This sample does not have a dedicated .inf file. The file inf.txt has information

about the inf sections that need to be modified to the inf to which this filter driver

is attached.

 

If you have trouble getting the perfmon counters to show up within sysmon

then check the following

 

1. Use Wbemtest.exe or generated vbs test scripts to query the class

   and obtain instances with valid data.

 

2. The class has the HiPerf and PerfDetail qualifiers

 

3. Each property is a uint32, uint64, sint32 or sint64. Each property has

   a PerfDetail, DefaultScale and CounterType qualifier.

 

 

 

If the above steps do not help you may need to do the following:

 

1. Exit sysmon and stop the wmiapsrv service by typing "net stop wmiapsrv"

 

2. Go into the registry and delete the value

   HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\Providers\Performance\Performance Data

 

3. Restart the wmiapsrv service by typing "net start wmiapsrv"

 

4. The above registry value should be repopulated with data that includes

   the text of you class name and properties.

 

The first time you click the add counters button in sysmon you will not see

the WMI counters in the list. At this point you should open task manager

(by running taskmgr.exe) and wait until the winmgmt.exe process returns to

0% cpu utilization. Now click the add counters button again and you will

see the WMI counters in the list.

 

Also be aware that you should not start any drivers containing binary mofs

or use mofcomp.exe to compile in any mofs with WMI perfcounters while

sysmon is running.