Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Display Filter Reference: Remote Registry Service

Protocol field name: winreg
Versions: 1.0.0 to 1.6.5

Back to Display Filter Reference

Field name Type Description Versions
winreg.access_mask Unsigned integer, 4 bytes Access Mask 1.0.0 to 1.6.5
winreg.handle Sequence of bytes Handle 1.0.0 to 1.6.5
winreg.KeySecurityAttribute.data_size Unsigned integer, 4 bytes Data Size 1.0.0 to 1.6.5
winreg.KeySecurityAttribute.inherit Unsigned integer, 1 byte Inherit 1.0.0 to 1.6.5
winreg.KeySecurityAttribute.sec_data Label Sec Data 1.0.0 to 1.6.5
winreg.KeySecurityData.data Unsigned integer, 1 byte Data 1.0.0 to 1.6.5
winreg.KeySecurityData.len Unsigned integer, 4 bytes Len 1.0.0 to 1.6.5
winreg.KeySecurityData.size Unsigned integer, 4 bytes Size 1.0.0 to 1.6.5
winreg.opnum Unsigned integer, 2 bytes Operation 1.0.0 to 1.6.5
winreg.QueryMultipleValue.length Unsigned integer, 4 bytes Length 1.0.0 to 1.6.5
winreg.QueryMultipleValue.name Character string Name 1.0.0 to 1.6.5
winreg.QueryMultipleValue.offset Unsigned integer, 4 bytes Offset 1.0.0 to 1.6.5
winreg.QueryMultipleValue.type Unsigned integer, 4 bytes Type 1.0.0 to 1.6.5
winreg.sd Label KeySecurityData 1.0.0 to 1.6.5
winreg.sd.actual_size Unsigned integer, 4 bytes Actual Size 1.0.0 to 1.6.5
winreg.sd.max_size Unsigned integer, 4 bytes Max Size 1.0.0 to 1.6.5
winreg.sd.offset Unsigned integer, 4 bytes Offset 1.0.0 to 1.6.5
winreg.system_name Unsigned integer, 2 bytes System Name 1.0.0 to 1.6.5
winreg.werror Unsigned integer, 4 bytes Windows Error 1.0.0 to 1.6.5
winreg.winreg_AbortSystemShutdown.server Unsigned integer, 2 bytes Server 1.0.0 to 1.6.5
winreg.winreg_AccessMask.KEY_CREATE_LINK Boolean Key Create Link 1.0.0 to 1.6.5
winreg.winreg_AccessMask.KEY_CREATE_SUB_KEY Boolean Key Create Sub Key 1.0.0 to 1.6.5
winreg.winreg_AccessMask.KEY_ENUMERATE_SUB_KEYS Boolean Key Enumerate Sub Keys 1.0.0 to 1.6.5
winreg.winreg_AccessMask.KEY_NOTIFY Boolean Key Notify 1.0.0 to 1.6.5
winreg.winreg_AccessMask.KEY_QUERY_VALUE Boolean Key Query Value 1.0.0 to 1.6.5
winreg.winreg_AccessMask.KEY_SET_VALUE Boolean Key Set Value 1.0.0 to 1.6.5
winreg.winreg_AccessMask.KEY_WOW64_32KEY Boolean Key Wow64 32key 1.0.0 to 1.6.5
winreg.winreg_AccessMask.KEY_WOW64_64KEY Boolean Key Wow64 64key 1.0.0 to 1.6.5
winreg.winreg_CreateKey.action_taken Unsigned integer, 4 bytes Action Taken 1.0.0 to 1.6.5
winreg.winreg_CreateKey.keyclass Character string Keyclass 1.0.0 to 1.6.5
winreg.winreg_CreateKey.name Character string Name 1.0.0 to 1.6.5
winreg.winreg_CreateKey.new_handle Sequence of bytes New Handle 1.0.0 to 1.6.5
winreg.winreg_CreateKey.options Unsigned integer, 4 bytes Options 1.0.0 to 1.6.5
winreg.winreg_CreateKey.secdesc Label Secdesc 1.0.0 to 1.6.5
winreg.winreg_DeleteKey.key Character string Key 1.0.0 to 1.6.5
winreg.winreg_DeleteValue.value Character string Value 1.0.0 to 1.6.5
winreg.winreg_EnumKey.enum_index Unsigned integer, 4 bytes Enum Index 1.0.0 to 1.6.5
winreg.winreg_EnumKey.keyclass Label Keyclass 1.0.0 to 1.6.5
winreg.winreg_EnumKey.last_changed_time Date and time Last Changed Time 1.0.0 to 1.6.5
winreg.winreg_EnumKey.name Label Name 1.0.0 to 1.6.5
winreg.winreg_EnumValue.enum_index Unsigned integer, 4 bytes Enum Index 1.0.0 to 1.6.5
winreg.winreg_EnumValue.length Unsigned integer, 4 bytes Length 1.0.0 to 1.6.5
winreg.winreg_EnumValue.name Label Name 1.0.0 to 1.6.5
winreg.winreg_EnumValue.size Unsigned integer, 4 bytes Size 1.0.0 to 1.6.5
winreg.winreg_EnumValue.type Unsigned integer, 4 bytes Type 1.0.0 to 1.6.5
winreg.winreg_EnumValue.value Unsigned integer, 1 byte Value 1.0.0 to 1.6.5
winreg.winreg_GetKeySecurity.sec_info Label Sec Info 1.0.0 to 1.6.5
winreg.winreg_GetVersion.version Unsigned integer, 4 bytes Version 1.0.0 to 1.6.5
winreg.winreg_InitiateSystemShutdown.force_apps Unsigned integer, 1 byte Force Apps 1.0.0 to 1.6.5
winreg.winreg_InitiateSystemShutdown.hostname Unsigned integer, 2 bytes Hostname 1.0.0 to 1.6.5
winreg.winreg_InitiateSystemShutdown.message Label Message 1.0.0 to 1.6.5
winreg.winreg_InitiateSystemShutdown.reboot Unsigned integer, 1 byte Reboot 1.0.0 to 1.6.5
winreg.winreg_InitiateSystemShutdown.timeout Unsigned integer, 4 bytes Timeout 1.0.0 to 1.6.5
winreg.winreg_InitiateSystemShutdownEx.force_apps Unsigned integer, 1 byte Force Apps 1.0.0 to 1.6.5
winreg.winreg_InitiateSystemShutdownEx.hostname Unsigned integer, 2 bytes Hostname 1.0.0 to 1.6.5
winreg.winreg_InitiateSystemShutdownEx.message Label Message 1.0.0 to 1.6.5
winreg.winreg_InitiateSystemShutdownEx.reason Unsigned integer, 4 bytes Reason 1.0.0 to 1.6.5
winreg.winreg_InitiateSystemShutdownEx.reboot Unsigned integer, 1 byte Reboot 1.0.0 to 1.6.5
winreg.winreg_InitiateSystemShutdownEx.timeout Unsigned integer, 4 bytes Timeout 1.0.0 to 1.6.5
winreg.winreg_LoadKey.filename Character string Filename 1.0.0 to 1.6.5
winreg.winreg_LoadKey.keyname Character string Keyname 1.0.0 to 1.6.5
winreg.winreg_NotifyChangeKeyValue.notify_filter Unsigned integer, 4 bytes Notify Filter 1.0.0 to 1.6.5
winreg.winreg_NotifyChangeKeyValue.string1 Character string String1 1.0.0 to 1.6.5
winreg.winreg_NotifyChangeKeyValue.string2 Character string String2 1.0.0 to 1.6.5
winreg.winreg_NotifyChangeKeyValue.unknown Unsigned integer, 4 bytes Unknown 1.0.0 to 1.6.5
winreg.winreg_NotifyChangeKeyValue.unknown2 Unsigned integer, 4 bytes Unknown2 1.0.0 to 1.6.5
winreg.winreg_NotifyChangeKeyValue.watch_subtree Unsigned integer, 1 byte Watch Subtree 1.0.0 to 1.6.5
winreg.winreg_OpenHKCU.access_mask Unsigned integer, 4 bytes Access Mask 1.0.0 to 1.6.5
winreg.winreg_OpenHKPD.access_mask Unsigned integer, 4 bytes Access Mask 1.0.0 to 1.6.5
winreg.winreg_OpenKey.access_mask Unsigned integer, 4 bytes Access Mask 1.0.0 to 1.6.5
winreg.winreg_OpenKey.keyname Character string Keyname 1.0.0 to 1.6.5
winreg.winreg_OpenKey.parent_handle Sequence of bytes Parent Handle 1.0.0 to 1.6.5
winreg.winreg_OpenKey.unknown Unsigned integer, 4 bytes Unknown 1.0.0 to 1.6.5
winreg.winreg_QueryInfoKey.classname Character string Classname 1.0.0 to 1.6.5
winreg.winreg_QueryInfoKey.last_changed_time Date and time Last Changed Time 1.0.0 to 1.6.5
winreg.winreg_QueryInfoKey.max_subkeylen Unsigned integer, 4 bytes Max Subkeylen 1.0.0 to 1.6.5
winreg.winreg_QueryInfoKey.max_subkeysize Unsigned integer, 4 bytes Max Subkeysize 1.0.0 to 1.6.5
winreg.winreg_QueryInfoKey.max_valbufsize Unsigned integer, 4 bytes Max Valbufsize 1.0.0 to 1.6.5
winreg.winreg_QueryInfoKey.max_valnamelen Unsigned integer, 4 bytes Max Valnamelen 1.0.0 to 1.6.5
winreg.winreg_QueryInfoKey.num_subkeys Unsigned integer, 4 bytes Num Subkeys 1.0.0 to 1.6.5
winreg.winreg_QueryInfoKey.num_values Unsigned integer, 4 bytes Num Values 1.0.0 to 1.6.5
winreg.winreg_QueryInfoKey.secdescsize Unsigned integer, 4 bytes Secdescsize 1.0.0 to 1.6.5
winreg.winreg_QueryMultipleValues.buffer Unsigned integer, 1 byte Buffer 1.0.0 to 1.6.5
winreg.winreg_QueryMultipleValues.buffer_size Unsigned integer, 4 bytes Buffer Size 1.0.0 to 1.6.5
winreg.winreg_QueryMultipleValues.key_handle Sequence of bytes Key Handle 1.0.0 to 1.6.5
winreg.winreg_QueryMultipleValues.num_values Unsigned integer, 4 bytes Num Values 1.0.0 to 1.6.5
winreg.winreg_QueryMultipleValues.values Label Values 1.0.0 to 1.6.5
winreg.winreg_QueryValue.data Unsigned integer, 1 byte Data 1.0.0 to 1.6.5
winreg.winreg_QueryValue.length Unsigned integer, 4 bytes Length 1.0.0 to 1.6.5
winreg.winreg_QueryValue.size Unsigned integer, 4 bytes Size 1.0.0 to 1.6.5
winreg.winreg_QueryValue.type Unsigned integer, 4 bytes Type 1.0.0 to 1.6.5
winreg.winreg_QueryValue.value_name Character string Value Name 1.0.0 to 1.6.5
winreg.winreg_RestoreKey.filename Character string Filename 1.0.0 to 1.6.5
winreg.winreg_RestoreKey.flags Unsigned integer, 4 bytes Flags 1.0.0 to 1.6.5
winreg.winreg_RestoreKey.handle Sequence of bytes Handle 1.0.0 to 1.6.5
winreg.winreg_SaveKey.filename Character string Filename 1.0.0 to 1.6.5
winreg.winreg_SaveKey.handle Sequence of bytes Handle 1.0.0 to 1.6.5
winreg.winreg_SaveKey.sec_attrib Label Sec Attrib 1.0.0 to 1.6.5
winreg.winreg_SecBuf.inherit Unsigned integer, 1 byte Inherit 1.0.0 to 1.6.5
winreg.winreg_SecBuf.length Unsigned integer, 4 bytes Length 1.0.0 to 1.6.5
winreg.winreg_SecBuf.sd Label Sd 1.0.0 to 1.6.5
winreg.winreg_SetKeySecurity.access_mask Unsigned integer, 4 bytes Access Mask 1.0.0 to 1.6.5
winreg.winreg_SetValue.data Unsigned integer, 1 byte Data 1.0.0 to 1.6.5
winreg.winreg_SetValue.name Character string Name 1.0.0 to 1.6.5
winreg.winreg_SetValue.size Unsigned integer, 4 bytes Size 1.0.0 to 1.6.5
winreg.winreg_SetValue.type Unsigned integer, 4 bytes Type 1.0.0 to 1.6.5
winreg.winreg_String.name Character string Name 1.0.0 to 1.6.5
winreg.winreg_String.name_len Unsigned integer, 2 bytes Name Len 1.0.0 to 1.6.5
winreg.winreg_String.name_size Unsigned integer, 2 bytes Name Size 1.0.0 to 1.6.5
winreg.winreg_StringBuf.length Unsigned integer, 2 bytes Length 1.0.0 to 1.6.5
winreg.winreg_StringBuf.name Unsigned integer, 2 bytes Name 1.0.0 to 1.6.5
winreg.winreg_StringBuf.size Unsigned integer, 2 bytes Size 1.0.0 to 1.6.5

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation