Windows Performance Analyzer

As I continue to transfer things from my HP laptop to my MacBook Pro, I find myself getting pretty annoyed at the boot times of the HP and the constant disk activity.  I thought maybe it was Avast!, my anti-virus program, causing some of the trouble.  It was using a fair amount of disk activity according to Windows Resource Monitor.  Since I can’t keep it disabled during a restart to test the idea, I uninstalled it.  The long boot time persisted.

I ran msconfig and enabled Diagnostic startup.  The resulting boot time was much improved.  I mean MUCH improved.  To me, boot time is the time it takes from turning the machine on until the constant (or near constant) disk activity ends.  My reasoning is that even though the desktop shows, if the hard drive is thrashing, I cannot really do anything useful because of the extreme delay in launching anything.  The keyboard is also not very responsive during such times so in reality, it’s pretty much unusable until the drive finally stops.  That being said, the boot times I list don’t necessarily give me that.  Sometimes the hard disk continues to go even after the official boot is over.

I wanted to see what was causing the huge delay.  I have previously read about Windows Performance Analysis Tools (or Windows Performance Analyzer) but never found a good source to tell me how I use it to measure boot time.  I know it does other things too but that’s really the only thing I care about at the moment.

The MSDN site doesn’t put it into simple enough terms for me to really get.  For example, their detailed walkthrough didn’t tell me anything about boot time and the things they did write didn’t help me a whole lot.  Fortunately, I finally found a post that made sense at http://superuser.com/questions/104820/microsoft-performance-analysis-how-do-i-know-when-the-boot-process-is-done.

The download link for the analyzer can be found at http://msdn.microsoft.com/en-us/performance/cc752957.  Installation instructions can be found on many sites, including http://social.technet.microsoft.com/wiki/contents/articles/4847.aspx.  Basically, you don’t need to install the whole Windows Software Development Kit (SDK).  You only need Windows Performance Toolkit but you have to download the whole SDK to get that installation option.

An explanation of the options and flags of the Windows Performance Analyzer can be found at http://msdn.microsoft.com/en-us/library/windows/desktop/ff191001(v=vs.85).aspx.

To get a baseline for comparison:

  • I opened a command prompt
  • typed cd\temp (to go to the temp directory)
  • typed xbootmgr -trace boot -traceFlags base+cswitch+compact_cswitch -postDelay 180 -numRuns 5

That takes what the post on superuser suggested and adds a longer delay and runs it five times in succession.  The default delay is 120 seconds but my boot seems longer than that so I gave it an extra 60 seconds.  Running it five times gives me a better average than running it just once.

Also following the post, to read some meaningful results:

  • I opened a command prompt
  • typed cd\temp
  • typed xperf -i “boot_base+cswitch+compact_cswitch_1.etl” -o boot_1.xml -a boot (for each file, changing the number as necessary; using the up arrow key which repeats the previous command makes that easy)
  • opened the boot_1.xml file in Internet Explorer
  • searched for PreSMSS (using CTRL-F)
  • collapsed that tree and the following four trees
  • read the interval endTimes

The post explained that the boot process consists of five stages – PreSMSS, SMSSInit, WinLogonInit, ExplorerInit, and PostExplorerPeriod.  It said, “The end of ExplorerInit means the desktop is displayed” and that PostExplorerPeriod is the last phase, ending when the system accumulates 10 seconds of 80% or more idle time.  So the bottom line is that the boot time is the endTime of the PostExplorerPeriod minus 10 seconds (10000 ms).  Also note you really need to have Windows configured to automatically log in so that doesn’t skew the tests.

It gave me an error that said, “Gave up waiting for Win7RTM physical prefetcher after 300 seconds.”  I found a post at http://forum.sysinternals.com/xbootmgr-gave-up-waiting-for-win7rtm-physical_topic23586.html that talked about it.  The fix was at http://social.msdn.microsoft.com/Forums/en-US/wptk_v4/thread/447f8512-9a33-43bd-a1cf-f0ca25b4b33a.  It says to change HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SysMain using RegEdit.  The default value is 2.  The post says to change to 0 but I chose to change it to 3 instead.  My value did fix the problem.

The average ExplorerInit endTime of my five runs was 49.2 seconds.  The average PostExplorerPeriod endTime, subtracting the 10 seconds, was 123.9 seconds, which is just over 2 minutes.  That means the services, start-up items, whatever, takes an average of 74.7 seconds.  Put another way, I get to stare at my desktop and not do anything useful for 74.7 seconds.  That’s without an anti-virus installed.  I have a lot of patience but come on . . .  My MacBook Pro easily boots in less than 30 seconds – in a usable form and with a traditional 5400 RPM hard drive, not an SSD.

Running the five tests while in Diagnostic startup, the average ExplorerInit endtime was 39.2 seconds (10 seconds less than before) and the average PostExplorerPeriod endtime (minus 10 seconds) was 42.6 seconds (81.3 seconds less than before).  Much better numbers!

Now, to try to find the culprit(s), I selectively started to enable things.  I started by launching msconfig and going to the services tab.  I wanted to start with Microsoft’s stuff so I clicked on the Service heading to sort the list, then the Manufacturer heading and found there were 139 entries for Microsoft.  Ouch!  Of those, three were already selected (Group Policy Client, RPC Endpoint Mapper, and Task Scheduler).  I selected the first 20 unchecked Microsoft items (Windows Live ID Sign-In Assistant through Desktop Windows Manager Session Manager).  The first one is from “Microsoft Corp.” and the rest are from “Microsoft Corporation” which is why the first one isn’t in alphabetical order.  Because the results of each test are close, I decided to change the number of runs to three instead of five in the interest of time.  The average PostExplorerPeriod endTime (minus 10) was 45.4 seconds (up 2.8).  That was pretty good.

I enabled the next 20 unchecked Microsoft items (DHCP Client through Internet Connection Sharing (ICS)).  The average was 46.2 (up 0.8).  Still pretty good.

I continued enabling 20 at a time until I saw a significant difference in times.  It came when I enabled Security Center through UPnP Device Host.  The average was 57.4.  Something in there (or several things) caused a good 9 second delay from the previous 20 items.  I selectively unchecked some of them and reran the tests.

SQL Server (SQLEXPRESS) added 7.6 seconds.  It was installed with Microsoft Visual Studio; it doesn’t come with a standard Windows installation.  After unchecking that, I continued to enable a few things at a time and reran the tests.  I found the following items took a lot of time:

  • Windows Event Log – 6.2 seconds
  • Windows Management Instrumentation – 3.0 seconds
  • Windows Search – 3.7 seconds
  • WLAN Auto Config – 13.0 seconds
  • 3 Apple services – 2.3 seconds

I then slowly checked things in the Startup tab.  I found the following:

  • Google Update – 1.7 seconds
  • HP Quick Launch Buttons – 1.6 seconds
  • HP Wireless Assistant – 5.2 seconds
  • iTunes – 1.3 seconds
  • Microsoft Sidebar – 4.8 seconds

The rest of the items took less than a second each, sometimes significantly less.  In the end, many of the items are necessary but it goes to show that if you’re bugged by the time your system takes to boot, it can be worth taking a look at as there are definitely things I don’t need to run that I will be leaving turned off.