File and Disk IO
Which apps are keeping that disk busy? What are they doing?
Does your app do efficient or chatty I/O?
What code is responsible?
Or is it the virus scanner!?
File I/O: Higher / application-level interaction with disk devices and \\UNC paths.
Disk I/O: Lower / hardware-level interaction with disk devices.
Minifilter: A Windows I/O filter driver for intercepting and processing File I/O (used by virus scanners, etc).
- Download and unzip MSO-Scripts.
-
MSO-Scripts\
TraceFileDiskIO Start
Launch the app. Exercise the code. -
MSO-Scripts\
TraceFileDiskIO Stop -
MSO-Scripts\
TraceFileDiskIO View
List all options:
-
MSO-Scripts\
TraceFileDiskIO -?
File I/O Timeline
WPA: File I/O application-level interaction with disk-like devices, organized by timeline.
Legend
File Name: The path of each file accessed.
Event Type: Create, Read, Write, QueryInfo, SetInfo, Flush, Close, Delete, ...
Count: The number of File I/O events.
Size: The amount of data transferred.
Stack: The execution call stack of the operation.
Disk I/O Timeline
WPA: Disk I/O hardware-level interaction with disk-like devices, organized by timeline.
Legend
I/O Type: Read, Write or Flush
I/O Init Stack: The application's execution stack which initiated the I/O for that file.
Count: The number of Disk I/O operations.
Size: The amount of data transferred.
I/O Time: The total time from initiation to completion, including queueing time.
Disk Service Time: The estimated time for completion based on IRP (I/O Request Packet) timestamps.
Complete Time: The time at which the IRP processing completed.
Priority: High, Normal, Low, Very Low
LEARN MORE: File and Disk I/O
- Windows File System I/O
- Disk and File I/O performance with ETW traces: Preliminary notes
- Disk and File I/O performance with ETW traces: Why is 'System' doing so much stuff?
- Disk and File I/O performance with ETW traces: Miscellany
- Improve app performance by reducing the use of memory and disk space
- Video: Defrag Tools: #44 - WPT - DiskIO Analysis
- Video: Defrag Tools: #45 - WPT - File & Registry Analysis
This script also captures minifilter activity.
A minifilter driver is a file system filter that intercepts and processes file system action requests. By intercepting the requests before/after they reach the intended target, the filter driver can extend or replace the functionality of the file system. Examples of file system filter drivers include: anti-virus, backup agents, and encryption/decryption products.
Since minifilters run code on most file I/O, their performance can significantly affect applications and the end-user experience. An ambitious (or poorly implemented) minifilter can slow the computer.
Tracing minifilter activity can add overhead and substantially increase the size of the trace file.
To disable its capture: TraceFileDiskIO Start -Lean
MiniFilter Delays
WPA: Chart/Table of MiniFilter Delays with Call Stack
LEARN MORE: Minifilters