[SSC Serv] Terminal Services monitoring on Windows Server 2008
octo at ssc-serv.com
Tue Nov 4 20:21:31 CET 2008
sorry for my late reply, it took me some time to figure this out :/
Thanks again for providing the Windows 2008 login, I wouldn't have been
able to get behind this without it :)
On Wed, Oct 01, 2008 at 12:41:02AM +0200, Florian Forster wrote:
> On Mon, Sep 29, 2008 at 04:04:47PM -0700, Wayne Tucker wrote:
> > utils_pdh: translate_pdh_counter (\Terminal Services\Inactive Sessions) failed.
As I mentioned in an earlier mail, due to the fact that counters are
identified by localized(!) strings, I have to do this
english name -> ID -> localized name
This translation works to the point that I get the ID, for example for
`Terminal Services'. I then call `PdhLookupPerfNameByIndex' with the
found ID. The problem is that this function returns `ERROR_SUCCESS'
(indicating that everything went well) but does not write anything into
the buffer I passed to it.
So, for some reason translating IDs to a string works for all
identifiers except the terminal services. In my opinion it's a but in
PDH, but what might it be caused by? The only suspicious thing I've
found is the following:
Deep in the registry, there's a key that holds those `ID <-> names'
mappings. It looks somewhat like this:
6 % Processor Time
3986 Processor State Flags
2262 Terminal Services
I can see two possible reasons why the translation may be confused:
1) The IDs *should* be sorted. If a search algorithm within PDH depends
on this sorting, it *may* come to the conclusion that the needed
value does not exist.
2) The shown ID `3986' is also the highest ID used on your system. This
value is stored as `Last Counter'. A search algorithm *may* check the
current index against this number and abort when it thinks to have
reached the last ID.
I'd love to check my hypothesis. For that, I've created a sorted version
of that `ID <-> names' mapping which I would install in the registry.
Without your permission, I won't touch anything though, since I don't
know if and how this might affect your system. I don't expect any
problems, though. What do you say?
Florian octo Forster
Hacker in training
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/ssc-serv/attachments/20081104/3cfcef35/attachment.pgp
More information about the SSC-Serv