Sorry about the dumb question. I am new to Xperf.
I am on 64-bit Windows 8.1 and my application is also x64. I want to capture both the callstacks and my defined events in the application using Xperf.
I registered the GUID 35f7872e-9b6d-4a9b-a674-66f1edd66d5c in my application.
When I was using:
xperf -on PROC_THREAD+LOADER+Base -start UserSession -on 35f7872e-9b6d-4a9b-a674-66f1edd66d5c -BufferSize 1024 -stackwalk profile
I can get all the events but no callstack. However if I remove -on 35f7872e-9b6d-4a9b-a674-66f1edd66d5c
and the command lines becomes:
xperf -on PROC_THREAD+LOADER+Base -start UserSession -BufferSize 1024 -stackwalk profile
This way, I am able to capture all the callstack but no defined events.
Can anyone tell me what's the correct command line to use to capture both the callstack and the events? Also if you can point me to any good Xperf reference it would be even greater.
You need to add :::'stack' to the command line to capture stacks for user mode events.
xperf -start UserSession -on 35f7872e-9b6d-4a9b-a674-66f1edd66d5c:::'stack'
A good xperf reference is the book "Inside Windows Debugging" and this blog.
I voted up this question even though it was poorly formed, because it shows a common source of confusion. The original question asked about "how to record callstacks" but that is not a well formed question. xperf can record call stacks for the sampling profiler, context switches, file I/O, disk I/O, registry activity, or custom events. The question didn't specify what type of call stacks were recorded, which lead to some confusion.
Let's look at the original command line. I've simplified it by removing PROC_THREAD+LOADER because BASE includes those. I've also removed -BufferSize 1024 because I think it's misplaced, and I've replaced the GUID with a name -- you should give your providers a name and use it. So, we have:
xperf -on Base -start UserSession -on MyProvider -stackwalk profile
It is important to note that we have two "-on" directives. This means that we are starting two sessions. This is equivalent to:
xperf -on Base
xperf -start UserSession -on MyProvider -stackwalk profile
The first command starts or connects to the kernel logger (no session name) with the 'Base' provider. The second command starts a user session called "UserSession" with the "MyProvider" provider.
Now we can see the problem. "profile" is only a valid option for -stackwalk in the context of the kernel logger. It makes no sense to ask the user session to record call stacks on profile events, because it isn't recording profile events! So that gets us to this variant of the OP's question:
xperf -on Base -stackwalk profile
xperf -start UserSession -on MyProvider
@rem Run tests here
xperf -stop UserSession -stop -d trace.etl
But wait! What about call stacks for the user events in MyProvider? That's what the first answer was trying to explain -- we need to add :::'stack':
xperf -on Base -stackwalk profile
xperf -start UserSession -on MyProvider:::'stack'
@rem Run tests here
xperf -stop UserSession -stop -d trace.etl
Those call stacks will be available as a Stack column in the Generic Events view in WPA. For a list of the many other things for which you can record a call stack, see "xperf -help stackwalk". And remember, it only makes sense to ask for call stacks for an event you are actually recording. Luckily Base includes Profile so we're okay.
Oh yeah -- if you want to set the buffer size and buffer count, be sure to be careful about which session (possibly both) you are setting it for.
For much information, especially about how to analyze xperf traces, see: https://randomascii.wordpress.com/category/xperf/
For a much easier way to record ETW traces see this open-source UI for controlling trace recording - you could easily add your own provider to the list being recorded: https://github.com/google/UIforETW/releases
来源:https://stackoverflow.com/questions/25793538/capture-callstack-and-events-in-xperf