Scribd
Upload
92 views2 pages

README

This document provides frequently asked questions and answers about using Microsoft Windows Performance Analyzer (xperf) to analyze Event Tracing for Windows (ETW) trace files. It addresses questions about decoding custom events, resolving symbols, configuring the environment to match binaries and symbols, and logging context stacks for certain ETW events.

Uploaded by

mrx70.9.9
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
92 views2 pages

README

This document provides frequently asked questions and answers about using Microsoft Windows Performance Analyzer (xperf) to analyze Event Tracing for Windows (ETW) trace files. It addresses questions about decoding custom events, resolving symbols, configuring the environment to match binaries and symbols, and logging context stacks for certain ETW events.

Uploaded by

mrx70.9.9
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Microsoft Windows Performance Analyzer Support

==============================================

Online documentation is available at:

http://go.microsoft.com/fwlink/?LinkId=103276

CONTENTS
========

1. Frequently Asked Questions

1. Frequently Asked Questions


=============================

1.a. Will xperf dump my custom events to the xperf dumper?

xperf supports automatically all manifest-based events on Vista


machines with exactly the same manifest-based providers installed.

xperf does not support decoding of custom classic events.

1.b. I cannot decode symbols. Why is that and how can I fix it?

The xperf/xperfview trace symbol decoding support is quite complex.


Please ensure the following requirements are met:

i. You have specified -symbols on the xperf command line, or


selected "Load Symbols" in xperfview *before* you opened a summary
table.

ii. You configured the environment variables as described in the online


help (xperf -help symbols)

iii. The ETW kernel trace file has been stopped and merged with xperf's
option -d or merged on the same machine it was taken with xperf's
option -merge. (xperf performs a special image identification
process during its custom trace merge.)

iv. The ETW user trace file is processed by xperf in conjunction


with a kernel trace file taken in the same time on the same machine
and merged as explained at point iv. above.

v. You have access to the binary and symbol sources specified on


_NT_SYMBOL_PATH. If you use symbol server, please note that many
times the symbol server is just a redirector, and you need to have
access to both the symbol server itself and the site actually hosting
the binaries and/or symbols.

vi. _NT_SYMBOL_PATH points to the right files. If the files are from a
different build or architecture they will not work. If you replace
the binary or symbols you will not be able to decode anymore symbols
for traces recording activity of the old binaries.

To rule out a symbol mismatch, use symchk from the Windows Debugging
Tools distribution to ensure the symbols match the binaries on the
machine on which the trace was taken:

symchk /v <local_file> /s <sympath_to_name.pdb>

To rule out a binary mismatch, use fc /b to ensure the binaries on


the machine on which the trace was taken match the ones on the drop
share:

fc /b <local_file> <drop_share_file>

vii. The ETW kernel trace was captured with at least PROC_THREAD+LOADER.
These flags provide basic information about process lifetime and
image ranges in process memory, which are instrumental in decoding
virtual addresses to images and symbols.

To verify that these flags have been enabled in the ETW kernel trace,
check that Process events (Create, Delete, Start Rundown, End Rundown)
and Image events (Load, Unload, Start Rundown, End Rundown) are present
in the table generated by "xperf -i kernel.etl -a tracestats -detail".

1.c. I'd like to have ETW log the context stacks for certain events. How
can I do that?

Please refer to "xperf -help stackwalk".

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy