Performance Counter Series #4 #WindowsInternals #Perfmon
Logman.exe create counter Perf-Counter-Log (1/4)
-f bincirc –v mmddhhmm –max 512 - This part of the command specifies that we are creating a Binary Circular file, sets the versioning to the mmddhhmm format, and the maximum log size to 512MB (2/4)
-c “\LogicalDisk(*)\*” “\Memory\*” “\Network Interface(*)\*” “\Paging File(*)\*” “\PhysicalDisk(*)\*” \Process(*)\*” “\Processor(*)\*” “\Redirector\*” “\Server\*” “\System\*” “\TCPv4\*” "\IPv4\*" - This part of the cmd specifies the counters to enable in the Data Collector (3/4)
-si 00:00:05 – This part of the command specifies the sample interval to capture in this case every 5 seconds (4/4)

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Vagner Pilar

Vagner Pilar Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @vagnerpilar

13 Oct
#ETW is an efficient kernel-level tracing facility that lets you log kernel or app-defined events to a log file (#ETL). You can consume the events in real time or from a log file and use them to debug an app or to determine where perf issues are occurring in the app. (1/17)
ETW lets you enable or disable event tracing dynamically, allowing you to perform detailed tracing in a production environment without requiring computer or application restarts. (2/17)
The Event Tracing API is broken into three distinct components:
1 - Controllers, which start and stop an event tracing session and enable providers
2 - Providers, which provide the events
3 - Consumers, which consume the events (3/17)
Read 17 tweets
11 Oct
Drivers are call back mechanisms to send or retrieve I/O between the operating system and devices such as NIC’s, Storage Controllers, and USB keyboards and mice.
They are typically loaded during the system boot sequence (after NTLDR but before Ctrl+Alt+Del presentation). (2/7)
Device load order groups ensure driver load in the correct order, such as A/V filter drivers loading after the NTFS.SYS has initialized as an example. (3/7)
Read 7 tweets
11 Oct
Articles #WindowsInternals (1/6)
Introduction to DPCs
msdn.microsoft.com/en-us/library/… (2/6)
Deferred Procedure Call Details: osronline.com/article.cfm?ar…
RSS with Message Signaled Interrupts
msdn.microsoft.com/en-us/library/…
Timer Objects and DPCs
msdn.microsoft.com/en-us/library/…
Give Microsoft’s Scalable Networking Pack Another Look
windowsitpro.com/networking/giv… (3/6)
Read 6 tweets
11 Oct
Until threads that are suspended or blocked become ready to run, the scheduler does not allocate any processor time to them, regardless of their priority (2/8)
Because Windows implements a preemptive scheduler, if another thread with higher priority becomes ready to run, the currently running thread might be preempted before finishing its time slice. (3/8)
Read 8 tweets
11 Oct
CPU Scheduler #WindowsInternals (1/9)
The system scheduler controls multitasking by determining which of the competing threads receives the next processor time slice. (2/9)
There is no single “scheduler” module or routine, the code is spread throughout the kernel in which scheduling-related events occur. The routines that perform these duties are called the kernel’s dispatcher (3/9)
Read 9 tweets
11 Oct
CPU Idle States #Cstates #WindowsInternals (1/6)
C-states, also known as CPU Idle states, are states when the CPU has reduced or turned off selected functions. Different processors support different numbers of C-states in which various parts of the CPU are turned off. (2/6)
Generally, higher C-states shut off more parts of the CPU, leading to significantly reduced power consumption.
Processor Power Policy is owned and managed by the Windows Kernel Power Manager. (3/6)
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!