Differences

This shows you the differences between two versions of the page.

Link to this comparison view

ep:labs:08 [2020/11/23 15:51]
adriana.cogean
ep:labs:08 [2020/12/02 18:12] (current)
radu.mantu [Lab 08 - I/O Monitoring (Windows)]
Line 1: Line 1:
 ====== Lab 08 - I/O Monitoring (Windows) ====== ====== Lab 08 - I/O Monitoring (Windows) ======
 +
 +<note important>​
 +
 +You can download the **Windows 10 VM** via {{:​ep:​labs:​ep_win10_vm.7z.torrent.txt}}.
 +DokuWiki is not configured to accept //​.torrent//​ files so remove the //.txt// extension.
 +After that, you know what to do...
 +
 +Alternatively,​ you can install the following on your own Windows machine:
 +  * **[[https://​go.microsoft.com/​fwlink/?​linkid=2120254 | ADK]]** - make sure to check //**Windows Performance Analyser**//​ and //**Windows Performance Recorder**//​.
 +  * **[[https://​visualstudio.microsoft.com/​downloads/​ | Visual Studio Community Edition]]** - select //C++ development//​. ​
 +  * **[[https://​docs.microsoft.com/​en-us/​sysinternals/​downloads/​sysinternals-suite | Sysinternals suite]]**
 +
 +</​note>​
 +
  
 ===== Objectives ===== ===== Objectives =====
Line 29: Line 43:
   * The **App history tab** was first added to Windows 8, and it shows the resource consumption of metro applications. Metro applications are touch-screen-friendly applications written especially for Microsoft'​s WinRT programming interfaces.   * The **App history tab** was first added to Windows 8, and it shows the resource consumption of metro applications. Metro applications are touch-screen-friendly applications written especially for Microsoft'​s WinRT programming interfaces.
   * The **Start-up tab** shows all the applications that start at start-up, (or at least in Microsoft'​s vision - this will be further detailed in the Autoruns section), and their impact on the boot time. It is helpful to check this tab in case your computer takes a long to to start up.   * The **Start-up tab** shows all the applications that start at start-up, (or at least in Microsoft'​s vision - this will be further detailed in the Autoruns section), and their impact on the boot time. It is helpful to check this tab in case your computer takes a long to to start up.
-  * **Users tab** shows the resource consumption of every logged in user. The screenshot below shows that there is only one user logged in+  * **Users tab** shows the resource consumption of every logged in user.  
-  * **Details tab** shows details for each process - pid, status, the user under which it runs. Right-clicking the column headers bar, offers the possibility to add or remove columns. ​In the screenshot presented below the following columns ​were added: Handles, Threads, Image Path Name and Command Line. These new columns ​are very useful: the first one (Handles) when investigating a handle leak, the second one (Threads) in the case of investigating processes that create too many threads, the third one (Image Path Name) to find out the path from where the process was started, and the last one (Command Line) to find out the parameters with which it was started. +  * **Details tab** shows details for each process - pid, status, the user under which it runs. Right-clicking the column headers bar, offers the possibility to add or remove columns. ​The following columns: Handles, Threads, Image Path Name and Command Line are very useful: the first one (Handles) when investigating a handle leak, the second one (Threads) in the case of investigating processes that create too many threads, the third one (Image Path Name) to find out the path from where the process was started, and the last one (Command Line) to find out the parameters with which it was started.
   * **Services tab** shows the service status. A Windows service can be considered similar to a Linux daemon: a process without a visual interface, offering services to user-created processes.   * **Services tab** shows the service status. A Windows service can be considered similar to a Linux daemon: a process without a visual interface, offering services to user-created processes.
  
Line 42: Line 56:
 </​note>​ </​note>​
  
-- TODOinsert video here+Here [[https://​drive.google.com/​file/​d/​1z1J6lgoYfBOZF7acEzR8gEq1MH1OZgaf/​view]] you have a visual representation of the previous mentioned steps.
  
 == 01. [20p] Task Manager == == 01. [20p] Task Manager ==
Line 99: Line 113:
  
  
-After the capture is saved, the Open option will become available in Windows Performance Analyzer. When clicking the Open button it should open a window such as the one below. ​+After the capture is saved, the Open option will become available in **Windows Performance Analyzer**. When clicking the Open button it should open a window such as the one below. ​
  
 <​spoiler>​ <​spoiler>​
Line 106: Line 120:
            
 Double clicking on Storage should display the following window. Analyse the resources. Double clicking on Storage should display the following window. Analyse the resources.
 +
 <​spoiler>​ <​spoiler>​
 {{:​ep:​laboratoare:​ep4_wpa-cpu2.jpg?​400|}}  ​ {{:​ep:​laboratoare:​ep4_wpa-cpu2.jpg?​400|}}  ​
Line 111: Line 126:
  
 In the upper-left corner of the newly opened window it can select Disk Usage, Utilization by Disk. Click on Utilization by Disk and select: Utilization by Process, Path Name, and Stack. This will generate the following output. ​ In the upper-left corner of the newly opened window it can select Disk Usage, Utilization by Disk. Click on Utilization by Disk and select: Utilization by Process, Path Name, and Stack. This will generate the following output. ​
 +
 <​spoiler>​ <​spoiler>​
  ​{{:​ep:​laboratoare:​ep4_wpa-cpu3.jpg?​400|}}  ​  ​{{:​ep:​laboratoare:​ep4_wpa-cpu3.jpg?​400|}}  ​
 </​spoiler> ​     </​spoiler> ​    
- 
  
 The graph looks interesting in Task Manager. Processes can be selected for observing their activity on the disk. It can be noticed that our processes are not shown. Run Logs.exe again while keeping Task Manager on.  The graph looks interesting in Task Manager. Processes can be selected for observing their activity on the disk. It can be noticed that our processes are not shown. Run Logs.exe again while keeping Task Manager on. 
 +
 <​spoiler>​ <​spoiler>​
 {{:​ep:​laboratoare:​ep4_logstaskmanagerdisk.jpg?​400|}}  ​ {{:​ep:​laboratoare:​ep4_logstaskmanagerdisk.jpg?​400|}}  ​
Line 127: Line 143:
   * It sums up the number of time that a process was caught doing something. In our case, the two processes want to write to the disk, but they are not the ones that get to do the actual writing. They tell the system that they want to write, and the System process schedules the writing. The reason for this is targeting a more efficient disk writing, as the System process is trying to minimise the impact to the disk. This is why our process'​s writing is passed over to the System process.   * It sums up the number of time that a process was caught doing something. In our case, the two processes want to write to the disk, but they are not the ones that get to do the actual writing. They tell the system that they want to write, and the System process schedules the writing. The reason for this is targeting a more efficient disk writing, as the System process is trying to minimise the impact to the disk. This is why our process'​s writing is passed over to the System process.
  
 +Here [[https://​drive.google.com/​file/​d/​1DTEnxhv9Tb5TORz1RFT7-v2ojLPW5l7A/​view]] you have a visual representation as well.
  
-TODO: insert video here 
  
 == 02. [20p] WPR and WPA  == == 02. [20p] WPR and WPA  ==
Line 173: Line 189:
 | **18.** Right-click on the Logfile.PML file, click Send To, and choose Compressed (zipped) folder. This compresses the file by ~90%. Look at the graphic below. You certainly want to zip the log file before sending it to someone. || | **18.** Right-click on the Logfile.PML file, click Send To, and choose Compressed (zipped) folder. This compresses the file by ~90%. Look at the graphic below. You certainly want to zip the log file before sending it to someone. ||
  
-You can also watch the previously mentioned steps in the video below: +You can take also take a look at this video here: https://​drive.google.com/​file/​d/​1ZYdtOq7QsY0nfYDS3e4foPFRVPgO4Qdb/​view.
-TODO - insert ​video here+
  
  
-== 02. [30p] Process Monitor ==+== 03. [30p] Process Monitor ==
  
 <note warning> <note warning>
Line 238: Line 253:
  
  
-== 03. [30p] Process Explorer ==+== 04. [30p] Process Explorer ==
  
 :!: :!: NON-DEMO TASK  :!: :!: NON-DEMO TASK 
Line 251: Line 266:
  
  
-== 04. [10p] Feedback ==+== 05. [10p] Feedback ==
  
 :!: :!: NON-DEMO TASK  :!: :!: NON-DEMO TASK 
ep/labs/08.1606139461.txt.gz · Last modified: 2020/11/23 15:51 by adriana.cogean
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0