Jump to content
  • Advertisement
ApochPiQ

WinDbg Trivia Time!

This topic is 453 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I had a trivia question that has proven extremely difficult to answer via Google, so I figured I'd hive-mind it.

In WinDbg, when looking at a call stack, what is the significance of the tag <PERF> after a function's name? I assume it means something, but I'm at a total loss as to what.

Share this post


Link to post
Share on other sites
Advertisement

The first link is what I'm referring to, but it doesn't even begin to answer the question.

The second link is talking about the same word but in a slightly different context.

Share this post


Link to post
Share on other sites

Yeah, false positive. I removed it. I'm searching msdn trying to find some specifics on what it's marking.

From the chm:

460c5ac3c0.png

I think that may be all we get. The link goes back to the previously linked page that was not helpful.

Edited by Khatharr

Share this post


Link to post
Share on other sites

From the few other tidbits I can glean online, I see a few patterns.

  • The functions I've found all involved kernel performance counters. 
  • The functions all enter kernel mode
  • Where I find crash dumps, they have no stack trace below the function labeled <perf>. Stack frames and other useful tidbits are not available
  • Several reports show that they cannot view memory in their debugger below the <perf> flag.

Based on that, I'm guessing they're just frequently-used functions that reach into kernel mode.  They've likely been an issue in the past so the kernel team added performance counters to them to ensure they were the concern, then the removed all the typical things like stack frames and the debug nops and various system hooks, all in the name of getting the kernel-mode work done as quickly as possible.

Share this post


Link to post
Share on other sites

It's a compelling theory, but there's one wrinkle: the code involved has no kernel function calls, no syscall instructions, stack frame/unwind metadata is available, and the debugger itself seems to be able to do everything correctly. :-/

Share this post


Link to post
Share on other sites

The link above is correct. "<PERF> means the binary was built with certain performance optimizations". Specifically, this is referring to BBT, where an address is associated with a particular symbol but it doesn't have a valid offset from that symbol.

Share this post


Link to post
Share on other sites

Aha! That blows it wide open - I now understand exactly what is going on. Thanks!

 

For posterity: I'm generating my own PDB files, and slowly working on making them compatible with various debuggers. Visual Studio is happy with the symbols I emit, but WinDbg has been elusive. Now that I know exactly what the data is missing, and what WinDbg is trying to tell me, I can fix it :-)

Share this post


Link to post
Share on other sites

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!