Introduction to XPerf

This post is a quick introduction to a new performance tracing tool called XPerf.  Moving forward with Windows Vista and Windows Server 2008, this powerful tool will hopefully be utilized more often.  XPerf is part of the Windows Performance Toolkit (WPT) which can be downloaded from the Microsoft web site. XPerf is designed for Windows […]

This post is a quick introduction to a new performance tracing tool called XPerf.  Moving forward with Windows Vista and Windows Server 2008, this powerful tool will hopefully be utilized more often.  XPerf is part of the Windows Performance Toolkit (WPT) which can be downloaded from the Microsoft web site.

XPerf is designed for Windows Vista and Windows Server 2008, but will run on Windows XP and Windows Server 2003 by copying Xperf.exe and Perfctrl.dll to the target machine.  XPerf uses ETW (Event Tracing for Windows) and is very low overhead, requiring only about 1500-2000 clock cycles per log.  As an example, 20,000 calls per second is less than 2% CPU on a 2.0 GHz processor.  While the data collection is running, the XPerf tools are not even loaded - the kernel itself is collecting the data.  All analysis is done in post processing. Since Xperf is ETW based, sample profiling can be started and stopped at any time, without stopping or restating even a single process.  You can profile anything at any time on any system.  The traces are logged in a circular fashion, based on the buffer size that is set.  The basic process is this:

  1. ETW tracing is enabled by using XPerf.
  2. Operations are performed.
  3. ETW tracing is disabled by using XPerf, and the data is saved to an ETL trace file.
  4. Trace files can then be further processed by using XPerf or viewed by using Performance Analyzer (XPerfView).

Once a trace is taken, you can copy it to a Windows Vista or Windows Server 2008 machine for trace decode and viewing.  The traces are also cross-platform, so you can view them on Windows Vista or Windows Server 2008 (either x86 or x64) regardless of what type of machine they were taken on.

The following is a quick introduction and few examples. The image below shows the basic workflow:

Full Article

Additional Resources: