Loading a performance DLL of a windows 7 service

Question

I am trying to do a POC of recently published windows zeroday flaw where a vulnerability has been exposed in windows registry entries. I have created a performance subkey of a service RPCEPTMAPPER and set my DLL path there, however I am unable to load/execute it with this command given in article Get-WmiObject -List | Where-Object { $_.Name -Like "Win32_Perf*" }. Wont WMI get performance counter by loading DLLs in each running service? This is how my registry entry looks like.Thanks.

score 0 · Accepted Answer · answered Dec 10 '20 at 06:00

I was using x86 dll which was causing 'Disable Performance Counter' value to automatically turn out to be 4. After changing build type to x64, this problem vanished. Then in order to resolve performance counter issues in registry I used this link and everything worked out.

Loading a performance DLL of a windows 7 service

1 Answers1