Protocol field name: etw.wfp_capture
Versions: 2.6.0 to 4.6.0
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| etw | Callout | Unsigned integer (32 bits) | 2.6.0 to 4.6.0 |
| etw | Driver Name | Character string | 2.6.0 to 4.6.0 |
| etw | Driver Name | Character string | 2.6.0 to 4.6.0 |
| etw | Driver Name | Character string | 2.6.0 to 4.6.0 |
| etw | Event ID | Unsigned integer (32 bits) | 2.6.0 to 4.6.0 |
| etw | Filter ID | Unsigned integer (64 bits) | 2.6.0 to 4.6.0 |
| etw | Filter Weight | Unsigned integer (64 bits) | 2.6.0 to 4.6.0 |
| etw | Major Version | Unsigned integer (16 bits) | 2.6.0 to 4.6.0 |
| etw | Minor Version | Unsigned integer (16 bits) | 2.6.0 to 4.6.0 |
| etw | NT Status | Unsigned integer (32 bits) | 2.6.0 to 4.6.0 |
