Trace: Interrupts (DPC/ISR)

Aus Wiki-WebPerfect
Wechseln zu: Navigation, Suche

Create Trace

Copy the directory "Windows Performance Toolkit" from the "Windows Assesment and Deployment Kit" installation directory to the Node to trace

Start Trace

xperf.exe -on base+interrupt+dpc

Stop Trace

xperf.exe -d interrupt_trace.etl


Analyze the trace

  • Start the "Windows Performance Analyzer" and open the trace.
  • Expand the following & double click on the graph to open it:
    • Computation -> DPC/ISR -> DPC Timeline by Module, Function*
    • Computation -> DPC/ISR -> ISR Duration by Module, Function*
  • Sort the "Duration" in red

01-Windows Performance Analyzer.png

  • The driver or process on the top generates the most interrupts and should be analyze further (in our Example qevbda.sys)