Embed Size (px)
Citation preview
Unit OS11: Performance EvaluationUnit OS11: Performance Evaluation
11.4.11.4. Lab ManualLab Manual
2
Copyright NoticeCopyright Notice© 2000-2005 David A. Solomon and Mark Russinovich© 2000-2005 David A. Solomon and Mark Russinovich
These materials are part of the These materials are part of the Windows Operating Windows Operating System Internals Curriculum Development Kit,System Internals Curriculum Development Kit, developed by David A. Solomon and Mark E. developed by David A. Solomon and Mark E. Russinovich with Andreas PolzeRussinovich with Andreas Polze
Microsoft has licensed these materials from David Microsoft has licensed these materials from David Solomon Expert Seminars, Inc. for distribution to Solomon Expert Seminars, Inc. for distribution to academic organizations solely for use in academic academic organizations solely for use in academic environments (and not for commercial use)environments (and not for commercial use)
3
Roadmap for Section 11.4Roadmap for Section 11.4
Lab experiments investigating:Lab experiments investigating:
CPU consumptionCPU consumption
Low memory conditionsLow memory conditions
4
Lab: Observing Kernel Mode vs User Lab: Observing Kernel Mode vs User Mode Processor TimeMode Processor Time
1.1. Run Performance Tool (perfmon.msc)Run Performance Tool (perfmon.msc)
2.2. Click the Add button (+) on the toolbar.Click the Add button (+) on the toolbar.
3.3. With the Processor performance object selected, click With the Processor performance object selected, click the % Privileged Time counter and, while holding down the % Privileged Time counter and, while holding down the Ctrl key, click the % User Time counter.the Ctrl key, click the % User Time counter.
4.4. Click Add, and then click Close.Click Add, and then click Close.
5.5. Move the mouse rapidly back and forth and notice % Move the mouse rapidly back and forth and notice % Privileged Time line going up when you move the Privileged Time line going up when you move the mouse around.mouse around.
5
Lab Objective: Observe Performance Lab Objective: Observe Performance Tool’s CPU UsageTool’s CPU Usage1. Run the Performance Tool (perfmon.msc)1. Run the Performance Tool (perfmon.msc)
2. Click the Add button (+) on the toolbar2. Click the Add button (+) on the toolbar
3. Change the Performance Object to Process3. Change the Performance Object to Process
4. Select the % Privileged Time and % User Time counters4. Select the % Privileged Time and % User Time counters
5. Select all processes in the Instance box (except the _Total process).5. Select all processes in the Instance box (except the _Total process).
6. Click Add, and then click Close6. Click Add, and then click Close
7. Move the mouse rapidly back and forth7. Move the mouse rapidly back and forth
8. Press Ctrl+H to turn on highlighting mode8. Press Ctrl+H to turn on highlighting mode
9. Scroll through the counters at the bottom of the display to identify the 9. Scroll through the counters at the bottom of the display to identify the processes whose threads were running when you moved the processes whose threads were running when you moved the mouse, and note whether they were running in user mode or kernel mouse, and note whether they were running in user mode or kernel modemode
6
Lab: Examining CPU Load with Lab: Examining CPU Load with Process ExplorerProcess Explorer
Run Process ExplorerRun Process Explorer
Click View->System InformationClick View->System Information
If a multiprocessor system, click the “Show one If a multiprocessor system, click the “Show one graph per CPU” in the lower left hand cornergraph per CPU” in the lower left hand corner
Run CPUStres (part of CRK tool set) and set Run CPUStres (part of CRK tool set) and set thread activity to Maximumthread activity to Maximum
Notice 100% CPU utilization on one CPUNotice 100% CPU utilization on one CPU
If a multiprocessor system, run one copy of If a multiprocessor system, run one copy of CPUStres per processorCPUStres per processor
7
Example Screen Snapshot from previous labExample Screen Snapshot from previous lab
8
Lab: Examining CPU Load with Lab: Examining CPU Load with Performance MonitorPerformance Monitor
Run CPUStres (part of CRK tool set) and set priority to Run CPUStres (part of CRK tool set) and set priority to “Below Normal” and activity to “Maximum”“Below Normal” and activity to “Maximum”
Run the Performance Tool (perfmon.msc)Run the Performance Tool (perfmon.msc)
Open the add counter dialog and select the process Open the add counter dialog and select the process objectobject
Select the CPUStres process and add two counters:Select the CPUStres process and add two counters:% User Time and % Privileged Time% User Time and % Privileged Time
% User Time should be near 100%,while % Privileged % User Time should be near 100%,while % Privileged Time should be small or zeroTime should be small or zero
Drag the CPUStres window around rapidly and notice % Drag the CPUStres window around rapidly and notice % Privileged Time increase due to windowing system call Privileged Time increase due to windowing system call activityactivity
9
Lab: Low Memory ConditionsLab: Low Memory Conditions
Run Performance Monitor (perfmon.msc) and add two Run Performance Monitor (perfmon.msc) and add two counters to the graph:counters to the graph:
Memory / Available BytesMemory / Available Bytes
Paging File / % UsagePaging File / % Usage
To cause a low memory condition, run RamOptimize.exe To cause a low memory condition, run RamOptimize.exe (part of CRK tool set – source included) and click (part of CRK tool set – source included) and click “Optimize”“Optimize”
Notice Available Bytes goes down and Paging File Notice Available Bytes goes down and Paging File usage goes up as RamOptimize process consumes usage goes up as RamOptimize process consumes virtual memoryvirtual memory
When complete, Available Bytes will be much higher When complete, Available Bytes will be much higher since the RamOptimize process releases all the memory since the RamOptimize process releases all the memory it allocated, causing it to be returned to the systemit allocated, causing it to be returned to the system
10
Lab: Tracing TCP/IP ActivityLab: Tracing TCP/IP Activity
Performance tool Performance tool can enable loggingcan enable logging
tracerpt.exe and tracerpt.exe and tracedmp.exe tracedmp.exe generate generate dumpfile.csv and dumpfile.csv and summary.txtsummary.txt(see notes)(see notes)
11
Lab: Generating an Easy CrashLab: Generating an Easy Crash
Run NotMyFault (from Sysinternals) and select Run NotMyFault (from Sysinternals) and select “High IRQL fault (kernel mode)” “High IRQL fault (kernel mode)”
Press “Do Bug”Press “Do Bug”
This causes the driver to:This causes the driver to:
Allocate a paged pool bufferAllocate a paged pool buffer
Free the bufferFree the buffer
Raise IRQL ≥ DISPATCH_LEVELRaise IRQL ≥ DISPATCH_LEVEL
Touch the buffer ,which causes a crashTouch the buffer ,which causes a crash
12
Lab: Analyzing an Easy CrashLab: Analyzing an Easy Crash
After generating the crash from the “Generating After generating the crash from the “Generating an Easy Crash” lab, when the system reboots, an Easy Crash” lab, when the system reboots, analyze the crash as follows:analyze the crash as follows:
Run Windbg (Debugging Tools for Windows)Run Windbg (Debugging Tools for Windows)
Set symbol path to use Microsoft symbol serverSet symbol path to use Microsoft symbol server
Open crash dump (in \Windows\Minidump\xxx.dmp)Open crash dump (in \Windows\Minidump\xxx.dmp)
The debugger should show the probable cause The debugger should show the probable cause of the crash as Myfault.sysof the crash as Myfault.sys
13
Lab: Buffer Overflow CrashLab: Buffer Overflow Crash
Run NotMyFault (from Sysinternals) and select “Buffer Run NotMyFault (from Sysinternals) and select “Buffer Overflow” Overflow”
Press “Do Bug”Press “Do Bug”
This causes the Myfault driver to allocate a buffer and This causes the Myfault driver to allocate a buffer and then overwrite the 40 bytes followingthen overwrite the 40 bytes following
The system may not crash immediately since the The system may not crash immediately since the corrupted buffer may not be referenced right awaycorrupted buffer may not be referenced right away
If the system does not crash, keep clicking “Do Bug” until it If the system does not crash, keep clicking “Do Bug” until it doesdoes
After the reboot, open the crash with WinDbg to see the After the reboot, open the crash with WinDbg to see the probable causeprobable cause
14
Lab: Using Verifier to Catch a Buffer Lab: Using Verifier to Catch a Buffer OverflowOverflow
Run Verifier.exe (in \Windows\System32) and Run Verifier.exe (in \Windows\System32) and enable Special Pool on Myfault.sysenable Special Pool on Myfault.sys
RebootReboot
Run NotMyFault (from Sysinternals) and select Run NotMyFault (from Sysinternals) and select “Buffer Overflow” “Buffer Overflow”
Press “Do Bug” – the system will crash instantlyPress “Do Bug” – the system will crash instantly
Reboot and analyze the crashReboot and analyze the crash
