Windows Performance Analysis Field Guide–Book Review

As someone who spends most of his time providing “IT support for IT support” one area I notice many IT people struggle with is performance diagnostics. Tools like Performance Monitor,  XPerf often aren’t utilized at all in the diagnostics process, or there is a lack of understanding how to best make use of them.

Windows Performance Analysis Field Guide is one of the best general-purpose books I’ve seen to-date covering the topic of Microsoft Windows Performance Diagnostics. (

This book covers essentials for those new to performance diagnostics, and has a selection of useful reference material, even more experienced engineers will gain value from.

Importantly this book starts with the basics:

  • Boot or shutdown problem?
  • Hardware or software hang?
  • Hardware diagnostics
  • High Processor or Disk Usage
  • Lack of Kernel Pool Memory
  • High Process Interrupts or DPCs
  • Processes terminating unexpectedly

The book then moves onto topics such as

  • General Slow System Performance
  • Common Environment / Hardware Induced Performance Issues
  • Power Usage Analysis
  • Hard Drive / Optical Drive Performance
  • Overheating
  • Windows Performance Analysis Industry Experts and Their Contact Information

The book continues with an excellent Performance Monitor Reference, covering all essential details and many tips to optimize both monitoring and processing of logs.

The 3rd chapter covers storage, covering

  • Initial indicators of poor disk performance
  • Storage & Hardware Industry Terminology
  • I/O Operations Per Second
  • Disk Capacity
  • Understanding and Measuring Disk Performance
  • Covers common misconceptions on disk queue length
  • Read/Write Ratios
  • The effects of I/O sizes
  • I/O Response Times
  • List of Disk Performance Analysis Tools
  • Disk Performance Analysis Experts and their Contact Information

In the fourth chapter we are looking at Process Memory. For those who have not read the Windows Internals Series, or lack an understanding of how Windows handles memory, this gives a good rapid intro on the most critical aspects relating to performance.

We see covered

  • Process Virtual Address Space
  • Identifying Applications That Run out of Virtual Address Space
  • Using the PAL Tool
  • Using VMMap
  • Using DebugDiag
  • How to collect information for a Microsoft Support Call
  • Identifying/adding Large Address Aware
  • 32-bit/64-bit Virtual Address Space
  • Virtual Memory and Paging Files
  • System.OutOfMemory Exception Errors
  • Guidance on using /3GB or increased user VA
  • Identify Leaking Process

Chapter 5 moves into Kernel Memory space, covering topics such as

  • Pool Paged
  • Pool Non Paged
  • System Page Table Entries (PTEs)
  • Troubleshooting Lack of PTEs
  • Monitoring Kernel Memory with ProcExp
  • Analyzing Kernel Memory with WPA
  • Analyzing Kernel Memory with PoolMon
  • Analyzing Kernel Memory with Kernel Debugger
  • Page Frame Number Databage/Physical Memory/Virtual Address Space
  • Kernel Memory Analysis Experts Twitter Handles

Chapter 6 covers System Committed Memory

  • How much is enough / too much
  • Using Performance Monitor
  • USing Process Explorer
  • Using WMI
  • Where did all System Committed Memory Go?
  • Treating Systems of High System Committed Memory
  • Case Study of High System Committed Memory

Chapter 7 talks about Page Files

  • Page File Sizing
  • Impact on Crash Dumps
  • Page File Related Performance Counters
  • Running without a page file
  • Tracking Page file with Resource Monitor / WPA / ProcMon
  • Pagefile Security

Chapter 8 covers physical memory:

  • Free Is Different Than Available Memory
  • Using Performance Monitor
  • Working Sets
  • Driver Locked Memory
  • Address Windowing Extensions (AWE)
  • How Physical Memory is Managed
  • Detected Bad Physical Memory
  • ReadyBoost
  • Prefetch
  • Superfetch
  • System Cache
  • Too much Physical Memory

In chapter 9 network is covered in a basic detail. This covers network utilization, NIC duplex settings, chattiness and latency. Unfortunately this section while covering network as a bottleneck, does not cover a very common scenario – identifying client application hangs related to poor server performance.

Chapter 10 – Processor

  • Using Task Manager / Performance Monitor / Resource Monitor / Process Explorer / Windows Performance Analyzer / Xperf
  • Processor Interrupts and DPC Events
  • Virtual Machine Considerations

Chapter 11 – Boot Performance

  • Common causes of poor boot performance
  • Using AutoRuns
  • Boot Trace with WPA
  • Analyzing Boot Trace with WPA
  • Boot Phases in WPA
  • Example of Bad Boot Trace with WPA


Chapter 12 – Performance Analysis of Logs (PAL Tool)

  • Using PAL wizard
  • Interpreting the report
  • Creating Threshold

In the appendix there is a brief overview of the tools used through the book, and a guide on collecting Process Memory Dumps.

This book in general provides a very good overview on the essentials of Windows diagnostics, in a concise manner and I’m glad to have it in my collection.

About chentiangemalc

specializes in end-user computing technologies. disclaimer 1) use at your own risk. test any solution in your environment. if you do not understand the impact/consequences of what you're doing please stop, and ask advice from somebody who does. 2) views are my own at the time of posting and do not necessarily represent my current view or the view of my employer and family members/relatives. 3) over the years Microsoft/Citrix/VMWare have given me a few free shirts, pens, paper notebooks/etc. despite these gifts i will try to remain unbiased.
This entry was posted in Book Review and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s