não, ele nunca contém os dados reais como um dump de memória, apenas o nome do arquivo ou a lista de processos.
Eu gravei um rastreamento do xperf. O rastreio pode conter senhas? (assumindo que os caminhos não contenham senha)
Vejo que, ao atingir xperf -stop
, tenho o seguinte aviso:
The trace you have just captured "C:\User.etl" may contain personally identifiable information, including but not necessarily limited to paths to files accessed, paths to registry accessed and process names. Exact information depends on the events that were logged. Please be aware of this when sharing out this trace with other people.
Mas é muito vago.
Os comandos que usei para gravar o rastreio do xperf são abaixo (dados por magicandre1981 ). Eu uso o Windows 7 SP1 x64 Ultimate.
REG ADD "HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management" -v DisablePagingExecutive -d 0x1 -t REG_DWORD -f
REM Install the Windows Performance Toolkit (http://social.technet.microsoft.com/wiki/contents/articles/4847.install-the-windows-performance-toolkit-wpt.aspx), open the command prompt with admin rights.
REM Now copy those commands in an empty .CMD file and run the CMD (as admin) before you try to start a program from the startmenu again:
xperf -on BASE+LATENCY+DISPATCHER+FILE_IO+FILENAME+NETWORKTRACE -stackwalk profile+CSwitch+ReadyThread+ProcessCreate+FileCreate+FileCleanup+FileClose+FileRead+FileWrite -buffersize 2048 -MaxFile 1024 -FileMode Circular -f Kernel.etl
xperf -start UserLogger -on Microsoft-Windows-Shell-Core:::'stack'+Microsoft-Windows-Shell-Shwebsvc:::'stack' -BufferSize 2048 -f User.etl
timeout -1
xperf -stop
xperf -stop UserLogger
xperf -merge User.etl kernel.etl SlowShell.etl
del user.etl
del kernel.etl