Library `msrpcperformance`

This module is designed to parse the PERF_DATA_BLOCK structure, which is stored in the registry under HKEY_PERFORMANCE_DATA. By querying this structure, you can get a whole lot of information about what's going on.

To use this from a script, see get_performance_data, it is the only "public" function in this module.

My primary sources of information were:

This 1996 journal by Matt Pietrek: <http://www.microsoft.com/msj/archive/S271.aspx>
The followup article: <http://www.microsoft.com/msj/archive/S2A9.aspx>
The WinPerf.h header file

And my primary inspiration was PsTools, specifically, pstasklist.exe.

Author:

Ron Bowes <ron@skullsecurity.net>

Copyright © Same as Nmap--See https://nmap.org/book/man-legal.html

Source: https://svn.nmap.org/nmap/nselib/msrpcperformance.lua

Functions

get_performance_data (host, objects): Retrieve the parsed performance data from the given host for the requested object values.

Functions

get_performance_data (host, objects)

Retrieve the parsed performance data from the given host for the requested object values.

To get a list of possible object values, leave 'objects' blank and look at result['title_database'] -- it'll contain a list of indexes that can be looked up. These indexes are passed as a string or as a series of space-separated strings (eg, "230" for "Process" and "238" for "Process" and "Processor").

Parameters

host: The host object
objects: [optional] The space-separated list of object numbers to retrieve. Default: only retrieve the database.

Library msrpcperformance

Functions

Functions

Parameters

Library `msrpcperformance`