Unit OS11: Performance Evaluation Unit OS11: Performance Evaluation

Unit OS11: Performance Evaluation Unit OS11: Performance Evaluation

11.4.

11.4. Lab ManualLab Manual

Copyright Notice Copyright Notice

© 2000-2005 David A. Solomon and Mark Russinovich

© 2000-2005 David A. Solomon and Mark Russinovich

These materials are part of the

These materials are part of the Windows Operating Windows Operating System Internals Curriculum Development Kit,

System Internals Curriculum Development Kit, developed by David A. Solomon and Mark E.

developed by David A. Solomon and Mark E.

Russinovich with Andreas Polze Russinovich with Andreas Polze

Microsoft has licensed these materials from David Microsoft has licensed these materials from David Solomon Expert Seminars, Inc. for distribution to Solomon Expert Seminars, Inc. for distribution to academic organizations solely for use in academic academic organizations solely for use in academic environments (and not for commercial use)

environments (and not for commercial use)

Roadmap for Section 11.4 Roadmap for Section 11.4

Lab experiments investigating:

Lab experiments investigating:

CPU consumption CPU consumption

Low memory conditions Low memory conditions

Lab: Observing Kernel Mode vs User Lab: Observing Kernel Mode vs User

Mode Processor Time Mode Processor Time

1. 1.

Run Performance Tool (perfmon.msc)Run Performance Tool (perfmon.msc)

2. 2.

Click the Add button (+) on the toolbar.Click the Add button (+) on the toolbar.

3. 3.

With the Processor performance object selected, click With the Processor performance object selected, click the % Privileged Time counter and, while holding down the % Privileged Time counter and, while holding down the Ctrl key, click the % User Time counter.

the Ctrl key, click the % User Time counter.

4. 4.

Click Add, and then click Close.Click Add, and then click Close.

5. 5.

Move the mouse rapidly back and forth and notice % Move the mouse rapidly back and forth and notice % Privileged Time line going up when you move the

Privileged Time line going up when you move the mouse around.

mouse around.

Lab Objective: Observe Performance Lab Objective: Observe Performance

Tool’s CPU Usage Tool’s CPU Usage

1. Run the Performance Tool (perfmon.msc) 1. Run the Performance Tool (perfmon.msc) 2. Click the Add button (+) on the toolbar 2. Click the Add button (+) on the toolbar

3. Change the Performance Object to Process 3. Change the Performance Object to Process

4. Select the % Privileged Time and % User Time counters 4. Select the % Privileged Time and % User Time counters

5. Select all processes in the Instance box (except the _Total process).

5. Select all processes in the Instance box (except the _Total process).

6. Click Add, and then click Close 6. Click Add, and then click Close

7. Move the mouse rapidly back and forth 7. Move the mouse rapidly back and forth 8. Press Ctrl+H to turn on highlighting mode 8. Press Ctrl+H to turn on highlighting mode

9. Scroll through the counters at the bottom of the display to identify the 9. Scroll through the counters at the bottom of the display to identify the

processes whose threads were running when you moved the processes whose threads were running when you moved the

mouse, and note whether they were running in user mode or kernel mouse, and note whether they were running in user mode or kernel modemode

Lab: Examining CPU Load with Lab: Examining CPU Load with

Process Explorer Process Explorer

Run Process Explorer Run Process Explorer

Click View->System Information Click View->System Information

If a multiprocessor system, click the “Show one If a multiprocessor system, click the “Show one

graph per CPU” in the lower left hand corner graph per CPU” in the lower left hand corner

Run CPUStres (part of CRK tool set) and set Run CPUStres (part of CRK tool set) and set

thread activity to Maximum thread activity to Maximum

Notice 100% CPU utilization on one CPU Notice 100% CPU utilization on one CPU

If a multiprocessor system, run one copy of If a multiprocessor system, run one copy of

CPUStres per processor

CPUStres per processor

Example Screen Snapshot from previous lab

Example Screen Snapshot from previous lab

Lab: Examining CPU Load with Lab: Examining CPU Load with

Performance Monitor Performance Monitor

Run CPUStres (part of CRK tool set) and set priority to Run CPUStres (part of CRK tool set) and set priority to

“Below Normal” and activity to “Maximum”

“Below Normal” and activity to “Maximum”

Run the Performance Tool (perfmon.msc) Run the Performance Tool (perfmon.msc)

Open the add counter dialog and select the process Open the add counter dialog and select the process object

object

Select the CPUStres process and add two counters:

Select the CPUStres process and add two counters:

% User Time and % Privileged Time

% User Time and % Privileged Time

% User Time should be near 100%,while % Privileged

% User Time should be near 100%,while % Privileged Time should be small or zero

Time should be small or zero

Drag the CPUStres window around rapidly and notice % Drag the CPUStres window around rapidly and notice % Privileged Time increase due to windowing system call Privileged Time increase due to windowing system call activity

activity

Lab: Low Memory Conditions Lab: Low Memory Conditions

Run Performance Monitor (perfmon.msc) and add two Run Performance Monitor (perfmon.msc) and add two counters to the graph:

counters to the graph:

Memory / Available Bytes Memory / Available Bytes

Paging File / % Usage Paging File / % Usage

To cause a low memory condition, run RamOptimize.exe To cause a low memory condition, run RamOptimize.exe (part of CRK tool set – source included) and click

(part of CRK tool set – source included) and click

“Optimize”

“Optimize”

Notice Available Bytes goes down and Paging File Notice Available Bytes goes down and Paging File usage goes up as RamOptimize process consumes usage goes up as RamOptimize process consumes virtual memory

virtual memory

When complete, Available Bytes will be much higher When complete, Available Bytes will be much higher

since the RamOptimize process releases all the memory since the RamOptimize process releases all the memory it allocated, causing it to be returned to the system

it allocated, causing it to be returned to the system

Lab: Tracing TCP/IP Activity Lab: Tracing TCP/IP Activity

Performance tool Performance tool can enable logging can enable logging tracerpt.exe and tracerpt.exe and tracedmp.exe tracedmp.exe generate

generate

dumpfile.csv and dumpfile.csv and summary.txt

summary.txt (see notes) (see notes)

Lab: Generating an Easy Crash Lab: Generating an Easy Crash

Run NotMyFault (from Sysinternals) and select Run NotMyFault (from Sysinternals) and select

“High IRQL fault (kernel mode)”

“High IRQL fault (kernel mode)”

Press “Do Bug”

Press “Do Bug”

This causes the driver to:

This causes the driver to:

Allocate a paged pool buffer Allocate a paged pool buffer

Free the buffer Free the buffer

Raise IRQL ≥ DISPATCH_LEVEL Raise IRQL ≥ DISPATCH_LEVEL

Touch the buffer ,which causes a crash Touch the buffer ,which causes a crash

Lab: Analyzing an Easy Crash Lab: Analyzing an Easy Crash

After generating the crash from the “Generating After generating the crash from the “Generating

an Easy Crash” lab, when the system reboots, an Easy Crash” lab, when the system reboots,

analyze the crash as follows:

analyze the crash as follows:

Run Windbg (Debugging Tools for Windows) Run Windbg (Debugging Tools for Windows)

Set symbol path to use Microsoft symbol server Set symbol path to use Microsoft symbol server

Open crash dump (in \Windows\Minidump\xxx.dmp) Open crash dump (in \Windows\Minidump\xxx.dmp)

The debugger should show the probable cause The debugger should show the probable cause

of the crash as Myfault.sys

of the crash as Myfault.sys

Lab: Buffer Overflow Crash Lab: Buffer Overflow Crash

Run NotMyFault (from Sysinternals) and select “Buffer Run NotMyFault (from Sysinternals) and select “Buffer Overflow”

Overflow”

Press “Do Bug”

Press “Do Bug”

This causes the Myfault driver to allocate a buffer and This causes the Myfault driver to allocate a buffer and then overwrite the 40 bytes following

then overwrite the 40 bytes following

The system may not crash immediately since the The system may not crash immediately since the corrupted buffer may not be referenced right away corrupted buffer may not be referenced right away

If the system does not crash, keep clicking “Do Bug” until it If the system does not crash, keep clicking “Do Bug” until it doesdoes

After the reboot, open the crash with WinDbg to see the After the reboot, open the crash with WinDbg to see the probable cause

probable cause

Lab: Using Verifier to Catch a Buffer Lab: Using Verifier to Catch a Buffer

Overflow Overflow

Run Verifier.exe (in \Windows\System32) and Run Verifier.exe (in \Windows\System32) and

enable Special Pool on Myfault.sys enable Special Pool on Myfault.sys

Reboot Reboot

Run NotMyFault (from Sysinternals) and select Run NotMyFault (from Sysinternals) and select

“Buffer Overflow”

“Buffer Overflow”

Press “Do Bug” – the system will crash instantly Press “Do Bug” – the system will crash instantly

Reboot and analyze the crash

Reboot and analyze the crash