This is an updated tutorial of my Windows 7 here.
To get started you need the Windows Performance Tools Kit. Read here how to install it:
Now open a command prompt with admin rights and run the following commands:
For boot tracing:
xbootmgr -trace boot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP
Note, in Windows 8 it is safe to use the DRIVERS flag, the Windows 7 bug is fixed in Windows 8.
For shutdown tracing:
xbootmgr -trace shutdown -noPrepReboot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP
xbootmgr -trace standby -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP
xbootmgr -trace hibernate -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP
replace C:\TEMP with any temp directory on your machine as necessary to store the output files
All of these will shutdown, hibernate, or standby your box, and then reboot to finish tracing. After you login to your PC, the new startscreen is shown and you have to click to the desktop to see countdown timer. Again, wait until the timer finishes. Afetr you did this you should now have some tracing files in C:\TEMP.
Analyses of the boot trace:
To start create a summary xml file, run this command (replace the name with the name of your etl file)
xperf /tti -i boot_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_boot.xml -a boot
Now you see this picture.:
You have too look at the timing node. All time values are in ms.
The value timing bootDoneViaExplorer shows the time, Windows needs to boot to the desktop.
The value bootDoneViaPostBoot is the time (+10s idle detection) which Windows needs to boot completly after finishing all startup applications.
those values show you a summary.
The MainPathBoot Phase
So if the time takes too long for you, look inside the <PNP> node which driver is loading too slowly.
So if the SMSSInit Phase takes too long, try to get an graphic card driver update.
If you have too long WinLogonInit Time, open the etl file and scroll to the service graph and look for a long delay.
In this example the service SavService (Sophos Anti-Virus\SavService.exe) is part of the Plug and Play group and causes a delay because the service takes too long to start. Try to get an update for the hanging service or remove the software.
So if the ExplorerInit phase takes too long, make sure you minimize the services which use a lot of CPU power and make sure your AV Tool doesn't hurt too much. If it doesn't change the tool and try a different.
The PostBoot Phase
If post boot takes too long, reduce the number of running applications at startup with the help of msconfig.exe or AutoRuns.
if possible, you should always use the new Fast Startup/ hybrid Boot of Windows 8. At the end of this guide you'll learn how to analyze this new mode.
Analyses of the shutdown trace:
The shutdown is divided into this 3 parts:
To generate an XML summary of shutdown, use the -a shutdown action with Xperf:
xperf /tti -i shutdown_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_shutdown.xml -a shutdown
Open the XML and you see this:
It shows you the most relevant data.
<timing shutdownTime="23184" servicesShutdownDuration="1513">
The shutdownTime is in this example 23s. Stopping the services takes 1.5s which is fast.
Next you have an entry for all sessions. Starting with Vista, all services run in Session 0 (Session 0 Isolation) and each user gets his one Session (1,2,..,n).
sessionShutdown sessionID="1" duration="3321">
shows the time which it takes to stop all applications which the user is running. In this example it takes 3.3seconds.
sessionShutdown sessionID="0" duration="1513">
The value sessionShutdown sessionID="0" shows the servicesShutdownDuration. So you can see which service takes too long to stop.
In both cases expand the node and look at the shutdownDuration value.
It helps you to identify a hanging application are service.
To calculate the time spent in KernelShutdown, subtract the time that is required to shut down the system and user sessions from shutdownTime.
In my example:
KernelShutdown = 23184 - 3321 - 1513 = 18350
In this case the 18.35 seconds are very slow. In the <interval> you see an entry ZeroHiberFile which takes too long. In this expample the user enabled the Option ClearPageFileAtShutdown under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management to 1. This overrides the hiberbation file with 0 to delete personal data. This causes the huge slowdown. Setting this option to 0 would save 12.64 seconds of shutdown time.
That is all you need to analyze slow shutdown issues.
Analyses of the Hibernation trace::
To generate the XML, run this command:
xperf /tti -i hibernate_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_hibernation.xml -a suspend
Analyses of the Sleep/Resume trace::
xperf /tti -i standby_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_sleep.xml -a suspend
Open the XMLs and look for long BIOS init times and services/application which take very long to suspend and resume.
Windows 8 includes a new boot mode called Fast Startup or Hybrid Boot.
If this boot mode is slow, you have to run this command to trace the slowness:
xbootmgr -trace fastStartup -noPrepReboot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP
I've already explained how this mode works. First Windows shuts down the users, next Windows hibernates the kernel with all drivers and the services. Next the PC shuts down. Now Windows boots again, read the hibernation file and resumes all services and drivers and next you go to the Logon screen.
So we now need to view all 3 actions. So first look is the closing of apps and logging off the users takes too long. Create the shutdown XML with this command:
xperf -i fastStartup_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_shutdown.xml -a shutdown
Open it and you'll see this:
Note, that the file only shows the logoff of the user sessions. Here check which programs take long to close. The FlushVolume is writing open files/cache to the HDD.
Next, we must look if the hibernation is slowly. To generate the XML run this:
xperf -i fastStartup_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_hibernation.xml -a suspend
Open it and you'll see this:
Now the same applies like Hibernation. Look which services or drivers take a long time to suspend. Also note, that those values are in µs!
If those 2 steps are fine, we must look at the new Startup. To generate the XML run this:
xperf -i fastStartup_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_Boot.xml -a boot
Open it and you'll see this:
When you compare it to the normal boot, you see some differences. The PreSMSS and SMSSInit Subphases are gone. This is replaced with SystemResume. If this takes a very long time, open again the summary_hibernation.xml and look for devices are services which take long time to resume.
The rest of the boot is the same like the normal boot. If WinLogonInit are long, check the Group Policies and if you're restoring of network connections. And if PostExplorerPeriod is long, you also start too many desktop programs or your new Windows 8 apps take too long to load the data to show in the live tiles.
I hope, this helps you to fix your Performance issues with Windows 8.
The pictures Shutdown_cancel.png, Shutdown_picture.png and Boot_MainPathBoot.png were taken from this Windows On/Off Transition Performance Analysis Guide. Read it if you need more information.