Differences

This shows you the differences between two versions of the page.

Link to this comparison view

ep:labs:08 [2019/11/25 21:54]
radu.mantu
ep:labs:08 [2020/12/02 18:12] (current)
radu.mantu [Lab 08 - I/O Monitoring (Windows)]
Line 1: Line 1:
 ====== Lab 08 - I/O Monitoring (Windows) ====== ====== Lab 08 - I/O Monitoring (Windows) ======
  
-=== 01 - Objectives ===+<note important>​
  
-  * How to determine ​the root sources of having intensive disk usage/​RAM/​CPU and intensive networking using **Task Manager** (Processes, Performance,​ App history, Start-up, Users, Details, Services)+You can download ​the **Windows 10 VM** via {{:​ep:​labs:​ep_win10_vm.7z.torrent.txt}}
-  * Analyzing performance issues due to intensive disk use using **Windows Performance Recorder**, **Process Monitor** and **Process Explorer**+DokuWiki is not configured ​to accept //​.torrent//​ files so remove the //.txt// extension
-  * Monitor the disk activityidentify who is generating it and how to figure out the issue by looking at the pdbs and the code.+After thatyou know what to do...
  
-=== 02 I/O Monitoring - Windows ​===+Alternatively,​ you can install the following on your own Windows machine: 
 +  * **[[https://​go.microsoft.com/​fwlink/?​linkid=2120254 | ADK]]** ​make sure to check //**Windows ​Performance Analyser**//​ and //**Windows Performance Recorder**//​. 
 +  * **[[https://​visualstudio.microsoft.com/​downloads/​ | Visual Studio Community Edition]]** - select //C++ development//​.  
 +  * **[[https://​docs.microsoft.com/​en-us/​sysinternals/​downloads/​sysinternals-suite | Sysinternals suite]]**
  
-== Introduction ==+</​note>​
  
-  * Since computers started to surface, for many people it was a mystery what was happening behind the screen and it seemed magical when it wasn't working and even more magical when it was working. Since Linux is open-source,​ all sorts of tools appeared over time to analyse problems when they came up. On Windows on the other hand, the system being closed made it harder for tools to appear. 
-  * The first tools were provided by Sysinternals. These were written by Mike Rusinovich, who chose to make public tools such as “File monitor” and “Registry monitor”, which were later combined into “Process monitor”. The tools were so good that even Microsoft'​s support teams were using them. Seeing their usefulness and appreciating the know-how of their operating system, Microsoft decided to buy Sysinternals,​ so now the original website redirects to https://​technet.microsoft.com/​en-us/​sysinternals (outside Romania it probably redirects to a different link due to localization reasons that consider the language of the country where redirection is made). 
-  * On this website can be found some of the tools that will be used in this tutorial - Process Monitor, Process Explorer, VMMap, Autoruns. Starting with Windows 7, Microsoft has begun to invest more and more in the performance of the system and in ways to monitor the system'​s performance. Some tools already existed since Windows 2000, but they were only used internally. 
  
-=== 03 - Tutorials ​===+===== Objectives =====
  
-== Task Manager ​==+  * How to determine the root sources of having intensive disk usage/​RAM/​CPU and intensive networking using **Task Manager** (Processes, Performance,​ App history, Start-up, Users, Details, Services). 
 +  * Analyzing performance issues due to intensive disk use using **Windows Performance Recorder**, **Process Monitor** and **Process Explorer**. 
 +  * Monitor the disk activity, identify who is generating it and how to figure out the issue by looking at the pdbs and the code.
  
-Shows the process name responsible for constant disk thrashing either by reads or writes. To start Task manager use the shortcut: //**Ctrl + Shift + Esc**//. 
  
-^ A. Task Manager - Processes tab ^^ +===== Introduction =====
-| **Processes tab** shows all the running processes and their current resource usage in terms of CPU, Memory, Disk and Network. | {{ :​ep:​laboratoare:​ep5_taskmanagernetworking.jpg?​400 |}} |+
  
-^ BTask Manager ​Performance tab     ^^ +Since computers started to surface, for many people it was a mystery what was happening behind the screen and it seemed magical when it wasn't working and even more magical when it was workingSince Linux is open-source, all sorts of tools appeared over time to analyse problems when they came up. On Windows on the other hand, the system being closed made it harder for tools to appear.
-| **Performance tab** shows the usage level of the computer'​s main resources in the last 60 seconds. ​   | {{ :​ep:​laboratoare:​ep4_taskmanager-cpu.jpg?400 |}}       |+
  
-^ C. Task Manager - App history tab     ^^ +The first tools were provided by Sysinternals. These were written by Mike Rusinovichwho chose to make public tools such as “File monitor” ​and “Registry monitor”, which were later combined into “Process monitor”The tools were so good that even Microsoft'​s ​support teams were using themSeeing their usefulness and appreciating the know-how of their operating system, Microsoft decided to buy Sysinternals,​ so now the original website redirects to https://​technet.microsoft.com/​en-us/​sysinternals (outside Romania it probably redirects to a different link due to localization reasons that consider the language of the country where redirection is made).
-The **App history tab** was first added to Windows 8, and it shows the resource consumption of metro applicationsMetro applications are touch-screen-friendly applications written especially for Microsoft'​s ​WinRT programming interfaces| {{ :ep:laboratoare:​ep4_taskmanager-history.jpg?400 |}}       |+
  
-^ D. Task Manager - Start-up tab     ^^ +On this website can be found some of the tools that will be used in this tutorial - Process Monitor, Process Explorer, VMMap, ​Autoruns. Starting with Windows 7Microsoft has begun to invest more and more in the performance of the system and in ways to monitor the system'​s performanceSome tools already existed since Windows 2000, but they were only used internally.
-| The **Start-up tab** shows all the applications ​that start at start-up, (or at least in Microsoft'​s vision - this will be further detailed ​in the Autoruns ​section), and their impact on the boot time. It is helpful to check this tab in case your computer takes a long to to start up| {{ :​ep:​laboratoare:​ep4_taskmanager-startup.jpg?400 |}}      |+
  
-^ E. Task Manager - Users tab     ^^ +===== Tutorials & Tasks =====
-| **Users tab** shows the resource consumption of every logged in user. The screenshot below shows that there is only one user logged in. | {{ :​ep:​laboratoare:​ep4_taskmanager-users.jpg?​400 |}}       |+
  
-^ F. Task Manager ​- Details tab ^^    +===== Task Manager ​=====
-| **Details tab** shows details for each process - pid, status, the user under which it runs. Right-clicking the column headers bar, offers the possibility to add or remove columns. In the screenshot presented below the following columns were added: Handles, Threads, Image Path Name and Command Line. These new columns are very useful: the first one (Handles) when investigating a handle leak, the second one (Threads) in the case of investigating processes that create too many threads, the third one (Image Path Name) to find out the path from where the process was started, and the last one (Command Line) to find out the parameters with which it was started. | {{ :​ep:​laboratoare:​ep4_taskmanager-details.jpg?​400 |}}       |+
  
-^ G. Task Manager ​Services ​tab     ^^ +Shows the process name responsible for constant disk thrashing either by reads or writes 
-**Services tab** shows the service status. A Windows service can be considered similar to a Linux daemon: a process without a visual interface, offering services to user-created processes. ​| {{ :​ep:​laboratoare:​ep4_taskmanager-services.jpg?​400 |}}       |+ 
 +To start Task manager use the shortcut: //**Ctrl + Shift + Esc**//. 
 + 
 +**Tabs description:​** 
 +  * **Processes tab** shows all the running processes and their current resource usage in terms of CPU, Memory, Disk and Network. 
 +  * **Performance tab** shows the usage level of the computer'​s main resources in the last 60 seconds. 
 +  * The **App history tab** was first added to Windows 8, and it shows the resource consumption of metro applications. Metro applications are touch-screen-friendly applications written especially for Microsoft'​s WinRT programming interfaces. 
 +  * The **Start-up ​tab** shows all the applications that start at start-up, (or at least in Microsoft'​s vision - this will be further detailed in the Autoruns section), and their impact on the boot time. It is helpful to check this tab in case your computer takes a long to to start up. 
 +  * **Users tab** shows the resource consumption of every logged in user.  
 +  * **Details tab** shows details for each process - pid, status, the user under which it runs. Right-clicking the column headers bar, offers the possibility to add or remove columns. The following columns: Handles, Threads, Image Path Name and Command Line are very useful: the first one (Handles) when investigating a handle leak, the second one (Threads) in the case of investigating processes that create too many threads, the third one (Image Path Name) to find out the path from where the process was started, and the last one (Command Line) to find out the parameters with which it was started.  
 +  * **Services tab** shows the service status. A Windows service can be considered similar to a Linux daemon: a process without a visual interface, offering services to user-created processes.
  
 **Conclusion:​** **Conclusion:​**
Line 51: Line 56:
 </​note>​ </​note>​
  
-== Windows Performance Recorder ==+Here [[https://​drive.google.com/​file/​d/​1z1J6lgoYfBOZF7acEzR8gEq1MH1OZgaf/​view]] you have a visual representation of the previous mentioned steps.
  
-Installing Windows ADK will install Windows Performance RecorderCheck by clicking ​the windows button ​and typing “windows performance recorder”.+== 01[20p] Task Manager == 
 + 
 +  - Watch the video and go through the tutorial 
 +  - Which program is constantly reading or writing to your hard disk? 
 + 
 +:!: :!: NON-DEMO TASK  
 + 
 +**How to:** 
 + 
 +  * Open Task Manager, and select the Details tab. 
 +  * Right-click on the column header (Name, PID, Status etc) and click Select Columns. 
 +  * Enable the following checkboxes and click OK. 
 + 
 +<note tip> 
 +I/O read bytes is the number of bytes read in input/​output operations generated ​by a process, including file, network, and device I/Os. 
 +Whereas I/O write bytes is the number of bytes written in input/​output operations by a process, including file, network, ​and device I/Os. 
 +I/O Read Bytes & I/O Write Bytes directed to CONSOLE (console input object) handles are not counted. 
 +</​note>​ 
 + 
 +  * Next, sort the listings by I/O Read bytes and see which application is generating the maximum I/O (in bytes/sec). Similarly, sort by I/O Write bytes to see which program is writing to the hard disk continuously. 
 +  * Once you identify the program, decide if you need the program or not. Leave it as it is if the I/O operations are justified. Else, remove the program or consult its documentation to tweak the settings if any. For instance, one of your browser extensions may cause high disk or CPU usage. You need to isolate the extension, add-on or the browser’s feature causing the trouble.
  
-Windows Performance Recorder ​^^ +===== Windows Performance Recorder ​=====
-| Start **Windows Performance Recorder** by pressing Enter. You will see the following: | {{:​ep:​laboratoare:​ep4_wpr-record.jpg?​400 |}}       | +
-| Click the **More options** button to get the list shown in the screenshot right below. | {{:​ep:​laboratoare:​ep4_wpr-select.jpg?​400 |}}       |+
  
 <note warning> <note warning>
Line 63: Line 86:
 </​note>​ </​note>​
  
-| Make sure that you select the same check boxes as in the screenshot, but do not click start just yetCreate a new directory and copy the **Logs.exe** ​and **GoodLog.exe** files into this directory. The behaviour of these two executables is similar to logging applications that write logs to the disk. Open a terminal and change the path to the directory where you copied the files. | {{{:​ep:​laboratoare:​ep4_badlogs.jpg?400 |}}       |+Installing Windows ADK will install Windows Performance RecorderCheck by clicking ​the windows button ​and typing “windows performance recorder”.
  
-^ Windows Performance Recorder ^^ +Start **Windows Performance Recorder** ​by pressing EnterYou will see the following:
-Start **Windows Performance Recorder** ​and right after run GoodLog.exe and then Logs.exe. Once the two applications finish running, click the Save button in Windows Performance Recorder. | {{:ep:​laboratoare:​ep4_goodlogs.jpg?​400 |}}       |+
  
-^ Windows Performance Analyzer ^^ +<​spoiler>​ 
-| After the capture is saved, the Open option will become available in Windows Performance Analyzer. When clicking the Open button it should open a window such as the one below. | {{:​ep:​laboratoare:​ep4_wpa-cpu1.jpg?400 |}}       | +{{:​ep:​laboratoare:​ep4_wpr-record.jpg?​400|}} ​  
-| Double clicking on Storage should display the following window. Analyse the resources. | {{:​ep:​laboratoare:​ep4_wpa-cpu2.jpg?​400 |}}       || +</​spoiler> ​   
-| In the upper-left corner of the newly opened window it can select Disk Usage, Utilization by Disk. Click on Utilization by Disk and select: Utilization by Process, Path Name, and Stack. This will generate ​the following output{{:​ep:​laboratoare:​ep4_wpa-cpu3.jpg?400 |}}       |+    ​ 
 +Click the **More options** button to get the list shown in the screenshot right below. 
 +  
 +<​spoiler>​ 
 +{{:​ep:​laboratoare:​ep4_wpr-select.jpg?​400|}} ​  
 +</​spoiler> ​   ​
  
-^ Task Manager ^^ +Make sure that you select the same check boxes as in the screenshot, but do not click start just yetCreate a new directory and copy the **Logs.exe** and **GoodLog.exe** files into this directory. The behaviour of these two executables is similar to logging applications that write logs to the disk. Open a terminal and change the path to the directory where you copied the files
-| The graph looks interesting. Processes can be selected for observing their activity on the disk. It can be noticed ​that our processes are not shownRun Logs.exe ​again while keeping Task Manager on| {{:​ep:​laboratoare:​ep4_logstaskmanagerdisk.jpg?400 |}}       |+
    
 +<​spoiler>​
 +{{:​ep:​laboratoare:​ep4_badlogs.jpg?​400|}}  ​
 +</​spoiler>  ​
 +
 +Start **Windows Performance Recorder** and right after run GoodLog.exe and then Logs.exe. Once the two applications finish running, click the Save button in Windows Performance Recorder.
 +
 +<​spoiler>​
 + ​{{:​ep:​laboratoare:​ep4_goodlogs.jpg?​400|}} ​
 +</​spoiler> ​     ​
 +
 +
 +After the capture is saved, the Open option will become available in **Windows Performance Analyzer**. When clicking the Open button it should open a window such as the one below. ​
 +
 +<​spoiler>​
 +{{:​ep:​laboratoare:​ep4_wpa-cpu1.jpg?​400|}}  ​
 +</​spoiler>​
 +     
 +Double clicking on Storage should display the following window. Analyse the resources.
 +
 +<​spoiler>​
 +{{:​ep:​laboratoare:​ep4_wpa-cpu2.jpg?​400|}}  ​
 +</​spoiler> ​      
 +
 +In the upper-left corner of the newly opened window it can select Disk Usage, Utilization by Disk. Click on Utilization by Disk and select: Utilization by Process, Path Name, and Stack. This will generate the following output. ​
 +
 +<​spoiler>​
 + ​{{:​ep:​laboratoare:​ep4_wpa-cpu3.jpg?​400|}}  ​
 +</​spoiler> ​    
 +
 +The graph looks interesting in Task Manager. Processes can be selected for observing their activity on the disk. It can be noticed that our processes are not shown. Run Logs.exe again while keeping Task Manager on. 
 +
 +<​spoiler>​
 +{{:​ep:​laboratoare:​ep4_logstaskmanagerdisk.jpg?​400|}}  ​
 +</​spoiler> ​   ​
 +
 +
 **Conclusions:​** **Conclusions:​**
  
Line 81: Line 143:
   * It sums up the number of time that a process was caught doing something. In our case, the two processes want to write to the disk, but they are not the ones that get to do the actual writing. They tell the system that they want to write, and the System process schedules the writing. The reason for this is targeting a more efficient disk writing, as the System process is trying to minimise the impact to the disk. This is why our process'​s writing is passed over to the System process.   * It sums up the number of time that a process was caught doing something. In our case, the two processes want to write to the disk, but they are not the ones that get to do the actual writing. They tell the system that they want to write, and the System process schedules the writing. The reason for this is targeting a more efficient disk writing, as the System process is trying to minimise the impact to the disk. This is why our process'​s writing is passed over to the System process.
  
-== Process Monitor ==+Here [[https://​drive.google.com/​file/​d/​1DTEnxhv9Tb5TORz1RFT7-v2ojLPW5l7A/​view]] you have a visual representation as well. 
 + 
 + 
 +== 02. [20p] WPR and WPA  == 
 + 
 +  - Watch the video and go through the tutorial 
 + 
 + 
 +===== Process Monitor ​=====
  
 //Process Monitor is an excellent troubleshooting tool from Windows Sysinternals that displays the files and registry keys that applications access in real-time. The results can be saved to a log file, which you can send it to an expert for analyzing a problem and troubleshooting it.// //Process Monitor is an excellent troubleshooting tool from Windows Sysinternals that displays the files and registry keys that applications access in real-time. The results can be saved to a log file, which you can send it to an expert for analyzing a problem and troubleshooting it.//
Line 119: Line 189:
 | **18.** Right-click on the Logfile.PML file, click Send To, and choose Compressed (zipped) folder. This compresses the file by ~90%. Look at the graphic below. You certainly want to zip the log file before sending it to someone. || | **18.** Right-click on the Logfile.PML file, click Send To, and choose Compressed (zipped) folder. This compresses the file by ~90%. Look at the graphic below. You certainly want to zip the log file before sending it to someone. ||
  
-=== 04 - Exercises ===+You can take also take a look at this video here: https://​drive.google.com/​file/​d/​1ZYdtOq7QsY0nfYDS3e4foPFRVPgO4Qdb/​view.
  
-== Exercise 01. [30p] Task Manager, Windows Performance Recorder and Process Monitor == 
  
-  * Go through the tutorials: Task Manager, Windows Performance Recorder and Process Monitor. Discuss the output and call the assistant to show him/her your progress. +== 03. [30p] Process Monitor ==
- +
-== Exercise 02. [10p] Task Manager == +
- +
-  * Which program is constantly reading or writing to your hard disk? +
- +
-**How to:** +
- +
-  * Open Task Manager, and select the Details tab. +
-  * Right-click on the column header (Name, PID, Status etc) and click Select Columns. +
-  * Enable the following checkboxes and click OK. +
- +
-<note tip> +
-I/O read bytes is the number of bytes read in input/​output operations generated by a process, including file, network, and device I/Os. +
-Whereas I/O write bytes is the number of bytes written in input/​output operations by a process, including file, network, and device I/Os. +
-I/O Read Bytes & I/O Write Bytes directed to CONSOLE (console input object) handles are not counted. +
-</​note>​ +
- +
-  * Next, sort the listings by I/O Read bytes and see which application is generating the maximum I/O (in bytes/sec). Similarly, sort by I/O Write bytes to see which program is writing to the hard disk continuously. +
-  * Once you identify the program, decide if you need the program or not. Leave it as it is if the I/O operations are justified. Else, remove the program or consult its documentation to tweak the settings if any. For instance, one of your browser extensions may cause high disk or CPU usage. You need to isolate the extension, add-on or the browser’s feature causing the trouble. +
- +
-== Exercise ​03. [30p] Process Monitor ==+
  
 <note warning> <note warning>
Line 158: Line 206:
 == [10p] Task A - Checking logging file == == [10p] Task A - Checking logging file ==
  
-^ Process Monitor ^^ +  * Looking at the logs created by the two apps in Process Monitor ​- bad.log, good.log - they are identical, but Logs.exe has a significantly longer running time compared to GoodLog.exe. Start Process Monitor. ​ 
-Looking at the logs created by the two apps - bad.log, good.log - they are identical, but Logs.exe has a significantly longer running time compared to GoodLog.exe. Start Process Monitor. ​{{:​ep:​laboratoare:​ep4_procmon.jpg?​400|}} ​| + 
-If the 4 buttons in the black area on the upper part of the window are selected, Process Monitor will display the activity (in this order) for: registry, files, networking, process and thread activity. By unchecking them, the corresponding events will be no longer displayed. In the menu bar there is the Filter field. If selected, it will trigger a dropdown menu that contains another Filterfield. If this second Filter field is selected, it will open the window shown below. Replicate this on your computer. ​{{:​ep:​laboratoare:​ep4_procmon-filters.jpg?​400|}} ​|| +<​spoiler>​ 
-From the two dropdown menus in the upper part of the context window, select ”Process Name” instead of ”Architecture” and ”is” instead of ”contains”. In the text filed add Logs.exe, click the Add button and then the OKbutton. Open the terminal and run Logs.exe. After the program is done running, save the Process Monitor capture. Use Ctrl + X to reset all the events captured in Process Monitor. Go to Filter → Filter area, double-click on the filter that was just added and change Logs.exe with GoodLog.exe,​ then click Add and Ok. Start GoodLog.exe and save the capture once the program finishes running. Scroll down in the two capture-logs until you notice the activity for bad.log respectively good.log. ​{{:​ep:​laboratoare:​ep4_procmonlogscomparison.jpg?​400|}} ​||+{{:​ep:​laboratoare:​ep4_procmon.jpg?​400|}} 
 +</​spoiler>​ 
 + 
 +  * If the 4 buttons in the black area on the upper part of the window are selected, Process Monitor will display the activity (in this order) for: registry, files, networking, process and thread activity. By unchecking them, the corresponding events will be no longer displayed. In the menu bar there is the Filter field. If selected, it will trigger a dropdown menu that contains another Filterfield. If this second Filter field is selected, it will open the window shown below. Replicate this on your computer. ​ 
 + 
 +<​spoiler>​ 
 +{{:​ep:​laboratoare:​ep4_procmon-filters.jpg?​400|}} 
 +</​spoiler>​ 
 + 
 +  * From the two dropdown menus in the upper part of the context window, select ”Process Name” instead of ”Architecture” and ”is” instead of ”contains”. In the text filed add Logs.exe, click the Add button and then the OKbutton. Open the terminal and run Logs.exe. After the program is done running, save the Process Monitor capture. Use Ctrl + X to reset all the events captured in Process Monitor. Go to Filter → Filter area, double-click on the filter that was just added and change Logs.exe with GoodLog.exe,​ then click Add and Ok. Start GoodLog.exe and save the capture once the program finishes running. Scroll down in the two capture-logs until you notice the activity for bad.log respectively good.log. 
 + 
 +<​spoiler>​ 
 +{{:​ep:​laboratoare:​ep4_procmonlogscomparison.jpg?​400|}} 
 +</​spoiler>​
  
 <note important>​ <note important>​
-Notice the difference. On the left-hand side it is shown the faster logging process, and on the right-hand side the slower one. Look in the red highlighted area to see the difference. On the left-hand side the logging file is opened, followed by continuous writing, while on the right-hand side the file is opened and closed for every writing operation which explains the significant slowdown. ​+  * Notice the difference. On the left-hand side it is shown the faster logging process, and on the right-hand side the slower one. Look in the red highlighted area to see the difference. On the left-hand side the logging file is opened, followed by continuous writing, while on the right-hand side the file is opened and closed for every writing operation which explains the significant slowdown. ​
 </​note>​ </​note>​
  
-To recap, Task Manager shows what processes use the disk intensively at the current time, Windows Performance Recorder / Windows Performance Analyzer show who used the disc during a longer time period, although they were showing the activity as belonging to the System process instead of our process. Using Process Monitor we could identify our processes'​ entire activity and we could determine why one is slower than the other. But what if we could find out which line in the code causes the problem? Go back to Process Monitor. Use the window of the badly written logging program (Logs.exe). Go to Options → Configure Symbols, which will open the window shown below. ​{{:​ep:​laboratoare:​ep4_procmon-symbols.jpg?​400|}} ​|| +  * To recap, Task Manager shows what processes use the disk intensively at the current time, Windows Performance Recorder / Windows Performance Analyzer show who used the disc during a longer time period, although they were showing the activity as belonging to the System process instead of our process. Using Process Monitor we could identify our processes'​ entire activity and we could determine why one is slower than the other. But what if we could find out which line in the code causes the problem? Go back to Process Monitor. Use the window of the badly written logging program (Logs.exe). Go to Options → Configure Symbols, which will open the window shown below. ​ 
-In the log (D:​\Logs\bad.log) go to CreateFile. Double-click to open the Event Properties window. Choose the Stacktab, scroll down and you can notice that in the main function of main_bad_log.cpp,​ at line 12 the opening takes place. Click the ”Source” button to view the source code containing the issue. ​{{:​ep:​laboratoare:​ep4_prcomoncode.jpg?​400|}} ​||+ 
 +<​spoiler>​ 
 +{{:​ep:​laboratoare:​ep4_procmon-symbols.jpg?​400|}} 
 +</​spoiler>​ 
 + 
 +  * In the log (D:​\Logs\bad.log) go to CreateFile. Double-click to open the Event Properties window. Choose the Stacktab, scroll down and you can notice that in the main function of main_bad_log.cpp,​ at line 12 the opening takes place. Click the ”Source” button to view the source code containing the issue. ​ 
 + 
 +<​spoiler>​ 
 +{{:​ep:​laboratoare:​ep4_prcomoncode.jpg?​400|}} ​ 
 +</​spoiler>​ 
  
 == [20p] Task B - Investigating a handle leak == == [20p] Task B - Investigating a handle leak ==
 +
 +:!: :!: NON-DEMO TASK 
  
 In {{:​ep:​laboratoare:​logs-final.7z|}} you have another example of two executables:​ **good.exe** and **bad.exe**. Both have the same outcome, the only difference being their running time (one of them is significantly slower). **Identify the problem**. In {{:​ep:​laboratoare:​logs-final.7z|}} you have another example of two executables:​ **good.exe** and **bad.exe**. Both have the same outcome, the only difference being their running time (one of them is significantly slower). **Identify the problem**.
Line 179: Line 252:
   * **Hint:** Open up a terminal and run HandleLeak.exe. Check out the ”Details” tab in Task Manager after adding the ”Handles” column.   * **Hint:** Open up a terminal and run HandleLeak.exe. Check out the ”Details” tab in Task Manager after adding the ”Handles” column.
  
-== Exercise ​04. [30p] Process Explorer ==+ 
 +== 04. [30p] Process Explorer == 
 + 
 +:!: :!: NON-DEMO TASK 
  
   * It can be noticed that the number of handles keeps growing. This is clearly a problem, but how do we investigate it?   * It can be noticed that the number of handles keeps growing. This is clearly a problem, but how do we investigate it?
Line 189: Line 265:
   * So it can be noticed that the leaks are on the following file: D:​\Logs\HandleLeak\leak.txt. This is very useful information,​ but it would be better to find out who is responsible for the leak in code. Run Process Monitor with a filter on HandleLeak.exe and to notice the stack where the leakage is happens.   * So it can be noticed that the leaks are on the following file: D:​\Logs\HandleLeak\leak.txt. This is very useful information,​ but it would be better to find out who is responsible for the leak in code. Run Process Monitor with a filter on HandleLeak.exe and to notice the stack where the leakage is happens.
  
-=== 05 Feedback ===+ 
 +== 05. [10p] Feedback == 
 + 
 +:!: :!: NON-DEMO TASK 
  
   * Please take a minute to fill in the **[[https://​docs.google.com/​forms/​d/​e/​1FAIpQLSfsMBl2EFu10jJG2qHEiSsR-qYr3wkzQPfDwjhChKnjRtDT_w/​viewform | feedback form]]** for this lab.   * Please take a minute to fill in the **[[https://​docs.google.com/​forms/​d/​e/​1FAIpQLSfsMBl2EFu10jJG2qHEiSsR-qYr3wkzQPfDwjhChKnjRtDT_w/​viewform | feedback form]]** for this lab.
ep/labs/08.1574711679.txt.gz · Last modified: 2019/11/25 21:54 by radu.mantu
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0