Introduction

Motivation
Current approach
What we don't do

Operation

System requirements
Installation
Configuration

Motivation

Understanding a typical behavior of application can be beneficial in many fields, such as producing realistic simulations of real applications for benchmark testing, predicting future behavior of application based on common patterns etc.
In order to perform any statistical analysis, obviously the data must be collected first, and this is exactly a goal of current project. ABPA application can be installed on any Windows system (see System Requirements), and once configured, it will start collecting data about what different application running on your computer actually do. This generally refers to their use of system resourses: file access, virtual memory allocations, network activity etc. Having collected sufficient amount of such events, it can be analyzed offline, for purposes mentioned above.

Current approach

ABPA is able to record application's behavior by installing hooks on different Windows SDK system calls, this way any process can be monitored, and the solution is not limited to appications written in cetrtain programming language. The hooks mechanism uses Detours library created by Microsofl Labs, and is based on rewriting function addresses in memory of running process, this way no physical files are changed and applications that are not being monitored continue running intact.
The overhead of such hooks is also relatively low (some benchmarks may be provided later), in the real-time the events are only saved to the disk in binary format, and all time-comsuming processing is left to be implemented off-line.

What we don't do

The current system does not provide any statistical analysis of the data being collected, it's sole purpose is to capture and store the raw events.

System requirements

APBA should work with any 32-bit version of Windows, from Windows XP and later. It was validated on "Windows XP Professional", running on a laptop and performing all regular daily-work tasks.
Storage considerations: on average 22MB of output data was generated per hour.

Installation

Please refer to Installation page for step-by-step instuctions.

Configuration

Please refer to Configuration page for step-by-step instuctions.

Last edited Aug 11, 2008 at 11:59 AM by migo, version 5

Comments

No comments yet.