empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7718135bd6
fleet/orbit/tools/windows/profiling_process.md
Marcos Oviedo 4428d1e1aa
Adding windows profiling tool and documentation on how to use it (#12090) 
This relates to #11939 

This PR adds the test tool and procedure used to profile orbit and
osqueryd processes on Windows
2023-06-09 10:55:47 -03:00

776 B
Raw Blame History

Process profiling

To measure the CPU and memory consumption of a process in Windows, you can use the process_profile_tool.ps1 tool.

To use this tool, you just need to pass the process ID (PID) as an argument through the TargetPID parameter. The script will run and take samples every 10 seconds by default (this can be adjusted using the SampleIntervalInSecs" parameter). The script will stop taking samples either when the process finishes or when a key is pressed while the script is running. As a result, the script will generate two PNG files in the same directory, showing the CPU and memory consumption of the process.

Example execution below:

PS C:\code\PoCs> . .\process_profile.ps1 -TargetPID 32652
Key Pressed. Stopping script...
PS C:\code\PoCs>