Recent changes

03. [20p] Process Monitor

Task A - Checking Logging File

For this task we will use Logs.exe and GoodLog.exe inside the Task-03/Task-A folder.

We want to see what is the difference between Logs.exe and GoodLog.exe. After running both programs we can see that the output is identical. Still, Logs.exe takes much longer to complete compared to GoodLog.exe. We will use Process Monitor to determine the problem.

:!: Follow the steps to analyze the programs.

  1. Open Process Monitor and add a filter for Logs.exe (and GoodLog.exe afterwards). To do this create a filter of the format 'Process Name' 'is' 'Logs.exe'.
  2. Open the Command Prompt and run Logs.exe, while Process Monitor is running.
  3. Save the capture and reset all events (Ctrl + X).
  4. Repeat the first 3 steps for GoodLog.exe.
  5. Open both saved PML files and notice the differences.

Click to display ⇲

Click to hide ⇱

On the left-hand side it is shown the faster logging process, and on the right-hand side the slower one. Look in the red highlighted area to see the difference.

On the left-hand side the logging file is opened, followed by continuous writing. On the right-hand side the file is opened and closed for every writing operation which explains the significant slowdown.

We now know why one program is faster than the other.

If we want to go more in depth to find what code generated an event we can still use Process Monitor.

  1. Go to Options → Configure Symbols. Here you can configure the path for the symbols and the source code.
  2. Now we can double click on events like CreateFile and check the code by going to the Stack tab and clicking on an entry from our program.

Task B - Investigating a Handle Leak

For this task we will use bad.exe and good.exe inside the Task-03/Task-B folder.

Both executables have the same outcome. The difference is their running time.

:!: Identify the problem. Hint: Process Monitor

Click to display ⇲

Click to hide ⇱

A handle leak consists of a process that opens files and does not close them. On modern computers if this action is performed millions of times, the system may become unresponsive and will either experience an overall slowdown or the application that causes this will eventually crash.

You may think that millions of handles are impossible to reach, so it is not worth paying attention to this problem. However, imagine that there are services running on servers for years. As an example, having a handle leak every 2 seconds amounts for over 10 million handle leaks in a year.

How should such problems be investigated?

Open up a terminal and run bad.exe. Check out the Details tab in Task Manager after adding the Handles column.

General Information

Lectures

Labs

Resources

Assignments

ep/labs/08/contents/tasks/ex3.txt · Last modified: 2021/10/09 12:01 by cezar.craciunoiu
Old revisions
Media ManagerBack to top
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0