Display Filter Reference: ETW WFP Capture
Protocol field name: etw.wfp_capture
Versions: 2.6.0 to 3.6.0
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| etw.wfp_capture.callout | Callout | Unsigned integer, 4 bytes | 2.6.0 to 3.6.0 |
| etw.wfp_capture.callout_error_message | Driver Name | Character string | 2.6.0 to 3.6.0 |
| etw.wfp_capture.driver_error_message | Driver Name | Character string | 2.6.0 to 3.6.0 |
| etw.wfp_capture.driver_name | Driver Name | Character string | 2.6.0 to 3.6.0 |
| etw.wfp_capture.event_id | Event ID | Unsigned integer, 4 bytes | 2.6.0 to 3.6.0 |
| etw.wfp_capture.filter_id | Filter ID | Unsigned integer, 8 bytes | 2.6.0 to 3.6.0 |
| etw.wfp_capture.filter_weight | Filter Weight | Unsigned integer, 8 bytes | 2.6.0 to 3.6.0 |
| etw.wfp_capture.major_version | Major Version | Unsigned integer, 2 bytes | 2.6.0 to 3.6.0 |
| etw.wfp_capture.minor_version | Minor Version | Unsigned integer, 2 bytes | 2.6.0 to 3.6.0 |
| etw.wfp_capture.nt_status | NT Status | Unsigned integer, 4 bytes | 2.6.0 to 3.6.0 |