Official certification from the Wireshark Foundation is available! Learn about becoming a Wireshark Certified Analyst.

Display Filter Reference: EFS (pidl)

Protocol field name: efs

Versions: 1.0.0 to 4.6.0

Back to Display Filter Reference

Field name Description Type Versions
efs.EFS_CERTIFICATE_BLOB.cbDataCbDataUnsigned integer (32 bits)1.0.0 to 4.6.0
efs.EFS_CERTIFICATE_BLOB.dwCertEncodingTypeDwCertEncodingTypeUnsigned integer (32 bits)1.0.0 to 4.6.0
efs.EFS_CERTIFICATE_BLOB.pbDataPbDataUnsigned integer (8 bits)1.0.0 to 4.6.0
efs.EFS_HASH_BLOB.cbDataCbDataUnsigned integer (32 bits)1.0.0 to 4.6.0
efs.EFS_HASH_BLOB.pbDataPbDataUnsigned integer (8 bits)1.0.0 to 4.6.0
efs.EfsRpcAddUsersToFile.FileNameFileNameCharacter string1.0.0 to 4.6.0
efs.EfsRpcCloseRaw.pvContextPvContextByte sequence1.0.0 to 4.6.0
efs.EfsRpcDecryptFileSrv.FileNameFileNameCharacter string1.0.0 to 4.6.0
efs.EfsRpcDecryptFileSrv.ReservedReservedUnsigned integer (32 bits)1.0.0 to 4.6.0
efs.EfsRpcEncryptFileSrv.FilenameFilenameCharacter string1.0.0 to 4.6.0
efs.EfsRpcOpenFileRaw.FileNameFileNameCharacter string1.0.0 to 4.6.0
efs.EfsRpcOpenFileRaw.FlagsFlagsUnsigned integer (32 bits)1.0.0 to 4.6.0
efs.EfsRpcOpenFileRaw.pvContextPvContextByte sequence1.0.0 to 4.6.0
efs.EfsRpcQueryRecoveryAgents.FileNameFileNameCharacter string1.0.0 to 4.6.0
efs.EfsRpcQueryRecoveryAgents.pRecoveryAgentsPRecoveryAgentsLabel1.0.0 to 4.6.0
efs.EfsRpcQueryUsersOnFile.FileNameFileNameCharacter string1.0.0 to 4.6.0
efs.EfsRpcQueryUsersOnFile.pUsersPUsersLabel1.0.0 to 4.6.0
efs.EfsRpcReadFileRaw.pvContextPvContextByte sequence1.0.0 to 4.6.0
efs.EfsRpcRemoveUsersFromFile.FileNameFileNameCharacter string1.0.0 to 4.6.0
efs.EfsRpcSetFileEncryptionKey.pEncryptionCertificatePEncryptionCertificateLabel1.0.0 to 4.6.0
efs.EfsRpcWriteFileRaw.pvContextPvContextByte sequence1.0.0 to 4.6.0
efs.ENCRYPTION_CERTIFICATE.pCertBlobPCertBlobLabel1.0.0 to 4.6.0
efs.ENCRYPTION_CERTIFICATE.pUserSidPUserSidLabel1.0.0 to 4.6.0
efs.ENCRYPTION_CERTIFICATE.TotalLengthTotalLengthUnsigned integer (32 bits)1.0.0 to 4.6.0
efs.ENCRYPTION_CERTIFICATE_HASH.cbTotalLengthCbTotalLengthUnsigned integer (32 bits)1.0.0 to 4.6.0
efs.ENCRYPTION_CERTIFICATE_HASH.lpDisplayInformationLpDisplayInformationCharacter string1.0.0 to 4.6.0
efs.ENCRYPTION_CERTIFICATE_HASH.pHashPHashLabel1.0.0 to 4.6.0
efs.ENCRYPTION_CERTIFICATE_HASH.pUserSidPUserSidLabel1.0.0 to 4.6.0
efs.ENCRYPTION_CERTIFICATE_HASH_LIST.nCert_HashNCert HashUnsigned integer (32 bits)1.0.0 to 4.6.0
efs.ENCRYPTION_CERTIFICATE_HASH_LIST.pUsersPUsersLabel1.0.0 to 4.6.0
efs.opnumOperationUnsigned integer (16 bits)1.0.0 to 4.6.0
efs.werrorWindows ErrorUnsigned integer (32 bits)1.0.0 to 4.6.0