KERNRATE
KERNRATE - Version: 5.2.3790.1101
KERNRATE [-l] [-lx] [-r] [-m] [-p ProcessId] [-z ModuleName] [-j SymbolPath] [-c RateInMsec] [-s Seconds] [-i [SrcShortName] Rate]
[-n ProcessName] [-w]
-a Do a combined Kernel and User mode profile
-av Do a combined Kernel and User mode profile and get task list and system threads info
-b BucketSize Specify profiling bucket size (default = 16 bytes, must be a power of 2)
-c RateInMsec Change source every N milliseconds (default 1000ms). Optional. By default all sources will be profiled simultaneously
-d Generate output rounding buckets up and down
-e Exclude system-wide and process specific general information (context switches, memory usage, etc.)
-f Process the collected data at high priority (useful on busy systems if the overhead is not an issue)
-g Rate Get interesting processor-counters statistics (Rate optional in events/hit), output not guarantied
-i SrcShortName Rate Specify interrupt interval rate (in events/hit)for the source specified by its ShortName, see notes below
-j SymbolPath Prepend SymbolPath to the default imagehlp search path
-k MinHitCount Limit the output to modules that have at least MinHitCount hits
-l List the default interval rates for supported sources
-lx List the default interval rates for supported sources and then exit
-m 0xN Generate per-CPU profiles on multi-processor machines, Hex CPU affinity mask optional for profiling on selected processors
-n ProcessName Monitor process by its name (default limited to first 8 by the same name), multiple usage allowed
-nv# N ProcessName Monitor up to N processes by the same name, v will print thread info and list of all running processes (optional)
-nd ProcessName Monitor process by name as debugger - stop all profiling on process exit and process data. See comments below
-ns ProcessName Monitor process by name, suspend its main execution thread after profiling done to prevent early exit, see comments below
-o ProcessName {CmdLine}Create and monitor ProcessName (path OK), Command Line parameters optional and must be enclosed in curly brackets
-ov# N ProcessName { } Create N instances of ProcessName, v will print thread info and list of running processes (optional), {command line} optional
-od ProcessName { } Create and monitor ProcessName as a debugger, same as in '-nd', see comment below
-odk ProcessName { } Create and monitor ProcessName as a debugger, kill the debuggee upon Kernrate exit
-os ProcessName { } Create and monitor ProcessName, suspend its main execution thread after profiling done, same as in '-ns', see comment below
-oi ProcessName { } Create ProcessName, wait for input idle (up to 10 seconds) before continuing (not affecting console processes)
-pv ProcessId Monitor process by its ProcessId, multiple usage allowed - see notes below, v (optional) same as in '-nv'
-pd ProcessId Monitor process by its ProcessId as a debugger, same as in '-nd', see comment below
-ps ProcessId Monitor process by its ProcessId, suspend its main execution thread after profiling done, same as in '-ns', see comment below
-q Synchronize kernrate with any monitored process exit (stop profiling immediately and process data)
-r Raw data from zoomed modules
-rd Raw data from zoomed modules with disassembly
-s Seconds Stop collecting data after N seconds
-t Display process list + CPU usage summary for the profiling period
-ts Display process list + CPU usage summary for the profiling period + running services info
-ts MaxTasks As above + Change the maximum no. of processes allowed in Kernrate's list to MaxTasks (default: 256)
-u Present symbols in undecorated form
-w Wait for the user to press ENTER before starting to collect profile data
-w Seconds Wait for N seconds before starting to collect profile data (default is no wait)
-wp Wait for the user to press enter to indicate that created processes (see -0 option) are settled (idle)
-wp Seconds Wait for N seconds to allow created processes settle (go idle), default is 2 seconds, (see the -o option)
-wx Wait for the user to press ENTER before exiting Kernrate. Useful for debug process mode or Kernrate created console processes
-wx Seconds Wait for N seconds before exiting Kernrate
-x Get both system and user-process locks information
-x# count Get both system and user-process locks information for (optional) contention >= count [def. 1000]
-xk# count Get only system lock information for (optional) contention >= count [def. 1000]
-xu# count Get only user-process lock information for (optional) contention >= count [def. 1000]
-yr filename Create a raw-data output file, tab delimited (filename optional)
-z module Name of module to zoom on (no extension needed by default) such as ntdll, multiple usage allowed, see notes below
-v Verbose Verbose Printout, if specified with no level the default is Imagehlp symbol information
-v [VerboseLevels] Verbose output where VerboseLevels:
- 0x0 None
- 0x1 Displays ImageHlp Operations
- 0x2 Displays Profiling Operations, Bucket Sharing Information Totals and Profile Interrupt Based CPU Usage
- 0x4 Displays Internals Operations
- 0x8 Displays Modules Operations
- 0x10 Displays Load/Unload Debug Events for Modules (Debug Mode Only)
- 0x20 Displays Detailed Sharing Information for Each Bucket and Bucket Sharing Information Totals
- 0x40 Displays Exception Debug Events (Debug Mode Only)
- Default value: 0x0
These verbose levels can be OR'ed.
Multi-Processes are allowed (each process ID needs to be preceded by -P except for the system process)
Typical multi-process profiling command line should look like:
kernrate .... -a -z ntoskrnl -z ntdll -z kernel32 -p 1234 -z w3svc -z iisrtl -p 4321 -z comdlg32 -z msvcrt ...
The first group of -z denotes either kernel modules and-or modules common across processes
The other -z groups are process specific and should always follow the appropriate -p xxx
The -z option requires to add the extension (.dll etc.) only if two or more binaries carry the same name and differ only by the extension
The '-g' option will attempt to turn on multiple sources. One source at a time profiling mode will automatically be forced
The '-i' option can be followed by only a source name (system default interrupt interval rate will then be assumed)
A '-i' option followed by a rate amount (no profile source name) will change the interval rate for the default source (time)
Profiling of the default source (Time) can be disabled by setting its profile interval to zero
With the '-n' option, use the common modules -Z option if you expect more than one process with the same name
The '-c' option will cause elapsed time to be devided equally between the sources and the monitored processes
The '-o' option supports redirection of input/output/error streams within the curly brackets. Each redirection character must be escaped with a '^' character
The '-nd' '-ns' '-od' '-os' options allow specifying 'v', '#' or any other valid sub-options, e.g. '-nsv# N ProcessName'
The '-pd' '-ps' options allow specifying the 'v' sub-option, e.g. '-psv ProcessId'
If debugging mode is selected ('-nd', '-od' or '-pd') the debuggee will not get killed upon Kernrate exit on WinXP and above, see also the '-wx' option
If suspend mode is selected ('-ns', '-os' or '-ps') Kernrate will attempt to resume the suspended thread after post processing is done
There is no guaranty as to the stability or behavior of the monitored process after that