Hello All,
I am in the process of doing some kernel only performance profiling.
For example, profiling of network fileservice,
network->protocol->tdi->srv->ntfs->disk and back out again.
I have been using VTune, but like always, I get a boatload of samples
in general os modules like ntoskrnl and hal. I would like to try to correlate the
cycles in some of those functions further up to a calling module.
It seems like the simplest way initially to do this is hook out the kernel api function,
log the caller into a bucket based on module address range and jump back in.
The only thing I found on the web to do this was a program called kapimon,
which certainly appears to be close to what I was thinking about.
Problem is that I cant get it to work on Server 2003, it requires a specific entry
prolog in the function to be hooked, and has no source (which could be updated/fixed).
Anyone know of any other tools/freeware available to do this?
I don’t think initially it would be too difficult to slap together a little driver code and
manually hook a few kernel functions via windbg to jmp out/in, but maybe there is
a more elegant way to do this?
The one thing I thought of was maybe renaming ntoskrnl and adding a
wrapper module in its place that would trace and then call into the renamed module.
Has anyone tried this? Would this be possible with hal.sys?
Thanks for any suggestions,
Colin