WPR附加配置文件 [英] WPR Additional Profiles
问题描述
初学者提问,但是在WPR中添加配置文件提供了什么?
Beginners question, but what do the addition profiles provide in WPR?
我选择了第一级分类进行了捕获,然后使用First进行了相同的捕获级别分类和CPU使用率。当我查看WPA中的跟踪时,我看不到任何额外的图形或信息。
I have done a capture with just the First Level Triage selected and then did the same capture with First Level triage and CPU usage. When I look at the traces in WPA, I can't see any extra graphs or information.
据推测,第二条跟踪正在捕获有关CPU的更多详细信息,但我怎么看这个?
Presumably, the second trace is capturing more detailed information about the CPU, but how do I see this?
谢谢
马克
推荐答案
我已经使用以下命令对此进行了一些了解,这些命令可以显示当前活动的ETW会话的详细信息:
xperf -loggers
tracelog -q" WPR_initiated_WprApp_WPR System Collector"
tracelog -q" WPR_initiated_WprApp_WPR Event Collector"
xperf为所有安全会话提供了很好的细节,因为那些tracelog -q往往提供更多信息。 Tracelog似乎没有为非安全的WPR会话提供太多有用的信息。
从这些结果中,可以确定(我将这些结果基于WPRUI) .exe - Windows性能记录器6.3.9600.16384)
第一级分类是仅限CPU 的超集。与仅运行Triage相比,启用两者的唯一效果是会话的最大缓冲区计数将增加。
具体来说,仅限CPU 启用这些内核提供程序标志:
进程线程ImageLoad CxtSwap配置文件Power MemInfo优先级调度程序CpuConfig KernelQueue
并收集堆栈:
CSwitch ReadyThread KernelQueueEnqueue KernelQueueDequeue Profile
而 First 级别 分类启用:
处理线程ProcCounters ImageLoad DiskIo HardFaults CxtSwap Dpc Isr配置文件电源MemInfo MemInfoWs优先级调度程序CpuConfig KernelQueue WdfDriverDpc WdfDriverInterrupt
,堆栈开启:
DiskRead DiskWrite DiskFlush ThreadDCEnd CSwitch ReadyThread KernelQueueEnqueue KernelQueueDequeue Profile
做差异给出Triage启用的附加标志:
ProcCounters DiskIo HardFaults Dpc Isr MemInfoWs WdfDriverDpc WdfDriverInterrupt
和堆栈集合:
DiskRead DiskWrite DiskFlush ThreadDCEnd
I've had a bit of a look at this using the following commands which can reveal the details of currently active ETW sessions:
xperf -loggers
tracelog -q "WPR_initiated_WprApp_WPR System Collector"
tracelog -q "WPR_initiated_WprApp_WPR Event Collector"
The xperf one gives good details for all but secured sessions, for those tracelog -q tends to be more informative. Tracelog doesn't seem to give much useful info for the non-secured WPR session.
From these results, one can determine (I'm basing these results on WPRUI.exe - Windows Performance Recorder 6.3.9600.16384) that First Level Triage is a superset of CPU Only. The only effect of enabling both as compared to only running Triage is that the maximum buffer counts of the sessions will be increased.
Specifically, CPU Only enables these kernel provider flags:
Process Thread ImageLoad CxtSwap Profile Power MemInfo Priority Dispatcher CpuConfig KernelQueue
and collects stacks for:
CSwitch ReadyThread KernelQueueEnqueue KernelQueueDequeue Profile
whereas FirstLevelTriage enables:
Process Thread ProcCounters ImageLoad DiskIo HardFaults CxtSwap Dpc Isr Profile Power MemInfo MemInfoWs Priority Dispatcher CpuConfig KernelQueue WdfDriverDpc WdfDriverInterrupt
with stacks on:
DiskRead DiskWrite DiskFlush ThreadDCEnd CSwitch ReadyThread KernelQueueEnqueue KernelQueueDequeue Profile
Doing a diff gives the additional flags enabled by Triage:
ProcCounters DiskIo HardFaults Dpc Isr MemInfoWs WdfDriverDpc WdfDriverInterrupt
and for stack collection:
DiskRead DiskWrite DiskFlush ThreadDCEnd
编辑:忘记用户模式提供者, First Level Triage 启用以下额外提供商:
9580d7dd-0379-4658-9870-d5be7d52d6de:0x200:0xff
0a002690-3839-4e3a-b3b6-96d8df868d99:0xffffffffffffffff:0x5
" Microsoft-Windows-COMRuntime":0x3:0xff
49c2c27c-fe2d-40bf-8c4e -c3fb518037e7:0xffffffffffffffff:0xff
751ef305-6c6e-4fed-b847-02ef79d26aef:0xffffffffffffffffff:0xff
cfeb0608-330e-4410-b00d-56d8da9986e6:0xffffffffffffffff:0xff
8e92deef-5e17-413b-b927-59b2f06a3cfc:0xffffffffffffffff:0xff
e4b70372-261f-4c54-8fa6-a5a7914d73da:0xffffffffffffffff:0xff
(不知道他们做了什么,b您可以执行以下操作:搜索包含GUID的.man文件或使用
logman providers -pid 查询正在运行的可执行文件,以查找它们公开的提供程序,这可能会提供有关其功能的提示)
此外,在Immersive-Shell,Kernel-Pore和NCSI供应商上启用了一些额外的标志。
它们之间的公共子集用户提供者是:
" Microsoft-Windows-PowerCpl":0x1000000000000:0x4
" Microsoft-Windows-WinINet":0x1000000000000:0x4
" Microsoft-Windows-UIAutomationCore":0x1000000000000:0x4
" Microsoft-Windows-ntshrui":0x1000000000000:0x4
" Microsoft-Windows-Kernel-PnP":0x1000000000000:0x4
" Microsoft-Windows-NlaSvc":0x1000000000000:0x4
"Microsoft-Windows-Diagnosis-MSDE":0x1000000000000:0x4
" Microsoft-Windows-Diagnosis-WDC":0x1000000000000:0x4
"Microsoft-Windows-AppHost":0x1000000000000:0x4
" Microsoft-Windows-PushNotifications-Platform":0x1000000000000:0x4
" Microsoft-Windows-ErrorReportingConsole" :0x1000000000000:0x4
" Microsoft-Windows-IME-KRTIP":0x1000000000000:0x4
" Microsoft-Windows-RPCSS":0xffffffffffffffff:0x4
"Microsoft-Windows-Network-and-Sharing-Center":0x1000000000000:0x4
" Microsoft-Windows-WPDClassInstaller":0x1000000000000:0x4
e7ef96be-969f-414f-97d7-3ddb7b558ccc:0x2000:0xff
" Microsoft-PerfTrack-MSHTML":0x1000000000000:0x4
" Microsoft-Windows-DiagCpl": 0x1000000000000:0x4
" Microsoft-Windows-stobject" ;:0x1000000000000:0x4
" Microsoft-Windows-DeviceSetupManager" ;:0x1000000000000:0x4
"Microsoft-Windows-Kernel-BootDiagnostics":0x1000000000000:0x4
" Microsoft-Windows-Diagnos tics-Networking":0x1000000000000:0x4
" Microsoft-Windows-Immersive-Shell":0x1000000000000:0x4
" Microsoft-PerfTrack-IEFRAME":0x1000000000000:0x4
" Microsoft-Windows-WindowsUpdateClient":0x1000000000000:0x4
" Microsoft-Windows-VAN":0x1000000000000:0x4
" Microsoft-Windows-NetworkGCW":0x1000000000000:0x4
" Microsoft-Windows-Netshell":0x1000000000000:0x4
" Microsoft-Windows-ThemeUI":0x1000000000000:0x4
" Microsoft-Windows-DxgKrnl":0x1000000000000:0x4
" Microsoft-Windows-Diagnosis-AdvancedTaskManager" ;:0x1000000000000:0x4
"Microsoft-Windows-User-ControlPanel":0x1000000000000:0x4
" Microsoft-Windows-Documents":0x1000000000000:0x4
" Microsoft-Windows-PDC" :0x1000000000000:0x4
" Microsoft-Windows-Shell-AuthUI":0x1000000000000:0x4
36b6f48 8-aad7-48c2-afe3-d4ec2c8b46fa:0x10000:0xff
" Microsoft-Windows-Dwm-Core":0x1000000000000:0x4
" Microsoft-Windows-ProcessStateManager" ;:0xffffffffffffffff:0xff
" Microsoft-Windows-DXP":0x1000000000000:0x4
" Microsoft-Windows-UserPnp":0x1000000000000:0x4
"Microsoft-Windows-AppXDeployment-Server":0x1000000000000:0x4
" Microsoft-Windows-MediaEngine":0x1000000000000:0x4
" Microsoft-Windows -HealthCenter" ;:0x1000000000000:0x4
" Microsoft-Windows-Ncasvc":0x1000000000000:0x4
" Microsoft-Windows-Kernel-Power":0x1000000000000:0x4
" Microsoft-JScript":0x1:0xff
" Microsoft-Windows-VolumeControl":0x1000000000000:0x4
" Microsoft-Windows -PrimaryNetworkIcon":0x1000000000000:0x4
" Microsoft-Windows-IME-SCTIP":0x1000000000000:0x4
" Microsoft-Windows -NetworkProfile":0x1000000000000:0x4
" .NET公共语言运行时":0x98:0x5
" Microsoft-Windows-IME-TIP":0x1000000000000:0x4
" Microsoft-Windows-DxpTaskRingtone":0x1000000000000:0x4
" Microsoft-Windows-IME-TCTIP":0x1000000000000:0x4
" ; Microsoft-Windows-MediaFoundation-MFCaptureEngine":0x1000000000000:0x4
" Microsoft-Windows-DisplaySwitch":0x1000000000000:0x4
" Microsoft-Windows-LUA": 0x1000000000000:0x4
"Microsoft-Windows-DateTimeControlPanel":0x1000000000000:0x4
"Microsoft-Windows-TabletPC-InputPanel":0x1000000000000:0x4
" Microsoft-Windows-TaskScheduler" ;:0x1000000000000:0x4
" Microsoft-Windows-Help":0x1000000000000:0x4
" Microsoft-Windows-Audio" ;:0x1000000000000:0x4
" Microsoft-Windows-MediaFoundation-Performance":0x1000000000000:0x4
" Microsoft-Windows-UserAccountControl":0x1000000000000:0x4
" Microsoft-Windows-IME-JPTIP":0x1000000000000:0x4
" ; Microsoft-Windows-WMP":0x1000000000000:0x4
" Microsoft-Windows-Graphics-Printing":0x1000000000000:0x4
" Microsoft-Windows-Dwm-Udwm" ;:0x1000000000000:0x4
" Microsoft-Windows-ComDlg32":0x1000000000000:0x4
" Microsoft-Windows-Dhcp-Client":0x1000000000000:0x4
" Microsoft-Windows-Display" ;:0x1000000000000:0x4
" Microsoft-Windows-UxTheme":0x1000000000000:0x4
" Microsoft-Windows -DxpTaskSyncProvider":0x1000000000000:0x4
" Microsoft-Windows-NCSI":0x1000000000000:0x4
" Microsoft-Windows-DeviceUx":0x1000000000000:0x4
" Microsoft-Windows-HealthCenterCPL" ;:0x1000000000000:0x4
" Microsoft-Windows-User Profiles Service" ;:0x100000000 0000:0x4
" Microsoft-Windows-Networking-Correlation":0xffffffffffffffff:0xff
" Microsoft-Windows-Store-Client-UI":0x1000000000000:0x4
" Microsoft-Windows-Immersive-Shell-API":0x1000000000000:0x4
" Microsoft-Windows-WindowsUIImmersive":0x1000000000000:0x4
"Microsoft-Windows-Winlogon":0x1000000000000:0x4
" Microsoft-Windows-PrintDialogs":0x1000000000000:0x4
" Microsoft-Windows-All-User -Install-Agent" ;:0x1000000000000:0x4
" Microsoft-Windows-PowerShell" ;:0x1000000000000:0x4
" Microsoft-Windows-Services":0x1000000000000:0x4
"Microsoft-Windows-RPC":0xffffffffffffffff:0x4
"Microsoft-Windows-ThemeCPL":0x1000000000000:0x4
" Microsoft -Windows-AltTab":0x1000000000000:0x4
" Microsoft-Windows-Win32k":0x1000000402000:0xff
" Microsoft-Windows -Shell-Core":0x1000000000000:0x4
" Microsoft-Windows-BrokerInfrastructure":0x1000000000001:0xff
" Microsoft-Windows-Superfetch":0x1000000000000:0x4
" Microsoft-Windows-SystemSettings":0x1000000000000:0x4
" Microsoft-Windows-DriverFrameworks-UserMode":0x1000000000000:0x4
" ; Microsoft-Windows-DHCPv6-Client":0x1000000000000:0x4
Forgot about the user mode providers, First Level Triage enables the following additional providers:
9580d7dd-0379-4658-9870-d5be7d52d6de:0x200:0xff
0a002690-3839-4e3a-b3b6-96d8df868d99:0xffffffffffffffff:0x5
"Microsoft-Windows-COMRuntime":0x3:0xff
49c2c27c-fe2d-40bf-8c4e-c3fb518037e7:0xffffffffffffffff:0xff
751ef305-6c6e-4fed-b847-02ef79d26aef:0xffffffffffffffff:0xff
cfeb0608-330e-4410-b00d-56d8da9986e6:0xffffffffffffffff:0xff
8e92deef-5e17-413b-b927-59b2f06a3cfc:0xffffffffffffffff:0xff
e4b70372-261f-4c54-8fa6-a5a7914d73da:0xffffffffffffffff:0xff
(no idea what they do, but you can do things like searching for .man files containing the GUIDs or querying running executables with
logman providers -pid to find what providers they expose, that might give hints as to their function)
Also, some extra flags are enabled on the Immersive-Shell, Kernel-Pore and NCSI providers.
The common subset of user providers between them is:
"Microsoft-Windows-PowerCpl":0x1000000000000:0x4
"Microsoft-Windows-WinINet":0x1000000000000:0x4
"Microsoft-Windows-UIAutomationCore":0x1000000000000:0x4
"Microsoft-Windows-ntshrui":0x1000000000000:0x4
"Microsoft-Windows-Kernel-PnP":0x1000000000000:0x4
"Microsoft-Windows-NlaSvc":0x1000000000000:0x4
"Microsoft-Windows-Diagnosis-MSDE":0x1000000000000:0x4
"Microsoft-Windows-Diagnosis-WDC":0x1000000000000:0x4
"Microsoft-Windows-AppHost":0x1000000000000:0x4
"Microsoft-Windows-PushNotifications-Platform":0x1000000000000:0x4
"Microsoft-Windows-ErrorReportingConsole":0x1000000000000:0x4
"Microsoft-Windows-IME-KRTIP":0x1000000000000:0x4
"Microsoft-Windows-RPCSS":0xffffffffffffffff:0x4
"Microsoft-Windows-Network-and-Sharing-Center":0x1000000000000:0x4
"Microsoft-Windows-WPDClassInstaller":0x1000000000000:0x4
e7ef96be-969f-414f-97d7-3ddb7b558ccc:0x2000:0xff
"Microsoft-PerfTrack-MSHTML":0x1000000000000:0x4
"Microsoft-Windows-DiagCpl":0x1000000000000:0x4
"Microsoft-Windows-stobject":0x1000000000000:0x4
"Microsoft-Windows-DeviceSetupManager":0x1000000000000:0x4
"Microsoft-Windows-Kernel-BootDiagnostics":0x1000000000000:0x4
"Microsoft-Windows-Diagnostics-Networking":0x1000000000000:0x4
"Microsoft-Windows-Immersive-Shell":0x1000000000000:0x4
"Microsoft-PerfTrack-IEFRAME":0x1000000000000:0x4
"Microsoft-Windows-WindowsUpdateClient":0x1000000000000:0x4
"Microsoft-Windows-VAN":0x1000000000000:0x4
"Microsoft-Windows-NetworkGCW":0x1000000000000:0x4
"Microsoft-Windows-Netshell":0x1000000000000:0x4
"Microsoft-Windows-ThemeUI":0x1000000000000:0x4
"Microsoft-Windows-DxgKrnl":0x1000000000000:0x4
"Microsoft-Windows-Diagnosis-AdvancedTaskManager":0x1000000000000:0x4
"Microsoft-Windows-User-ControlPanel":0x1000000000000:0x4
"Microsoft-Windows-Documents":0x1000000000000:0x4
"Microsoft-Windows-PDC":0x1000000000000:0x4
"Microsoft-Windows-Shell-AuthUI":0x1000000000000:0x4
36b6f488-aad7-48c2-afe3-d4ec2c8b46fa:0x10000:0xff
"Microsoft-Windows-Dwm-Core":0x1000000000000:0x4
"Microsoft-Windows-ProcessStateManager":0xffffffffffffffff:0xff
"Microsoft-Windows-DXP":0x1000000000000:0x4
"Microsoft-Windows-UserPnp":0x1000000000000:0x4
"Microsoft-Windows-AppXDeployment-Server":0x1000000000000:0x4
"Microsoft-Windows-MediaEngine":0x1000000000000:0x4
"Microsoft-Windows-HealthCenter":0x1000000000000:0x4
"Microsoft-Windows-Ncasvc":0x1000000000000:0x4
"Microsoft-Windows-Kernel-Power":0x1000000000000:0x4
"Microsoft-JScript":0x1:0xff
"Microsoft-Windows-VolumeControl":0x1000000000000:0x4
"Microsoft-Windows-PrimaryNetworkIcon":0x1000000000000:0x4
"Microsoft-Windows-IME-SCTIP":0x1000000000000:0x4
"Microsoft-Windows-NetworkProfile":0x1000000000000:0x4
".NET Common Language Runtime":0x98:0x5
"Microsoft-Windows-IME-TIP":0x1000000000000:0x4
"Microsoft-Windows-DxpTaskRingtone":0x1000000000000:0x4
"Microsoft-Windows-IME-TCTIP":0x1000000000000:0x4
"Microsoft-Windows-MediaFoundation-MFCaptureEngine":0x1000000000000:0x4
"Microsoft-Windows-DisplaySwitch":0x1000000000000:0x4
"Microsoft-Windows-LUA":0x1000000000000:0x4
"Microsoft-Windows-DateTimeControlPanel":0x1000000000000:0x4
"Microsoft-Windows-TabletPC-InputPanel":0x1000000000000:0x4
"Microsoft-Windows-TaskScheduler":0x1000000000000:0x4
"Microsoft-Windows-Help":0x1000000000000:0x4
"Microsoft-Windows-Audio":0x1000000000000:0x4
"Microsoft-Windows-MediaFoundation-Performance":0x1000000000000:0x4
"Microsoft-Windows-UserAccountControl":0x1000000000000:0x4
"Microsoft-Windows-IME-JPTIP":0x1000000000000:0x4
"Microsoft-Windows-WMP":0x1000000000000:0x4
"Microsoft-Windows-Graphics-Printing":0x1000000000000:0x4
"Microsoft-Windows-Dwm-Udwm":0x1000000000000:0x4
"Microsoft-Windows-ComDlg32":0x1000000000000:0x4
"Microsoft-Windows-Dhcp-Client":0x1000000000000:0x4
"Microsoft-Windows-Display":0x1000000000000:0x4
"Microsoft-Windows-UxTheme":0x1000000000000:0x4
"Microsoft-Windows-DxpTaskSyncProvider":0x1000000000000:0x4
"Microsoft-Windows-NCSI":0x1000000000000:0x4
"Microsoft-Windows-DeviceUx":0x1000000000000:0x4
"Microsoft-Windows-HealthCenterCPL":0x1000000000000:0x4
"Microsoft-Windows-User Profiles Service":0x1000000000000:0x4
"Microsoft-Windows-Networking-Correlation":0xffffffffffffffff:0xff
"Microsoft-Windows-Store-Client-UI":0x1000000000000:0x4
"Microsoft-Windows-Immersive-Shell-API":0x1000000000000:0x4
"Microsoft-Windows-WindowsUIImmersive":0x1000000000000:0x4
"Microsoft-Windows-Winlogon":0x1000000000000:0x4
"Microsoft-Windows-PrintDialogs":0x1000000000000:0x4
"Microsoft-Windows-All-User-Install-Agent":0x1000000000000:0x4
"Microsoft-Windows-PowerShell":0x1000000000000:0x4
"Microsoft-Windows-Services":0x1000000000000:0x4
"Microsoft-Windows-RPC":0xffffffffffffffff:0x4
"Microsoft-Windows-ThemeCPL":0x1000000000000:0x4
"Microsoft-Windows-AltTab":0x1000000000000:0x4
"Microsoft-Windows-Win32k":0x1000000402000:0xff
"Microsoft-Windows-Shell-Core":0x1000000000000:0x4
"Microsoft-Windows-BrokerInfrastructure":0x1000000000001:0xff
"Microsoft-Windows-Superfetch":0x1000000000000:0x4
"Microsoft-Windows-SystemSettings":0x1000000000000:0x4
"Microsoft-Windows-DriverFrameworks-UserMode":0x1000000000000:0x4
"Microsoft-Windows-DHCPv6-Client":0x1000000000000:0x4
这篇关于WPR附加配置文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
