This document provides an overview of various performance monitoring and debugging tools available in Windows, including Event Tracing for Windows, Performance Monitor, Network Monitor, Resource Monitor, user-mode and kernel-mode debuggers, Windows Performance Toolkit, and PerfView.

2. Agenda
Event Tracing for Windows
Performance Monitor
Network Monitor
Resource Monitor
User–mode Debugger
Kernel–mode Debugger
Windows Performance Toolkit
PerfView

3. Event Tracing for Windows
A high performance, low overhead and scalable tracing framework that is
built into the system and is available for both applications and drivers
Ability to configure tracing dynamically which avoids having to restart the
system or the application to begin capturing so suitable in production
Most operations throughout the system that are of interest to performance
are fully instrumented, e.g. process and thread activity, registry I/O, disk
I/O, memory management

5. Performance Monitor
Queries performance counters that measure system state or activity for
current values that are read at specific intervals
Performance counters are included in the operating system and can be
extended by third party applications by registering performance DLLs
Able to collect event trace data from trace providers that report actions or
events and can combine multiple trace providers into a single session

7. Network Monitor
A protocol analyzer that enables you to capture, view, and to analyze
network data in a graphical format
Available as a separate download from http://www.microsoft.com/en-us/
download/details.aspx?id=4865
Supports a set of parsers to analyze protocols released under the MSDN
Open Specifications initiative as well as open standard protocols
Contains support for third–party analyzers and plugins

9. Resource Monitor
Allows the viewing of CPU, memory, disk and network resources which is
useful for identifying the highest resource consumers by individual type
Able to display the wait chain tree to show which processes are using or
waiting to use a resource that is being used by another process
Ability to end, suspend and resume processes as well as to start, stop
and restart Windows services

11. User-mode Debugger
Included with the Debugging Tools for Windows as WinDbg, ntsd and cdb
The debugger can be configured to attach to a running process, spawn a
new process or open a crash dump for post–mortem analysis
Support for noninvasive debugging which minimizes the debugger's
interference with the target application and is useful for situations where
the application or debugging interface is not responding

13. Kernel-mode Debugger
Included with the Debugging Tools for Windows as WinDbg and kd
Supported transports include a serial, USB or IEEE 1394 cable, named
pipes, over–the–network and local mode as well as kernel memory
dumps
The system must be started in debugging mode which is configurable by
modifying the boot configuration database, e.g. bcdedit /debug on

15. Windows Performance Toolkit
Designed to capture and analyze a wide range of performance problems
including application and system resource utilization
Available as part of the Windows Assessment and Deployment Kit (ADK)
from http://www.microsoft.com/en-us/download/details.aspx?id=30652
The three primary tools of interest are XPerf, the Windows Performance
Recorder and the Windows Performance Analyzer

17. PerfView
A performance analysis tool that assists with isolating CPU and memory
related performance issues by utilizing Event Tracing for Windows
Available as a separate download from http://www.microsoft.com/en-us/
download/details.aspx?id=28567
Used internally at Microsoft by a number of groups and is the primary
performance investigation tool utilized by the .NET CLR development
team
Contains support for managed, native and mixed mode code analysis