I recorded an xperf trace. Can the trace contain passwords? (assuming that paths contain no password)
I see that upon hitting xperf -stop I have the following warning:
The trace you have just captured "C:\User.etl" may contain personally identifiable information, including but not necessarily limited to paths to files accessed, paths to registry accessed and process names. Exact information depends on the events that were logged. Please be aware of this when sharing out this trace with other people.
But it's pretty vague.
The commands I used to record the xperf trace are below (given by magicandre1981). I use Windows 7 SP1 x64 Ultimate.
REG ADD "HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management" -v DisablePagingExecutive -d 0x1 -t REG_DWORD -f
REM Install the Windows Performance Toolkit (http://social.technet.microsoft.com/wiki/contents/articles/4847.install-the-windows-performance-toolkit-wpt.aspx), open the command prompt with admin rights.
REM Now copy those commands in an empty .CMD file and run the CMD (as admin) before you try to start a program from the startmenu again:
xperf -on BASE+LATENCY+DISPATCHER+FILE_IO+FILENAME+NETWORKTRACE -stackwalk profile+CSwitch+ReadyThread+ProcessCreate+FileCreate+FileCleanup+FileClose+FileRead+FileWrite -buffersize 2048 -MaxFile 1024 -FileMode Circular -f Kernel.etl
xperf -start UserLogger -on Microsoft-Windows-Shell-Core:::'stack'+Microsoft-Windows-Shell-Shwebsvc:::'stack' -BufferSize 2048 -f User.etl
timeout -1
xperf -stop
xperf -stop UserLogger
xperf -merge User.etl kernel.etl SlowShell.etl
del user.etl
del kernel.etl
