输出文件的格式? [英] Format of Output Files?

查看:110
本文介绍了输出文件的格式?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

是否有执行转储器操作时生成的格式的说明?例如,如果我这样做:

xperf -i somefile.etl -o sometestfile.txt -a dumper

我得到了很好的结果,但我可以对我所看到的内容有所帮助。例如,在标题之后我得到以下内容,但似乎没有定义列。这是在线吗?

问候,

Randy

P-DCStart,1318,空闲(0),0,0,0x81afd900,S-1-5-18 ,
T-DCStart,1320,空闲(0),0,0x81af7000,0x81af4000,0x00000000,0x00000000,0x00000000,0x00000000,ntkrnlpa.exe!0x81ab5e94
T-DCStart,1321,空闲(0),0, 0x805ed000,0x805ea000,0x00000000,0x00000000,0x00000000,0x00000000,ntkrnlpa.exe!0x81ab5e94
T-DCStart,1323,空闲(0),0,0x8b330000,0x8b32d000,0x00000000,0x00000000,0x00000000,0x00000000,ntkrnlpa.exe!0x81ab5e94
T-DCStart,1323,空闲(0),0,0x8b364000,0x8b361000,0x00000000,0x00000000,0x00000000,0x00000000,ntkrnlpa.exe!0x8 1ab5e94
P-DCStart,1330,系统(4),0,0,0x83f42c10,S-1-5-18,
T-DCStart,1332,系统(4),8,0x8059a000,0x80597000,0x00000000 ,0x00000000,0x00000000,0x00000000,ntkrnlpa.exe!0x81b59ae4

解决方案

嗨兰迪,

列似乎在标题中定义在 BeginHeader EndHeader 之间的东西。例如,对于P-DCStart,列是:
P-DCStart,TimeStamp,进程名称(PID),ParentPID,SessionID,UniqueKey,UserSid,命令行

对于T-DCStart:
T-DCStart,TimeStamp,进程名称(PID),ThreadID,StackBase,StackLimit,UsrStkBase,UsrStkLmt,TebBase,SubProcessTag,Image!功能

Is there a description of the format produced when you do a dumper action? For example, if I do:

xperf -i somefile.etl -o sometestfile.txt -a dumper

I get good results, but I could use a little help with what I am seeing. For example, after the header stuff i get the following but the columns don't seem to be defined. Is this online somewhere?

Regards,

  Randy

P-DCStart,       1318,             Idle (   0),          0,          0, 0x81afd900, S-1-5-18, 
T-DCStart,       1320,             Idle (   0),          0, 0x81af7000, 0x81af4000, 0x00000000, 0x00000000, 0x00000000,    0x00000000,     ntkrnlpa.exe!0x81ab5e94
T-DCStart,       1321,             Idle (   0),          0, 0x805ed000, 0x805ea000, 0x00000000, 0x00000000, 0x00000000,    0x00000000,     ntkrnlpa.exe!0x81ab5e94
T-DCStart,       1323,             Idle (   0),          0, 0x8b330000, 0x8b32d000, 0x00000000, 0x00000000, 0x00000000,    0x00000000,     ntkrnlpa.exe!0x81ab5e94
T-DCStart,       1323,             Idle (   0),          0, 0x8b364000, 0x8b361000, 0x00000000, 0x00000000, 0x00000000,    0x00000000,     ntkrnlpa.exe!0x81ab5e94
P-DCStart,       1330,           System (   4),          0,          0, 0x83f42c10, S-1-5-18, 
T-DCStart,       1332,           System (   4),          8, 0x8059a000, 0x80597000, 0x00000000, 0x00000000, 0x00000000,    0x00000000,     ntkrnlpa.exe!0x81b59ae4

解决方案

Hi Randy,

The columns seem to be defined in the header stuff, between BeginHeader and EndHeader.  E.g., for P-DCStart, the columns are:
P-DCStart,  TimeStamp,     Process Name ( PID),  ParentPID,  SessionID,  UniqueKey, UserSid, Command Line

For T-DCStart:
T-DCStart,  TimeStamp,     Process Name ( PID),   ThreadID,  StackBase, StackLimit, UsrStkBase,  UsrStkLmt,    TebBase, SubProcessTag,            Image!Function


这篇关于输出文件的格式?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆