"Do the xperf tools support XP or Windows Server 2003?" is a frequently ask question. The answer is no mostly, and yes for a few things.
The next article in this series is Using the Windows Sample Profiler with Xperf
xperf.exe can be used on Windows XP SP2, and Windows Server 2003 for turning tracing on and of, and merge kernel trace data with user mode traces into a single ETL file. These operations are simply called "trace control". NOte that the ‘-stackwalk‘ switch is not supported on XP because its kernel doesn’t support capturing the stack on events, this is anew feature in the Vista kernel.
However, all operations that require trace decoding (and that’s almost everything else), must be done on Vista or Windows Server 2008. This includes viewing traces in the Windows Performance Analyzer tool (xperfview.exe).
The next question is this "The xperf tool kit installer doesn’t install the tools on XP or WS2003; how do I get the tools on those systems?"
The answer is simple: From a Vista or WS2008 installation copy xperf.exe and perfctrl.dll to the target system. This is all xperf needs to support trace control.
After you have generated an ETL file, you can then copy it to a Vista or WS2008 system for trace decoding.
For those of you interested in the long story….
Event Tracing for Windows was first introduced in Windows in 2000. Back then, the OS only supported a small number of events; very few other Window’s components used ETW. In those days, event logging with ETW was in its infancy and the people that wrote event consumers generally also wrote the code that produced the events, or worked closely with those that did.
Back in the day, many event providers and consumer’s simply used the same C/C++ data structures to produce and consume events. While simple, this sometimes broke because people wouldn’t version the events correctly when the event structure changed. In short, if the producer and the consumer code wasn’t kept in sync then things were busted. This got to be a real problem as ETW was used more broadly.
This problem was solved by using meta to describe events. This allowed event consumers to decode events without knowledge of the events binary format. This worked much better; it allowed the event provider author to change an event’s binary format without breaking the consumer. In the XP time frame MOF files were used to describe events. For example, you can find he kernel’s context switch event here.
Three things changed for Vista:
- The entire Windows build system was updated so that every component was described by an XML based manifest. This included describing ETW events. We deprecated the MOF format and all new events were authored with XML based descriptions in their manifests using the Event Manifest Schema.
- The use of ETW became very prevalent – many teams added event providers to their components and used them for Windows Event Logging (which is ETW based), performance work, diagnostics, and testing. For example, on my laptop, there are 985 registered ETW event providers. Use the "xperf -provider" command to see what is registered on your system.
- Our team decided to make a major investment in ETW based tools as did other teams around Windows. This meant that meta information for events was very important as it enabled event providers and the consumers to be more decoupled and cohesive.
But, this posed one problem for us: do we fully support trace decoding on both Vista and XP? Or just on Vista? It was technically possible to keep trace decoding working on XP, but this would require shipping some Vista components with the tools because the required trace decoding infrastructure is only present on Vista. Unfortunately, this isn’t possible for all kinds of business, legal, and some technical reasons. It would have also doubled our test matrix.
After much discussion, we decided it was an easily workable compromise to support trace collection on XP, and require Vista or WS2008 for all trace decoding operations.