Back to Docs
Recipes

Performance Profiling

Identify bottlenecks in your Nimbus-protected application with low-overhead instrumentation that respects your licensing layer.

Overview

Nimbus ships with a built-in sampling profiler that hooks into the loader's ETW consumer. It captures call stacks, IAT resolution latency, and syscall dispatch timing without adding measurable overhead to protected payloads.

Enabling the Profiler

Set the environment variable NIMBUS_PROFILE=1 before launching your protected binary. The profiler writes a compressed trace to %TEMP%\nimbus_trace.etl.

set NIMBUS_PROFILE=1
myapp_protected.exe --license-key <key>

Reading the Trace

Open the ETL file in Windows Performance Analyzer or convert it with the Nimbus CLI tool. Key columns include syscall SSN, wall-clock delta, and the owning module hash.

nimbus-cli trace parse %TEMP%\nimbus_trace.etl --format json

Common Bottlenecks

  • IAT resolution storms — lazy binding under Themida can spike first-call latency.
  • Hardware fingerprint collection — TPM and disk serial queries block for 15–40 ms on cold cache.
  • License validation round-trips — keep the offline grace cache warm to avoid network stalls.

Next Steps

Once you've identified hot paths, apply theIAT preload recipeor tune the fingerprint cache TTL in your license config.