Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
70 Views

Question about the Intel Performance Counter Monitor

Hello

I want to  use PCM to monitor the performance of the program.

I follow the instructions described in the document and have built PCM.exe and got msr.sys.

Howerver, when I run the PCM.exe, it shows messages as follows

 

Intel(r) Performance Counter Monitor V2.8 (2014-12-18 12:52:39 +0100 ID=ba39a89)

 Copyright (c) 2009-2014 Intel Corporation

Starting MSR service failed with error 1275 This driver has been blocked from loading
Trying to load winring0.dll/winring0.sys driver...
Failed to load winring0.dll/winring0.sys driver.

Cannot access CPU counters
You must have signed msr.sys driver in your current directory and have administrator rights to run this program
Access to Intel(r) Performance Counter Monitor has denied (no MSR or PCI CFG space access).

Can anyone tell me how to deal with it?

 

Thanks.

0 Kudos
4 Replies
Highlighted
Employee
70 Views

Thank you for using Intel PCM. 

You must have signed msr.sys driver in your current directory and have administrator rights to run this program

Did you sign your msr.sys driver and run pcm.exe as administrator? Otherwise, Windows will refuse to load the driver.

Microsoft also provides a way to disable this requirement, e.g. during driver development. The process is described on their website.

An alternative to building your own driver is using the signed third-party driver WinRing0.sys. Please refer to the Windows HowTo that is included in the PCM package.

 

 

0 Kudos
Highlighted
70 Views

Adding on to Thomas Reply, 

You can download WinRing0.dll,WinRing0.sys,WinRing0x64.dll,WinRing0x64.sys from

http://www.techpowerup.com/realtemp/

and winpmem_64.sys from 

https://code.google.com/p/volatility/source/browse/branches/scudette/tools/windows/winpmem/binaries/...;

and paste them all in the place where you have your pcm.exe and run it as administrator to see the result

 

0 Kudos
Highlighted
Beginner
70 Views

Hi All

I write about winpmem_64.sys .

link from previous message is wrong =((( https://code.google.com/p/volatility/source/browse/branches/scudette/tools/windows/winpmem/binaries/...

Where can I download this file to a different location?

Good wishes,Vadim  

 

 

0 Kudos
Highlighted
Beginner
70 Views

Vadim K. wrote:

Hi All

I write about winpmem_64.sys .

link from previous message is wrong =((( https://code.google.com/p/volatility/source/browse/branches/scudette/too...

Where can I download this file to a different location?

Good wishes,Vadim  

 

Hey Vadim K,

This is the new location

https://github.com/google/rekall/tree/df4c820de7b3a21bd241336c99c12b3b9dde4015/tools/pmem/resources/...

Change the name from winpmen_x64 to winpmen64.

Best Regards,

EronsJ

0 Kudos