Display Filter Reference: Remote Registry Service

Protocol field name: winreg

Versions: 1.0.0 to 3.6.8

Back to Display Filter Reference

Field name Description Type Versions
winreg.access_mask Access Mask Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.handle Handle Byte sequence 1.0.0 to 3.6.8
winreg.KeySecurityAttribute.data_size Data Size Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.KeySecurityAttribute.inherit Inherit Unsigned integer (1 byte) 1.0.0 to 3.6.8
winreg.KeySecurityAttribute.sec_data Sec Data Label 1.0.0 to 3.6.8
winreg.KeySecurityData.data Data Unsigned integer (1 byte) 1.0.0 to 3.6.8
winreg.KeySecurityData.len Len Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.KeySecurityData.size Size Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.opnum Operation Unsigned integer (2 bytes) 1.0.0 to 3.6.8
winreg.QueryMultipleValue.length Length Unsigned integer (4 bytes) 1.0.0 to 1.10.14
winreg.QueryMultipleValue.name Name Character string 1.0.0 to 1.10.14
winreg.QueryMultipleValue.offset Offset Unsigned integer (4 bytes) 1.0.0 to 1.10.14
winreg.QueryMultipleValue.type Type Unsigned integer (4 bytes) 1.0.0 to 1.10.14
winreg.QueryMultipleValue.ve_type Ve Type Label 1.12.0 to 3.6.8
winreg.QueryMultipleValue.ve_valuelen Ve Valuelen Unsigned integer (4 bytes) 1.12.0 to 3.6.8
winreg.QueryMultipleValue.ve_valuename Ve Valuename Label 1.12.0 to 3.6.8
winreg.QueryMultipleValue.ve_valueptr Ve Valueptr Unsigned integer (4 bytes) 1.12.0 to 3.6.8
winreg.sd KeySecurityData Label 1.0.0 to 3.6.8
winreg.sd.actual_size Actual Size Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.sd.max_size Max Size Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.sd.offset Offset Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.system_name System Name Unsigned integer (2 bytes) 1.0.0 to 3.6.8
winreg.werror Windows Error Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_AbortSystemShutdown.server Server Unsigned integer (2 bytes) 1.0.0 to 3.6.8
winreg.winreg_AccessMask.KEY_CREATE_LINK KEY CREATE LINK Boolean 1.0.0 to 3.6.8
winreg.winreg_AccessMask.KEY_CREATE_SUB_KEY KEY CREATE SUB KEY Boolean 1.0.0 to 3.6.8
winreg.winreg_AccessMask.KEY_ENUMERATE_SUB_KEYS KEY ENUMERATE SUB KEYS Boolean 1.0.0 to 3.6.8
winreg.winreg_AccessMask.KEY_NOTIFY KEY NOTIFY Boolean 1.0.0 to 3.6.8
winreg.winreg_AccessMask.KEY_QUERY_VALUE KEY QUERY VALUE Boolean 1.0.0 to 3.6.8
winreg.winreg_AccessMask.KEY_SET_VALUE KEY SET VALUE Boolean 1.0.0 to 3.6.8
winreg.winreg_AccessMask.KEY_WOW64_32KEY KEY WOW64 32KEY Boolean 1.0.0 to 3.6.8
winreg.winreg_AccessMask.KEY_WOW64_64KEY KEY WOW64 64KEY Boolean 1.0.0 to 3.6.8
winreg.winreg_CreateKey.action_taken Action Taken Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_CreateKey.keyclass Keyclass Character string 1.0.0 to 3.6.8
winreg.winreg_CreateKey.name Name Character string 1.0.0 to 3.6.8
winreg.winreg_CreateKey.new_handle New Handle Byte sequence 1.0.0 to 3.6.8
winreg.winreg_CreateKey.options Options Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_CreateKey.secdesc Secdesc Label 1.0.0 to 3.6.8
winreg.winreg_DeleteKey.key Key Character string 1.0.0 to 3.6.8
winreg.winreg_DeleteKeyEx.access_mask Access Mask Unsigned integer (4 bytes) 1.12.0 to 3.6.8
winreg.winreg_DeleteKeyEx.handle Handle Byte sequence 1.12.0 to 3.6.8
winreg.winreg_DeleteKeyEx.key Key Character string 1.12.0 to 3.6.8
winreg.winreg_DeleteKeyEx.reserved Reserved Unsigned integer (4 bytes) 1.12.0 to 3.6.8
winreg.winreg_DeleteValue.value Value Character string 1.0.0 to 3.6.8
winreg.winreg_EnumKey.enum_index Enum Index Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_EnumKey.keyclass Keyclass Label 1.0.0 to 3.6.8
winreg.winreg_EnumKey.last_changed_time Last Changed Time Date and time 1.0.0 to 3.6.8
winreg.winreg_EnumKey.name Name Label 1.0.0 to 3.6.8
winreg.winreg_EnumValue.enum_index Enum Index Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_EnumValue.length Length Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_EnumValue.name Name Label 1.0.0 to 3.6.8
winreg.winreg_EnumValue.size Size Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_EnumValue.type Type Label 1.0.0 to 3.6.8
winreg.winreg_EnumValue.value Value Unsigned integer (1 byte) 1.0.0 to 3.6.8
winreg.winreg_GetKeySecurity.sec_info Sec Info Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_GetVersion.version Version Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_InitiateSystemShutdown.do_reboot Do Reboot Unsigned integer (1 byte) 1.12.0 to 3.6.8
winreg.winreg_InitiateSystemShutdown.force_apps Force Apps Unsigned integer (1 byte) 1.0.0 to 3.6.8
winreg.winreg_InitiateSystemShutdown.hostname Hostname Unsigned integer (2 bytes) 1.0.0 to 3.6.8
winreg.winreg_InitiateSystemShutdown.message Message Label 1.0.0 to 3.6.8
winreg.winreg_InitiateSystemShutdown.reboot Reboot Unsigned integer (1 byte) 1.0.0 to 1.10.14
winreg.winreg_InitiateSystemShutdown.timeout Timeout Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_InitiateSystemShutdownEx.do_reboot Do Reboot Unsigned integer (1 byte) 1.12.0 to 3.6.8
winreg.winreg_InitiateSystemShutdownEx.force_apps Force Apps Unsigned integer (1 byte) 1.0.0 to 3.6.8
winreg.winreg_InitiateSystemShutdownEx.hostname Hostname Unsigned integer (2 bytes) 1.0.0 to 3.6.8
winreg.winreg_InitiateSystemShutdownEx.message Message Label 1.0.0 to 3.6.8
winreg.winreg_InitiateSystemShutdownEx.reason Reason Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_InitiateSystemShutdownEx.reboot Reboot Unsigned integer (1 byte) 1.0.0 to 1.10.14
winreg.winreg_InitiateSystemShutdownEx.timeout Timeout Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_KeyOptions.REG_OPTION_BACKUP_RESTORE REG OPTION BACKUP RESTORE Boolean 1.12.0 to 3.6.8
winreg.winreg_KeyOptions.REG_OPTION_CREATE_LINK REG OPTION CREATE LINK Boolean 1.12.0 to 3.6.8
winreg.winreg_KeyOptions.REG_OPTION_OPEN_LINK REG OPTION OPEN LINK Boolean 1.12.0 to 3.6.8
winreg.winreg_KeyOptions.REG_OPTION_VOLATILE REG OPTION VOLATILE Boolean 1.12.0 to 3.6.8
winreg.winreg_LoadKey.filename Filename Character string 1.0.0 to 3.6.8
winreg.winreg_LoadKey.keyname Keyname Character string 1.0.0 to 3.6.8
winreg.winreg_NotifyChangeKeyValue.notify_filter Notify Filter Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_NotifyChangeKeyValue.string1 String1 Character string 1.0.0 to 3.6.8
winreg.winreg_NotifyChangeKeyValue.string2 String2 Character string 1.0.0 to 3.6.8
winreg.winreg_NotifyChangeKeyValue.unknown Unknown Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_NotifyChangeKeyValue.unknown2 Unknown2 Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_NotifyChangeKeyValue.watch_subtree Watch Subtree Unsigned integer (1 byte) 1.0.0 to 3.6.8
winreg.winreg_NotifyChangeType.REG_NOTIFY_CHANGE_ATTRIBUTES REG NOTIFY CHANGE ATTRIBUTES Boolean 1.12.0 to 3.6.8
winreg.winreg_NotifyChangeType.REG_NOTIFY_CHANGE_LAST_SET REG NOTIFY CHANGE LAST SET Boolean 1.12.0 to 3.6.8
winreg.winreg_NotifyChangeType.REG_NOTIFY_CHANGE_NAME REG NOTIFY CHANGE NAME Boolean 1.12.0 to 3.6.8
winreg.winreg_NotifyChangeType.REG_NOTIFY_CHANGE_SECURITY REG NOTIFY CHANGE SECURITY Boolean 1.12.0 to 3.6.8
winreg.winreg_OpenHKCU.access_mask Access Mask Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_OpenHKPD.access_mask Access Mask Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_OpenKey.access_mask Access Mask Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_OpenKey.keyname Keyname Character string 1.0.0 to 3.6.8
winreg.winreg_OpenKey.options Options Unsigned integer (4 bytes) 1.12.0 to 3.6.8
winreg.winreg_OpenKey.parent_handle Parent Handle Byte sequence 1.0.0 to 3.6.8
winreg.winreg_OpenKey.unknown Unknown Unsigned integer (4 bytes) 1.0.0 to 1.10.14
winreg.winreg_QueryInfoKey.classname Classname Character string 1.0.0 to 3.6.8
winreg.winreg_QueryInfoKey.last_changed_time Last Changed Time Date and time 1.0.0 to 3.6.8
winreg.winreg_QueryInfoKey.max_classlen Max Classlen Unsigned integer (4 bytes) 1.12.0 to 3.6.8
winreg.winreg_QueryInfoKey.max_subkeylen Max Subkeylen Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_QueryInfoKey.max_subkeysize Max Subkeysize Unsigned integer (4 bytes) 1.0.0 to 1.10.14
winreg.winreg_QueryInfoKey.max_valbufsize Max Valbufsize Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_QueryInfoKey.max_valnamelen Max Valnamelen Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_QueryInfoKey.num_subkeys Num Subkeys Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_QueryInfoKey.num_values Num Values Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_QueryInfoKey.secdescsize Secdescsize Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_QueryMultipleValues.buffer Buffer Unsigned integer (1 byte) 1.0.0 to 3.6.8
winreg.winreg_QueryMultipleValues.buffer_size Buffer Size Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_QueryMultipleValues.key_handle Key Handle Byte sequence 1.0.0 to 3.6.8
winreg.winreg_QueryMultipleValues.num_values Num Values Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_QueryMultipleValues.values Values Label 1.0.0 to 1.10.14
winreg.winreg_QueryMultipleValues.values_in Values In Label 1.12.0 to 3.6.8
winreg.winreg_QueryMultipleValues.values_out Values Out Label 1.12.0 to 3.6.8
winreg.winreg_QueryMultipleValues2.buffer Buffer Unsigned integer (1 byte) 1.12.0 to 3.6.8
winreg.winreg_QueryMultipleValues2.key_handle Key Handle Byte sequence 1.12.0 to 3.6.8
winreg.winreg_QueryMultipleValues2.needed Needed Unsigned integer (4 bytes) 1.12.0 to 3.6.8
winreg.winreg_QueryMultipleValues2.num_values Num Values Unsigned integer (4 bytes) 1.12.0 to 3.6.8
winreg.winreg_QueryMultipleValues2.offered Offered Unsigned integer (4 bytes) 1.12.0 to 3.6.8
winreg.winreg_QueryMultipleValues2.values_in Values In Label 1.12.0 to 3.6.8
winreg.winreg_QueryMultipleValues2.values_out Values Out Label 1.12.0 to 3.6.8
winreg.winreg_QueryValue.data Data Unsigned integer (1 byte) 1.0.0 to 3.6.8
winreg.winreg_QueryValue.data_length Data Length Unsigned integer (4 bytes) 1.12.0 to 3.6.8
winreg.winreg_QueryValue.data_size Data Size Unsigned integer (4 bytes) 1.12.0 to 3.6.8
winreg.winreg_QueryValue.length Length Unsigned integer (4 bytes) 1.0.0 to 1.10.14
winreg.winreg_QueryValue.size Size Unsigned integer (4 bytes) 1.0.0 to 1.10.14
winreg.winreg_QueryValue.type Type Label 1.0.0 to 3.6.8
winreg.winreg_QueryValue.value_name Value Name Character string 1.0.0 to 3.6.8
winreg.winreg_ReplaceKey.handle Handle Byte sequence 1.12.0 to 3.6.8
winreg.winreg_ReplaceKey.new_file New File Character string 1.12.0 to 3.6.8
winreg.winreg_ReplaceKey.old_file Old File Character string 1.12.0 to 3.6.8
winreg.winreg_ReplaceKey.subkey Subkey Character string 1.12.0 to 3.6.8
winreg.winreg_RestoreKey.filename Filename Character string 1.0.0 to 3.6.8
winreg.winreg_RestoreKey.flags Flags Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_RestoreKey.handle Handle Byte sequence 1.0.0 to 3.6.8
winreg.winreg_RestoreKeyFlags.REG_FORCE_RESTORE REG FORCE RESTORE Boolean 1.12.0 to 3.6.8
winreg.winreg_RestoreKeyFlags.REG_NO_LAZY_FLUSH REG NO LAZY FLUSH Boolean 1.12.0 to 3.6.8
winreg.winreg_RestoreKeyFlags.REG_REFRESH_HIVE REG REFRESH HIVE Boolean 1.12.0 to 3.6.8
winreg.winreg_RestoreKeyFlags.REG_WHOLE_HIVE_VOLATILE REG WHOLE HIVE VOLATILE Boolean 1.12.0 to 3.6.8
winreg.winreg_SaveKey.filename Filename Character string 1.0.0 to 3.6.8
winreg.winreg_SaveKey.handle Handle Byte sequence 1.0.0 to 3.6.8
winreg.winreg_SaveKey.sec_attrib Sec Attrib Label 1.0.0 to 3.6.8
winreg.winreg_SaveKeyEx.filename Filename Character string 1.12.0 to 3.6.8
winreg.winreg_SaveKeyEx.flags Flags Unsigned integer (4 bytes) 1.12.0 to 3.6.8
winreg.winreg_SaveKeyEx.handle Handle Byte sequence 1.12.0 to 3.6.8
winreg.winreg_SaveKeyEx.sec_attrib Sec Attrib Label 1.12.0 to 3.6.8
winreg.winreg_SecBuf.inherit Inherit Unsigned integer (1 byte) 1.0.0 to 3.6.8
winreg.winreg_SecBuf.length Length Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_SecBuf.sd Sd Label 1.0.0 to 3.6.8
winreg.winreg_SetKeySecurity.access_mask Access Mask Unsigned integer (4 bytes) 1.0.0 to 1.10.14
winreg.winreg_SetKeySecurity.sec_info Sec Info Unsigned integer (4 bytes) 1.12.0 to 3.6.8
winreg.winreg_SetValue.data Data Unsigned integer (1 byte) 1.0.0 to 3.6.8
winreg.winreg_SetValue.name Name Character string 1.0.0 to 3.6.8
winreg.winreg_SetValue.size Size Unsigned integer (4 bytes) 1.0.0 to 3.6.8
winreg.winreg_SetValue.type Type Label 1.0.0 to 3.6.8
winreg.winreg_String.name Name Character string 1.0.0 to 3.6.8
winreg.winreg_String.name_len Name Len Unsigned integer (2 bytes) 1.0.0 to 3.6.8
winreg.winreg_String.name_size Name Size Unsigned integer (2 bytes) 1.0.0 to 3.6.8
winreg.winreg_StringBuf.length Length Unsigned integer (2 bytes) 1.0.0 to 3.6.8
winreg.winreg_StringBuf.name Name Unsigned integer (2 bytes) 1.0.0 to 3.6.8
winreg.winreg_StringBuf.size Size Unsigned integer (2 bytes) 1.0.0 to 3.6.8
winreg.winreg_UnLoadKey.handle Handle Byte sequence 1.12.0 to 3.6.8
winreg.winreg_UnLoadKey.subkey Subkey Character string 1.12.0 to 3.6.8
winreg.winreg_ValNameBuf.length Length Unsigned integer (2 bytes) 1.12.0 to 3.6.8
winreg.winreg_ValNameBuf.name Name Unsigned integer (2 bytes) 1.12.0 to 3.6.8
winreg.winreg_ValNameBuf.size Size Unsigned integer (2 bytes) 1.12.0 to 3.6.8