<html xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 9">
<meta name=Originator content="Microsoft Word 9">
<link rel=File-List href="./readme_files/filelist.xml">
<title>WMI Sample Filter Driver</title>
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
<o:LastAuthor>Alan Warwick</o:LastAuthor>
<o:Revision>5</o:Revision>
<o:TotalTime>3</o:TotalTime>
<o:Created>2001-02-09T22:28:00Z</o:Created>
<o:LastSaved>2001-04-28T20:19:00Z</o:LastSaved>
<o:Pages>1</o:Pages>
<o:Words>212</o:Words>
<o:Characters>1210</o:Characters>
<o:Company>Microsoft Internal</o:Company>
<o:Lines>10</o:Lines>
<o:Paragraphs>2</o:Paragraphs>
<o:CharactersWithSpaces>1485</o:CharactersWithSpaces>
<o:Version>9.4119</o:Version>
</o:DocumentProperties>
</xml><![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;
mso-font-alt:"\FF2D\FF33 \660E\671D";
mso-font-charset:128;
mso-generic-font-family:modern;
mso-font-pitch:fixed;
mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
@font-face
{font-family:"\@MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;
mso-font-charset:128;
mso-generic-font-family:modern;
mso-font-pitch:fixed;
mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Courier New";
mso-fareast-font-family:"Times New Roman";}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 65.95pt 1.0in 65.95pt;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US style='tab-interval:.5in'>
<div class=Section1>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>This
sample does not have a dedicated .inf file. The file inf.txt has information <o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>about
the inf sections that need to be modified to the inf to which this filter
driver <o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>is
attached.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>If you
have trouble getting the perfmon counters to show up within sysmon<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>then
check the following<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>1. Use
Wbemtest.exe or generated vbs test scripts to query the class <o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><span
style="mso-spacerun: yes"><3E><> </span>and obtain instances with valid data.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>2. The class
has the HiPerf and PerfDetail qualifiers <o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>3. Each
property is a uint32, uint64, sint32 or sint64. Each property has <o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><span
style="mso-spacerun: yes"><3E><> </span>a PerfDetail, DefaultScale and CounterType
qualifier.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>If the
above steps do not help you may need to do the following:<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>1. Exit
sysmon and stop the wmiapsrv service by typing "net stop wmiapsrv"<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>2. Go
into the registry and delete the value <o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><span
style="mso-spacerun: yes"><3E><>
</span>HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\Providers\Performance\Performance
Data<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>3.
Restart the wmiapsrv service by typing "net start wmiapsrv"<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>4. The
above registry value should be repopulated with data that includes<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><span
style="mso-spacerun: yes"><3E><> </span>the text of you class name and properties.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>The
first time you click the add counters button in sysmon you will not see <o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>the WMI
counters in the list. At this point you should open task manager<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>(by
running taskmgr.exe) and wait until the winmgmt.exe process returns to<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>0% cpu
utilization. Now click the add counters button again and you will<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>see the
WMI counters in the list.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>Also be
aware that you should not start any drivers containing binary mofs<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>or use
mofcomp.exe to compile in any mofs with WMI perfcounters while<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>sysmon
is running.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
</div>
</body>
</html>
