Display Filter Reference: EFS (pidl)

Protocol field name: efs

Versions: 1.0.0 to 3.4.7

Back to Display Filter Reference

Field name Description Type Versions
efs.EFS_CERTIFICATE_BLOB.cbData CbData Unsigned integer, 4 bytes 1.0.0 to 3.4.7
efs.EFS_CERTIFICATE_BLOB.dwCertEncodingType DwCertEncodingType Unsigned integer, 4 bytes 1.0.0 to 3.4.7
efs.EFS_CERTIFICATE_BLOB.pbData PbData Unsigned integer, 1 byte 1.0.0 to 3.4.7
efs.EFS_HASH_BLOB.cbData CbData Unsigned integer, 4 bytes 1.0.0 to 3.4.7
efs.EFS_HASH_BLOB.pbData PbData Unsigned integer, 1 byte 1.0.0 to 3.4.7
efs.EfsRpcAddUsersToFile.FileName FileName Character string 1.0.0 to 3.4.7
efs.EfsRpcCloseRaw.pvContext PvContext Sequence of bytes 1.0.0 to 3.4.7
efs.EfsRpcDecryptFileSrv.FileName FileName Character string 1.0.0 to 3.4.7
efs.EfsRpcDecryptFileSrv.Reserved Reserved Unsigned integer, 4 bytes 1.0.0 to 3.4.7
efs.EfsRpcEncryptFileSrv.Filename Filename Character string 1.0.0 to 3.4.7
efs.EfsRpcOpenFileRaw.FileName FileName Character string 1.0.0 to 3.4.7
efs.EfsRpcOpenFileRaw.Flags Flags Unsigned integer, 4 bytes 1.0.0 to 3.4.7
efs.EfsRpcOpenFileRaw.pvContext PvContext Sequence of bytes 1.0.0 to 3.4.7
efs.EfsRpcQueryRecoveryAgents.FileName FileName Character string 1.0.0 to 3.4.7
efs.EfsRpcQueryRecoveryAgents.pRecoveryAgents PRecoveryAgents Label 1.0.0 to 3.4.7
efs.EfsRpcQueryUsersOnFile.FileName FileName Character string 1.0.0 to 3.4.7
efs.EfsRpcQueryUsersOnFile.pUsers PUsers Label 1.0.0 to 3.4.7
efs.EfsRpcReadFileRaw.pvContext PvContext Sequence of bytes 1.0.0 to 3.4.7
efs.EfsRpcRemoveUsersFromFile.FileName FileName Character string 1.0.0 to 3.4.7
efs.EfsRpcSetFileEncryptionKey.pEncryptionCertificate PEncryptionCertificate Label 1.0.0 to 3.4.7
efs.EfsRpcWriteFileRaw.pvContext PvContext Sequence of bytes 1.0.0 to 3.4.7
efs.ENCRYPTION_CERTIFICATE.pCertBlob PCertBlob Label 1.0.0 to 3.4.7
efs.ENCRYPTION_CERTIFICATE.pUserSid PUserSid Label 1.0.0 to 3.4.7
efs.ENCRYPTION_CERTIFICATE.TotalLength TotalLength Unsigned integer, 4 bytes 1.0.0 to 3.4.7
efs.ENCRYPTION_CERTIFICATE_HASH.cbTotalLength CbTotalLength Unsigned integer, 4 bytes 1.0.0 to 3.4.7
efs.ENCRYPTION_CERTIFICATE_HASH.lpDisplayInformation LpDisplayInformation Character string 1.0.0 to 3.4.7
efs.ENCRYPTION_CERTIFICATE_HASH.pHash PHash Label 1.0.0 to 3.4.7
efs.ENCRYPTION_CERTIFICATE_HASH.pUserSid PUserSid Label 1.0.0 to 3.4.7
efs.ENCRYPTION_CERTIFICATE_HASH_LIST.nCert_Hash NCert Hash Unsigned integer, 4 bytes 1.0.0 to 3.4.7
efs.ENCRYPTION_CERTIFICATE_HASH_LIST.pUsers PUsers Label 1.0.0 to 3.4.7
efs.opnum Operation Unsigned integer, 2 bytes 1.0.0 to 3.4.7
efs.werror Windows Error Unsigned integer, 4 bytes 1.0.0 to 3.4.7