!This program cannot be run in DOS mode.
�Rich_
`.data
@.reloc
msvcrt.dll
ntdll.dll
RPCRT4.dll
API-MS-Win-Core-ErrorHandling-L1-1-0.dll
API-MS-Win-Core-Heap-L1-1-0.dll
API-MS-Win-Core-Interlocked-L1-1-0.dll
API-MS-Win-Core-LibraryLoader-L1-1-0.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-Win-Core-Misc-L1-1-0.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
API-MS-Win-Core-Profile-L1-1-0.dll
API-MS-Win-Core-Synch-L1-1-0.dll
API-MS-Win-Core-SysInfo-L1-1-0.dll
API-MS-Win-Core-ThreadPool-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
PerfpSetServiceState
PerfpServiceMain
PerfpOpenProvider
PerfCollectData
Collect
PerfpRpcIfCallback
PerfpCleanupServer
PerfpGetClientAuthId
PerfHost.pdb
u"SShI
VW8C1t"j
_wcsicmp
memset
_vsnwprintf
memcpy
__wgetmainargs
_cexit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
msvcrt.dll
?terminate@@YAXXZ
_except_handler4_common
_controlfp
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
EtwEventUnregister
EtwEventRegister
RtlFreeHeap
RtlAllocateHeap
EtwEventWrite
RtlNtStatusToDosError
NtClose
NtQueryInformationToken
NtOpenThreadToken
RtlExpandEnvironmentStrings
ntdll.dll
NdrServerCall2
RpcImpersonateClient
RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingInqAuthClientW
RpcServerUnregisterIf
RpcBindingVectorFree
RpcEpUnregister
RpcEpRegisterW
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcRevertToSelf
RPCRT4.dll
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
API-MS-Win-Core-ErrorHandling-L1-1-0.dll
HeapSetInformation
API-MS-Win-Core-Heap-L1-1-0.dll
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
API-MS-Win-Core-Interlocked-L1-1-0.dll
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleA
API-MS-Win-Core-LibraryLoader-L1-1-0.dll
RegCloseKey
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-Win-Core-Misc-L1-1-0.dll
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
QueryPerformanceCounter
API-MS-Win-Core-Profile-L1-1-0.dll
InitializeSRWLock
API-MS-Win-Core-Synch-L1-1-0.dll
GetTickCount
GetSystemTimeAsFileTime
API-MS-Win-Core-SysInfo-L1-1-0.dll
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
API-MS-Win-Core-ThreadPool-L1-1-0.dll
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
API-MS-WIN-Service-Core-L1-1-0.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="5.1.0.0"
processorArchitecture="x86"
name="Microsoft.Windows.Diagnosis.PerfHost"
type="win32"
<description>Performance Counter DLL Host</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
1T2X2\2h2p2t2x2|2
3$444 6$6d6h6
7-7]7c7j7p7
8<8B8G8^8k8y8
9&90979G9Z9`9f9
0-141_1
3 464A4H4\4i4
5�5(575=5H5O5]5c5i5v5~5
7<7G7R7
:):?:u:
;";(;-;2;7;<;B;J;W;r;{;
< <'<;<A<G<M<Z<`<i<
<$=0=6===F=L=T=Z=g=o=u=
>,?8?E?b?
13191?1E1K1Q1X1_1f1m1t1{1
24282T2X2t2x2
+eYjHB"`
i+b.(H
;vKy=W
o ]^!0"T
%:MSsea
,Q)t;+
vpd-BK
{{k_^G>
`e�4o4h
j: LQH7
'|]=aV
p-e�{Hr
4rPW(%
*uF]9\T
1j�?Z9
lSsdjvqPLz
v]d|;_fD[
HyRpLM
*}:dAG
&z*s9Wa
J;D8&)
QEQ;m
z?)*$[|
hu1|/\)
#,Jm.K
8n�9aS
fSN&ns
-n>r[2
-,?{vM
xXz1y^
zctsrJ.
4_~]U3
b|'"Ibt
x.<b43O+
K"'2=q
+;{5=_
.pqSfUG
|F70~aq
,@o~kN
}h,K^-
HJ.qwE<
T09~D?
hy8K~c
:Phrae
$|]/96
!Gnjyo
-E{wzB
7nK_Xzf[
|6JkCu]t
LDDrR~
]�M?1kT
tjBTU
z`WU/�
`3Z3!Iw
{&k/~S
}y}}yy=qf
i]=F+}
O]9&r}P
S%ym5e
o7Ch$?
}|}.q[
s-GVt\
)liFfN
k(@OdHUG
vj,FPu
+qg[#(
Y?"M_9R
[Z $hn
|x`M):3
u-}$U%
-5Fu1;g
]e[zpU
%??Uv8~N
�"nM6f
x�Btjy@
?B.?6`
K_G-W_
?hrn82
1Lf77H
>L%q[K
gE:X\>�nz
dZ9)s-
m;<}k{v
Ben2O99
`<-+~W
;on:|8_
M/l{Ck[
�0oA*$
~MP)zN
9?sIs4^
onrXWb
M`%_@6
nvZF+,v
[FA/j/>
(q6+~;
qI7997
s;$ac>Thg
zvR9&c
#OiNV~
J"n.gXB
<y">fF� ~Q
@As<EJ
iAwSLK
oV9\6n
PP8)C|_
C8n|Yh
c-=nc&w@
R>0((|
K.Yy/Z=
szCkr>
zd|Qgxg!:
b;BpY3
f~zL'9
m3j_}a}
'IL}JI
c%-^a6
{LKD;V
o{|;pv
22$=v
=}G_a#
N[8{'l
GFlkTU~
>>Dd&{
>D@x|k
reBY?2}
l;\sv]
'>R-<qu
fc8a$O
?]qz27
}-_)nf
lJRNX>2
Jab`AU4
GV1N^-
~sq6JZC
�K5U^ T
E@E|IL{
1fy>dW
63xxR$
zcf9fUf
P;{\#7k
QjN5@<
PU)WZ(
;zPVZs>
7fpjI#0
s%f!ZS
M`,#)bp
@i`kq-
sT'm!1/
L$PG;A
`0Z<be
f80'|=%n
x'e*DI
w,Y3I.
P1DEaU7y
v=\\kW
xgo*T�s
`[%k3z>
2_1]l'
tcC[n9
5P|jpg
@e9Ts<
{?*mH.
3`pOY-
y2SLj^
NRSUhW
?._RtA
~r!pm2
m4]_4l
&@5>:Ka
To'f[2TTI*
{|R}|3~
jdaB]Fa
1^B[%q
<-zt%tI
QJ}E�O-
}^y#ky5[$w
|(odE?
4^HZh'
m+R#(j
\==2yt
LlJz<V
9JVz*C
Im9APZ
[z8.kH
%5ps_s
&-ZOZab
Aqv45C
3+B;_u
>[}W.'|�
ika1kU
,&*1$Af
L[[7EZ
M[? _%
%RQHJG
cNog>A-
$]dFadEU
SB`uzw
z('-d9
knE.ISv
?sc9E;
}@&B*'
\Vtz9v
E7jt@R=`t5
|'bp\Gj
~o!ZX5
kvp-Qw
KgsT%H*4
v1t#:V|y
&2E"{4
_$^ySjx
du|{A/
gzSM']s
6T&dUl1
},),Z?k
Nuen-@
QR]dOZ
:p{]#&
/}r*nG
\z7yHm
@&b\)D+
Ywa:hO
Zfj'#&
58P``9y
Y&C"]F
'Gwam-
=+)4>i
13mr3+
_O\`r |
E%)(^z
2T4_Gt
#SDFL~
\E{%qC|
Fx$k?M
6K�t!Q
Ijc-z,
.KC|_y
4ZF% %N
=k@k_'^
RtLaP?YZ
#3�QuM
ZbpEc(
AJY^bj
WK!Xbi
<2>sGB
oNZnX+
]s\NDYU
|f_C~o
7f[9 `z
\>n\ #
fOEc8^
sDKK;M
3STV�R
vQ�3yP.
MF;c]k
Qd;!�mt
M?a'7v
+!}=;E
N?/cnJ?
sD"Pw5
<jiXfA"p
f:.MdN
1{5c#~
%Cz$IKUE�
l$-W<k
(2,#ZO
;fF,pc
S4yZ?q
{qp?Ft
|;W&ls
j\2{@TE
y}afJP
gt9x�1
@NO2Xd
+N=0[{
-w{wvz�O
APl'{0
3?%PTg
v5;?qT
py;*ICK
FyLNalq0
fUk�:Qm
%xA,5U
^jaln'
8P-";"[
}@:vY5
!\a#|Z
#Xx`v*
m2#[>
`sit=?
ex@+{6n<
TgP5[4
1::v4vS
&mMGw*
E.KbN_
%#xv!v
M;n9it
E@gha{
%$Ob<o
RiH%b@B
FrVW}y
fT8twZ
8;mDv&
}utz`Os;
njF<$4"
8J5]NrP
u�)MIg
KiQ:m<
ghq�V(}
ECBgH/�
5&dUy3
lvv\c~}
FAJ7,*
$s<Ex-
�MMvV4
tRx!Vg
2:rDWX*xo
#Rz>V6C
h[.^d\xZ
?s)E|X8
Jj$Z#`[G=
Kg[C*=
eI6M|7BeB
VfmYr/
NW;x}L
(LA[hR
pJoNd$
efy_A]
J*st9b>
JB_iJ@A
#J_y2n
5NgJ3%B
{0!o(�
eB+(v_HaZ
g/@^ 6
mb@WH=
6ec~0&
J~{keC|
)Z&"0|
YwKGp&n
!Nd)J;N|
Bg!d(\
@`Y~|
@#q,mn
x@Bkf<|L?
a"s%R7
qt?qKc:Y
zyxwvuts
:9876543
[('&%*,
exsFgJ
GrUaL![
D=d?</
J2p7'3y
SNZ%u:F
daiJv(
ZV\Mf,)t
]9o@.w
o8`rHENS
[V8+bn3
lG~o"c
)LS}[N
_SwZip
E?72\Id
@I<2R^
(hSB~)
-P3IMh
%[!ykS
Lgy]Y\
u]|6w-
6r(%Y,
2v<hg:
t=R/0u
%cmzXI
.?CqT+
FHJS<6
,aFw^2
M*l.nh
9TMl7H
)z,~fr
'6Vx:4
A+,//h
)r@=k/
5}:W];
ym<oF{IU;/
05B)Zv
4?BqZ+
5--'oE
#FJ8,"
(T\ARt
I?>IOO
d7>gw\
eTN)hTp
s n9lsw{J
\ m{t{
'b2Jk\
uYg>~A
v)v/v.>
>8F e
i]2{_aC
Ob_E/t
i5iL!y
ZTrwj\
Ey?nZ2
dCu$qC
uw5ZST`
`Y yU{
/_T\i'+
VU~3=[
Ix6ydl
uD[2m]
elK*-f{
FgH")o
r%OSHV
G#4%+P
i?j!]S{
Lpv/.;
M>&"#8
zN:N<>F
{t}>l{
~;w)>IC_=*zr^
{"*@DB
O?5bPuo
mat_%9p
/,/KVO
vwV@^W
,GEjL@
GE,A!<m5g
g{vBh/
VG|9-K
�z >Zh
?<6Sh>
8dcRPS7u7r
R$7&\1Z
(rna^m
|QVk{
:qFF_f{/
;A]`#F
jROpu<v
P(3(+}
P*Z?z6
y-=U)T
m:�.|v
Fy{.)
rqwJF�^@�
?X*y%V
dEH+J;x
~bIS<?L
wJgr.]�y
f5\-90:
dJ�L]Ry6
:XV%wm
\uTdN2
")=Q;>px
vD,A=d
3ox+=,
aSm3gx
LT3HfCj
]\6q/-
_W Kzt9
EZYb0L]
!rFrkgy\i#?
eMH_"s?
TGhgr&/
m/M{:4
<iytGN
&xd.w|H
4dM' _
}p}%gK
G<}x?{
!DK-`z
1AW}A#
x`U_F&L
wqys1EI
dwOkzJ~
H?8WEJ{r
I1*GG,U�
z/$7NHsA
Q18|o�
1J$hzdx
�\3viB
z5yF5Ht
L_2?&F
S4O9cUN
;TM1Bw
xYM2`_
4*^|k>
slD-Z0hQ
Sv~Z-"q
5&<V{u
i>3N_W7~[
/jmFbC@
/&O6|+~
b]PVu(
1sa 2WG
)Z5q}#
'pF?r
*q]5g(%
HEg-/%#Hk
;ZFTp~
{|LCRbz
>y%<.q
1\WNGF
~_t{?P
>"`6zn^
= ,gHDZ
2o{hu\
J~X`8*
bst%i'
Z`ixsl]
RH27kE
Ev`uHS
pza�uY
} _ov/v
z2>3Dv
Xvg7lt
$5~|$h
{'}~-<gUy
0P+&3^
/YR=|6
r@cA`m+
<_D.^B
,(8>K�
Ec)_d^
"0};|K
XT{TU<
F69uM|er
Q5'i#P76
'X~;N^0
~68NDV
eGfb=O
3�~pfVx
@&WD3l1
Rqd5fR8T
k^ F#>
KwDlGM,
z`*]x8
Hs$}__
o?Pcc9
YD`rB$
3Bv4`:I
><-NSe
7uT?~m
66X_'w
js4@z]2
~_\tDq
T)X|M)
v:W4+E
Ua)8i>
]Z1~.Vi
Y)[Pj]_
Of9$-c
VI;0zS
y$KR.C
z-0|[i~vN
%li9"Pr
vzN@']-(
PL-Shj.
(wV?5#W'�
*O`Src1
z`A_%.
p$36bi
JJ-g=`
6uZuaT
>0_f\J
^.'cd(
L))@w0
?vtB,h
Ti.9 #
eYupP5
.�#CNvk
&{z52t
y!ZBzt?
%KM%77
^RbB b.
k>AT=q
orn.p%
$C\:q:er
-?X>]-
S}%"{26
hQJteA
Il�-ZN~
u}c^8d
Qh`=u(z
rpZgg�
=wJr6k
{+Si~{
ap-)D=zr
-4#eRi
@hP>H5
y[K.QAB=
3d*}+As
eo4Ck(
.3ybtR
|�c~MgI_S
kkrG^"l
k(;^Wt
8XX !]
q+++fi6z
~h6_CJ
C%"/V0V&
$\\Q 5
pX$Op_
t-UWkq
L*Z_SJ
Yj7q=b"k
Dja`v^
+wzw+n
GB{'&V
@>,n{81
i�)vE\
�J\_v9
*Qs>r G�
1^%_nq]
CTcGs(
x?h$&*
>jk8B)
ho9kI&xYO
B.fi14
0HGRJP
eweb^Y]
vKmi$zW#
:1eq~b
;rE>9s
wN39RW
!S45YW
;O)wQ
&LP1L?
+DV/%J:
wq7v=,
mk,(\D
Mm%9?m
Z_UQS?
&c]`9o
/q"<7L'O
,.YwrV*
Xd5sAh
O3$EO2l
^^'T]:
8�&KLe
%&@blm
U3yUi(
Fhbon-C
"/�Rk]
t"klsV
umx9TJ;
IrpS"b
:(;\ah
4M|A<
wK2 m,
yr!&Zh)
Kma%jG
-!e"Fh;
arKcd]
S@J/t0
vW_vE2
j)2xM)8
&i5e^`
?"[t8/;
cA|eGX
3rh;t_
v`YGbW
?l8?xd
.K/BJs
L3)YU<(#
?q?[RB
,D�UjS
F)^E c
l\<wE3
yc^`t>
u)O(B3
A9&BLI
R tD<^?
4^jde^
nKVS-
}}\AV8Kv
'n+�x-u
{fN<H0`
2Yv?[x
=p|M5A
g4!@VH
j8d=S{U
v[hdew 1
^y 7Xw
2$Kuq9Y-
?kn�C 3
m* K?z?
u$McHqN
j]/!A`
6FO<-%
mE ]r"T
cgI{vN
{0oRxa
?w:'./B
7Dv�\~
'E]y~k
2LNRu-
hDRh@l"
]#p'\=
)dT>5_
FuXG*6k;
YZW;"y
^3p:-K
xKvUN2p
+tUaJU
Uc;�q*
I1naOse
,[|U#C
!d>">l
Gd)P8&
u91^UA
V_meuv[y
aeIUgY
u�6&[)
@Hp#m`\
~+T^aFd
XD8d.~4vw
~EwJFW
tuVn$O
PZc3tfJ
}-|hG|
*T/<3/
h3YBD*q
@<q]/_
�c#lp!KH\
K%#X-i
pw5=>-
I]_},Y
!#9=1*
6LY&!D
�>K[#H$
Z5 .x8
eC4J U
"Pq~Zw
j"uo!]
z�fss=
/ZrN+wn
^IDH,V<
oNGw~X
Y9U$Uy
).M#AF
KN,1Mlx
($xu]+
_IoEqj
Dz|1,l
YEz|\jk
Yw~#E>
&*8N=U
/7BG!H
yNu}83
1=|^_A
!8 uf!@)d
(iqg
YXWVUTs
xz`e6%H
{ElN59D
B:V7zBps:
sXuJ1_|
9fzIIo
: 8pT.y
: 8pT.y
94D-44
f'nAmkbvh
'1PGnp
tjdhHy
?�~,%F
^+h;oZ
+{3G[t2R
}P8_TRe
`_ZFo+
H9B&"/
�+!%D>)U
S*m/O!j
k)D~/R
O;0_t;
5/9oT-y
{>4+)lk~
B`YAat
]F[fK!
qQaw(L;
_Xv?Z
=\5jJ)
�iBusg
/nIR4|j
Gk5o2X
}TYSx4
_KB*15
fo"8_i
c�RW6-
hV;r7%
R!`jsV
A}8"O(J
cc)0u-5
{*m7esTx
BNv8@GD&z
+2i`pAj
PK%ljQ
~" 9[h
\:[`:Pb
ZwZoZW
(H42#%TW:I
XoXgX_
.GV?V�P00
wTgTW.
OPGPAk
QWWWGW
CM*trU
o8?(!fh
\w\oXM
2k1g%8A5
G[?[7[/[
YK>vL%|
M"E@oL
Z7>~3c
K:%_10
�9aT!y
Bmyhpx}
Y8I$>8
Pbk@Z#
=6~=,5
.i$Efh
BCvBum{
R)TG{=u
j'D5xr
H\z8A|
Q]2BuB
M#N�P'
%I/M=F
5 9`T!y
j]2t@!C
PQRSUVW
i 9`T
_^][ZYXU
PerfHost
aExport
Linkage
Library
Performance
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
ncalrpc
SYSTEM\CurrentControlSet\Services\%s\%s
WEVT_TEMPLATE
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
x86 Performance Counter Host
FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)
InternalName
perfhost.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
perfhost.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
6.1.7600.16385
VarFileInfo
Translation
Microsoft-Windows-Diagnosis-Perfhost/Analytic
EventData
Function
Function
EventData
ProviderName
ProviderName
EventData
ReturnValue
Provider
ProviderDll
Function
ReturnValue
Provider
ProviderDll
Function
EventData
FirstArgument
Provider
ProviderDll
Function
FirstArgument
Provider
ProviderDll
Function
EventData
Provider
ProviderDll
Function
Provider
ProviderDll
Function
EventData
Provider
ProviderDll
Function
Provider
ProviderDll
Function
errors
callouts
WEVT_TEMPLATE
