Jaa


XPerf Tool – Why Can’t You Live Without It?

Israel Burman (Israel is one of the ADPlus creators and the guy who taught me the XPerf tool) and Mario Hewardt told me I should blog about the XPerf tool.

Although I’m new to this tool I decided to follow their suggestions because I believe you’re going to wonder how you could live without using this tool after using it for the first time. J

So, when starting to write this article I decided to browse the internet to see how many articles from Microsoft I could find because I didn’t want to be redundant. As a matter of fact I found several great articles. (Am I late to the party? J) Some of these articles are very didactic and similar to what I had in mind.

That said, I’m not going to be redundant here, likewise I’m going to give you just an overview about the tool and mention those articles that details the configuration and usage of XPerf so you can get the necessary details from these articles without having to research the internet all over again.


WHAT’S XPERF?

- XPerf is based on ETW (Event Tracing for Windows) which is a very efficient tracing infrastructure.

- The overhead caused by XPerf is about ~2.5% CPU, in other words, very minimum.

- The tracing can be dynamically enabled or disabled and it doesn’t require a reboot.

- XPerf enables you to collect logs, create reports and see charts from the collected data.


WHEN SHOULD YOU USE XPERF?

- When you need to isolate performance problems.

- To get a better understanding of the Operating System.

- Probably other scenarios where you can benefit for tracing the Windows components.


WHERE CAN YOU DOWNLOAD XPERF?

From here or here.


HOW CAN YOU START USING IT?

- Collect logs from a few seconds to 5 minutes.

- Start just before reproducing the symptom.

- Don’t forget to setup the symbols.


BASIC COMMANDS

After installing XPerf open a Command Prompt using RunAs Administrator.

Setup symbols:

set _NT_SYMBOL_PATH= srv*C:\symbols*https://msdl.microsoft.com/downloads/symbols

 

Start XPerf, collecting just general information:

XPerf -on DiagEasy

Reproduce the symptom.

After that use this command to stop the tracing, creating a log file:

XPerf -d trace.etl

To visualize the charts from the data you just collected use:

XPerf trace.etl

 

XPerf can collect different information for different scenarios.

To do that you need to change the provider. Providers are the Windows components that have the ability to log information.

Sintax:

XPerf –on <provider>

To get a list of all available providers use:

XPerf -providers k

 

To get call stack information you need to specify the Kernel events that should log the call stack.

This is the way to do that:

Xperf -on <provider> -stackwalk <flags>

Example using provider = diageasy and stackwalk = profile:

XPerf -on diageasy -stackwalk profile

If you want to see other types of flags use:

XPerf -help stackwalk

To send the information to a CSV file use:

 

XPerf -i trace.etl > output.csv

You can create a PowerShell script which parses the output from the CSV file.

It’s possible to create a CSV file with filtered information. To do that use:

XPerf –i trace.etl –a <action_name> > output.csv

Example:

XPerf –i trace.etl –a registry > output.csv

Or:

XPerf –i trace.etl –o output.txt –a registry

Notice the –o parameter above to specify the output file.

 

In my machine XPerf is in the C:\ETL folder.

Considering that, here is one possible way to use the tool:

C:\ETL>set _NT_SYMBOL_PATH= srv*C:\symbols*https://msdl.microsoft.com/downloads/symbols

C:\ETL>XPerf -on DiagEasy

# Reproduce symptom here…

C:\ETL>XPerf -d trace.etl

# At this point you may want to create a CSV file. See instructions above.

C:\ETL>XPerf trace.etl

Ok, you’re probably wondering where the screenshots are. I decided to not use screenshots because some of the links below have all screenshots you need.


REFERENCES

https://msdn.microsoft.com/en-us/library/cc305187.aspx

 

https://blogs.msdn.com/pigscanfly/archive/tags/xperf/default.aspx

 

https://msdn.microsoft.com/en-us/performance/default.aspx (download)

 

https://blogs.msdn.com/ntdebugging/archive/2008/04/03/windows-performance-toolkit-xperf.aspx

 

XPerf rocks!

Comments

  • Anonymous
    March 15, 2010
    The comment has been removed

  • Anonymous
    March 15, 2010
    I'm also using xperf and xbootmgr very often and I posted some guides in german. @Helge You need to install the Win32 Development Tools to get the WPT MSI Installer. I also don't like this. But it's the same with the Debugging Tools. The standalone download was removed, now you have to get the whole WDK.

  • Anonymous
    March 15, 2010
    @Andr&#233; FWIW, the Microsoft Hardware Newsletter for March 10, 2010 (http://www.microsoft.com/whdc/resources/news/newsletters/MHN_031010.htm) states "... Also, a decision on where and how to release the Debugging Tools has not yet been made. For now, the current release of the Debugging Tools is available in the Windows Driver Kit (WDK) 7.1.0 release. ..." So maybe we will be lucky with the DTW, and not have to go through a similar convoluted process as the WPT installer currently seems to be.

  • Anonymous
    April 06, 2010
    A tool you can't live without but you'll struggle to find and install - classic ! Why can't i go to Add/Remove programs,select xperf and have it arrive on a menu ? perhaps I'm thinking of a different OS.

  • Anonymous
    April 06, 2010
    Phil, I understand your pain and the pain of all other users facing the same problem. Personally, I don't have any explanation or justification for that but maybe the Performance Team knows better how to answer your question: http://blogs.technet.com/askperf/default.aspx Thanks, Roberto

  • Anonymous
    March 21, 2012
    How does xperf compare with typeperf? as described in "Monitoring CPU Runaway Processes" at http://wp.me/poJiS-63

  • Anonymous
    March 21, 2012
    Hi Ian, I don't know TypePerf so I can't answer your question. :-( Thanks, Roberto