Defrag Tools: #45 - WPT - File & Registry Analysis | Defrag Tools

EDN Admin

EDN Admin

Well-known member
Joined
Aug 7, 2010
Messages
12,794
Location
In the Machine
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue walking you through the Windows Performance Toolkit (WPT). Example xPerf scripts.

Resources:
Defrag Tools: #23 - Windows 8 SDK
Defrag Tools: #29 - WinDbg - ETW Logging
Windows Performance Analysis Developer Center
Windows Performance Toolkit
Channel 9 Videos
NTDebugging Blog Article
PFE Blog Series
Timeline:
File
[00:00] - Process Monitor vs. WPT
[01:48] - xperf -on PROC_THREAD+LOADER+FILENAME+FILE_IO+FILE_IO_INIT -stackwalk ...
[03:43] - Process Monitor design (I asked Mark; filtering is done in User Mode)
[05:25] - WPA - File Analysis
[09:42] - Comparison to Process Monitor "Enable Advanced Output"
Registry
[16:47] - xperf -on PROC_THREAD+LOADER+REGISTRY -stackwalk ...
[18:25] - WPR Profiles (FileIO & Registry)
[20:50] - WPA - Registry Analysis
Registry Hive
[25:55] - xperf -on PROC_THREAD+LOADER+REG_HIVE -stackwalk ...
[28:22] - Logoff/Logon to show Registry Hive unload/load
[29:10] - WPA - Registry Hive Analysis
Summary
[33:16] - Summary

Example: "xperf - Collect FileIO.cmd"
@echo off
echo Press a key when ready to start...
pause

echo .
echo ...Capturing...
echo .
xperf -on PROC_THREAD+LOADER+FILENAME+FILE_IO+FILE_IO_INIT -stackwalk FileCreate+FileCleanup+FileClose+FileRead+FileWrite+FileSetInformation+FileDelete+FileRename+FileDirEnum+FileFlush+FileQueryInformation -BufferSize 1024 -MinBuffers 256 -MaxBuffers 256 -MaxFile 256 -FileMode Circular
echo Press a key when you want to stop...
pause
echo .
echo ...Stopping...
echo .
xperf -stop -d fileio.etl

Example: "xperf - Collect Registry.cmd"
@echo off
echo Press a key when ready to start...
pause

echo .
echo ...Capturing...
echo .
xperf -on PROC_THREAD+LOADER+REGISTRY -stackwalk RegQueryKey+RegEnumerateKey+RegEnumerateValueKey+RegDeleteKey+RegCreateKey+RegOpenKey+RegSetValue+RegDeleteValue+RegQueryValue+RegQueryMultipleValue+RegSetInformation+RegFlush+RegKcbCreate+RegKcbDelete+RegVirtualize+RegCloseKey -BufferSize 1024 -MinBuffers 256 -MaxBuffers 256 -MaxFile 256 -FileMode Circular
echo Press a key when you want to stop...
pause
echo .
echo ...Stopping...
echo .
xperf -stop -d registry.etl

Example: "xperf - Collect RegHive.cmd"
@echo off
echo Press a key when ready to start...
pause
echo .
echo ...Capturing...
echo .
xperf -on PROC_THREAD+LOADER+REG_HIVE -stackwalk RegHiveInit+RegHiveDestroy+RegHiveLink+RegHiveDirty -BufferSize 1024 -MinBuffers 256 -MaxBuffers 256 -MaxFile 256 -FileMode Circular
echo Press a key when you want to stop...
pause
echo .
echo ...Stopping...
echo .
xperf -stop -d reghive.etl
bb2bd454a4c81b3783a9d6189cf6f9bd.gif


View the full article
 
You must log in or register to reply here.

Similar threads

L
Defrag Tools: #45 - WPT - File & Registry Analysis | Defrag Tools
Replies
0
Views
183
Larry Larsen, Andrew
L
L
Defrag Tools: #50 - WPT - Memory Analysis - Heap | Defrag Tools
Replies
0
Views
234
Larry Larsen, Andrew
L
L
Defrag Tools: #49 - WPT - Memory Analysis - VirtualAlloc | Defrag Tools
Replies
0
Views
294
Larry Larsen, Andrew
L
L
Defrag Tools: #46 - WPT - Driver Analysis | Defrag Tools
Replies
0
Views
228
Larry Larsen, Andrew
L
L
Defrag Tools: #48 - WPT - Memory Analysis - Pool | Defrag Tools
Replies
0
Views
233
Larry Larsen, Andrew
L
Back
Top