Event Tracing for Windows (ETW) and xperf

On Linux, we have the excellent and widely known perftools suite for reading any imaginable kernel counters that might be relevant for performance. A little less well-known is the fact that Windows sports an equally excellent free performance toolset, namely the ETW and xperf tools, also known as the Windows Performance Toolkit (WPT). ETW traces can show the total system behavior, and that is how different processes influence themselves. We can use it in more difficult performance analysis cases where we need information from Windows kernel and hardware.

The acronyms that are used in connection with ETW can be a little perplexing, so we will explain them in more detail. ETW, the acronym for Event-Tracing for Windows, contains the instrumentation of the key subsystems in the Windows kernel, a high-quality sampling profiler, and support for sending custom events from your software. WPT contains the xperf tool for recording traces and Windows Performance Analyzer (WPA)—a visualizer for collected performance data.