Differences

This shows you the differences between two versions of the page.

Link to this comparison view

ep:labs:08 [2018/11/02 13:13]
emilian.radoi
ep:labs:08 [2023/10/30 00:50] (current)
ana.grigorescu0809 [03. Process Monitor]
Line 1: Line 1:
 ====== Lab 08 - I/O Monitoring (Windows) ====== ====== Lab 08 - I/O Monitoring (Windows) ======
  
-Since computers started to surface, for many people it was a mystery what was happening behind the screen and it seemed magical when it wasn't working and even more magical when it was working. Since Linux is open-source,​ all sorts of tools appeared over time to analyse problems when they came up. On Windows on the other hand, the system being closed made it harder for tools to appear. 
  
-The first tools were provided by Sysinternals. These were written by Mike Rusinovich, who chose to make public tools such as File monitor and Registry monitor, which were later combined into Process monitor. The tools were so good that even Microsoft'​s support teams were using them. Seeing their usefulness and appreciating the know-how of their operating system, Microsoft decided to buy Sysinternals,​ so now the original website www.sysinternals.com redirects to https://​technet.microsoft.com/​en-us/​sysinternals (outside Romania it probably redirects to a different link due to localization reasons that consider the language of the country where redirection is made).+===== Objectives =====
  
-On this website can be found some of the tools that will be used in this tutorial - Process Monitor, Process Explorer, ​VMMapAutoruns.+  * Offer an introduction to Windows I/O monitoring. 
 +  * Get you acquainted with a few Windows standard monitoring ​tools like **Task Manager**, **Windows Performance Recorder**, **Process Monitor**and **Process Explorer**. 
 +  * Learn how to monitor disk activityidentify what is generating itand figure out what the issue is by looking at the pdbs and the code. 
 +  * Take a deeper look into how monitoring tools extract data from processes.
  
-Starting with Windows 7, Microsoft has begun to invest more and more in the performance of the system and in ways to monitor the system'​s performance. Some tools already existed since Windows 2000, but they were only used internally.+<note important>​
  
-From here on out the tutorial will present the Microsoft tools.+You can download ​the **Windows 10 VM** via [[https://​ctipub-my.sharepoint.com/:​u:/​g/​personal/​radu_mantu_upb_ro/​EXSrHQMCkWBEpGYseFEmnnABCA1hyb1oGWMUhnnHx8LIdQ?​e=I0pxHg | OneDrive]].
  
 +If you need to use VirtualBox, you can use this //.ovf// version to import the VM (just on OneDrive)
 +[[https://​ctipub-my.sharepoint.com/:​u:/​g/​personal/​cezar_craciunoiu_upb_ro/​EZYR_YFyHx5GiHf5yBNuiyYB-zXhIaTNzJ8o8Ri2M8l5Mw?​e=9qxrde | OneDrive]].
  
-===== 01 Task Manager =====+There is also the option to download as a torrent {{:​ep:​labs:​ep_win10_vm.7z.torrent.txt}}. 
 +DokuWiki is not configured to accept //​.torrent//​ files so remove the //.txt// extension. 
 +After that, you know what to do...
  
 +Alternatively,​ you can install the following on your own Windows machine:
 +  * **[[https://​go.microsoft.com/​fwlink/?​linkid=2120254 | ADK]]** - make sure to check //**Windows Performance Analyser**//​ and //**Windows Performance Recorder**//​.
 +  * **[[https://​visualstudio.microsoft.com/​downloads/​ | Visual Studio Community Edition]]** - select //C++ development//​. ​
 +  * **[[https://​docs.microsoft.com/​en-us/​sysinternals/​downloads/​sysinternals-suite | Sysinternals suite]]**
  
-Task Manager is present on windows systems since they had a graphical interface, which is for more than 20 years. However, this tool evolved significantly starting with Windows 8.1, providing more meaningful information. The tutorial is presenting the Task manager tool from Windows 10, since it represents the most evolved version.+</​note>​
  
-To start Task manager use the shortcut: ​//Ctrl + Shift + Esc//.+<note important>​ 
 + If Visual Studio prompts you with an "​Expired"​ message, you will have to log in with your (university) account. 
 +</note>
  
-The tools has several tabs: 
  
-==== Processes Tab ====+===== Contents ​===== 
 +{{page>:​ep:​labs:​08:​meta:​nav&​nofooter&​noeditbutton}}
  
-Shows all the running processes and their current resource usage in terms of CPU, Memory, Disk and Network. 
  
-{{:​ep:​laboratoare:​ep4_taskmanager.jpg?​800|}}+===== Introduction =====
  
-==== Performance Tab ====+As you remember from the Linux Monitoring labs there is an endless list of tools for system analysis.
  
-Shows the usage level of the computer'​s main resources in the last 60 seconds.+This is unfortunately not true for Windows. 
 +The system is closed-source and the development ​of tools is much slower.
  
-{{:​ep:​laboratoare:ep4_taskmanager-cpu.jpg?800|}} +The first (and probably most popular), set of tools for system analysis is [[https://docs.microsoft.com/​en-us/​sysinternals/ ​Sysinternals]]. 
-  +This was later aquired by Microsoft ​and it is now their recommended tool for analysis. 
-==== App history Tab ==== +The suite contains a wide variety of tools, but we will only concentrate on the widely used ones.
-  +
-This tab was first added to Windows 8, and it shows the resource consumption of metro applications. Metro applications are touch-screen-friendly applications written especially ​for Microsoft'​s WinRT programming interfaces.+
  
-{{:​ep:​laboratoare:​ep4_taskmanager-history.jpg?​800|}} 
-  
-==== Start-up Tab ==== 
  
-This tab shows all the applications that start at start-up, (or at least in Microsoft'​s vision - this will be further detailed in the Autoruns section), and their impact on the boot time. It is helpful to check this tab in case your computer takes a long to to start up.+==== 01Task Manager ====
  
-{{:​ep:​laboratoare:​ep4_taskmanager-startup.jpg?800|}} + Shows real time information about processes and the system
-  + To start Task Manager you can use any of the following methods: 
-==== Users Tab ====+  * //**Ctrl + Shift + Esc**// 
 +  * Right click the taskbar and choose Task Manager 
 +  * //**Ctrl + Alt + Del**// and select Task Manager
  
-Shows the resource consumption of every logged in user. The screenshot below shows that there is only one user logged in.+ ​**Tabs description:​** 
 +   * **Processes** - shows all the running processes and their current resource usage in terms. 
 +   * **Performance** - shows the usage level of the computer'​s main resources in the last minute. 
 +   * **App history** - added with Windows 8, it shows the resource consumption of metro applications. 
 +   * **Startup** - shows all the applications that start at start-up and their impact on the boot time. 
 +   * **Users** - shows the resource consumption of every logged in user
 +   * **Details** - shows detailed information about each process. Right-clicking the column headers bar, offers the possibility to add or remove columns. The following columns: Handles, Threads, Image Path Name, and Command Line are useful for especially useful for this laboratory. 
 +   * **Services** - shows the service status for all services. A Windows service can be considered similar to a Linux daemon: a process without a visual interface, offering services to user-created processes.
  
-{{:ep:​laboratoare:​ep4_taskmanager-users.jpg?800|}} + ​**Conclusions:** 
-  +   * Task Manager can be used to identify which process uses a lot of RAM, CPU, accesses the disk many times or generates a lot of traffic on the network at a certain moment
-==== Details Tab ====+   * It does offer some information for longer periods of time, in the Startup tab, which shows what process had higher impact at startup, but does not specify the area that was impacted. 
 +   * You can sort by I/O read or I/O Writes, but no there is no option to sort the results by Total I/O (combined Read & Write).
  
-This tab shows details for each process - pidstatus, the user under which it runs. Right-clicking the column headers bar, offers the possibility ​to add or remove columns. In the screenshot presented below the following columns were added: //​Handles//,​ //​Threads//,​ //Image Path Name// and //Command Line//. These new columns are very useful: the first one (Handles) when investigating ​handle leak, the second one (Threadsin the case of investigating processes that create too many threadsthe third one (Image Path Name) to find out the path from where the process was started, and the last one (Command Line) to find out the parameters with which it was started.+ <​note>​ 
 + To overcome Task Manager’s limitationsand to perform ​thorough analysisuse the Resource Monitor ​(Resmonutility, which is built into Windows. 
 + </​note>​
  
-{{:​ep:​laboratoare:​ep4_taskmanager-details.jpg?​800|}} +==== 02. Windows Performance Recorder & Analyzer ​==== 
-  + Windows Performance Recorder (WPR) is used to record ​the whole activity of the system in a time frame. 
-==== Services Tab ==== + ​Compared ​to Task Manager, this tool only captures information, ​without ​displaying it.
-Shows the service statusA Windows service can be considered similar ​to a Linux daemon: a process ​without ​a visual interface, offering services to user-created processes. For more details you can can have a look here: https://​en.wikipedia.org/​wiki/​Windows_service.+
  
-{{:​ep:​laboratoare:​ep4_taskmanager-services.jpg?800|}} + To inspect the captured data you will need to use another tool, Windows Performance Analyzer (WPA)
- + This combination of tools is most useful when running tests that take hours and constantly watching Task Manager would be impossible.
  
-So far, Task Manager can be used to identify which process uses a lot of RAM, CPU, accesses the disk many times or generates a lot of traffic on the network at a certain moment (Services tab)However, it does not offer information if in the long run, that same process is the one that generated the slowdown of the system. It does offer some information for longer periods of time, in the Start-up tab, which shows what process had higher impact at start-up, but does not specify the area that was impacted (disk space, RAM, CPU).+==== 03Process Monitor ==== 
 + ​Process Monitor is another troubleshooting tool from Windows Sysinternals ​that displays ​the files and registry keys that applications access ​in real-time. 
 + The results can be saved to a log file, which you can send to an expert for analyzing a problem and troubleshooting it.
  
-This led Microsoft ​to develop //Windows Assessment ​and Deployment Kit// (Windows ADK) +**How to Use Process Monitor to Track Registry ​and File System Changes?**
-https://​www.microsoft.com/​en-US/​download/​details.aspx?id=39982 +
-You should download and install at least the //Windows Performance Toolkit// module. This module includes: +
-  * Windows Performance Recorder +
-  ​Windows Performance Analyzer +
-  ​Xperf+
  
-The part of the tutorial is focusing on how to determine ​the sources that cause the following problemsintensive disk usage, intensive RAM usage, intensive CPU usage, and intensive networking.+ We want to write to the HOSTS file (C:\Windows\System32\drivers\etc\hosts) in order to add new rules. 
 + When we try to do this we encounter an error when saving the file.
  
-===== 02 I/O Monitoring =====+ ​Following the steps below (or the video) we can record what causes the error. 
 + ​Afterwards,​ we can send it to an expert or search for a fix ourselves.
  
-This second part of the tutorial looks into **analysing performance issues due to intensive disk use**.+ <​html>​ 
 +  <​center>​ 
 +   <​iframe width="​560"​ height="​315"​ src="​https://​www.youtube-nocookie.com/​embed/​-3JiM-PPigA"​ title="​YouTube video player"​ frameborder="​0"​ allow="​accelerometer;​ autoplay; clipboard-write;​ encrypted-media;​ gyroscope; picture-in-picture"​ allowfullscreen></​iframe>​ 
 +  </​center>​ 
 +  <​center>​ 
 +   <​b>​The video covers all 3 parts.</​b>​ 
 +  </​center>​ 
 + </​html>​
  
-==== Windows Performance Recorder ====+^ Part 1: Running Process Monitor & Configuring Filters ^^ 
 +| **1.** Run the Process Monitor application. || 
 +| **2.** Include the processes that you want to track the activity on. For this example, you want to include Notepad.exe in the (Include) Filters. || 
 +| **3.** Click Add, and click OK. || 
 +| **4.** From the Options menu, click Select Columns. || 
 +| **5.** Under “Event Details”, enable Sequence Number, and click OK. ||
  
 +<​note>​
 + You can add multiple entries as well, in case you want to track more processes along with Notepad.exe.
 + To keep this example simpler, let’s only track Notepad.exe.
  
-Installing Windows ADK will install Windows Performance Recorder. Check by clicking ​the windows button ​and typing "​windows performance recorder"​.+ ​You’ll now see the Process Monitor main window tracking the list of registry and file accesses by processes real-time, as and when they occur. 
 +</​note>​
  
-{{:ep:laboratoare:​ep4_startwindowsperformancerecorder.jpg?300|}}+^ Part 2Capturing Events ^^ 
 +| **6.** Open Notepad. || 
 +| **7.** Switch to Process Monitor window. || 
 +| **8.** Enable the “Capture” mode (if it’s not already ON). You can see the status of the “Capture” mode via the Process Monitor toolbar. || 
 +| **9.** The highlighted button above is the “Capture” button, which is currently disabled. You need to click that button to enable capturing of events. || 
 +| **10.** **Important**Cleanup the existing events list using Ctrl + X key sequence and start afresh|| 
 +| **11.** Switch back to Notepad. || 
 +| **12.** To reproduce the problem, try writing to the HOSTS file and saving it. Windows offers to save the file with a different name, or in a different location. So, what happens under the hood when you save to HOSTS fileProcess Monitor shows that exactly. || 
 +| **13.** Switch to Process Monitor window, and turn off Capturing (Ctrl + E) as soon as you encounter the problem. **Important Note**: You need to do all that as quickly as you can in order to not record unneeded data. ||
  
-Start Windows Performance Recorder by pressing Enter.+<note warning>​ 
 + The log file above tells us that Notepad encountered an ACCESS DENIED error when writing to the HOSTS file.
  
-{{:​ep:​laboratoare:​ep4_wpr-record.jpg?800|}}+ The solution would be to simply run Notepad elevated (right-click and choose “Run as Administrator”) to be able to write to HOSTS file successfully. 
 +</​note>​
  
-Click the //More options// button to get the list shown in the screenshot right below.+^ Part 3: Saving ​the Output ^^ 
 +| **14.** In the Process Monitor window, select ​the File menu and click Save. || 
 +| **15.** Select Native Process Monitor Format (PML), mention the output file name and Path, save the file. || 
 +| **16.** Right-click on the Logfile.PML file, click Send To, and choose Compressed (zipped) folder. You can now send it to an expert||
  
-{{:​ep:​laboratoare:​ep4_wpr-select.jpg?​800|}} +<​note>​ 
-  + To recapTask Manager shows what processes use the disk intensively ​at the current time.
-Make sure that you select the same check boxes as in the screenshotbut do not click start just yet. Create a new directory and copy the //​Logs.exe//​ and //​GoodLog.exe//​ files (from the resources attached to this tutorial that can be found at the end of this page) into this directory. The behaviour of these two executables is similar to logging applications that write logs to the disk. Open a terminal and change the path to the directory where you copied the files.+
  
-{{:​ep:​laboratoare:​ep4_badlogs.jpg?​800|}} + Windows Performance Recorder / Windows Performance Analyzer show who used the disk during a longer time periodalthough they were showing ​the activity as belonging to the System process instead of our process.
-  +
-Start //Windows Performance Recorder// and right after run //​GoodLog.exe//​ and then //​Logs.exe//​. Once the two applications finish runningclick the //Save// button in //Windows Performance Recorder//.+
  
-{{:​ep:​laboratoare:​ep4_goodlogs.jpg?​800|}} + Using Process Monitor we could identify our processes'​ entire activity and determine why one is slower than the other. 
-  +</note>
-After the capture ​is saved, ​the //Open// option will become available in //Windows Performance Analyzer//When clicking the //Open// button it should open a window such as the one below.+
  
-{{:​ep:​laboratoare:​ep4_wpa-cpu1.jpg?800|}} +==== 04Process Explorer ==== 
-  + Process Explorer is similar to Task Manager in many ways, as both serve the same purpose. 
-Double clicking on //Storage// should display ​the following window.+ Process Explorer is more verbose and shows much more information about different parts of the system.
  
-{{:​ep:​laboratoare:​ep4_wpa-cpu2.jpg?800|}} + Even if it doesn'​t look as pretty as Task Manager, this tool was developed for Windows 2000 initially
-  + The Task Manager ​of Windows 2000 offered much fewer options than the one for Windows 10. 
-In the upper-left corner ​of the newly opened window it can select //Disk Usage////​Utilization by Disk//. Click on //​Utilization by Disk// ​and select: //​Utilization by Process//, //Path Name//, and //Stack//. This will generate the following output.+ NowTask Manager ​and Process ​Explorer are interchangeable in most cases.
  
-{{:​ep:​laboratoare:​ep4_wpa-cpu3.jpg?​800|}} +==== 05Windows API ==== 
-  + ​The ​previous chapters cover most cases where we encounter an error, we diagnose it, and identify it.
-The graph looks interesting. Processes can be selected for observing their activity on the disk. It can be noticed that our processes are not shown. Run //​Logs.exe//​ again while keeping Task Manager on.+
  
-{{:​ep:​laboratoare:​ep4_logstaskmanagerdisk.jpg?​800|}} + ​There ​is always ​the very rare case where a tool just doesn'​t ​cut it. 
-  + ​In ​this case we can use the API offered by Windows ​to extract what information we want from a program ​and/or the system.
-This shows that there is activity on the disk. The question is why doesn'​t ​//Windows Performance Analyzer// show it.  +
-The way //Windows Performance Recorder// records activity is based on events generated by the Windows kernel. It registers to track the events, listens to them, and during the recording period it constantly samples which process uses which resource at the time of sampling. It sums up the number of time that a process was caught doing something+
-In our casethe two processes want to write to the disk, but they are not the ones that get to do the actual writing. They tell the system that they want to write, ​and the //System process// schedules ​the writing. The reason for this is targeting a more efficient disk writing, as the //System process// is trying to minimise the impact to the disk. This is why our process'​s writing is passed over to the //System process//.+
  
-This being the case, we are introducing a new tool that was mentioned at the beginning of the tutorial: //Process Monitor//. + More precisely, we are interested in the [[https://docs.microsoft.com/en-us/windows/​win32/​psapi/​process-status-helper | Process Status API]] from Windows
- + This offers basic functionality to extract information from the system and its processes.
  
-==== Process Monitor ==== + ​We ​will only briefly ​go over the functions ​in the Task, so feel free to try more of the functionality ​of the API.
- +
-Process Monitor can be downloaded from: +
- +
-https://​technet.microsoft.com/​en-us/​sysinternals/​processmonitor.aspx +
- +
-Before running Process Monitor, which is a small tool without an installer, it is preferable to have the latest dbghelp.dll library. Windows 10 already has the latest version. If you are using another Windows, you can get the latest version by installing:​ +
- +
-https://​developer.microsoft.com/​en-us/​windows/​downloads/​windows-8-1-sdk +
- +
-In the installation process choose to install at least the following:​ +
- +
-{{:​ep:​laboratoare:​ep4_wdk_install.jpg?​800|}} +
-  +
-After the installation is complete, a newer version of //​dbghelp.dll//​ can be found in //​C:​\Program Files(x86)\WindowsKits\10\Debuggers//​. Keep this in mind as it will be useful later in the tutorial. +
- +
-Looking at the logs created by the two apps - //​bad.log//,​ //​good.log//​ - they are identical, but //​Logs.exe//​ has a significantly longer running time compared to //​GoodLog.exe//​. Start Process Monitor. +
- +
-{{:​ep:​laboratoare:​ep4_procmon.jpg?​800|}} +
- +
-  +
-If the 4 buttons in the black area on the upper part of the window are selected, Process Monitor will display the activity (in this order) for: registry, files, networking, process and thread activity. By unchecking them, the corresponding events will be no longer displayed. +
- +
-In the menu bar there is the //Filter// field. If selected, it will trigger a dropdown menu that contains another //Filter// field. If this second //Filter// field is selected, it will open the window shown below. Replicate this on your computer. +
- +
-{{:​ep:​laboratoare:​ep4_procmon-filters.jpg?​800|}} +
-  +
-From the two dropdown menus in the upper part of the context window, select "//​Process Name//"​ instead of "//​Architecture//"​ and "//​is//"​ instead of "//​contains//"​. In the text filed add //​Logs.exe//,​ click the //Add// button and then the //OK// button. +
- +
-Open the terminal and run //​Logs.exe//​. After the program is done running, save the Process Monitor capture. +
- +
-Use //Ctrl + X// to reset all the events captured in Process Monitor. Go to //Filter// -> //Filter area//, double-click on the filter that was just added and change //​Logs.exe//​ with //​GoodLog.exe//,​ then click //Add// and //Ok//. +
- +
-Start //​GoodLog.exe//​ and save the capture once the program finishes running. +
- +
-Scroll down in the two capture-logs until you notice the activity for //bad.log// respectively //​good.log//​. +
- +
-{{:​ep:​laboratoare:​ep4_procmonlogscomparison.jpg?​800|}} +
-  +
-Notice the difference. On the left-hand side it is shown the faster logging process, and on the right-hand side the slower one. Look in the red highlighted area to see the difference. On the left-hand side the logging file is opened, followed by continuous writing, while on the right-hand side the file is opened and closed for every writing operation which explains the significant slowdown. +
- +
-To recap, Task Manager shows what processes use the disk intensively at the current time, Windows Performance Recorder / Windows Performance Analyzer show who used the disc during a longer time period, although they were showing the activity as belonging to the //System// process instead of our process. Using Process Monitor we could identify our processes'​ entire activity and we could determine why one is slower than the other. +
-But what if we could find out which line in the code causes the problem? +
- +
-Go back to Process Monitor. Use the window of the badly written logging program (//​Logs.exe//​). Go to //Options// -> //Configure Symbols//, which will open the window shown below. +
- +
-{{:​ep:​laboratoare:​ep4_procmon-symbols.jpg?​400|}} +
- +
-If you have an older version of //​dbghelp.dll//​ in //​C:​\windows\system32/​dbghelp.dll//​ compared to the one that you have downloaded in  //​C:​\ProgramFiles(x86)\WindowsKits\10\Debuggers//,​ then change the path to point to the newer version. Otherwise it makes no difference. +
- +
-In the "//​Symbol paths//"​ text box there is a path like this: +
-<​code>​ +
-srv*https://​msdl.microsoft.com/​download/​symbols +
-</​code>​ +
- +
-This is the path to the Microsoft servers which are used to load the Microsoft binaries. Let's explain - any application that runs on a machine, besides its executable and its libraries, it loads the Microsoft core libraries such as //​kernel32.dll//,​ //​ntdll.dll//​ and others. To rebuild the call stack for a specific event (similar to crash dumps), Process Monitor needs //pdb//s created during the compilation of the binaries, as they are a database containing the memory address where each loaded function can be found. In Microsoft'​s case, these symbols can be used from the mentioned path, but in our case they can used from where we have the binaries as there we should also have //pdb//s (e.g. d:\Logs\), so change the path to: +
- +
-<​code>​ +
-srv*https://​msdl.microsoft.com/​download/​symbols;​d:​\Logs\ +
-</​code>​ +
- +
-The same directory containing the binary also contains the source files, so for the "//​Source code paths//"​ add the path to the **.sln** of the two projects (in my case //​d:​\Logs//​). After this you are ready to click //Ok//. +
- +
-In the log (//​D:​\Logs\bad.log//​) ​go to //​CreateFile//​. Double-click to open the //Event Properties//​ window. Choose the //Stack// tab, scroll down and you can notice that in the main function of //​main_bad_log.cpp//,​ at line 12 the opening takes place. Click the "//​Source//"​ button to view the source code containing the issue. +
- +
-{{:​ep:​laboratoare:​ep4_prcomoncode.jpg?​800|}} +
- +
-In "​Task.7z"​ you have another example of two executables:​ //​good.exe//​ and //​bad.exe//​. They both have the same outcome, the only difference being their running time (one of them is significantly slower).  +
-Identify the problem. +
- +
-<​solution -hidden>​ +
-//bad.exe// - flushes the buffer after each writing +
-</​solution>​ +
- +
- +
-So far you have seen how to monitor the disk activity, how to identify who is generating it and how to figure out the issue by looking at the //pdb//s and the code.  +
- +
-Let's consider a new problem: investigating a handle leak. A handle leak consists of a process that opens files and does not close them. On modern computers if this action is performed millions of times, the system may become unresponsive and will either experience an overall slowdown or the application that causes this will eventually crash. +
-You may think that millions of handles are impossible to reach, so it is not worth paying attention to this problem. However, imagine that there are services running on servers for years. As an example, having a handle leak every 2 seconds amounts for over 10 million handle leaks in a year. How should such problems be investigated?​ +
- +
-Open up a terminal and run //​HandleLeak.exe//​. Check out the "//​Details//"​ tab in Task Manager after adding ​the "//​Handles//"​ column. +
- +
-{{:​ep:​laboratoare:​ep4_taskmanagerhandles.jpg?​800|}} +
-  +
-It can be noticed that the number of handles keeps growing. This is clearly a problem, but how do we investigate it? +
-We will consider a new tool, //Process Explorer//​. +
- +
-==== Process Explorer ==== +
- +
-https://​technet.microsoft.com/​en-us/​sysinternals/​processexplorer.aspx +
- +
-Run it as //​administrator//​. It is similar to Task Manager. Select the process that you are interested innamely //​HandleLeak//,​ and press //Ctrl + H//. The output should be similar to the one in the screenshot below. +
- +
-{{:​ep:​laboratoare:​ep4_procexplorerhandles.jpg?​800|}} +
-  +
-//Ctrl + H// opens a window under the "//​Process//"​ section that displays all open handles along with information about them. Thus it will display file handles, registry handles, threads handles, and so on. There is another view (//Ctrl + D//) that displays all the loaded //dll//s. +
- +
-So it can be noticed that the leaks are on the following file: //​D:​\Logs\HandleLeak\leak.txt//​. This is very useful information,​ but it would be better ​to find out who is responsible for the leak in code. Run Process Monitor with a filter on //​HandleLeak.exe//​ and to notice the stack where the leakage is happens. +
- +
-==== Feedback ==== +
- +
-Please take a minute to fill in the **[[https://​goo.gl/​forms/​B9WLG5IYOfMu2ByJ2 | feedback form]]** for this lab. +
- +
- +
-====== Resources ====== +
- +
-{{:​ep:​laboratoare:​logs-final.7z|}} +
- +
-<​hidden>​ +
- +
-//​logs-final.7z//​ password: **parola** +
- +
-Passwords for the other two archives within //​logs-final.7z//​):​ +
-  * //​HandleLeak.7z//:​ **parola7** +
-  * //​Task.7z//:​ **parola17** +
- +
-The point of having ​the passwords is to not let the students have access to the code before they observe the behaviour ​of the programs. +
- +
-</​hidden>​ +
- +
-{{ :​ep:​laboratoare:​ep4_logo_bitd2.png?250|}}+
  
 +===== Tasks =====
  
 +<note warning>
 + The tasks can be found for the Windows sessions can be found here:
 +  * New Tasks: {{:​ep:​laboratoare:​lab08-tasks.zip|}}
 +</​note>​
  
 +{{namespace>:​ep:​labs:​08:​contents:​tasks&​nofooter&​noeditbutton}}
ep/labs/08.txt · Last modified: 2023/10/30 00:50 by ana.grigorescu0809
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0