!This program cannot be run in DOS mode.
�Rich_
`.data
@.reloc
msvcrt.dll
ntdll.dll
RPCRT4.dll
API-MS-Win-Core-ErrorHandling-L1-1-0.dll
API-MS-Win-Core-Heap-L1-1-0.dll
API-MS-Win-Core-Interlocked-L1-1-0.dll
API-MS-Win-Core-LibraryLoader-L1-1-0.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-Win-Core-Misc-L1-1-0.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
API-MS-Win-Core-Profile-L1-1-0.dll
API-MS-Win-Core-Synch-L1-1-0.dll
API-MS-Win-Core-SysInfo-L1-1-0.dll
API-MS-Win-Core-ThreadPool-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
PerfpSetServiceState
PerfpServiceMain
PerfpOpenProvider
PerfCollectData
Collect
PerfpRpcIfCallback
PerfpCleanupServer
PerfpGetClientAuthId
PerfHost.pdb
u"SShI
VW8C1t"j
_wcsicmp
memset
_vsnwprintf
memcpy
__wgetmainargs
_cexit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
msvcrt.dll
?terminate@@YAXXZ
_except_handler4_common
_controlfp
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
EtwEventUnregister
EtwEventRegister
RtlFreeHeap
RtlAllocateHeap
EtwEventWrite
RtlNtStatusToDosError
NtClose
NtQueryInformationToken
NtOpenThreadToken
RtlExpandEnvironmentStrings
ntdll.dll
NdrServerCall2
RpcImpersonateClient
RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingInqAuthClientW
RpcServerUnregisterIf
RpcBindingVectorFree
RpcEpUnregister
RpcEpRegisterW
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcRevertToSelf
RPCRT4.dll
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
API-MS-Win-Core-ErrorHandling-L1-1-0.dll
HeapSetInformation
API-MS-Win-Core-Heap-L1-1-0.dll
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
API-MS-Win-Core-Interlocked-L1-1-0.dll
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleA
API-MS-Win-Core-LibraryLoader-L1-1-0.dll
RegCloseKey
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-Win-Core-Misc-L1-1-0.dll
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
QueryPerformanceCounter
API-MS-Win-Core-Profile-L1-1-0.dll
InitializeSRWLock
API-MS-Win-Core-Synch-L1-1-0.dll
GetTickCount
GetSystemTimeAsFileTime
API-MS-Win-Core-SysInfo-L1-1-0.dll
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
API-MS-Win-Core-ThreadPool-L1-1-0.dll
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
API-MS-WIN-Service-Core-L1-1-0.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="5.1.0.0"
processorArchitecture="x86"
name="Microsoft.Windows.Diagnosis.PerfHost"
type="win32"
<description>Performance Counter DLL Host</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
1T2X2\2h2p2t2x2|2
3$444 6$6d6h6
7-7]7c7j7p7
8<8B8G8^8k8y8
9&90979G9Z9`9f9
0-141_1
3 464A4H4\4i4
5�5(575=5H5O5]5c5i5v5~5
7<7G7R7
:):?:u:
;";(;-;2;7;<;B;J;W;r;{;
< <'<;<A<G<M<Z<`<i<
<$=0=6===F=L=T=Z=g=o=u=
>,?8?E?b?
13191?1E1K1Q1X1_1f1m1t1{1
24282T2X2t2x2
()RRl]
z}:0sJ
j["[,1
G3[[i)
>*cPZ}
`aK[t"tE
zu9T}~
zLr_q5Vf
[H6>?$
$C_)a$
TkcDsY'v
6!2'rr
N|G[^u
}_}Bc4a
82,~0^
c9$61Q1o
Rd|;_P
�A>yt`y
C)'H_{
3.%7J4
{FQ"J-B
,]*~+r
6B=irqn
#{(K4`O
{V0>Bj
6~;vU.[
z|.(aek
8!U~K#
|~.0LX
U&4<'Xd
z JP'L
--u]BQ
q$}zz+
{+ppb�-
^prK[+
ZB.x\vu"LM
WE~>BzHQvs
^\L_\v6
j&Q=ae@j
3AYGFn
fi?_Nk
w~-Z3(
cps+{zu
d5\r:7
|}!uQK
Yv[}7&
G2Uh^7
2E'4<(
NlUi!S]~%
p;8.%S
Gt[=o`h0
%e7r7DO
=hNVX!hYz>:
7bi[:G
1oop]?
ufDIPx
lF=xKP
!6]'[!
zVAlmF
NT)Lj*
-iDB<mL
:Q96NU
IP3Q{#}
%:rjf~
v"%bK4
AUeU&#s|
R_gD[_
ipO11G
x&%bq{A2
v'b%mJ
$>:)|C
.G+UU=,
t{(S'@
Cq.NSX
{W|cGa{
"Q<JmQ
N61<Vo
Cni*5q
.a[q6[~
RYw`e!
`UY~-$
Cv{TLPA
Ib!@Qz
B'=Ug0
VG1u*6
)B{=)C6c
$9"}S3
=Z)`Ez
ITMgk[R#
H{ZTWp
~#(W~=L]
L&Px@a
J>V{|;
|~D3=I
r$pUZB
/Lby~&
xHN LY
k-�U/Uu
{]�><~Q
#g2^L0
X@^8hv(
wDk~Q4N
^v9hoSJ
44~T'K!'
^1 x5)
g&s?jo
_=aWdwX
B&p,1M
F&<\[N
`Vb\67
zQ,1gu
w oCQ)
N\03_C`J
R}\,}9
inH:Tf
hSj"6O
OU6,*g
LeeHf3[
od9^I:%
5=P0EH
*+]<~p
[7gU�V
?W'uEE
^}>xp,x
5X070[OUn
qE^sa;
Zaz,\8
@@`_jv
RZF@R%
[s@6&HY
v-KMz?
$@?n:W8
&XQc];F
bJuE=DJ
)N�gE|
{e2#lZ"
6qW\Oi'Y_
FdQ!h{2}k\g
[=peQy
9mqz[J
t1>8Zh
;Q Pz?
t0LE-a
qqv }H
6,n5DI
{A=/K5
,;^L\;
VN;#R<&M
YzXm^T
gN]l�&
=cuCK69
x\%Ys!Mh;
&K#9p?
O0<o(*R
r?6=SQU]r
l GOD/
r@Z>kp
sT113^
W[;SnTE
NHY98
Y[T5rp
^5w]!`
{0>K*?X
pv-mrT
j<v^nLH]G
85y�K6
U�nNbMA
qs%7xZ
{m8<{W{//
OV�k$U6
Bcs%IY
Tk#b{;s
S+\Lpj
Tj&9y0
898tN0%s
{DZv&?
3>qemG)
]CXQY:
-|uLe7E
|"PVMy[
tZr9aP
x&{_pp
y;wwvkiF?l
=.Sl`S
}.lEL\
n7K!'<
VJjdI"*U
rM{=d/juO
(Q1'_t
N\UNKf
>~�l~)
x^AWSVE
;'EF@9
CQH@@HcF5
J~~t?0
nKE|6/@
jep{Km
P3Qz`}
dCPX{T
;6)jP9
�H},~_
%�6pz{
Fn+]>u
KvkQkR(
| ?7vy
}je?3Z
I%?9p_
Xxb:7*
^-Jw8p
?dUz3u
cKDQzD
XQ]lgL[
vlHD&T
iX;|fX
q)ON4p
P!_eP8
cn'XWz#D
=]B;)t
.FpVPOa
|dR7+k+
G6r4v)
d/!<T(r
XCXGEn
jtQ{-I1
3&ew/<
Ym}+8j
T'50gwj
IF=lc.u
^D/[R,\
XKjY._.
gS@rlb
f wtG8?^
'Ys>nC
5(sWX"
WmrgC(R&
"\%{#z
T!Ti@p
|9R(?<G?
u0^-i�Ev5
Wm0dw7x
M$y#<X(^
-#)NV,
m3};>c
Z:AFR6
VUR5g<
9F[u9+g>s
H"tKmFn
j,h`7,
z"�edYy
G+3!G�
(v1zf\
uY~0bGuR>|@
z$~-{f
at=|�;
F|"O2<_
Z\H13p
G$7ukK?G
Fdj,5�&
wy WPgIH
eCOPI_
}c0*mA!V
,(Y_2[
J/&J_2
weH@|U
a\HcIUkd
s\_3"L
Q&#&*|G
,_br{!
bFJkM&
F <"+O
`/ibXg
tw9t1"
#uF?p$
=HuAIS
t}0tmgt
vl,h%R
,=eAzkT
GWRCku
18|\Ol
z0hnsS
r>onAW
b=05k
,+|k=4a
wmt+|=
Swb1GuNK
xpxTx=+
k@>Aj/E
G=(OTA
aC4eoH
h.)+".p
\fFkTt
y2T�hb
i}lq�t:FC
#YHM].+
eu )hB
Qd*)Yst
L]Qh:4
GdQpdK
ON$y1y
-[="2#
'S~4aE9
o5ka?Jh
FzhA}T
vPcwAMYXS^k
b?h4Ccq
uM#H�)w
MTZ)a:yc.
Ny(loh1@
7O0qQD2
quYqt�
Q<TzV.
5+`qi,
\1*Sao
TCL/vO
A&MBAh
#;-P/c
�*kUB[/
PA9o/*
{*1`r2
BY|p%F
Mu=Svz6
Hcml'E
K1:}:X
1WpOuR6
6QZ8+#
:YZoln
DbF;"#
= _6xh
5K`'A`
cbn(Z(
.6S}Mk
]QjspO
cGLtLn
N[dG::q
VIg`F-
5iIW k(
5y,%|1
ic6ZQ
5-f~fM
F9=3-k
MZcb^$
.})f:d
&:& [q
?dkG"\T
@NYyBm
Pt^G![EW
:.v;==
GU-8;5
L^4F]Xna
iHw#s@
;A+<.:
?StC4V
Tnnh�6t
3Bxl8q?�8
qUu&8u
j@v49(
`HCQ|w
QyRxF[jS
ba`_^]\[
210/.-,
w�t3;1E
nuC7`4
/vL)}\@
RZg'SC
}'cP8m
U1kZd@5#
aU8S#i{
U.IClk,_
HN)JGq
=f[)m-o
RVIC�k$
7s!tM0<
.UCK?|
}ksc**
o}5H'~
_J!x/`
R73{?3S
gSwz-k
<I,u|SQ
}rNH.Y
R<6]=8
_HL~qV
lAzU]+
48s`+,h\
W1P MC4
P2r7d`
0%js<*
=7Ki9U{
Jii|8[+
[{6>[L
?q/7ut
~R1�YcZl
h17+r9z
Ro1zl]
|:"Ut#Y
&1ao�nP
Z hnH�
)=J@869
]4*`GXyO
�}37p-
XsjRYIL
E'N&k3
I$>]em
Os:cu1Sk/h
x':[o\$
%}QLHR
.J]z`l
k�Se!<
v)v/v.>
{%jBMt
?FSTk+
fpL;CX�)
[UiJab5K
u�q+0s
&je9os
R(!? @
+?r1wv
+u*-0R
uNefK?
+|SAr:
vC~c`{
+%-{yl
Ef&Am\>T}
6Y~Hz~v
c&/ZFl
N|VGec
yU_Ofa
PyRWfo
!CkQ]B`
~;;hS=Q
{IO%]>_
kI72`$
=:Y!g8p
OJ|[7H
8`"]9@
a.�w{M
r�s~cv
}x*m|A
krZ9~9
%2"! a
X"uq[R{
f,W<,#
K$~}WM
n?v)l�GK
G3ArdN
7r v,B
{Os&Vi
)[NU~{
84?1b"
oM]=7J
]Jt{K]
=}j!hu
.`e|V6$
q$1nEP
rB<N0d
*%o>X1
eHhU*#
f+}:W,n
10H2#G
_dyA>f
$F^B38
z=zO*v
"BkTfH(t
6xq[gU
.'W7=$/
S"EF}F
^ZEm4tZ
7%Weur
c&*<Fa
>B`p*I
pg%OH%R
{dgyie
{HRmn7
5f!'Mk/R
"YJg.W
P~_t{~
W{p6op
=']1VH;
KZzSl)^
*29g;,<
9@G${B
8.=XX8
\-Z`4
wDey(:
,@33n/
@[(Pm(I
|xM*\k
&X{\yz
BCZPU)
|m:VWi
fXh3r/
jaK7O,5
Bb@M!U
�[,d�Kh
ec"jmN
Nm+0)o
%_bDI7F
i{a;m"
*cY+SY=Te}
\*^iLi
_7\'6M
\�`Z8<
9"g>E;
7:UKo
:'d.tb
UVpIbFB
VR9ov;
JIj|vf)
5g#|)F
R!+ij?
rGSMUo
_>,J`}
x6AbG{)
xjGY[.
c`t@OnF
XP]_38
Z[�n"q
2LD0V2
mHyQ{-
c@j)Kln
"\MM,N
R"fl2F
MQ`]Ue
8vE<va
-uLi+;5
T)KQ1d
}t\*ut
?X>]<x
6y91Q=
P6`T-\!
Yv*:;}
,EHATT-Ht
~j=T)yv
sp!`'F
_9n,T"
16|4"w
QYA $h
[z RM2
nvS *$
SjW0=Kq
_ aEbzO
^2kK+W
/^LGz2L
z$L8\p
(cBz].
>o-S+zviS!
vh0dh#
mG'+2G+
'$t#&J
y"A$4J
g{/yu{
!NM_NP_?J:Xw>
v/9b%o
?Ss�JA
'T'Ce/
=Qq]/%
=Rs_py
C}s_)T
�;:U[Z
\T 6c9
;EI(@4
r[-0G1
buWId|
Hl;"*6
:BI=(H
^[D6abB
=YiL{&
s`PM6o
[�1?Rp9+
6!f=v(
.OYK|BT
<WCND{
Bphsnu<
lY'h#E
?1)ib,
m_(4-T
gn.H)UL !
d-pG`4
``/Q9R
i/FC#`^
e;N(6h
}WkBu~z
]G^NNd
DasIHj
}m$ c\
+q_QzaT2
w]RGFK
=%Sf_k
:.RsA\K\
g_]/pw`&a
~}]%zhm
�GK)\H
M/6@Ha
5u,v##
Xpm;H=
}L4m"Sj
3v:]!j
!_-g!l
ad^`sW<
}@Kq'/
$P~A$7
b?HS7E
]^so}}H
G.)t0+!
|?&<X=F
T=BX$D
fcL&T0
j/e&]\
uz:7hb%#
t$9slltiD
K@3.)&'t
0sn56D
FD0D^V
RF;_BA
%N)(jQ
< uc4vn
g-wMY>|oC
fk/g;p
(9�J*"mZ;
^g`t.W
rwewVl
_(k.g>=
8BHawzo
&649-Y&
1,2)-a%
p}h1?EY
f;$p\@No
g|p,g'
ea5i%&
P6#i9u~
u>QP5ei
UjFK9?@5L
{]A=)4
>.u5�?
CjC%fg
<P6,v^
�`VnkK`
`2~R/O
<|x|S|
$&:?(r
-w~/gf
dOH~Flz
<;Kz6*
JHu:h~wq
\|YH::(!
{$Arg$
N01^G
t9H-#q>c
&cQu=,
`hEKpd
ubhGIo
&"\&+gA
frVg:(
GTH."f
8d,�5!Z
'=y\S~s
7pG0<y
1`N{j)
AO!cFW
}R7=$&
vo13\N?
2hOz�'
5�xMT:
g1>O(3
>]NH3H?
?_:[W<m]
&$IP=A
WFR6W1
7/<�=TX
V1%QEy
;.LB6HA{
uM=4Fu
Dzw=4Z
BXs2=+
A=LpYc
*6xy3~Y
UV+/wV
p&yL"]
r70Ml(`
m+Y4"9
Dq))n=z
{|b]d4
9\WnZcS
uURLEo[
@9w\=C
1ALD;~
lW-UNT
#"[]<V/
F"KPNU
<*lP:Q
K,uv]&[
>O.j1N
8D(Dg.
qo~}|{uN
wvutsr
WVUTSR
98765432
~:@Iv7X
TTOwq2CX
%g,@0W
yeNWtn
/g0lb;
9�YGS}
'9- v!{SJ
-Y6LokT
p mR<
r3Fp-7
QUST6R
W#9~W@u/
~`:DLHs
vJw&9"i[3
ajW'�z>
jG4h~OpN
C~1[S
6qQ}*NU{L
ty[x1|
V!TF^M|I2
e=sW=,?\2
P)0YP?
s+KFAC
tDP|S<
+r! gm{W
:HGt-9e)R
`|CI|L
RW6-2zC
P=Rw3o{K@
zJJPui
j<)3(1
VoVgV_
O_G_?_/_
G^?^7^/^
WYGY7YW
[U7I1/
~Mo^]Iok
OQ?Qll
GZ?Z7Z/Z
?J?W7W
/V'V�V
gU_UDh
/U'U�U
GT?T7T/
^:%w}z
s;P<07T
d]=U}{
t`[U-P
-fF+AO0
Ah"gz/
V=I1ydO
r-:9ak+
ImQ3HR
5#kq'l
>vHy5{
!g!lS;
~?<nhU_{8
cfh~*v
fc &X(
~oXO*[kK
nzT=h5
g!lS;
V=`GWyO
PQRSUVW
p4)R-P
_^][ZYX
PerfHost
aExport
Linkage
Library
Performance
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
ncalrpc
SYSTEM\CurrentControlSet\Services\%s\%s
WEVT_TEMPLATE
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
x86 Performance Counter Host
FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)
InternalName
perfhost.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
perfhost.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
6.1.7600.16385
VarFileInfo
Translation
Microsoft-Windows-Diagnosis-Perfhost/Analytic
EventData
Function
Function
EventData
ProviderName
ProviderName
EventData
ReturnValue
Provider
ProviderDll
Function
ReturnValue
Provider
ProviderDll
Function
EventData
FirstArgument
Provider
ProviderDll
Function
FirstArgument
Provider
ProviderDll
Function
EventData
Provider
ProviderDll
Function
Provider
ProviderDll
Function
EventData
Provider
ProviderDll
Function
Provider
ProviderDll
Function
errors
callouts
WEVT_TEMPLATE
