Windows Internals and Performance Analysis Workshop aus der ETC Lighthouse Expert Serie
ETC bringt für Sie Experten von Azius
mit einer neuen 5-Tages-Schulung nach Österreich: "Windows Internals and Performance Analysis Workshop" - Nutzen Sie diese einmalige Gelegenheit
This workshop combines our flagship Core Windows Internals seminar with a series of practical exercises featuring the Windows Performance Toolkit, along with Windows’ built-in tools and the famous SysInternals tools and utilities.
The Windows Performance Toolkit is a freely available tool from Microsoft and has gained considerable acclaim in recent years. It lets you record “trace” data (selected by you from tens of thousands of counters and trace points implemented by over 1,100 operating system components), and then summarizes and displays the collected trace information graphically.
You can use the toolkit to troubleshoot memory leaks, identify code that uses excessive CPU, determine the causes of various latencies, and so on. Problems can be isolated to the names of the routines invoking the code that’s using the resources. System administrators as well as developers of all types (from batch scripts to kernel mode drivers) can benefit from these highly detailed analyses.
IT pros can use the performance toolkit to determine the reasons for system slowdowns and “thrashing.” In many cases, small adjustments to hardware or workload, as suggested by Performance Toolkit results, can extend the useful life of your Windows systems—allowing you to postpone expensive platform replacements, sometimes by a year or more.
Performance analysis can be applied both to applications and drivers written locally and to those from Microsoft or third parties. Code developed within your organization can furthermore be instrumented with tracing calls, which greatly increases the effectiveness of the Performance Toolkit. For developers, the tracing facility can also be a valuable tool for debugging complex timing or sequencing problems.
A lot of tools will tell you what’s running in the system; the WPT is usually the only thing that can often quickly tell you why something isn’t running, or isn’t running fast enough, when it should be.
The Windows Performance Toolkit is extremely flexible and powerful, but like most such tools it requires expert-level knowledge to use effectively. Specifically, it requires extensive, in-depth, and current knowledge of Windows internals – both to select appropriate data for collection (from the tens of thousands of items that are available) and to interpret the resulting traces.
Accordingly, we will cover all of the “Core Windows Internals” topics, including all of the major components of the operating system. We’ll show how the system “hosts” various types of applications, services, and other code, which components of Windows provide and manage various resources and functions (such as CPU time, I/O, memory, etc.), and how various types of “managed” code are supported.
In each functional area of the system we will describe the event-tracing “providers” that can provide information about their activities, the most useful “profile” selections for collecting traces, and the meanings of the code module names and routine names that commonly appear in the WPA traces. Finally, lab problems using WPT will use this information to examine and analyze the dynamic behavior of that area of the system, in various scenarios.
The SysInternals tools, several of Windows’ built-in utilities, and the Windows debugging tools will also be presented and used, both as aids to understanding the internals principles and as analysis tools for problem situations.
Finally, we’ll present a brief example of code using the Windows TraceLogging API. This API allows both user mode applications and kernel mode drivers to generate trace events, far more easily than earlier interfaces.
Nach Abschluss des Kurses haben die Teilnehmer Kenntnisse zu folgenden Themen:
- Introduction and orientation
- Program execution environment
- Environment subsystems
- Kernel mode components and mechanisms
- Thread scheduling
- Memory management
- I/O subsystem and device driver architecture
- System startup sequence
- Windows Performance Toolkit: Advanced Topics
This seminar includes a series of guided experiments. Learners are instructed to run various programs that will induce or exercise the system behaviors or problems being discussed, and will then use the appropriate system monitoring tools to view the behavior and understand the causes of any problems.
Examples of specific types of problems and scenarios the labs will address include:
- Slow boot analysis
- Identifying user mode and kernel mode CPU users
- I/O throughput issues (disk and network)
- Thread scheduling and latency issues
- Graphics performance bottlenecks
- Memory leaks (user and kernel mode)
- Excessive RAM usage, excessive hard page faults; etc.
- Performance of background services (web server, file server, etc.)
- Power state transition analysis (why the system isn’t going to sleep, or deep enough sleep; why a device isn’t powering down)
This seminar primarily addresses Windows 7 through Windows 10 and Windows Server 2016. Most of the material is applicable to earlier versions of Windows. Earlier versions can be specifically addressed upon request.