193 lines
8.2 KiB
HTML
193 lines
8.2 KiB
HTML
|
<html xmlns:o="urn:schemas-microsoft-com:office:office"
|
|||
|
xmlns:w="urn:schemas-microsoft-com:office:word"
|
|||
|
xmlns="http://www.w3.org/TR/REC-html40">
|
|||
|
|
|||
|
<head>
|
|||
|
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
|
|||
|
<meta name=ProgId content=Word.Document>
|
|||
|
<meta name=Generator content="Microsoft Word 9">
|
|||
|
<meta name=Originator content="Microsoft Word 9">
|
|||
|
<link rel=File-List href="./readme_files/filelist.xml">
|
|||
|
<title>WMI Sample Filter Driver</title>
|
|||
|
<!--[if gte mso 9]><xml>
|
|||
|
<o:DocumentProperties>
|
|||
|
<o:LastAuthor>Alan Warwick</o:LastAuthor>
|
|||
|
<o:Revision>5</o:Revision>
|
|||
|
<o:TotalTime>3</o:TotalTime>
|
|||
|
<o:Created>2001-02-09T22:28:00Z</o:Created>
|
|||
|
<o:LastSaved>2001-04-28T20:19:00Z</o:LastSaved>
|
|||
|
<o:Pages>1</o:Pages>
|
|||
|
<o:Words>212</o:Words>
|
|||
|
<o:Characters>1210</o:Characters>
|
|||
|
<o:Company>Microsoft Internal</o:Company>
|
|||
|
<o:Lines>10</o:Lines>
|
|||
|
<o:Paragraphs>2</o:Paragraphs>
|
|||
|
<o:CharactersWithSpaces>1485</o:CharactersWithSpaces>
|
|||
|
<o:Version>9.4119</o:Version>
|
|||
|
</o:DocumentProperties>
|
|||
|
</xml><![endif]-->
|
|||
|
<style>
|
|||
|
<!--
|
|||
|
/* Font Definitions */
|
|||
|
@font-face
|
|||
|
{font-family:"MS Mincho";
|
|||
|
panose-1:2 2 6 9 4 2 5 8 3 4;
|
|||
|
mso-font-alt:"\FF2D\FF33 \660E\671D";
|
|||
|
mso-font-charset:128;
|
|||
|
mso-generic-font-family:modern;
|
|||
|
mso-font-pitch:fixed;
|
|||
|
mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
|
|||
|
@font-face
|
|||
|
{font-family:"\@MS Mincho";
|
|||
|
panose-1:2 2 6 9 4 2 5 8 3 4;
|
|||
|
mso-font-charset:128;
|
|||
|
mso-generic-font-family:modern;
|
|||
|
mso-font-pitch:fixed;
|
|||
|
mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
|
|||
|
/* Style Definitions */
|
|||
|
p.MsoNormal, li.MsoNormal, div.MsoNormal
|
|||
|
{mso-style-parent:"";
|
|||
|
margin:0in;
|
|||
|
margin-bottom:.0001pt;
|
|||
|
mso-pagination:widow-orphan;
|
|||
|
font-size:12.0pt;
|
|||
|
font-family:"Times New Roman";
|
|||
|
mso-fareast-font-family:"Times New Roman";}
|
|||
|
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
|
|||
|
{margin:0in;
|
|||
|
margin-bottom:.0001pt;
|
|||
|
mso-pagination:widow-orphan;
|
|||
|
font-size:10.0pt;
|
|||
|
font-family:"Courier New";
|
|||
|
mso-fareast-font-family:"Times New Roman";}
|
|||
|
@page Section1
|
|||
|
{size:8.5in 11.0in;
|
|||
|
margin:1.0in 65.95pt 1.0in 65.95pt;
|
|||
|
mso-header-margin:.5in;
|
|||
|
mso-footer-margin:.5in;
|
|||
|
mso-paper-source:0;}
|
|||
|
div.Section1
|
|||
|
{page:Section1;}
|
|||
|
-->
|
|||
|
</style>
|
|||
|
</head>
|
|||
|
|
|||
|
<body lang=EN-US style='tab-interval:.5in'>
|
|||
|
|
|||
|
<div class=Section1>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>This
|
|||
|
sample does not have a dedicated .inf file. The file inf.txt has information <o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>about
|
|||
|
the inf sections that need to be modified to the inf to which this filter
|
|||
|
driver <o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>is
|
|||
|
attached.<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>If you
|
|||
|
have trouble getting the perfmon counters to show up within sysmon<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>then
|
|||
|
check the following<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>1. Use
|
|||
|
Wbemtest.exe or generated vbs test scripts to query the class <o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><span
|
|||
|
style="mso-spacerun: yes"><3E><> </span>and obtain instances with valid data.<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>2. The class
|
|||
|
has the HiPerf and PerfDetail qualifiers <o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>3. Each
|
|||
|
property is a uint32, uint64, sint32 or sint64. Each property has <o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><span
|
|||
|
style="mso-spacerun: yes"><3E><> </span>a PerfDetail, DefaultScale and CounterType
|
|||
|
qualifier.<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>If the
|
|||
|
above steps do not help you may need to do the following:<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>1. Exit
|
|||
|
sysmon and stop the wmiapsrv service by typing "net stop wmiapsrv"<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>2. Go
|
|||
|
into the registry and delete the value <o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><span
|
|||
|
style="mso-spacerun: yes"><3E><>
|
|||
|
</span>HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\Providers\Performance\Performance
|
|||
|
Data<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>3.
|
|||
|
Restart the wmiapsrv service by typing "net start wmiapsrv"<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>4. The
|
|||
|
above registry value should be repopulated with data that includes<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><span
|
|||
|
style="mso-spacerun: yes"><3E><> </span>the text of you class name and properties.<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>The
|
|||
|
first time you click the add counters button in sysmon you will not see <o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>the WMI
|
|||
|
counters in the list. At this point you should open task manager<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>(by
|
|||
|
running taskmgr.exe) and wait until the winmgmt.exe process returns to<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>0% cpu
|
|||
|
utilization. Now click the add counters button again and you will<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>see the
|
|||
|
WMI counters in the list.<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>Also be
|
|||
|
aware that you should not start any drivers containing binary mofs<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>or use
|
|||
|
mofcomp.exe to compile in any mofs with WMI perfcounters while<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>sysmon
|
|||
|
is running.<o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
|||
|
|
|||
|
</div>
|
|||
|
|
|||
|
</body>
|
|||
|
|
|||
|
</html>
|