Defrag Tools: #50 - WPT - Memory Analysis - Heap

Sign in to queue

Description

In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue walking you through the Windows Performance Toolkit (WPT). This is part 3 of 3 episodes on memory usage/leaks. Example xPerf scripts.

Resources:
Aaron Margosis VirtMemTest

Timeline:
[00:00] - 50th Episode of Defrag Tools!
[01:20] - Attach: xperf -start HeapSession -heap -pids %1 -stackwalk ...
[03:28] - VirtMemTest
[04:54] - WPA
[06:22] - Type - Allocated Inside (AI) & Outside (AO), Freed Inside (FI) & Outside (FO)
[07:20] - Launch: Image File Execution Options
[07:51] - Launch: xperf -start HeapSession -heap -pids 0 -stackwalk ...
[08:40] - Registry Editor - IFEO
[10:26] - WPA
[11:06] - Type - Allocated Inside (AI) & Outside (AO), Freed Inside (FI) & Outside (FO)
[11:25] - Summary - AIFO

Example: "xperf - Collect Heap_Attach.cmd"

@echo off
echo Press a key when ready to start...
pause

echo .
echo ...Capturing...
echo .

xperf -on PROC_THREAD+LOADER+VIRT_ALLOC -stackwalk VirtualAlloc+VirtualFree -BufferSize 1024 -MinBuffers 256 -MaxBuffers 256 -MaxFile 256 -FileMode Circular
xperf -start HeapSession -heap -pids %1 -stackwalk HeapAlloc+HeapRealloc -BufferSize 1024 -MinBuffers 256 -MaxBuffers 256 -MaxFile 256 -FileMode Circular

echo Press a key when you want to stop...
pause
echo .
echo ...Stopping...
echo .

xperf -stop -stop HeapSession -d heap.etl

Example: "xperf - Collect Heap_Launch.cmd"

@echo off
echo Press a key when ready to start...
pause

echo .
echo ...Capturing...
echo .

rem Add the process to IFEO
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%1.exe" /v TracingFlags /t REG_DWORD /d 1 /f

xperf -on PROC_THREAD+LOADER+VIRT_ALLOC -BufferSize 1024 -MinBuffers 256 -MaxBuffers 256 -stackwalk VirtualAlloc
xperf -start HeapSession -heap -pids 0 -stackwalk HeapAlloc+HeapRealloc -BufferSize 1024 -MinBuffers 256 -MaxBuffers 256 -MaxFile 256 -FileMode Circular

echo Press a key when you want to stop...
pause
echo .
echo ...Stopping...
echo .

xperf -stop HeapSession -stop -d heap.etl

rem Remove the process from IFEO
reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%1.exe" /v TracingFlags /f

Embed

Download

Download this episode

The Discussion

  • User profile image
    GrantB

    I'm confused. As far as I know _alloca allocates memory on the stack, not the heap...

  • User profile image
    windev

    @GrantB: Yeah, I pressed the wrong button - I meant to press new byte[].  I was just lucky that there was some heap growth regardless.

  • User profile image
    justinsaund​ers

    Hey Guys,

    Great series, this is very useful. One small thing - in the "Heap_Launch.cmd" script,  where does the debugee program (%1) actually get launched? Does it happen automatically with the call?:

    xperf -start HeapSession -heap -pids 0 ...

    I'm curious how you'd do this with a service application?

Add Your 2 Cents