4

With xperf I can generate a trace and get a "flat" listing of all files read like so:

xperf -on FileIO+FILE_IO+FILE_IO_INIT+FILENAME -stackwalk FileRead+FileWrite+FileDelete

xperf -start FileIOSession -heap -PidNewProcess "C:\Python27\x86\python.exe scratchy.py" -WaitForNewProcess -BufferSize 1024 -MinBuffers 128 -MaxBuffers 512 -stackwalk HeapAlloc+HeapRealloc -f ./tempheap.etl

xperf -stop FileIOSession -stop -d fileio.etl

xperf -i fileio.etl -o fio_output.txt -a filename

Unfortunately, the fio_output.txt file contains a list of every file imaginable that was accessed (from my web browser, IDE, etc). More frustratingly, if I manually open xperfview and open the File I/O Summary Table, I can see my process (python.exe in this case) and the one file it reads (for test purposes) but can't seem to find a way to output that same data on the CLI which is what I need--an unattended, automated method of generating file access info.

Zadan
  • 71
  • 5

2 Answers2

1

If you want to view this data then you should load the trace into WPA, open the file I/O table, and arrange the columns appropriately. Since you want to group by process you should have the process column first, then the orange bar, and then whatever data columns you want.

If you want to export the data to programmatically parse it then you should use wpaexporter.exe, new in WPT 8.1. See this blog post which I wrote describing how to do this: https://randomascii.wordpress.com/2013/11/04/exporting-arbitrary-data-from-xperf-etl-files/ Using wpaexporter lets you decide exactly what data columns you want to export instead of being constrained by the limited set of trace processing actions that xperf.exe gives you.

Bruce Dawson
  • 3,284
  • 29
  • 38
0

I suspect you can get this data out from tracerpt.exe instead - I'd give that a try

Ana Betts
  • 73,868
  • 16
  • 141
  • 209
  • 1
    I don't see how it helps the problem of tracking I/O from only a single process (and it's children). – Zadan Aug 08 '13 at 04:03
  • If you can dump the data via tracerpt.exe into a CSV, then it's a simple matter of grepping on the PID. – Ana Betts Aug 08 '13 at 08:47
  • 1
    tracerpt has the same problem - I can specify a provider, but in only a short time I'll be drowning in data. I need to be able to filter before the data hits disk, or I'll literally run out of disk space. My use case is for monitoring read/write I/O done during a build, which can last up to 2-hours. And it so happens that my VMs don't have terabytes of free space. – Zadan Aug 10 '13 at 05:03
  • This is legit - so, one thing you could do is write a real-time ETW consumer (http://msdn.microsoft.com/en-us/library/windows/desktop/aa363692(v=vs.85).aspx) and throw out the uninteresting data in-memory so that you don't end up logging so much – Ana Betts Aug 10 '13 at 09:23
  • @Zadan how did you end up solving this problem? – Warren Jun 21 '22 at 01:37
  • @Warren never did. – Zadan Jun 15 '23 at 03:16