Differences
This shows you the differences between two versions of the page.
|
ep:labs:08 [2021/10/09 12:04] cezar.craciunoiu |
ep:labs:08 [2023/10/30 00:50] (current) ana.grigorescu0809 [03. Process Monitor] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Lab 08 - I/O Monitoring (Windows) ====== | ====== Lab 08 - I/O Monitoring (Windows) ====== | ||
| + | |||
| + | |||
| + | ===== Objectives ===== | ||
| + | |||
| + | * Offer an introduction to Windows I/O monitoring. | ||
| + | * Get you acquainted with a few Windows standard monitoring tools like **Task Manager**, **Windows Performance Recorder**, **Process Monitor**, and **Process Explorer**. | ||
| + | * Learn how to monitor disk activity, identify what is generating it, and figure out what the issue is by looking at the pdbs and the code. | ||
| + | * Take a deeper look into how monitoring tools extract data from processes. | ||
| <note important> | <note important> | ||
| You can download the **Windows 10 VM** via [[https://ctipub-my.sharepoint.com/:u:/g/personal/radu_mantu_upb_ro/EXSrHQMCkWBEpGYseFEmnnABCA1hyb1oGWMUhnnHx8LIdQ?e=I0pxHg | OneDrive]]. | You can download the **Windows 10 VM** via [[https://ctipub-my.sharepoint.com/:u:/g/personal/radu_mantu_upb_ro/EXSrHQMCkWBEpGYseFEmnnABCA1hyb1oGWMUhnnHx8LIdQ?e=I0pxHg | OneDrive]]. | ||
| + | |||
| + | If you need to use VirtualBox, you can use this //.ovf// version to import the VM (just on OneDrive) | ||
| + | [[https://ctipub-my.sharepoint.com/:u:/g/personal/cezar_craciunoiu_upb_ro/EZYR_YFyHx5GiHf5yBNuiyYB-zXhIaTNzJ8o8Ri2M8l5Mw?e=9qxrde | OneDrive]]. | ||
| There is also the option to download as a torrent {{:ep:labs:ep_win10_vm.7z.torrent.txt}}. | There is also the option to download as a torrent {{:ep:labs:ep_win10_vm.7z.torrent.txt}}. | ||
| Line 20: | Line 31: | ||
| </note> | </note> | ||
| - | ===== Objectives ===== | ||
| - | |||
| - | * Offer an introduction to Windows I/O monitoring. | ||
| - | * Get you acquainted with a few Windows standard monitoring tools like **Task Manager**, **Windows Performance Recorder**, **Process Monitor**, and **Process Explorer**. | ||
| - | * Learn how to monitor disk activity, identify what is generating it, and figure out what the issue is by looking at the pdbs and the code. | ||
| - | * Take a deeper look into how monitoring tools extract data from processes. | ||
| ===== Contents ===== | ===== Contents ===== | ||
| - | |||
| {{page>:ep:labs:08:meta:nav&nofooter&noeditbutton}} | {{page>:ep:labs:08:meta:nav&nofooter&noeditbutton}} | ||
| Line 79: | Line 83: | ||
| ==== 03. Process Monitor ==== | ==== 03. Process Monitor ==== | ||
| Process Monitor is another troubleshooting tool from Windows Sysinternals that displays the files and registry keys that applications access in real-time. | Process Monitor is another troubleshooting tool from Windows Sysinternals that displays the files and registry keys that applications access in real-time. | ||
| - | The results can be saved to a log file, which you can send it to an expert for analyzing a problem and troubleshooting it. | + | The results can be saved to a log file, which you can send to an expert for analyzing a problem and troubleshooting it. |
| **How to Use Process Monitor to Track Registry and File System Changes?** | **How to Use Process Monitor to Track Registry and File System Changes?** | ||
| Line 87: | Line 91: | ||
| Following the steps below (or the video) we can record what causes the error. | Following the steps below (or the video) we can record what causes the error. | ||
| - | Afterwards we can send it to an expert or search for a fix ourselves. | + | Afterwards, we can send it to an expert or search for a fix ourselves. |
| <html> | <html> | ||
| Line 120: | Line 124: | ||
| | **11.** Switch back to Notepad. || | | **11.** Switch back to Notepad. || | ||
| | **12.** To reproduce the problem, try writing to the HOSTS file and saving it. Windows offers to save the file with a different name, or in a different location. So, what happens under the hood when you save to HOSTS file? Process Monitor shows that exactly. || | | **12.** To reproduce the problem, try writing to the HOSTS file and saving it. Windows offers to save the file with a different name, or in a different location. So, what happens under the hood when you save to HOSTS file? Process Monitor shows that exactly. || | ||
| - | | **13.** Switch to Process Monitor window, and turn off Capturing (Ctrl + E) as soon as you encountered the problem. **Important Note**: You need to do all that as quickly as you can in order to not record unneeded data. || | + | | **13.** Switch to Process Monitor window, and turn off Capturing (Ctrl + E) as soon as you encounter the problem. **Important Note**: You need to do all that as quickly as you can in order to not record unneeded data. || |
| <note warning> | <note warning> | ||
| Line 138: | Line 142: | ||
| Windows Performance Recorder / Windows Performance Analyzer show who used the disk during a longer time period, although they were showing the activity as belonging to the System process instead of our process. | Windows Performance Recorder / Windows Performance Analyzer show who used the disk during a longer time period, although they were showing the activity as belonging to the System process instead of our process. | ||
| - | Using Process Monitor we could identify our processes' entire activity and we could determine why one is slower than the other. | + | Using Process Monitor we could identify our processes' entire activity and determine why one is slower than the other. |
| </note> | </note> | ||
| Line 165: | Line 169: | ||
| The tasks can be found for the Windows sessions can be found here: | The tasks can be found for the Windows sessions can be found here: | ||
| * New Tasks: {{:ep:laboratoare:lab08-tasks.zip|}} | * New Tasks: {{:ep:laboratoare:lab08-tasks.zip|}} | ||
| - | * Old Tasks (before 2021): {{:ep:laboratoare:lab08-tasks-old.zip|}} | ||
| </note> | </note> | ||
| {{namespace>:ep:labs:08:contents:tasks&nofooter&noeditbutton}} | {{namespace>:ep:labs:08:contents:tasks&nofooter&noeditbutton}} | ||
