Querying Performance Counters

Querying performance counters through the registry API is somewhat troublesome due to rather opaque documentation or undocumented quirks or even outright bugs. The first thing to note is that the function RegQueryValueEx takes in an index for the value. Due to either a bug or an undocumented specification, the index has to be for a counter object, not a counter itself. Attempting to use a performance counter index instead of an object counter index results in the Remote Access Service performance counters being returned regardless of what value is used.

Performance counters can actually be separated into two categories: system and application counters. System counters are below 1846 in index value and generally are hardcoded. This makes it somewhat easier to query for them. Application counters are assigned indexes in order of registration with the system, so they could be anything.