Since I’ve upgraded my system from Windows 7 to 10 on my HP Laptop with 16 gigabytes of RAM and an SSD disk, I’m experiencing a slow boot when “restarting” the computer. Windows shows a black screen with the Windows 10 logo in the middle for several seconds.
I’ve used my favorite tool, Windows Performance Toolkit, to troubleshoot this issue.
A trace capture, taken with Windows Performance Recorder, shows that the “Pre Session Init” boot phase, has taken 22 Seconds. Which is big duration for this phase!
So what’s going on ?
Using Region of Interest graph and choosing the “Thread Activities” view, I can see that “Boot-PnP-SystemStart-Phase” took 20 Seconds and the Thread 8 of system process 4 and is involved in this delay.
Let’s take a look at “CPU Usage Sampled” Table to see what Thread 8 was doing during this amount of time;
When digging in the call stack, you can see “IopLoadDriver” function call that load Drivers. At this point I can assume that the delay is related to driver loading operation.
So let’s move forward and look for other clues. At the bottom I can see an interesting functions calls related to the Hash validation. These functions are called from CI.dll module which is the Code Integrity Module responsible of Drivers’ signature checking at the boot phase.
I can see this more clearly in the “Generic Events” table. By expanding “ValidateFileHash” taskname under “Microsoft-Windows-CodeIntegrity” column, I can see that the Hash validation starts at 2,433540242s for “\Device\HarddiskVolume2\Windows\System32\drivers\dxgkrnl.sys” file and ends at 22,569235172s !
For all the other drivers the code integrity check operation took a few milliseconds !
So the question is; why it took so long for checking “dxgkrnl.sys” file integrity ?
dxgkrnl.sys is a Microsoft DirectX graphic driver; At the begining I thought that my dxgkrnl.sys was not up to date (10.0.10586.672), beacause I was running Windows 10 1511 version.
So I’ve applied all the latest updates for Windows 10 version 1511; the dxgkrnl.sys files version was updated to “10.0.10586.873”, but the boot time remains the same !
My next step was upgrading to Windows 10 Creator Update, without this has solving my problem !
I’ve also the same problem on my other HP ZBook Laptop !
On the Internet many people reported this kind of issue, but none gave a definitive solution !
The story continues …
What I did next was taking a trace from another Windows 10 PC which boot normally, without delay, and make a comparison between the two traces.
I created a comparative window (to compare between the two traces) and put in the CPU Precise Graph.
I drilled in the call stacks of Thread 8 and try to catch any difference between the two call stacks. And what I saw in the top of the stack seemed interesting; There was calls to functions in the Wof.sys module that were not present in the call stack of the computer without boot delay !
Wof.sys is a File System Filter Driver. And according to MSDN page ;
“A File system filter Driver is is an optional driver that adds value to or modifies the behavior of a file system. A file system filter driver can filter I/O operations for one or more file systems or file system volumes. Depending on the nature of the driver, filter can mean log, observe, modify, or even prevent. Typical applications for file system filter drivers include antivirus utilities, encryption programs, and hierarchical storage management systems.”
So my guess is when a file I/O is performed on dxgkrnl.sys file it’s intercepted by a program which try to do something with !
So pushing my curiosity further, I took another trace with the “WDF Driver Activity” option enabled in the Windows Performance Recorder Interface;
The generic Events table shows me a new task which perform just before Dxgkrnl driver initialization. A code integrity applied to vmbkmclr.sys driver.
vmbkmclr.sys is a part of Hyper-V backup integration components for VMs. Armed with this information, I made a test by uninstalling the hypervisor from my machine and then the boot time was faster !
The Pre Session Init boot phase goes from 22s down to 8s.
Now the big question is; The Hypervisor is really the culprit ? or a misconfiguration of my system ?
As I’m facing the same issue on my other HP windows 10 based Laptop, with the Hyper-V service running on it; This lead me to think there is something on these HP based Laptop that is causing this delay, when the Hyper-V is enabled !
If you want to learn how you can troubleshoot Windows Performance issues like this one, by using Windows Performance Toolkit; just enter your email address and to get instant access to my FREE course.
If you enjoyed this article, please share it on your prefered social media, by clicking the below buttons, so that others can benefit from it.