Skip to content

Releases: Siemens-Healthineers/ETWAnalyzer

3.0.0.11

20 Nov 08:43
ceeefbb
Compare
Choose a tag to compare

Enhancements

  • .load -all

    • Preload also extended CPU metrics to prevent access to file shares after loading has completed.
  • default.stacktags

    • Added tag for Broadcast Window Message
    • Updated Antivirus stackags.
      • ESET added eamonm.sys drvier
      • Added Antivirus - BitDefender
        with driver vlflt.sys

Fixes

  • Extract/Dump TCP
    • Fix issue with duplicated connections when an existing connection is found in TcpAcceptListenerComplete which results in multiple entries.
  • Fix for issue #92 where CPU count mismatch is detected and extraction fails in CPUFrequencyExctractor. For now ignore it.

3.0.0.10

24 Jul 09:20
Compare
Choose a tag to compare
  • Added -TimeDigits flag (all dump commands) to configure with how many digits time is displayed (0-6).
  • -Dump Process columns are configurable with -column ... Option
    Example:
    Explicitly configure the displayed columns. Print start/stop/duration with ms precision.
    ETWAnalyzer -dump Process -fd xx.etl/.json7z .dump process -timefmt s -timedigits 3 -column ProcessId;StartTime;StopTime;CommandLine
  • Console mode can now load files as optional arguments. Useful for external tool integration to e.g. load interesting files from a UI into ETWAnalyzer
    • E.g. ETWAnalyzer -Console file1.json7z file2.json7z
  • -Dump TCP
    • TCP reset time is now also extracted if socket is closed because other side did not respond.
    • Fixed TCP Retransmit delay calculation which was resulting in too large values because not the last send time was used.
    • Dump TCP columns are configurable with -column ... option
      Example:
      Dump all connections which were reset because no connection could be made. Remove specific columns from output.
      ETWAnalyzer -fd xx.json7z -dump Tcp -Reset -MinMaxReceivedBytes 0-0 -Column !*Bytes;!Template;!Retrans*;!TCB;!LastReceiveTime -Details -Timefmt s

Fixes
-DumpObjectRef -pn filter was not filtering creating process.

3.0.0.9

24 Jun 05:50
7863343
Compare
Choose a tag to compare
  • Fix: -Extract ObjectRef does not keep names of leaked handles which were never closed.
  • Added -MinMaxTime filter for -dump ObjectRef

3.0.0.8

14 Jun 14:21
Compare
Choose a tag to compare
  • Extracted Json files are now compressed into a single .json7z file. See #88. This saves a lot of space.
    • To get the old behaviour use during -Extract the -NoCompress switch.
    • This makes it also easy to rename an extracted file to describe what the file really contains.
    • The data is streamed into the .json7z archive and streamed back in memory with no temporary files.
    • ETWAnalyzer depends now on Squid-Box.SevenZipSharp.Lite Nuget package.
  • Improved help messages. Do not show full help for unknown commands but just the list of commands with their command line options.
  • Added .load -all option to fully load files during load. By default the files are deserialized on access by the .dump commands.
    This is useful if you want to get fast queries after loading data from a slow network share. In the meantime get some coffee and let the machine do the work.

Fixes

3.0.0.6

29 May 14:46
Compare
Choose a tag to compare

Console Mode

Added interactive console mode accessible with ETWAnalyzer -console. This makes working with many/large files much more interactive.
Supported commands:

  • .cls Clear screen.
  • .dump xxx Query loaded file/s. Options are the same as in -Dump command. e.g. .dump CPU will print CPU metrics. Allowed values are [CPU,Disk,Dns,Exception,File,LBR,Mark,Memory,ObjectRef,PMC,Power,Process,Stats,TestRun,ThreadPool,Version]
  • .load file1.json file2.json ... Load one or more data files. Use . to load all files in current directory. Previously loaded files are removed.
  • .load+ file.json Add file to list of loaded files but keep other files.
  • .list List loaded files
  • .quit or .q Quit ETWAnalyzer
  • .unload Unload all files if no parameter is passed. Otherwise only the passed files are unloaded from the file list.
  • .sffn Enable/disable -ShowFullFileName to display full path of output files.

-Extract ObjectRef

  • Use in stacktrace WPA notation of dll!method instead of just the method name in stacktrace to see which dll is responsible.
  • Added support for existing handles and handle summaries.
  • Made json ca. 40% smaller by omitting the duplicated Create/Destroy events of handle creation and destruction. Introducted FirstCreate and LastDestroyEvent which will return the first (Object Create or Handle Create) / last (Object Destroy or Handle Close) event. This removes a lot of redundant data.
  • Added Handle type data.

-Dump ObjectRef

  • Added -type filter to filter for handle type in output.
  • Added handle type to CSV output.

-Dump Version

  • Support for -Cmdline and -Newprocess filter added.
  • By default now the number of visible/loaded dlls is shown per process. Can be suppressed with -Showtotal None.
  • Added -Showtotal Total to print only the number of loaded dlls but not each dll

Performance

  • Speed up hash calculation in ETWProcess by just using the pid. The additional used things like command line, start time did not increase performance and the additional data seemed to cause just more hash collisions.

Fixes

  • Fix Zero division exception in GetAverageFrequenciesPerEfficiencyClass during CPU extraction when not enough CPU sampling data was present. In that case totalTimeS could become 0.

3.0.0.4

14 May 06:44
Compare
Choose a tag to compare
  • Added handle leak analysis support which can read Object, VAMAP provider events.
  • To extract use -Extract ObjectRef
  • To view the data -Dump ObjectRef
  • More details at Dump ObjectRef
    Dump Example

3.0.0.2

05 Feb 09:41
Compare
Choose a tag to compare
  • Dump/Extract Power

    • Added for all extracted power profile settings the powercfg shortcut name and setting GUID to -Details output of -Dump Power output.
      That makes relating the settings with powercfg settings much easier.
    • Dump Power print file name and not full file name
    • Format Timespans in ms and not the default format.
    • Added the 14 most important power settings which are not surfaced by TraceProcessing. Updated documentation.
  • Fixes

    • PreviousCState can have values > 1. Do not use not only CState 1 for calculation of CPU wakeup time.

3.0.0.1

30 Jan 19:30
Compare
Choose a tag to compare

Main Agenda

The goal was to support hybrid CPUs, CPU frequency variations, power profile differences and many other under documented things.

General

  • Switched to .NET 8.0
    • Use GarbageCollectionAdaptationMode 1 to use server GC with a dynamic number of GC Heaps instead of hard coded 4.
  • LoadSymbol also support -Indent switch.

Extraction

  • Json files are now saved non indented. To get back old behavior add -Indent switch during extraction.
  • -NoSampling do not process CPU sampling data. Sometimes VMWare VMs produce invalid CPU sampling data. In that case you can ignore it and process only the Context Switch data.
  • -NoCSwitch do not process Context Switch data. Useful to reduce memory consumption if you do not need CPU Wait/Ready timings.
  • Added Power Extractor to extract power profile settings.
  • During CPU extraction Ready Details are extracted which result in an extra file
    • To omit Ready details during extraction which results in an extra file one can
      add -NoReady flag during extraction
    • Added to Ready data >99% sum to get total sum and sum of mount everest outliers to be able to judge the overal distribution shape.
  • Added extraction of process priorities via Context Switch events in addition to CPU sampling data.
  • Extract P/E core consumption when CPU has E-Cores present regardless if we have collected Frequency data.

Dump

-Dump Stats

  • Print CPU Topology for P and E Cores in NumberOfProcessors and SpeedMHz.

-Dump CPU

  • Dump Process Priority to CSV and print besides exe.

  • Enable sorting by process start time.

  • Added new SortyBy switches.

    • ReadyAvg
    • CSwitchCount
  • Added -MinMaxCSwitchCount filter.

  • Added -MinMaxReadyAvgus fiilter.

  • Print extra output when -Details is present.

    • Display Ready Average and Context Switch count when -Details is used.
    • Added -Normalize to calculate CPU consumption normalized to nominal CPU frequency. This allows the comparison of the CPU consumption of methods which were running on the same machine with different CPU Frequencies.
    • Added option -NoReady and -NoFrequency to omit extended output when -Details is present.
    • Flag -NoReady will also disable printing Ready column data.
    • Ready Percentiles are printed for each method when -Details is used and input data did contain context switch events.
    • Average CPU Frequency per efficiency class and total CPU per efficiency class is printed along with the number of used cores
    • Export To CSV got new columns
      • Ready Min us
      • Ready Max us
      • Ready 5% Percentile us
      • Ready 25% Percentile us
      • Ready 50% Percentile us (Median)
      • Ready 90% Percentile us
      • Ready 95% Percentile us
      • Ready 99% Percentile us
      • Context Switch Count
      • CPU ms Efficiency Class 0
      • Average Frequency Efficiency Class 0
      • FrequencyRelativeToNominal % Efficiency Class 0
      • UsedCores Class 0
      • CPU ms Efficiency Class 1
      • Average Frequency Efficiency Class 1
      • FrequencyRelativeToNominal % Efficiency Class 1
      • UsedCores Class 1
      • Enabled Cores

Breaking

  • Add interface to IMemoryStats to clean up the API surface which was previously class based.

Fixes

  • When zerotime does not match print file name of not matching file.
  • #73. Disable concurrent stacktag extraction.
  • ETWAnalyzer.exe -dump version -missingpdb * reports too many PDBs as missing #71.
  • Reworked Test case detection to properly resolve host names from 3 ETW recording machines simultanously from test case file name pattern. (Contributed by Michy).
  • ArgumentException that process name cannot be null. Sometimes we get from already exited processes just the id but not the name. Use as process name the dummy name ExitedProcess.
  • GetProcessIndexByPidAtTime which would not return the index when process start or end time was given.

2.5.15

07 Dec 14:11
Compare
Choose a tag to compare
  • Extend extracted CPU context switch data with Ready Average time and context switch count.
  • Display Ready Average and Context Switch count when -Details is added.
    • Added new SortyBy switches
      • ReadyAvg (This number can tell you a lot about deep sleep states and explain when you suffer from (C6) CPU sleep states).
      • CSwitchCount
    • Added -MinMaxCSwitchCount filter
    • Added -MinMaxReadyAvgus fiilter
  • Add session filter for -Dump CPU/Exception/Memory
  • Support more than two machines from where ETW data was collected current limit was two machines. (Contribution by MichAtWork)
  • Dump CPU -SortBy StartTime can sort processes by start time instead of CPU which is the default
  • Fix for #73

2.5.14

06 Oct 13:11
Compare
Choose a tag to compare

Fixes

  • ETWAnalyzer.exe -dump version -missingpdb * reports too many PDBs as missing #71
  • IETWExtract.MemoryUsage does not return only read only properties. #65

Update versions

  • Microsoft.Diagnostics.Tracing.TraceEvent 3.0.6 -> 3.1.5
  • Microsoft.Windows.EventTracing.Processing.All 1.12.9 -> 1.12.10