xperf - Windows Performance Recorder

xperf.exe is a powerful command-line tool that allows you to collect detailed performance traces from your Windows system. It leverages Event Tracing for Windows (ETW) to capture a wide range of system and application events. These traces can then be analyzed using tools like Windows Performance Analyzer (WPA) to diagnose performance bottlenecks, identify causes of slowdowns, and understand application behavior.

Key Features

  • Comprehensive Data Collection: Captures CPU usage, disk I/O, registry access, kernel events, application-specific events, and more.
  • Flexible Configuration: Allows customization of trace sessions, including which providers to enable and buffer sizes.
  • Command-Line Interface: Enables scripting and automation of performance tracing.
  • Integration with WPA: Generates trace files (.etl) that are directly consumable by Windows Performance Analyzer for in-depth analysis.

Getting Started with xperf

xperf is part of the Windows Performance Toolkit, which is typically installed as part of the Windows SDK or as a separate download. Ensure you have the Performance Tools installed.

Note: xperf.exe is deprecated in favor of wpr.exe and wpa.exe for newer versions of Windows. However, it remains valuable for understanding older systems or specific scenarios.

Basic Usage

To start a trace, open an elevated Command Prompt or PowerShell window.

Starting a Trace

The most basic way to start a trace is to simply run xperf:

xperf -start TraceSession -buffersize 1024 -maxbuffers 2048 -minbuffers 32

This command starts a default trace session. The -buffersize, -maxbuffers, and -minbuffers parameters control the memory buffers used for tracing.

Collecting CPU Sampling

To collect CPU samples, you can use the -samplecpu flag:

xperf -start SampleCpu -buffersize 1024 -maxbuffers 2048 -minbuffers 32 -maxfile 250 -filemode circular

The -maxfile and -filemode circular parameters are useful for long-running traces, preventing them from consuming excessive disk space.

Stopping a Trace

Once you have collected the desired performance data, you need to stop the trace and save it to a file.

xperf -stop TraceSession -d trace.etl

This command stops the trace named TraceSession and saves the collected data into a file named trace.etl. If you used SampleCpu for the trace name, replace TraceSession accordingly. The -d flag specifies the output file name.

Analyzing the Trace

After creating the .etl file, you can open it with the Windows Performance Analyzer (WPA).

wpa.exe trace.etl

Common xperf Commands and Options

Here are some frequently used commands:

Command Description
xperf -providers * Lists all available ETW providers.
xperf -providers +Microsoft-Windows-Kernel-Power Enables the Kernel-Power provider for tracing power events.
xperf -start UserSession -on Microsoft-Windows-Application-Performance-Framework Starts a trace session named UserSession and enables the specified provider.
xperf -flush trace.etl Flushes buffers to the trace file without stopping the trace.
xperf -view trace.etl Opens the trace file in a viewer (usually WPA if installed).
xperf -help Displays general help for xperf.

Advanced Scenarios

xperf can be used for more complex scenarios, such as:

  • Tracing specific application events by enabling their ETW providers.
  • Combining CPU sampling with other kernel event tracing.
  • Automating trace collection and analysis scripts.

Refer to the Windows Performance Analyzer documentation for detailed guidance on creating custom trace configurations and analyzing the collected data.