Windows Performance Analysis Field Guide - 1st Edition - ISBN: 9780124167018, 9780124167049

Windows Performance Analysis Field Guide

1st Edition

Authors: Clint Huffman
eBook ISBN: 9780124167049
Paperback ISBN: 9780124167018
Imprint: Syngress
Published Date: 12th August 2014
Page Count: 380
Tax/VAT will be calculated at check-out Price includes VAT (GST)
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
Price includes VAT (GST)
× DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


Microsoft Windows 8.1 and Windows Server 2012 R2 are designed to be the best performing operating systems to date, but even the best systems can be overwhelmed with load and/or plagued with poorly performing code. Windows Performance Analysis Field Guide gives you a practical field guide approach to performance monitoring and analysis from experts who do this work every day. Think of this book as your own guide to "What would Microsoft support do?" when you have a Windows performance issue.

Author Clint Huffman, a Microsoft veteran of over fifteen years, shows you how to identify and alleviate problems with the computer resources of disk, memory, processor, and network. You will learn to use performance counters as the initial indicators, then use various tools to "dig in" to the problem, as well as how to capture and analyze boot performance problems.

Key Features

  • This field guide gives you the tools and answers you need to improve Microsoft Windows performance
  • Save money on optimizing Windows performance with deep technical troubleshooting that tells you "What would Microsoft do to solve this?"
  • Includes performance counter templates so you can collect the right data the first time.
  • Learn how to solve performance problems using free tools from Microsoft such as the Windows Sysinternals tools and more.
  • In a rush? Chapter 1 Start Here gets you on the quick path to solving the problem.
  • Also covers earlier versions such as Windows 7 and Windows Server 2008 R2.


Network and systems administrators; IT professionals of all levels; companies that want to improve performance of Windows-based systems

Table of Contents

  • Dedication
  • Acknowledgments
  • Biography
  • Foreword
  • Introduction
    • Who should read this book?
  • Chapter 1: Start here
    • Abstract
    • Introduction
    • General slow system performance
    • Common environmental and hardware-induced performance problems
    • Conclusion
  • Chapter 2: Performance monitor
    • Abstract
    • Introduction
    • Basic usage
    • Performance counters
    • Data collectors
    • Tools
    • Conclusion
  • Chapter 3: Storage
    • Abstract
    • Introduction
    • Storage hardware and industry terminology
    • Disk capacity
    • Understanding and measuring disk performance
    • Disk performance analysis tools
    • Common causes, recommendations for poorly performing disks, and best practices
    • Conclusion
  • Chapter 4: Process memory
    • Abstract
    • Process virtual address space
    • What you need to know about an application's virtual address space
    • Identifying applications that run out of virtual address space
    • How to determine the maximum virtual address space for an application
    • Identifying application virtual address space problems using performance monitor and the application event log
    • Identifying application virtual address space problems using the PAL tool
    • Investigating application virtual address space problems using VMMap
    • About debugdiag
    • Preparing for a call with microsoft support
    • Dealing with 32-bit applications that run out of virtual address space
    • Identifying and adding large address aware
    • The concept and advantages of virtual memory
    • 32-bit (× 86) virtual address space
    • 64-bit (× 64) virtual address space
    • Many processes, one kernel
    • How can each application have a private 8 TB on a system with 4 GB of physical memory?
    • Virtual memory and paging files
    • Reserved, committed, and free memory
    • Identifying application out of virtual address space conditions
    • Read this if you are considering /3GB or IncreaseUserVa
    • Identifying processes leaking system committed memory
    • Troubleshooting processes leaking system committed memory using Sysinternals VMMap
    • Troubleshooting processes leaking system committed memory using debug dumps
    • Treating the symptoms of process committed memory leaks
    • Conclusion
  • Chapter 5: Kernel memory
    • Abstract
    • Introduction
    • What you need to know about kernel (system) memory
    • Initial indicators of pool paged and pool nonpaged kernel memory
    • 64-bit (x64) versions of Windows and Windows Server
    • Troubleshooting a lack of PTEs
    • Monitoring kernel memory using process explorer
    • Analyzing kernel memory using WPA
    • Analyzing kernel memory using poolmon.exe
    • Installing a kernel debugger
    • Analyzing kernel memory with a kernel debugger
    • The page frame number database, physical memory, and virtual address space
    • Read this if considering the /3GB switch or increaseUserVa
    • Conclusion
  • Chapter 6: System committed memory
    • Abstract
    • Introduction
    • The system commit limit
    • Monitoring system committed memory with task manager
    • Monitoring system committed memory with performance monitor
    • Monitoring system committed memory with sysinternals process explorer
    • Monitoring system committed memory with windows management instrumentation
    • Where did all of the system committed memory go?
    • Treating the symptoms of high system committed memory
    • A case study of system committed memory
    • Conclusion
  • Chapter 7: Page files
    • Abstract
    • Introduction
    • Page file sizing
    • Systems with a low amount of physical memory
    • Systems with a large amount of physical memory
    • System crash dumps
    • Automatic memory dump
    • System committed memory and paging files
    • System-managed paging files
    • Dedicated dump files
    • What is written to a page file?
    • Other crash dump-related registry keys
    • Other page file-related performance counters
    • Multiple page files and disk considerations
    • Running without a page file
    • Should the page file be moved from C: drive?
    • Page file fragmentation
    • Tracking page file reads and writes
    • High security? Consider cleaning the page file
    • Conclusion
  • Chapter 8: Physical memory
    • Abstract
    • Introduction
    • Free memory is different than available memory
    • Identifying a low-available-physical memory condition using performance monitor
    • Identifying a low available physical memory condition using task manager
    • Identifying a low-available physical memory condition using resource monitor
    • Monitoring for low-memory conditions using scripting
    • Where did all of the physical memory go?
    • Process working sets
    • Minimum working sets
    • Driver-locked memory
    • Address windowing extensions (AWE)
    • Locking memory with microsoft SQL server
    • Out of physical memory, but not out of committed memory
    • How physical memory is managed
    • Detecting bad physical memory
    • Page faults
    • Hard page faults and disk performance
    • Sizing physical memory
    • ReadyBoost
    • Prefetch
    • Superfetch
    • System cache
    • Too much physical memory and power considerations
    • Conclusion
  • Chapter 9: Network
    • Abstract
    • Introduction
    • Initial indicators
    • Measuring the slowest node and black hole routers
    • Monitoring network utilization using performance monitor
    • Monitoring network utilization using task manager
    • Monitoring network utilization using resource monitor
    • Detecting NIC duplex settings
    • Chattiness and latency
    • Conclusion
  • Chapter 10: Processor
    • Abstract
    • Introduction
    • Identifying high processor usage using task manager
    • Searching the file system for a process's executable file
    • Identifying high processor usage using performance monitor
    • Identifying high processor usage using resource monitor
    • Identifying high processor usage using process explorer
    • Introducing the microsoft windows performance analyzer
    • Introducing Microsoft Xperf.exe
    • Capturing and analyzing processor interrupts and DPC events using the windows performance toolkit
    • Capturing and analyzing user mode processor events using the windows performance toolkit
    • Capturing processor events using microsoft WPR
    • VM considerations
    • Conclusion
  • Chapter 11: Boot performance
    • Abstract
    • Introduction
    • Common causes of poor boot performance
    • Startup impact in task manager
    • Using Autoruns to validate startup drivers, services, and applications
    • Recording a boot trace using windows performance recorder
    • Analyzing a boot trace using WPA
    • An example of a bad boot trace using the WPA
    • Conclusion
  • Chapter 12: Performance Analysis of Logs (PAL) Tool
    • Abstract
    • Introduction
    • Installation and prerequisites
    • Creating a counter log using a PAL template
    • Using the PAL wizard
    • Interpreting the report
    • Running the PAL tool without the PAL wizard
    • Examining the PAL log
    • How to create a threshold file for the PAL tool
    • Converting a Perfmon template to a PAL threshold file
    • Conclusion
  • Appendix A: Tools
    • Debug diagnostic tool (Debugdiag) v2.0
    • Microsoft network monitor 3.4 (Netmon)
    • PathPing
    • Performance monitor (Perfmon)
    • Poolmon
    • Process explorer
    • Process monitor
    • RAMMap
    • Resource monitor (Resmon)
    • Microsoft server performance advisor
    • Task manager
    • TCPView
    • VMMap
    • Windows debugger (WinDBG)
    • Windows performance analyzer
  • Appendix B: Collecting Process Memory Dumps
    • Using task manager
    • Using debugdiag
    • Using ADPlus
    • Using ProcDump
    • Using windows error reporting
    • Using process explorer
    • Using WinDBG
    • Verifying the process memory dump file
  • Appendix C: Debug symbols
    • Introduction
    • Using symbol paths
    • Creating symbols
    • Symbols and security concerns
    • Managing symbol files using symbol servers
  • Index


No. of pages:
© Syngress 2015
eBook ISBN:
Paperback ISBN:

About the Author

Clint Huffman

Clint Huffman is a Senior Premier Field Engineer in Microsoft’s Premier Field Engineering (PFE) group, where he focuses on Microsoft BizTalk Server, IIS, and Windows performance analysis. Clint is also an author and master trainer for the Microsoft Vital Signs: Performance Monitoring Windows Server workshop. This workshop teaches students the fundamentals of Windows architecture and how to identify performance conditions using performance counters. Clint has been with Microsoft since 1999, and has worked as a Microsoft Internet Information Services (IIS) support professional, as well as serving in Microsoft Services Labs, where he helped customers test their applications to identify performance bottlenecks.

Affiliations and Expertise

Senior Premier Field Engineer at Microsoft