent server migrations I have no way of knowing how old this article is. My sense is that it is more than 4 years old. Building a Windows XP Chopper (or, how to make Windows XP use less than 32 MB of RAM) by Erik Knepfler The term Chopper originally came from the early days of motorcycling, when financially disadvantaged motorcycling war veterans (read, "broke bikers") would chop up and remove their unfixable bike parts instead of replacing them. It made their bikes leaner and lighter for the races, hill climbs, and infamous duels in the Circle of Death ("C'mon! I just swept the Circle of Death!"). Thus, the Chopper was born. Later the whole Chopper thing mutated and became crazy, but I digress. At some point, Windows XP change from being a fairly quick, efficient, stable improvement over Windows 9x to being a virus and spyware infested beast with more services running than most people have teeth. Memory use hit an all time high - some people just boot their machine and it's already using 200+ MB of RAM! A Windows XP Chopper is an OS chopped to be the leanest, meanest, most trimmed down version of itself possible. The purpose of this is to create an XP operating system that is dedicated to executing ONE TASK AT A TIME, guaranteeing full attention to that application at hand, with as few background processes running as humanly possible. I warn you. This is not like other guides. There have been many guides online about optimizing Windows XP, but many of them leave all sorts of areas untouched and have no guts. This guide is not for Windows 9x and definitely not for the faint of heart. If you tend to panic when your system throws an error or won't boot, please go elsewhere. This guide is geared for moderate to advanced Windows users, who know how to tweak settings but aren't sure what, how, or why to tweak them. A novice could follow this guide too but they need to be pretty damn brave and ready to re-image their entire hard disk. Symantec Norton Ghost 2003 and an extra hard drive is a great way to protect yourself. It's for people who don't care that they might permanently destroy their Windows installation. It does not deal so much with hardware-specific tweaks like disabling video VSync, more with Windows-specific stuff that everyone has. I take no responsibility for what this can do to your system. If you run ANY software, these steps will almost certainly cause SOMETHING to not work. Without some troubleshooting skills you may have difficulty figuring out which tweak broke what application. I can verify that these steps work properly with Counter-Strike and everything in MS Office 2003. :) I warn you again: THIS ENTIRE GUIDE IS HIGHLY IRRESPONSIBLE, AND YOU ACCEPT FULL RESPONSIBILITY FOR WHATEVER HAPPENS AS A RESULT OF FOLLOWING IT! If you're not scared off now, read on. File Access A great application called FileMon over at SysInternals can show you which files are being accessed, by which applications or processes, in real-time. This is a great tool for tracking down unneeded activity and stopping it. Get it, run it, and take a look. Don't worry if you don't understand most of this immediately. Just know that everything you see is a disk access that can be eliminated. Before you've done any chops discussed here, FileMon will report all kinds of crazy activity. We'll be eliminating ALL of it. The only disk activity that should show up is that which is specific to the application your are immediately running. If you think, at this point, that this entire document is a joke - I assure you it is not. By the time we're done, NTFileMon will show absolutely no activity while you are idling. The meat of this document is the Services chopping, but there's two important things we should do first. First Things First - Disabling Startup Programs No windows optimization guide would be complete without this section, so let's get it out of the way. Start > Run > msconfig will get you a nice little program which consolidates all of your startup applications together so they can be easily disabled. My advice - uncheck EVERYTHING in the box. Be sure to scroll. The only items you will not want to uncheck are things that you want, and you know exactly what they do, intimately, and you decide you absolutely need them. Examples might be mouse/keyboard utilities that enable non-standard buttons. You'd be amazed at what continues to work, however, when you disable everything. Windows XP provides a lot of native support for many features that you really don't need extra software to use. Some guides would say "If you're not sure what it is, don't uncheck it, you might need it." But spyware authors know this, and use this to trick you into leaving harmful software running. If you're not sure what it is, disable it. You can always recheck it later if you think you need it. First Things Second - Spyware Cleaning SpyBot - Search and Destroy and AdAware. Get them, install them, update them, run them, and nuke everything they find. Run them again to be sure you actually nuked everything properly - they're a little confusing at first because it appears they're going to automatically fix everything for you, when in fact, if you just keep clicking Next they won't actually do anything at all. Use the SpyBot immunize feature. Chopping Services This is perhaps the most important and controversial section of this paper. Control Panel > Administrative Tools > Services invokes this utility. I would not suggest using MSConfig to manage services - it doesn't give you the needed control to follow this section. So, many people disabled their startup programs diligently, but Windows XP services are part of that and often overlooked. Additionally, many of them are poorly documented and people are afraid to disable them. Not me baby. You don't need nearly as many services as you think. Some lesser understood facts about XP services:
There are too many services to discuss which ones can be disabled, and why. The real question is: What is the absolute minimum I need to boot and run a few basic programs? Let's find out, and see what breaks! If your computer is a member of a network, a NAT box for other systems on your network, a member of a corporate network or Domain member, this section is probably WAY too aggressive and will break a lot of stuff. This is going to break a lot of stuff anyway, but if this is your work machine, you shouldn't be reading this paper at all. I performed an experiment to see what Windows TRULY needs in order to boot and run basic software. Do not follow along and do all this unless you want to see what I went through - otherwise it's a waste of time. Wait until the conclusion and follow those steps. I opened the Services panel and stopped every service it would let me stop. Then I set every service to Manual that it would allow me to as well. Here's what I ended up with:
Oh my gosh, even the Server and Workstation services? Yep. Gone. Every other service is not running, and set to Manual. Windows "allowed" me to do this so theoretically my system should boot. Heh. An important note: The "COM+ Event System" service is stoppable, but it magically restarts on it's own immediately right away. System Event Notification likes to do this as well, sometimes. We'll deal with that later. Now we're going to reboot and see what happens! Before you do this, be sure you know your primary account or Administrator password. The first thing you might notice is that your login screen is different, as a result of disabling Fast User Switching and the Welcome Screen.. This is good. Fortunately I can still log in. Next you'll notice that Windows has taken it upon itself to start up the following services for you: COM+ Event System, Network Connections, Network Location Awareness, SSDP Discovery Service, System Event Notification, Terminal Services, and Windows Management Instrumentation. At the same time, the following did not automatically start: Plug and Play, Security Accounts Manager, and Windows Audio. Now, test your sound card. If you don't have any sound, you probably should start Windows Audio back up and set it to Automatic. Whoops. You might immediately notice Plug and Play errors as soon as you try to change anymore services. Those are pretty annoying so, I guess we need that one. Start it and set it to Automatic. I'm really not sure why opening a service's Properties page would somehow be dependent on the Plug and Play service, which I thought just listened for new hardware. There is all kinds of overlap in responsibilities among XP services. Next, we're going to chop even harder and force some services whose usefulness is questionable to Disabled. Let's do this to the following: COM+ Event System, Event Log, Network Connections, Network Location Awareness, SSDP Discovery Service, System Event Notification, Terminal Services, and Windows Management Instrumentation. Now that these are Disabled, let's reboot again! Scared yet? While I'm rebooting, let's discuss some interesting things. Many of those services say they cannot be disabled. Many seem absolutely vital, such as DNS Client. Gee, I need to be able to resolve internet names! You'll notice that name resolution (in your browser, anyway!) still works. Not everything is as it seems! If you do not have a static IP address, you will need DHCP Client started and set to Automatic to get on the Internet. So, let's do that now. At this point, only three services are running: DHCP Client, Plug and Play, and Remote Procedure Protocol (RPC). Wow. Several are set to Disabled and everything else is set to Manual. Theoretically, if you had a static IP address and were very tolerant of constant plug and play errors, you would be running a total of ONE SERVICE. Wow! The Conclusion: First, set every service to Manual. Then, set the following to Disabled: COM+ Event System, Event Log, Network Connections, Network Location awareness, SSDP Discovery Service, Terminal Services, and Windows Management Instrumentation. Reboot, and you're chopped! You definitely need to know which services are required for certain things. Some of it isn't clear - many people don't know that Remote Desktop uses the Terminal Services and, in fact, I think it uses Telephony too. A drawback of this setup is that any problems will likely trigger logged Events, which go to Start > Run > Event Viewer, but this service is now stopped and nothing will be logged. You will probably need to set this back to Automatic and reboot in order to find out why something isn't working if you hit a snag. The events may not be very clear as to which service is responsible, as many applications just assume it's required services will be running, so you'll need to be fairly clever to figure out what is responsible. I warned you! In your Task Manager (CTRL-SHIFT+ESC) you should have no more than the following processes running: CSRSS.EXE, EXPLORER.EXE, LSASS.EXE, SERVICES.EXE, SMSS.EXE, SVCHOST.EXE (two or more depending on the number of services you left running), System, System Idle Process, taskmgr.exe, and WINLOGON.exe. You might also have mmc.exe if you have the Services list open. Closing that, and the Task Manager kills two more processes, leaving you with about 10. As you proceed to run applications, you may notice other services being started up for you. This is OK. Applications will start services they need, but they'll go away again on the next reboot. I wonder why SMSS.EXE is even running. It's apparently related to Terminal Services, so that's somewhat unexpected. One immediate problem is that a favorite program of mine is TaskKill.exe. This Windows XP provided executable nukes processes efficiently because it has a /F, or Force, switch. However, this is dependent on the Windows Management Instrumentation service, which in turn is dependent on the Event Viewer service. So, that's a lot of services to use just to get one utility. The old NT4 or Windows 2000 resource kits have a KILL.EXE that works fine without these services. Now that the biggest part is done, there are some minor tweaks that should be done as well. Uninstall With A Vengeance Have you ever noticed that an empty hard drive is a fast hard drive? I suspect it has a lot to do with the smaller NTFS/FAT tables, the smaller registry, and the fact that more of what you need is stored in the faster, inner portions of the drive instead of the slower outer rim (after a defrag, of course.) So, uninstall everything you can. Drop that hatchet. Spare no application from the wrath! You might consider running the old utility RegClean 4.1a by Microsoft. It still works, but it's usefulness is arguable. But anything to shrink your Registry file is good. Make as much room as possible, then of course.... Defrag After freeing up as much space as humanly possible, defrag your drive. Topic is done to death, so enough said. Just be sure to do it after freeing up space by uninstalling, not before. I'm moving quick to get all this newbie stuff out of the way. Remaining Tray Icons There may be some remaining tray icons near your clock. Neither in the startup menus or spyware applications, sometimes a system driver (usually video / printer related) could invoke these and place a tray icon. The tray icon itself may provide an option to disable auto-loading, or you may have to go into the Driver Display Properties / Advanced, or a printer's property pages to disable these applications. At this point, after a reboot, your system should only be loading the same programs that come with a new install of Windows. Of course, that leaves a lot to be chopped... Display-Related Optimizations Many of these optimizations are in the Display tab but are significant and have nothing to do with your display. Control Panel > Display. The first tab, Themes. If you can stand to look at the Windows XP Classic theme, this has an advantage that the entire Themes service can be disabled. Personally, I like the new visual themes enough to take the performance hit, so I leave it running. On the Desktop tab. Disable that desktop background. I cannot emphasize this one enough. It's a real hog, even to this day, especially if you don't have much memory. Personally I think Black is the most efficient background color but I'm probably insane. Definitely don't use one of those hatch patterns, it actually does slow down the desktop draw speed when switching applications, especially with old video cards. Also on the Desktop tab, click Customize Desktop. Uncheck Run Desktop Cleaning Wizard Every 60 days. This will be nullified anyway when you disable the Task Scheduler service. Screen Saver tab. I wouldn't use a 3D screensaver since they seem to get in the way a lot. Also, you don't need to eat 100% CPU during the 98% of the day you're not using your computer. The others are fine - a few CPU cycles dedicated to this is OK when compared to the alternative of literally burning a Start Menu into your monitor. Also on Screen Saver tab - click Power. Turn Off Hard Disks and System Standby should be set to Never. I have it turn off my monitors after 10 minutes and don't use a screensaver at all, just personal preference though. The Advanced tab has yet another taskbar icon you can eliminate. On the Hibernation tab, do not enable Hibernation unless you really, really like that feature. On the UPS tab, it should say The UPS Service Is Currently Stopped (if it doesn't, don't worry, you'll get to that later.) Event Viewer There will always be events logged (well - usually), and the more work it has to do to accomplish this, the busier your system is. Start > Run > Event Viewer. For each of the three (or more) log categories (usually Application / System / Security), open their properties and first, Clear them. Save the backup if you wish. Set the size to, oh, say 128kb, and then tell it to Overwrite As Needed. Logging data to a small file is faster than to a large file. This is a minor tweak and later we'll be aggressively disabling all Event Logging anyway. Auditing / Logging XP loves to fill up it's event log with "audit events" that have occurred, such as logon and logoff attempts. Problem is, every minor low-level event that's a basic part of Windows is considered an event that needs logging. Blah. FileMon will register this as all kinds of hits to your system log folders and EVT files. If you are a member of a Domain, you may not be able to disable this unless you can disable auditing in the Group Policy on the domain controller. If you're not a member of a domain, however, do this: Start > Run > secpol.msc > Local Policies > Audit Policy. All of these items should be set to No Auditing. You can always turn them back on later when you decide you want to troubleshoot something. Application Replacements First, I would strongly suggest using Mozilla over Internet Explorer. Not only is it a better browser, but the main reason is that it's far less likely to have security holes that allow spyware and viruses through, and these are far more serious than IE's advantages. The reality is, IE is probably less resource-hungry than Mozilla, what longer load times, slightly larger memory footprint and java baggage. IE also has an advantage in that explorer.exe is always running, and IExplore exploits this in order to run faster. (However, this may not be the case later.) Additionally, the open source GAIM application seems to be less intense on disk access than the AOL AIM application. Beyond this, experiment with FileMon to see which apps are constantly busy, and which are well-behaved. Virtual Memory One file being accessed very often is pagefile.sys, your Virtual Memory swap file. On my system, I have 1GB of RAM and rarely more than 300mb in use at any time. My understanding of Virtual Memory is that Windows uses this as a last resort when it runs out of memory. Why XP is swapping so early I'll never know, nor do I care to. If you have at least 1GB of RAM, I strongly suggest you disable Virtual Memory. I had 768mb of RAM and with Virtual Memory disabled, I had a few problems with Counter-Strike. I would suggest at least 1GB before turning this off. Start > Settings > Control Panel > System > Advanced > "Virtual Memory" Settings > Advanced > Change > No Paging File > Set > OK > Reboot. Setting Up Application Shortcuts Being forced to use the Start > Programs menu, or icons on your desktop, can be a real drag. A faster way to run applications is to run them from the Start > Run menu, or the File > Run menu of Task Manager (accessible at ANY time with CTRL-SHIFT+ESC). Create a folder, such as C:\BATS. Drag a shortcut from your Start > Programs menu for every application you run into this folder. Preferably, abbreviate it to as simple as you can, such as "moz" for Mozilla or "IE" for Internet Explorer. Then, go to Control Panel > System > Advanced > Environment Variables. Edit the System variable called PATH, and add ";C:\BATS" to the end of it (without the quotes. Semicolon optional, if there's already one at the end of your PATH value. Now you can run any program from Start > Run or File > Run of the Task Manager without clicking any icons. This whole step is optional, but required if you plan to try the extreme tweak mentioned next. Going to extremes - Killing Explorer.exe This is definitely an extreme tweak because Explorer is part of life, and fairly efficient at what it does - it is, after all, the core of many Windows functions - and you can probably skip this without losing any sleep. NTFileMon will report that Explorer.exe is a little busybody with it's fingers all over your system. I suppose it has to constantly poll various files in order to keep the desktop and tray updated. If you're truly dedicated, consider killing this temporarily while running your main application, whatever it is. If you're loading a windows-based game like Ultima Online that does not run fullscreen, do this: Open Task Manager, and click End Task on Explorer.exe. Normally this would cause Explorer to just automatically reload. I think that's provided by some service we nuked earlier. It should stay gone. Explorer will terminate, taking with it your desktop and annoying start menu / taskbar which are useless while playing a game anyway. You can still Alt-Tab through windows. When you need Explorer back, just hold CTRL-SHIFT and press ESC to invoke Task Manager. File > New Task > explorer.exe, and you're back up and running. Sometimes doing this opens the tree-mode of explorer instead of getting your desktop / taskbar back. If this happens, re-open Task Manager (CTRL-SHIFT+ESC) and, in the Process tab, do an End Task on all instances of Explorer or IEXPLORE, then run explorer.exe again from the file menu. Conclusion Your Windows has been chopped. You have more memory free than you've ever seen. On my system, after doing everything here including killing Explorer.exe, Windows is reporting 29.1 MB of memory in use via Task Manager. One day I'll find out where all that memory is going and see how much further I can reduce that without reducing Windows to a worthless pile of goo. You're running virtually no services. FileMon shows virtually no activity. If you did the extreme Explorer tweak, you have to run all your programs from the File > Run menu of Task Manager - a minor inconvenience. You'll probably have to troubleshoot some unusual application failures. Your Event Viewer no longer works, nor do many screens in Computer Management. Unexpected Side Effects
|
||||||||||||||||||||||||
| Last Updated on Thursday, 05 March 2009 00:36 |
