← Docs

Recipe: Performance calibration prep doc

A reproducible checklist for benchmarking Meridian's loader pipeline before shipping a release candidate.

1. Environment freeze

  • Windows 11 23H2 VM, 4 vCPU, 8 GB RAM, no other userland agents.
  • Disable Defender real-time scanning via GPO for the test window.
  • Pin Nimbus loader version and payload hash in a lockfile.

2. Cold-start metrics

  • Reboot, log in, wait 60 s for background settle.
  • Launch loader 10×; discard first 2 runs (OS cache warm).
  • Record mean ± σ for: process start → DllMain return.

3. Hot-reload delta

  • Keep process alive; trigger update check 20× at 5 s intervals.
  • Measure CDN round-trip + signature verify + section remap.
  • Flag any run exceeding 2σ of the cold-start mean.

4. Anti-tamper overhead

  • Toggle self-hash, IAT walk, and debugger scan independently.
  • Each toggle: 10 runs, record median added μs.
  • Budget: combined overhead < 15 ms on reference hardware.

5. Sign-off criteria

  • Zero crashes in 100-cycle soak.
  • No ETW event from Microsoft-Windows-Threat-Intelligence.
  • Payload Authenticode chain intact post-remap.

Store raw CSV logs in ci/artifacts/<build-id>/perf/. Compare against the baseline committed in ci/baselines/perf.json.