This seminar combines our Core Windows Internals seminar with in-depth coverage of the Windows Performance Toolkit, with extensive hands-on labs.
The Performance Toolkit is invaluable for nearly all Windows professionals, but requires in-depth knowledge of the operating system to use effectively. We use a tightly integrated approach to present Windows internals theory and then put the theory to immediate use in analyzing realistic scenarios and problems.
Applications developers; systems software developers; device driver developers; system administrators; system integrators; hardware OEMs; I.T. support personnel
This workshop brings our flagship Core Windows Internals seminar together with a series of practical exercises featuring the Windows Performance Toolkit.
The Windows Performance Toolkit is a freely available tool from Microsoft and has gained considerable acclaim in recent years. It consists primarily of the Windows Performance Recorder (WPR), which can record “trace” data (selected from tens of thousands of counters and trace points implemented by over 1,100 operating system components), and the Windows Performance Analyzer (WPA), which displays the collected trace information graphically.
Windows professionals can benefit from WPT in a great many ways. Both I.T. professionals and developers can use the toolkit to troubleshoot memory leaks, identify code that uses excessive CPU, determine the causes of various latencies, and so on. By “developers” we include all types: kernel mode, user mode, managed code of all varieties, base Windows APIs, PowerShell, scripting, kernel drivers…
These techniques can be applied both to applications and drivers written locally and to those from Microsoft or third parties. Code developed within your organization can furthermore be instrumented with tracing calls, which greatly increases the effectiveness of the Performance Toolkit. For developers, the tracing facility can also be a valuable tool for debugging complex problems. A lot of tools will tell you what’s running in the system; the WPT is usually the only thing that can quickly tell you why something isn’t running when it’s supposed to be.
The Windows Performance Toolkit is extremely flexible and powerful, but like most such tools it requires expert-level knowledge to use effectively. Specifically, it requires extensive, in-depth, and current knowledge of Windows internals – both to select appropriate data for collection (from the tens of thousands of items that are available) and to interpret the resulting traces.
Accordingly, we will examine all of the major components of the operating system. We’ll show how the system “hosts” various types of applications, services, and other code, which components of Windows provide and manage various resources and functions (such as CPU time, I/O, memory, etc.), and how various types of “managed” code are supported.
In each functional area of the system we will describe the event-tracing “providers” that can provide information about their activities, the most useful “profile” selections for collecting traces, and the meanings of the code module names and routine names that will appear in the WPA traces. Finally, lab problems using WPT will use this information to examine and analyze the dynamic behavior of that area of the system, in various scenarios.
The SysInternals tools, several of Windows’ built-in utilities, and the Windows debugging tools will also be presented and used, both as aids to understanding the internals principles and as analysis tools for problem situations.
Experience using, administering, or developing for Windows, and familiarity with basic operating system concepts.
|Operating systems supported:||
This seminar primarily addresses Windows 7 through Windows 10 and Windows Server 2016. Most of the material is applicable to earlier versions of Windows. Earlier versions can be specifically addressed upon request.
|Durations and formats:||5 days with labs|
This seminar includes a series of guided experiments. Learners are instructed to run various programs that will induce or exercise the system behaviors or problems being discussed, and will then use the appropriate system monitoring tools to view the behavior and understand the causes of any problems.
Examples of specific types of problems and scenarios the labs will address include: