The Windows Performance Toolkit comes with the Windows Assessment and Deployment Kit (Windows ADK). Learn where you can get the latest ADK and what to select to get the Windows Performance Toolkit. After installation is completed, find out where to locate the Windows Performance Recorder user interface (WPR-UI) and the Windows Performance Analyzer (WPA). This toolbox helps you analyze a Unity 3D game.
- [Instructor] Let's grab the tools we will need in order to analyze this virus, by going to the Windows ADK download site. ADK stands for the Windows Assessment and Deployment Kit and in this kit, are two tools that we will need. The first of these two tools, is the Windows Performance Recorder, which logs system events and generates a event tracing log file. Which is then opened and analyzed using the second tool, the Windows Performance Analyzer. These tools are commonly referred to as WPR and WPA, respectively.
With that said, let's click on the blue download button and save the ADK set-up executable. Once the set-up file is saved, locate it and double click to the start the installation menu. Click run on the prompt that comes up and the installation process is your typical one. Where we click on next and accept end user license agreements. Click no, to send anonymous usage data and then click next. This is the end user license agreement. So, let's accept this. And once we get to the components list, we want to uncheck everything, except the Windows Performance Toolkit.
So, let's uncheck all of these and let's make sure we only check Windows Performance Toolkit. Once checked, click install. Click yes on any prompts that come up. Once installation process is done, let's click on close and now let's locate the Windows Performance Toolkit, which has the Windows Performance Recorder and the Windows Performance Analyzer. It's in our program files, Windows Kits, and here you will see different folders label, A, A.1, and 10, in your Windows Kit folder.
I'm going to click on 10 for Windows 10. Click on the folder for your operating system and in that, there's the Windows Performance Toolkit folder. If we scroll to the bottom, we can see this WPR UI executable file. Let's right click on this and select create shortcut, to create a desktop shortcut. Click yes, we create a desktop shortcut for the Windows Performance Recorder, so we don't have to navigate to this folder every time we want to collect system events. Let's do the same for the WPA executable and create a shortcut for easier access.
WPA is the Windows Performance Analyzer. Click yes, now we need to configure our system, to point to the Microsoft symbol server. This step is so we can see the function names that are being called by applications, like the virus. To do this, let's go to our control panel and for the view by, click on small icons, then click on system, then advanced system settings.
Then, environment variables, and under the system variable section, click on new. And for the variable name, we're going to put _NT_Symbol_Path. And for the value, we're going to put this. What this does, is it will grab from the Microsoft symbol server and save it to our local folder C drive slash symbols. Once you've entered this value, click okay.
Then, under the system variable section again, let's click on new, and for the variable name, let's put _NT_Symcache_Path. And then for the variable value, put C Drive slash symcache. The C Drive slash symcache folder will be generated for us automatically. Once done, click okay, then let's click okay, and okay one more time. And that's the Windows Performance Toolkit installed and set-up.
We now have quick access to these two tools that we will need for virus analysis.