BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
If you have tried to use XPerf, you know how tricky the command-line syntax can be to specify the kernel providers used during event tracing. Well, all that has changed with the next generation of the free Windows Performance Toolkit which includes a brand-new tool called the Windows Performance Recorder. With a GUI, it makes it easy to point and click on the events you want to trace and specify tracing options.
The XPerf viewer, also known as the Windows Performance Analyzer (WPA), has also been revamped from the ground up with many new features. WPA now provides a graph explorer that allows you to browse through a list of thumbnail graphs to easily spot signs of trouble. It also displays multiple charts and tables within a single window rather than haphazardly across multiple sub-windows. Both WPA and Windows Performance Recorder (WPR) have been released in a special preview edition of the Assessment and Deployment Kit (ADK) for Windows 8.
Installing the new WPT
The ADK contains a collection of tools and documentation for customizing, assessing and deploying Windows. It is not necessary to install the entire ADK if all you want is the new Windows Performance Toolkit (WPT). The ADK setup (which requires Microsoft .Net Framework 4) allows you to choose just the components you want to install and creates a new program group under Windows Kits.
Windows Performance Recorder
To get started with the new WPT, start the Windows Performance Recorder in the Windows Performance Toolkit program group (Figure 1). This will provide you with the option of tracing the entire system or choosing a particular process from a drop-down list (Figure 2). Once you are ready to start recording, just hit the Start button. Hit the Save button to stop the trace.
While the default list of events that WPR traces is usually adequate, you can click the “more options” button to specify additional events, which helps focus analysis on particular components of the operating system such as registry or disk I/O activity. Note that the more profiles you select, the larger the resulting trace log and CPU overhead. It is possible to generate log files in excess of 1 GB in under a minute so be sure to only enable those additional events you need to trace and to do so for only a brief period during the performance problem.
WPR provides several performance scenarios to choose from when collecting event traces. For most purposes, use the “General” scenario to start and stop collections as needed when capturing data. If you are troubleshooting a slow-boot issue, you can specify “On/Off – Boot” as the scenario to only capture data during a boot up. The different scenarios you can choose from are listed (Figure 3).
Finally, you can set the logging mode to specify either memory or file (Figure 4). For most purposes, logging to file is preferable for predictable events such as application startups or boot time troubleshooting. But for unpredictable events such as transient issues that come and go, it may be necessary to set logging to memory which uses circular memory buffers to avoid massive disk usage.
Windows Performance Analyzer
Once you have used WPR to collect an event trace, you can use WPA to analyze the data. Startup WPA and use the File pull-down menu to select Open… and browse to the location of your event trace log (ETL) file.
WPA generates graphs you can choose from in the left-hand pane under the Graph Explorer based on the data you collected with WPR. By double-clicking or dragging these graphs to the Analysis tab, you can expand the view to see the details.
You can drill down to expose additional graphs by clicking the tiny triangle on the far left next to each graph. For example, drilling down on the Storage graph will reveal Disk Usage and Driver Delay graphs. Subsequently drilling down on the Disk Usage graph will reveal I/O Time by Process, Utilization by Disk, and other disk specific graphs. The variety of graphs available depends on the types of events that were collected during the trace.
Finally, for each graph, it is possible to display the corresponding table of values that were used to generate the graph. You can choose whether to view the graph, the table, or both by using the layout icons in the upper right-hand corner of each graph in the analysis tab. For example, you can see the CPU usage graph along with the corresponding table of threads that was used to generate the graph (Figure 5).
While I have only touched the tip of the iceberg, you can see the next generation of the Windows Performance Toolkit includes significant enhancements to the old XPerf tool. While the XPerf CLI is still available in the new WPT for those who prefer scripting to collect performance data, the new graphical interface makes tracing very simple. Be sure to keep in mind this is a preview edition of WPT and should be updated once the final release is available.
ABOUT THE AUTHOR
Bruce Mackenzie-Low, MCSE/MCSA is a master consultant at HP providing third-level worldwide support on Microsoft Windows based products including Clusters, Performance and Crash Dump Analysis. With over 25 years of computing experience at Digital, Compaq and HP, Bruce is a well-known resource for resolving highly complex problems.