Microsoft Windows Performance Analyzer Support

==============================================

Online documentation is available at:

http://go.microsoft.com/fwlink/?LinkId=103276

CONTENTS
========

1. Frequently Asked Questions

1. Frequently Asked Questions

=============================

1.a. Will xperf dump my custom events to the xperf dumper?

xperf supports automatically all manifest-based events on Vista

machines with exactly the same manifest-based providers installed.

xperf does not support decoding of custom classic events.

1.b. I cannot decode symbols. Why is that and how can I fix it?

The xperf/xperfview trace symbol decoding support is quite complex.

Please ensure the following requirements are met:

i. You have specified -symbols on the xperf command line, or

selected "Load Symbols" in xperfview *before* you opened a summary
table.

ii. You configured the environment variables as described in the online

help (xperf -help symbols)

iii. The ETW kernel trace file has been stopped and merged with xperf's
option -d or merged on the same machine it was taken with xperf's
option -merge. (xperf performs a special image identification
process during its custom trace merge.)

iv. The ETW user trace file is processed by xperf in conjunction

with a kernel trace file taken in the same time on the same machine
and merged as explained at point iv. above.

v. You have access to the binary and symbol sources specified on

_NT_SYMBOL_PATH. If you use symbol server, please note that many
times the symbol server is just a redirector, and you need to have
access to both the symbol server itself and the site actually hosting
the binaries and/or symbols.

vi. _NT_SYMBOL_PATH points to the right files. If the files are from a
different build or architecture they will not work. If you replace
the binary or symbols you will not be able to decode anymore symbols
for traces recording activity of the old binaries.

To rule out a symbol mismatch, use symchk from the Windows Debugging
 Tools distribution to ensure the symbols match the binaries on the
machine on which the trace was taken:

symchk /v <local_file> /s <sympath_to_name.pdb>

To rule out a binary mismatch, use fc /b to ensure the binaries on

the machine on which the trace was taken match the ones on the drop
share:

fc /b <local_file> <drop_share_file>

vii. The ETW kernel trace was captured with at least PROC_THREAD+LOADER.
These flags provide basic information about process lifetime and
image ranges in process memory, which are instrumental in decoding
virtual addresses to images and symbols.

To verify that these flags have been enabled in the ETW kernel trace,
check that Process events (Create, Delete, Start Rundown, End Rundown)
and Image events (Load, Unload, Start Rundown, End Rundown) are present
in the table generated by "xperf -i kernel.etl -a tracestats -detail".

1.c. I'd like to have ETW log the context stacks for certain events. How
can I do that?

Please refer to "xperf -help stackwalk".