193 lines
8.2 KiB
HTML
193 lines
8.2 KiB
HTML
<html xmlns:o="urn:schemas-microsoft-com:office:office"
|
||
xmlns:w="urn:schemas-microsoft-com:office:word"
|
||
xmlns="http://www.w3.org/TR/REC-html40">
|
||
|
||
<head>
|
||
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
|
||
<meta name=ProgId content=Word.Document>
|
||
<meta name=Generator content="Microsoft Word 9">
|
||
<meta name=Originator content="Microsoft Word 9">
|
||
<link rel=File-List href="./readme_files/filelist.xml">
|
||
<title>WMI Sample Filter Driver</title>
|
||
<!--[if gte mso 9]><xml>
|
||
<o:DocumentProperties>
|
||
<o:LastAuthor>Alan Warwick</o:LastAuthor>
|
||
<o:Revision>5</o:Revision>
|
||
<o:TotalTime>3</o:TotalTime>
|
||
<o:Created>2001-02-09T22:28:00Z</o:Created>
|
||
<o:LastSaved>2001-04-28T20:19:00Z</o:LastSaved>
|
||
<o:Pages>1</o:Pages>
|
||
<o:Words>212</o:Words>
|
||
<o:Characters>1210</o:Characters>
|
||
<o:Company>Microsoft Internal</o:Company>
|
||
<o:Lines>10</o:Lines>
|
||
<o:Paragraphs>2</o:Paragraphs>
|
||
<o:CharactersWithSpaces>1485</o:CharactersWithSpaces>
|
||
<o:Version>9.4119</o:Version>
|
||
</o:DocumentProperties>
|
||
</xml><![endif]-->
|
||
<style>
|
||
<!--
|
||
/* Font Definitions */
|
||
@font-face
|
||
{font-family:"MS Mincho";
|
||
panose-1:2 2 6 9 4 2 5 8 3 4;
|
||
mso-font-alt:"\FF2D\FF33 \660E\671D";
|
||
mso-font-charset:128;
|
||
mso-generic-font-family:modern;
|
||
mso-font-pitch:fixed;
|
||
mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
|
||
@font-face
|
||
{font-family:"\@MS Mincho";
|
||
panose-1:2 2 6 9 4 2 5 8 3 4;
|
||
mso-font-charset:128;
|
||
mso-generic-font-family:modern;
|
||
mso-font-pitch:fixed;
|
||
mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
|
||
/* Style Definitions */
|
||
p.MsoNormal, li.MsoNormal, div.MsoNormal
|
||
{mso-style-parent:"";
|
||
margin:0in;
|
||
margin-bottom:.0001pt;
|
||
mso-pagination:widow-orphan;
|
||
font-size:12.0pt;
|
||
font-family:"Times New Roman";
|
||
mso-fareast-font-family:"Times New Roman";}
|
||
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
|
||
{margin:0in;
|
||
margin-bottom:.0001pt;
|
||
mso-pagination:widow-orphan;
|
||
font-size:10.0pt;
|
||
font-family:"Courier New";
|
||
mso-fareast-font-family:"Times New Roman";}
|
||
@page Section1
|
||
{size:8.5in 11.0in;
|
||
margin:1.0in 65.95pt 1.0in 65.95pt;
|
||
mso-header-margin:.5in;
|
||
mso-footer-margin:.5in;
|
||
mso-paper-source:0;}
|
||
div.Section1
|
||
{page:Section1;}
|
||
-->
|
||
</style>
|
||
</head>
|
||
|
||
<body lang=EN-US style='tab-interval:.5in'>
|
||
|
||
<div class=Section1>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>This
|
||
sample does not have a dedicated .inf file. The file inf.txt has information <o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>about
|
||
the inf sections that need to be modified to the inf to which this filter
|
||
driver <o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>is
|
||
attached.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>If you
|
||
have trouble getting the perfmon counters to show up within sysmon<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>then
|
||
check the following<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>1. Use
|
||
Wbemtest.exe or generated vbs test scripts to query the class <o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><span
|
||
style="mso-spacerun: yes"><EFBFBD><EFBFBD> </span>and obtain instances with valid data.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>2. The class
|
||
has the HiPerf and PerfDetail qualifiers <o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>3. Each
|
||
property is a uint32, uint64, sint32 or sint64. Each property has <o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><span
|
||
style="mso-spacerun: yes"><EFBFBD><EFBFBD> </span>a PerfDetail, DefaultScale and CounterType
|
||
qualifier.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>If the
|
||
above steps do not help you may need to do the following:<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>1. Exit
|
||
sysmon and stop the wmiapsrv service by typing "net stop wmiapsrv"<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>2. Go
|
||
into the registry and delete the value <o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><span
|
||
style="mso-spacerun: yes"><EFBFBD><EFBFBD>
|
||
</span>HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\Providers\Performance\Performance
|
||
Data<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>3.
|
||
Restart the wmiapsrv service by typing "net start wmiapsrv"<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>4. The
|
||
above registry value should be repopulated with data that includes<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><span
|
||
style="mso-spacerun: yes"><EFBFBD><EFBFBD> </span>the text of you class name and properties.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>The
|
||
first time you click the add counters button in sysmon you will not see <o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>the WMI
|
||
counters in the list. At this point you should open task manager<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>(by
|
||
running taskmgr.exe) and wait until the winmgmt.exe process returns to<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>0% cpu
|
||
utilization. Now click the add counters button again and you will<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>see the
|
||
WMI counters in the list.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>Also be
|
||
aware that you should not start any drivers containing binary mofs<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>or use
|
||
mofcomp.exe to compile in any mofs with WMI perfcounters while<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'>sysmon
|
||
is running.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
<p class=MsoPlainText><span style='mso-fareast-font-family:"MS Mincho"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
|
||
|
||
</div>
|
||
|
||
</body>
|
||
|
||
</html>
|