Analyzing system behavior: how the operating system can help
Never touch a running system! This proverb is essentially true when dealing with complex mature software systems that have been run for years. When it comes to modifying certain aspects due to performance enhancements or to customer needs, maintainers spend quite significant time to understand the behavior of the whole system. As is practice today, only static documentation is available for such systems which is unsuitable for understanding the behavior. In this paper, we present the Windows Monitoring Kernel (WMK), a custom-built version of the latest Windows 2003 Server operating system that includes a finegrained logging infrastructure for arbitrary operating system (OS) kernel events. These events are suitable for monitoring a system's behavior at runtime. The WMK infrastructure is complemented by a reporting tool that visualizes these events and displays their dependencies with respect to some aspects. Furthermore, the WMK provides the possibility to use these events for understanding application behavior running in the Windows operating system.
Full Text: PDF