So one of the questions that comes to mind every now and then in technical circles (and outside as well) is "Why doesn't it take so long for my machine to boot?". Just what's going on in there while these friendly, soothing graphics come up on the screen, and I wait and wait for a prompt to login?
Great question. I recently purchased a solid state drive for my laptop and after imaging it with Windows 7 and loading it all up with drivers and whatnot, I had the same question. So I went off an looked to find out what the 'deal' was.
So I went to the Windows Performance Analysis website and downloaded and installed the Windows 7 SDK, which includes the Windows Performance Toolkit (mainly, for this exercise, xbootmgr.exe and xperfview.exe.
(So xbootmgr will tell the kernel to start tracing at boot and tell Windows to restart so it can get on with the trace. So be prepared for the system to reboot you when you type this in and hit enter!)
Anway, after download and installation, I did the following from an elevated command prompt:
xbootmgr -trace boot -traceflags BASE+CSWITCH+DISK_IO_INIT
I did this in a directory where I had room for a couple hundred meg etl trace and it was nice and tidy so I didn't have to hunt for anything.
My system rebooted and as soon as I was presented with a command prompt, I logged in. After the shell came up, I had a window on my screen that basically counted down post boot tracing, for 120 seconds. When I see this I just let it do its thing.
After 120 seconds, it wraps all this data into an etl file named boot_BASE+SWITCH+DISK_IO_INIT.etl in the directory where I ran the command prompt.
After the system is done collecting its data and waiting on the prefetcher info and whatnot, I then go in and do the fun bit, open the ETL file with xperfview.
I immediately am drawn to the wide gap where nothing happens in my services list, from the 22 to 38 second mark. Turns out this is the ambient light sensor for my keyboards backlight. It takes the driver a bit of time to figure out the ambient light where I'm at to make a judgement call on if a backlit keyboard is needed. In Windows 7 there is a handy feature for services called "Automatic (Delayed Start)". I put the service into that state and rebooted and I saved 16 seconds on my boot time. A decent gain I think.
Now, this is a very, very rudimentary explanation of how to review an ETL file, something simple to look for, a beginners example. I highly recommend going further with ETL / WPT, as it is a very insightful glimpse into Windows system performance. To dig further, I've collected some links from a list that is floating around internally...
Performance toolkit (XPERF) log & analysis
The required steps to collect xperf logs on XP / Vista are as follows:
1) Download & Install the toolkit on a Vista/2008/Windows 7 machine.
The latest version of the Windows Performance Toolkit is part of the Windows 7 SDK (which is a huge download). The following blog has the steps to download the ‘bare minimum’ to get the WPT toolkit.
2) Copy the contents of the “C:\Program Files\Microsoft Windows Performance Toolkit” to a folder on Windows XP (or a USB memory stick).
3) Turn off the “No Execute” or ‘Execute Disable” security option for CPU in the BIOS (or if you cannot find the appropriate BIOS setting, add the following switch to the boot.ini file: noexecute=alwaysoff)
4) Either run xbootmgr from the command line, or use the XPerfUI utility which you can download from our codeplex website: http://xperfui.codeplex.com/
5) Copy the resulting .etl file to the Vista machine to use the xperfview GUI to open & analyze it. If a userenv log is generated under %windir%\debug\usermode, it can also be copied to correlate processes & times.
MSDN documentation link for the Windows Performance Toolkit:
Windows On/Off Transitions Solutions Guide (Diagrams)
On/Off Transition Performance Analysis of Windows Vista (Vulnerabilities)
Xperf UI – GUI wrapper for the Xperf command line tool
Also a good blog for more information
Two Minute Drill: Introduction to XPerf
More notes on xperf:
To show if there are any active loggers
To stop any active loggers
To view help on available flags
Xperf –providers i
Xperf –help providers
To trace any process ad hoc including cpu, disk and registry
Xperf –on diageasy+registry
<let the activity happen>
Then stop and merge the wmi / etl data into the log file
Xperf –d mytrace1.etl
To view the traces; (only works on Vista or Svr 2008 or later)
Use xperfview as the GUI
Special thanks to Fatih Colgar and Roger Southgate for comprising the "Performance Toolkit (XPERF) Log & Analysis" links and walk through.