What are 'System Idle Processes' ?

Introduction

Most Microsoft Windows users when trying to find out what is making their computer slow, find a process named 'Idle Process' or the 'System Idle Process' with a very high percentage of CPU usage. High percentage of CPU usage makes people think that this process is the reason for their computer being slow. This article tends explain the System Idle Process, its use and why it is not the reason for your computer to be slow.

What is the System Idle Process (SIP)

The system idle process (SIP) is exactly what it's name implies. It is an idle process that belongs to the system / runs on the system.

From a developer's perspective an SIP is:

- An Idle thread is a special thread, threads similar in priority or "peers" of the idle thread can not be created, not even in kernel mode.
- SIP does not run any user-mode code, nor does it reference any user land address, therefore they do not contain any user process related data.
- The SIP threads are extremely light weight and do not do anything CPU intensive. Having said that it should also be clarified that they don't just run null instructions; instead in modern windows they run instructions to save power by turning off system components until an interrupt is received or slowing down the CPU clock speed.

The most important thing to understand the system idle process is not WHAT or HOW, it is WHY is it needed at all.

Why is the Idle process needed?

The purpose of the SIP is to give something to the scheduler to feed the processor when there is no eligible process in the ready queue. The SIP is there to avoid a special case in the scheduling system of windows which would leave the scheduler with nothing to schedule, hence freezing the system.
There are eight states of a Windows' process:

 1 - Initialize
 2 - Ready (3- Standy and 4- Deferred Ready)
 5 - Running
 6 - Waiting
 7 - Transition
 8 - Terminated
An explanation of the above states will be published in a subsequent Blog.

The MS Windows scheduler was classically built to manage the up time of the CPU by constantly feeding it processes. The CPU will be frozen if there comes a special case where all the processes are non-ready states and cannot be fed to the processor. This would cause the processor to freeze.
The SIP solves this problem by being there throughout the up-time-life of the CPU, it is available to be scheduled for processor-time whenever the scheduler runs out of eligible processes to assign to the processor.
So what does SIP represent?

Practically the percentage of CPU usage is = 100 - (% of process used by SIP)
The number of threads being run by the SIP which we will call System Idle Threads (SIT) will be equal to your logical processors in your system. The number of logical processors can be seen under Performance tab of the Task Manager.
ID of Idle process and threads

The SIP is also needed because today's processors are multi core processors, so if one core is running a single process the other core needs to have something in its schedule i.e. in the waiting queue of 'ready' state processes.

SIP has the process ID 0. Possible that it is the first process to be spawned by the system.

Launching the Idle thread (process)

The priority of an idle thread is not compared with any other process thread. The CPU just does not select the idle process if some other non-idle process is eligible to run on the processor. It would be correct to say that the idle process/thread has the lowest priority because the idle thread is selected only when it is there is no other thread in the 'ready' state i.e. ready to be given the processor. All processes have a priority value from 0 to 31, and the idle threads are treated as if they have a priority below 0 (say ... -1). According to Mark Russinovich (Windows Internals) they are assigned a priority of 0, it’s just that their priority is never considered. The address of the idle thread for each logical processor is set in the 'PsIdleProcess' special variable and selects the idle process when the condition arises of no non-idle process being available in the 'ready' queue.

About the Author: Saquib Farooq Malik, is a senior Information Security Consultant at ITButler e-Services(www.itbutler.com.au) . Saquib Specializes in Vulnerability Assessment and Penetration Testing, implementations of ISO 27001 in different corporate environments in the Middle East.

He is a CISSP, an ITILv3 Foundation certified professional, ISO 27001 Lead Auditor, Tenable Certified Nessus Auditor and a Lumension Certified Engineer.