ID: Q178887
The information in this article applies to:
- Microsoft Windows NT versions 3.51, 4.0
An application for Windows NT uses RegQueryValueEx with the predefined HKEY_PERFORMANCE_DATA key to gather Windows NT performance data. Under some circumstances the function may cause an Access Violation in the calling process. Or, in some cases, the function fails to return the data for the counters requested. This article describes how to troubleshoot these problems.
To help you understand why these problems occur and the steps to resolve the problem, the overall architecture of the performance library is described here.
Within Advapi32.dll, the performance library supplies the functionality behind the RegQueryValueEx API with the HKEY_PERFORMANCE_DATA key. On Windows NT, the performance data is collected at the time RegQueryValueEx is called. It is not continuously stored in the registry.
Some performance data is collected within the performance library in Advapi32.dll. Advapi32.dll uses internal functions to get data for system objects, such as Memory and Process. The performance library collects other data by calling DLLs, known as performance monitor extensions. The DLLs export three functions (that is, the Open, Collect, and Close functions), which the performance library uses to gather data from the extensions. See the References section of this article for more information about adding custom performance counters.
When an application queries for performance data, the library loads all performance extension DLLs and calls the Open and Collect functions in a loop. For the extension DLLs, which do not support the object index that is being queried, the extension DLL indicates to the performance library that it does not fill in any performance data in the data buffer. The following sample code from the Collect function of a sample performance counter extension illustrates this:
lpszNameTitleIndex = DataDefinition.ObjectType.ObjectNameTitleIndex;
if (dwQueryType == QUERY_ITEMS){
if (!(IsNumberInUnicodeList(lpszNameTitleIndex, lpValueName))) {
*lpcbTotalBytes = (DWORD) 0;
*lpNumObjectTypes = (DWORD) 0;
return ERROR_SUCCESS;
}
}
If RegQueryValueEx presents an unhandled Access Violation exception in a dialog box to the user, typically one of the performance extension DLLs is the cause, not the caller of RegQueryValueEx. Because an extension's Collect function is protected by structured exception handling in the performance library, the fault occurs inside RegQueryValueEx but after the Collect function has returned. Since all extensions get loaded regardless of which counters are queried, the exception information does not indicate which extension DLL caused the problem. Therefore, it is necessary to enumerate the extensions and disable them. To get a list of the extensions installed, use the Exctrlst.exe utility from the Windows NT Resource Kit. This will display a list of all extensions by the service name and the name of the extension DLL.
Following is a trial and error method that you can use to identify which extension DLL is causing the problem. The performance library loads the extension DLLs that are registered in:
HKEY_LOCAL_MACHINE
SYSTEM
CurrentControlSet
Services
<service name> (as indicated in EXCTRLST.EXE)
Performance
Use Tlist.exe in the Windows NT Resource Kit to get additional information about the process. At the time the Access Violation error message is presented, open a command prompt window and use the following tlist command:
tlist <name of process>
Depending on which extension is causing the problem, you may or may not be able to debug the DLL further. If it belongs to another company, you may want to contact that company to report the problem.
Another symptom of a problem that occurs when collecting performance data is that the buffer returns without any data. Be sure to zero buffers before the call to RegQueryValueEx to verify if this is the case. Typically, the reason the buffer does not contain any data is that the Collect function one of the extensions caused an exception, but it was handled by try/except block implemented in the performance library.
The exception handler in the performance library will post an Event Log message. Use Event Viewer to view the Application log to see event message of source Perflib. If an exception occurred in the Collect function, an event log message that has the following Event Detail dialog box description will be posted:
The Collect Procedure for the <service name> service in DLL
<extension DLL name> generated an exception or returned an invalid
status. Performance data returned by counter DLL will not be
returned in Perf Data Block. Exception or status code returned is
DWORD 0.
There may be other reasons why performance data is not returned. Specifically, if the extension relies on a service to be installed and running for it to gather the data, then performance data may not be returned. This will not generate an exception, and it may not cause an event log error to be posted. For example, the TCP counters. For more information, query the Microsoft Knowledge Base with the following keywords:
BsePerfmon tcp udp ip
The performance library reads a Windows NT registry value to select how much information it will place in the Event Log. The REG_DWORD value named EventLogLevel is placed in the following key:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows NT
CurrentVersion
Perflib
For more information about adding custom performance counters, see:
Platform SDK: Windows Base Services; Windows NT Features; Performance Data Helper; Adding Performance Counters.
Additional query words: crash bug av perfmon pdh
Keywords : kbKernBase kbPerfMon kbGrpKernBase
Version : WINNT:3.51,4.0
Platform : winnt
Issue type : kbinfoLast Reviewed: April 4, 1998