Microsoft Xperf User Manual: new Windows performance monitoring Solution

IT administrators are constantly looking for new tools to make their lives easier. If these tools are free, they will be better ). I am usually very careful when downloading tools, especially for tools that don't require delivery but are expensive to "bloody. However, I am pleasantly surprised to hear that Microsoft recently provided a new tool called Xperf in the Performance Testing field.

Xperf is an advanced fault debugging tool that can be used to debug various performance problems in depth. Its height is beyond the reach of Perfmon. It is part of the product suite Windows Performance Toolkit (WPT), while WPT is part of Microsoft Software Development Kit (SDK ). Xperf is a supplement to Windows Event Tracing for Windows, ETW. ETW is a built-in component of the server operating system, providing detailed system performance and system data.

Xperf can handle many problems, such as system response, slow startup, high CPU and disk utilization, application latency, and slow response. It supports cross-platform use on x86, x64, and IA-64 platforms with a CPU usage of less than 2.5% while collecting more than 20000 system events per second.

In other words, this is a tool that you will definitely add to the toolbox. However, before learning more about the functions provided by Xperf, let's take a short tutorial to learn how to install Xperf and how to use this tool to debug various Windows system performance problems.

Install Xperf

As mentioned above, Windows performance toolkit WPT is released along with the Windows software development kit SDK. Before installing the SDK, you must first install Microsoft. NET Framework 4. Unless you want to install an SDK of up to 4 GB, you should select Windows Performance kit Windows Performance Toolkit and Windows Debugging tool Debugging Tools for Windows.

You should also select the WPT and debug Tool Debugging Tool under the Redistributable Package) option, so that you can install and use a Tool separately without being forced to reinstall the SDK. You can find the installed Windows Performance Suite and debugging tool in the following locations:

C:\Program Files\Microsoft SDKs\Windows\v7.1\Redist\Windows Performance Toolkit

Figure 1 Installation Options of Windows SDK

If you encounter problems during SDK installation, you can refer to this troubleshooting page for help, such as clearing files in the AppData \ Local \ Temp directory ). After the installation is complete, the system creates a new program group for WPT, as shown in figure 2. Related tools are stored in the following directory:

C:\Program Files\Microsoft Windows Performance Toolkit

Figure 2: Windows performance toolset Program Group

Configure and use Xperf

After WPTXperf is installed on the faulty server, the next step is to collect event tracking information. Depending on the problem, you can track and collect a large number of events. We can start with the Xperf CLI command below:

Xperf –on DiagEasy

This command collects multiple types of kernel events, including PROC_THREAD, LOADER, DISK_IO, HARD_FAULTS, DPC, INTERRUPT, CSWITCH, and PERF_COUNTER, and records the data to a kernel named kernel. etl log files. To list all types of kernel events, run the following command:

Xperf –providers KG

Note: Extensive online help provides a detailed explanation of each type of event.

After collecting event data, let the server reproduce the problem you are about to debug, and then use the following command to end the collection:

Xperf –d trace.etl

This will merge the data cached in kernel. etl, and finally create a trace log file named trace. etl. The trace log file can be debugged on the faulty server or on another server with WPT installed. To view the generated graph and chart, run the following command:

Xperf trace.etl

The trace file is processed in two steps to generate various charts. Default images include:

• CPU usage
• CPU usage of each process
• CPU usage of each thread
• CPU idle status
• Disk I/O and disk usage
• Disk usage of each process
• Process Lifecycle
• Dpc cpu usage
• Interrupted CPU usage
• Hardware faults
• Other common events

Hover the mouse pointer over a specific line of the image. You can see more details, such as the name of the process that occupies all CPU usage time. For example, in Figure 3, you can clearly see how the Worker Program rtvscan.exe occupies the CPU.

Figure 3 CPU usage-Process Diagram

Another convenient feature of Xperf is that you can zoom in images within a specific time range to view images in this area more clearly. In Figure 4, you can see that there is a peak value in disk usage over the previous 60 seconds. Click and drag the part on the graph with the mouse pointer, right-click the part, and select Zoom To Selection from the shortcut menu To enlarge the time range when the problem occurs. This will generate a new graph that contains your specified time zone. To return to the source image, right-click and select "Unzoom" Unzoom ).

Figure 4: Xperf Scaling

To get more detailed information, right-click the graph and select "Summary Table ). This generates a chart that records all counters and data related to the chart. For example, Figure 5 shows a summary table of the disk I/O diagram. The first line of the table clearly shows that the rtvscan.exe process performs a large number of read operations, which means it is performing a virus scan.

Figure 5: disk summary table in the disk I/O diagram

As you can see, Xperf is a very powerful and intuitive tool that can really help you analyze system performance problems. However, I just talked about the tip of the iceberg among the many Xperf functions. This tool also applies to the detection of slow system startup, high kernel and interrupt time, and analysis of key files. Each feature deserves a separate discussion of its functions and benefits.