Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
stylenone

Event tracing in its simplest form uses the system Event Log

...

(Computer Management, Event Viewer).

A more complex use is WPA/WPR Windows Performance Recorder and Analyser, available on the Windows Performance Toolkit https://learn.microsoft.com/en-us/windows-hardware/test/wpt/

Download Windows Performance Toolkit

Note: You can download the Windows Performance Toolkit through https://learn.microsoft.com/en-gb/windows-hardware/get-started/adk-install.

Do not forget to read What's new in the Windows ADK and ADK tools | Microsoft Learn article for more details.

Architecture

A driver which produces such logs is registered with the system with an xml XML file, which identifies the source of the logs, and the form they take (data types), names, and other details.

The xml XML file is in the project Resource Files folder.

The xml XML is processed by the Message Compiler by adding this to the project file in each ItemDefinitionGroup (ie, Debug|ARM64 and Release|ARM64)

...

Code Block
LANGUAGE 0x9,0x1
1 11 "Wperf_DriverETW_schema_MSG00001.bin"
1 WEVT_TEMPLATE "Wperf_driverETW_schemaTEMP.BIN"

Registering


This xml XML file is copied with the driver to the system32\drivers directory, and needs to be registered with the system on install with wevtutil.exe im Wperf_DriverETW_schema.xml from the drivers directory.
To unregister call wevtutil.exe um Wperf_DriverETW_schema.xml.

...

Code Block
Maximum selectable profile sources: 5.

Id  Name                             Interval  Min      Max
--------------------------------------------------------------
  0 Timer                               10000  1221    1000000
  2 TotalIssues                         65536  4096 2147483647
  8 DcacheMisses                        65536  4096 2147483647
  9 IcacheMisses                        65536  4096 2147483647
 11 BranchMispredictions                65536  4096 2147483647
 19 TotalCycles                         65536  4096 2147483647
 21 DcacheAccesses                      65536  4096 2147483647
 25 SoftwareIncrement                   65536  4096 2147483647
 26 ICacheRefill                        65536  4096 2147483647
 27 InstructionTLBRefill                65536  4096 2147483647
 28 DCacheRefill                        65536  4096 2147483647
 29 DCacheAccess                        65536  4096 2147483647
 30 MemoryTLBRefill                     65536  4096 2147483647
 33 InstructionRetired                  65536  4096 2147483647
 34 ExceptionTaken                      65536  4096 2147483647
 35 ExceptionReturn                     65536  4096 2147483647
 36 WriteContextID                      65536  4096 2147483647
 41 BranchMisprediction                 65536  4096 2147483647
 42 CycleCount                          65536  4096 2147483647
 43 BranchPrediction                    65536  4096 2147483647
 64 L2DCacheRefill                      65536  4096 2147483647
 65 L2DCacheAccess                      65536  4096 2147483647
 66 L1ICacheAccess                      65536  4096 2147483647
 67 BusCycles                           65536  4096 2147483647
 70 L3CacheAccess                       65536  4096 2147483647
 71 L3CacheRefill                       65536  4096 2147483647

Counter allocation

Xperf does not support multiplexing as on Volterra the following command xperf -on proc_thread+loader+cswitch+dpc+interrupt+pmc_profile -pmcprofile instructionretired,dcachemisses,branchprediction,timer,totalcycles,buscycles -f kernel_03.etl -stackwalk pmcinterrupt returns

Code Block
PS C:\Users\tcwg> xperf -on proc_thread+loader+cswitch+dpc+interrupt+pmc_profile -pmcprofile instructionretired,dcachemisses,branchprediction,timer,totalcycles,buscycles -f kernel_03.etl -stackwalk pmcinterrupt
xperf: error: Failed to configure counters

References

  1. Recording Hardware Performance (PMU) Events | Microsoft Learn

  2. Recording with Custom Profiles | Microsoft Learn

  3. Record a Heap Snapshot | Microsoft Learn

  4. Recording Profiles | Microsoft Learn

  5. Using the Windows Performance Toolkit (WPT) with WDF - Windows drivers | Microsoft Learn

  6. Writing an Instrumentation Manifest - Win32 apps | Microsoft Learn

...