ISR: A software routine that hardware invokes in response to an interrupt. ISRs examine an HARDWARE interrupt and determine how to handle it. (2/5)
DPC: Software interrupt with a lower priority than the ISR
An ISR must perform very fast to avoid slowing down the operation of the device and the operation of all lower priority ISRs. (3/5)
To provide timely service for hardware interrupts, Windows – with the cooperation of device drivers – attempts to keep the IRQL below device IRQL levels. (4/5)
One way that this goal is achieved is for device driver ISRs to perform the minimal work necessary to acknowledge their device, save volatile interrupt state, and defer data transfer or other less time-critical interrupt processing activity for execution in a DPC IRQL. (5/5)
Capturing high DPC and ISR:
Microsoft recommend that a single (1 count) DPCs or ISRs should not run longer that:
• • •
Missing some Tweet in this thread? You can try to
force a refresh
#ETW is an efficient kernel-level tracing facility that lets you log kernel or app-defined events to a log file (#ETL). You can consume the events in real time or from a log file and use them to debug an app or to determine where perf issues are occurring in the app. (1/17)
ETW lets you enable or disable event tracing dynamically, allowing you to perform detailed tracing in a production environment without requiring computer or application restarts. (2/17)
The Event Tracing API is broken into three distinct components:
1 - Controllers, which start and stop an event tracing session and enable providers
2 - Providers, which provide the events
3 - Consumers, which consume the events (3/17)
Drivers are call back mechanisms to send or retrieve I/O between the operating system and devices such as NIC’s, Storage Controllers, and USB keyboards and mice.
They are typically loaded during the system boot sequence (after NTLDR but before Ctrl+Alt+Del presentation). (2/7)
Device load order groups ensure driver load in the correct order, such as A/V filter drivers loading after the NTFS.SYS has initialized as an example. (3/7)
Until threads that are suspended or blocked become ready to run, the scheduler does not allocate any processor time to them, regardless of their priority (2/8)
Because Windows implements a preemptive scheduler, if another thread with higher priority becomes ready to run, the currently running thread might be preempted before finishing its time slice. (3/8)
The system scheduler controls multitasking by determining which of the competing threads receives the next processor time slice. (2/9)
There is no single “scheduler” module or routine, the code is spread throughout the kernel in which scheduling-related events occur. The routines that perform these duties are called the kernel’s dispatcher (3/9)
C-states, also known as CPU Idle states, are states when the CPU has reduced or turned off selected functions. Different processors support different numbers of C-states in which various parts of the CPU are turned off. (2/6)
Generally, higher C-states shut off more parts of the CPU, leading to significantly reduced power consumption.
Processor Power Policy is owned and managed by the Windows Kernel Power Manager. (3/6)