Display Filter Reference: Remote Registry Service

Protocol field name: winreg

Versions: 1.0.0 to 2.6.5

Back to Display Filter Reference

Field name Description Type Versions
winreg.access_mask Access Mask Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.handle Handle Sequence of bytes 1.0.0 to 2.6.5
winreg.KeySecurityAttribute.data_size Data Size Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.KeySecurityAttribute.inherit Inherit Unsigned integer, 1 byte 1.0.0 to 2.6.5
winreg.KeySecurityAttribute.sec_data Sec Data Label 1.0.0 to 2.6.5
winreg.KeySecurityData.data Data Unsigned integer, 1 byte 1.0.0 to 2.6.5
winreg.KeySecurityData.len Len Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.KeySecurityData.size Size Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.opnum Operation Unsigned integer, 2 bytes 1.0.0 to 2.6.5
winreg.QueryMultipleValue.length Length Unsigned integer, 4 bytes 1.0.0 to 1.10.14
winreg.QueryMultipleValue.name Name Character string 1.0.0 to 1.10.14
winreg.QueryMultipleValue.offset Offset Unsigned integer, 4 bytes 1.0.0 to 1.10.14
winreg.QueryMultipleValue.type Type Unsigned integer, 4 bytes 1.0.0 to 1.10.14
winreg.QueryMultipleValue.ve_type Ve Type Label 1.12.0 to 2.6.5
winreg.QueryMultipleValue.ve_valuelen Ve Valuelen Unsigned integer, 4 bytes 1.12.0 to 2.6.5
winreg.QueryMultipleValue.ve_valuename Ve Valuename Label 1.12.0 to 2.6.5
winreg.QueryMultipleValue.ve_valueptr Ve Valueptr Unsigned integer, 4 bytes 1.12.0 to 2.6.5
winreg.sd KeySecurityData Label 1.0.0 to 2.6.5
winreg.sd.actual_size Actual Size Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.sd.max_size Max Size Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.sd.offset Offset Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.system_name System Name Unsigned integer, 2 bytes 1.0.0 to 2.6.5
winreg.werror Windows Error Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_AbortSystemShutdown.server Server Unsigned integer, 2 bytes 1.0.0 to 2.6.5
winreg.winreg_AccessMask.KEY_CREATE_LINK KEY CREATE LINK Boolean 1.0.0 to 2.6.5
winreg.winreg_AccessMask.KEY_CREATE_SUB_KEY KEY CREATE SUB KEY Boolean 1.0.0 to 2.6.5
winreg.winreg_AccessMask.KEY_ENUMERATE_SUB_KEYS KEY ENUMERATE SUB KEYS Boolean 1.0.0 to 2.6.5
winreg.winreg_AccessMask.KEY_NOTIFY KEY NOTIFY Boolean 1.0.0 to 2.6.5
winreg.winreg_AccessMask.KEY_QUERY_VALUE KEY QUERY VALUE Boolean 1.0.0 to 2.6.5
winreg.winreg_AccessMask.KEY_SET_VALUE KEY SET VALUE Boolean 1.0.0 to 2.6.5
winreg.winreg_AccessMask.KEY_WOW64_32KEY KEY WOW64 32KEY Boolean 1.0.0 to 2.6.5
winreg.winreg_AccessMask.KEY_WOW64_64KEY KEY WOW64 64KEY Boolean 1.0.0 to 2.6.5
winreg.winreg_CreateKey.action_taken Action Taken Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_CreateKey.keyclass Keyclass Character string 1.0.0 to 2.6.5
winreg.winreg_CreateKey.name Name Character string 1.0.0 to 2.6.5
winreg.winreg_CreateKey.new_handle New Handle Sequence of bytes 1.0.0 to 2.6.5
winreg.winreg_CreateKey.options Options Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_CreateKey.secdesc Secdesc Label 1.0.0 to 2.6.5
winreg.winreg_DeleteKey.key Key Character string 1.0.0 to 2.6.5
winreg.winreg_DeleteKeyEx.access_mask Access Mask Unsigned integer, 4 bytes 1.12.0 to 2.6.5
winreg.winreg_DeleteKeyEx.handle Handle Sequence of bytes 1.12.0 to 2.6.5
winreg.winreg_DeleteKeyEx.key Key Character string 1.12.0 to 2.6.5
winreg.winreg_DeleteKeyEx.reserved Reserved Unsigned integer, 4 bytes 1.12.0 to 2.6.5
winreg.winreg_DeleteValue.value Value Character string 1.0.0 to 2.6.5
winreg.winreg_EnumKey.enum_index Enum Index Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_EnumKey.keyclass Keyclass Label 1.0.0 to 2.6.5
winreg.winreg_EnumKey.last_changed_time Last Changed Time Date and time 1.0.0 to 2.6.5
winreg.winreg_EnumKey.name Name Label 1.0.0 to 2.6.5
winreg.winreg_EnumValue.enum_index Enum Index Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_EnumValue.length Length Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_EnumValue.name Name Label 1.0.0 to 2.6.5
winreg.winreg_EnumValue.size Size Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_EnumValue.type Type Label 1.0.0 to 2.6.5
winreg.winreg_EnumValue.value Value Unsigned integer, 1 byte 1.0.0 to 2.6.5
winreg.winreg_GetKeySecurity.sec_info Sec Info Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_GetVersion.version Version Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_InitiateSystemShutdown.do_reboot Do Reboot Unsigned integer, 1 byte 1.12.0 to 2.6.5
winreg.winreg_InitiateSystemShutdown.force_apps Force Apps Unsigned integer, 1 byte 1.0.0 to 2.6.5
winreg.winreg_InitiateSystemShutdown.hostname Hostname Unsigned integer, 2 bytes 1.0.0 to 2.6.5
winreg.winreg_InitiateSystemShutdown.message Message Label 1.0.0 to 2.6.5
winreg.winreg_InitiateSystemShutdown.reboot Reboot Unsigned integer, 1 byte 1.0.0 to 1.10.14
winreg.winreg_InitiateSystemShutdown.timeout Timeout Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_InitiateSystemShutdownEx.do_reboot Do Reboot Unsigned integer, 1 byte 1.12.0 to 2.6.5
winreg.winreg_InitiateSystemShutdownEx.force_apps Force Apps Unsigned integer, 1 byte 1.0.0 to 2.6.5
winreg.winreg_InitiateSystemShutdownEx.hostname Hostname Unsigned integer, 2 bytes 1.0.0 to 2.6.5
winreg.winreg_InitiateSystemShutdownEx.message Message Label 1.0.0 to 2.6.5
winreg.winreg_InitiateSystemShutdownEx.reason Reason Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_InitiateSystemShutdownEx.reboot Reboot Unsigned integer, 1 byte 1.0.0 to 1.10.14
winreg.winreg_InitiateSystemShutdownEx.timeout Timeout Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_KeyOptions.REG_OPTION_BACKUP_RESTORE REG OPTION BACKUP RESTORE Boolean 1.12.0 to 2.6.5
winreg.winreg_KeyOptions.REG_OPTION_CREATE_LINK REG OPTION CREATE LINK Boolean 1.12.0 to 2.6.5
winreg.winreg_KeyOptions.REG_OPTION_OPEN_LINK REG OPTION OPEN LINK Boolean 1.12.0 to 2.6.5
winreg.winreg_KeyOptions.REG_OPTION_VOLATILE REG OPTION VOLATILE Boolean 1.12.0 to 2.6.5
winreg.winreg_LoadKey.filename Filename Character string 1.0.0 to 2.6.5
winreg.winreg_LoadKey.keyname Keyname Character string 1.0.0 to 2.6.5
winreg.winreg_NotifyChangeKeyValue.notify_filter Notify Filter Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_NotifyChangeKeyValue.string1 String1 Character string 1.0.0 to 2.6.5
winreg.winreg_NotifyChangeKeyValue.string2 String2 Character string 1.0.0 to 2.6.5
winreg.winreg_NotifyChangeKeyValue.unknown Unknown Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_NotifyChangeKeyValue.unknown2 Unknown2 Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_NotifyChangeKeyValue.watch_subtree Watch Subtree Unsigned integer, 1 byte 1.0.0 to 2.6.5
winreg.winreg_NotifyChangeType.REG_NOTIFY_CHANGE_ATTRIBUTES REG NOTIFY CHANGE ATTRIBUTES Boolean 1.12.0 to 2.6.5
winreg.winreg_NotifyChangeType.REG_NOTIFY_CHANGE_LAST_SET REG NOTIFY CHANGE LAST SET Boolean 1.12.0 to 2.6.5
winreg.winreg_NotifyChangeType.REG_NOTIFY_CHANGE_NAME REG NOTIFY CHANGE NAME Boolean 1.12.0 to 2.6.5
winreg.winreg_NotifyChangeType.REG_NOTIFY_CHANGE_SECURITY REG NOTIFY CHANGE SECURITY Boolean 1.12.0 to 2.6.5
winreg.winreg_OpenHKCU.access_mask Access Mask Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_OpenHKPD.access_mask Access Mask Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_OpenKey.access_mask Access Mask Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_OpenKey.keyname Keyname Character string 1.0.0 to 2.6.5
winreg.winreg_OpenKey.options Options Unsigned integer, 4 bytes 1.12.0 to 2.6.5
winreg.winreg_OpenKey.parent_handle Parent Handle Sequence of bytes 1.0.0 to 2.6.5
winreg.winreg_OpenKey.unknown Unknown Unsigned integer, 4 bytes 1.0.0 to 1.10.14
winreg.winreg_QueryInfoKey.classname Classname Character string 1.0.0 to 2.6.5
winreg.winreg_QueryInfoKey.last_changed_time Last Changed Time Date and time 1.0.0 to 2.6.5
winreg.winreg_QueryInfoKey.max_classlen Max Classlen Unsigned integer, 4 bytes 1.12.0 to 2.6.5
winreg.winreg_QueryInfoKey.max_subkeylen Max Subkeylen Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_QueryInfoKey.max_subkeysize Max Subkeysize Unsigned integer, 4 bytes 1.0.0 to 1.10.14
winreg.winreg_QueryInfoKey.max_valbufsize Max Valbufsize Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_QueryInfoKey.max_valnamelen Max Valnamelen Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_QueryInfoKey.num_subkeys Num Subkeys Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_QueryInfoKey.num_values Num Values Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_QueryInfoKey.secdescsize Secdescsize Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_QueryMultipleValues.buffer Buffer Unsigned integer, 1 byte 1.0.0 to 2.6.5
winreg.winreg_QueryMultipleValues.buffer_size Buffer Size Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_QueryMultipleValues.key_handle Key Handle Sequence of bytes 1.0.0 to 2.6.5
winreg.winreg_QueryMultipleValues.num_values Num Values Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_QueryMultipleValues.values Values Label 1.0.0 to 1.10.14
winreg.winreg_QueryMultipleValues.values_in Values In Label 1.12.0 to 2.6.5
winreg.winreg_QueryMultipleValues.values_out Values Out Label 1.12.0 to 2.6.5
winreg.winreg_QueryMultipleValues2.buffer Buffer Unsigned integer, 1 byte 1.12.0 to 2.6.5
winreg.winreg_QueryMultipleValues2.key_handle Key Handle Sequence of bytes 1.12.0 to 2.6.5
winreg.winreg_QueryMultipleValues2.needed Needed Unsigned integer, 4 bytes 1.12.0 to 2.6.5
winreg.winreg_QueryMultipleValues2.num_values Num Values Unsigned integer, 4 bytes 1.12.0 to 2.6.5
winreg.winreg_QueryMultipleValues2.offered Offered Unsigned integer, 4 bytes 1.12.0 to 2.6.5
winreg.winreg_QueryMultipleValues2.values_in Values In Label 1.12.0 to 2.6.5
winreg.winreg_QueryMultipleValues2.values_out Values Out Label 1.12.0 to 2.6.5
winreg.winreg_QueryValue.data Data Unsigned integer, 1 byte 1.0.0 to 2.6.5
winreg.winreg_QueryValue.data_length Data Length Unsigned integer, 4 bytes 1.12.0 to 2.6.5
winreg.winreg_QueryValue.data_size Data Size Unsigned integer, 4 bytes 1.12.0 to 2.6.5
winreg.winreg_QueryValue.length Length Unsigned integer, 4 bytes 1.0.0 to 1.10.14
winreg.winreg_QueryValue.size Size Unsigned integer, 4 bytes 1.0.0 to 1.10.14
winreg.winreg_QueryValue.type Type Label 1.0.0 to 2.6.5
winreg.winreg_QueryValue.value_name Value Name Character string 1.0.0 to 2.6.5
winreg.winreg_ReplaceKey.handle Handle Sequence of bytes 1.12.0 to 2.6.5
winreg.winreg_ReplaceKey.new_file New File Character string 1.12.0 to 2.6.5
winreg.winreg_ReplaceKey.old_file Old File Character string 1.12.0 to 2.6.5
winreg.winreg_ReplaceKey.subkey Subkey Character string 1.12.0 to 2.6.5
winreg.winreg_RestoreKey.filename Filename Character string 1.0.0 to 2.6.5
winreg.winreg_RestoreKey.flags Flags Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_RestoreKey.handle Handle Sequence of bytes 1.0.0 to 2.6.5
winreg.winreg_RestoreKeyFlags.REG_FORCE_RESTORE REG FORCE RESTORE Boolean 1.12.0 to 2.6.5
winreg.winreg_RestoreKeyFlags.REG_NO_LAZY_FLUSH REG NO LAZY FLUSH Boolean 1.12.0 to 2.6.5
winreg.winreg_RestoreKeyFlags.REG_REFRESH_HIVE REG REFRESH HIVE Boolean 1.12.0 to 2.6.5
winreg.winreg_RestoreKeyFlags.REG_WHOLE_HIVE_VOLATILE REG WHOLE HIVE VOLATILE Boolean 1.12.0 to 2.6.5
winreg.winreg_SaveKey.filename Filename Character string 1.0.0 to 2.6.5
winreg.winreg_SaveKey.handle Handle Sequence of bytes 1.0.0 to 2.6.5
winreg.winreg_SaveKey.sec_attrib Sec Attrib Label 1.0.0 to 2.6.5
winreg.winreg_SaveKeyEx.filename Filename Character string 1.12.0 to 2.6.5
winreg.winreg_SaveKeyEx.flags Flags Unsigned integer, 4 bytes 1.12.0 to 2.6.5
winreg.winreg_SaveKeyEx.handle Handle Sequence of bytes 1.12.0 to 2.6.5
winreg.winreg_SaveKeyEx.sec_attrib Sec Attrib Label 1.12.0 to 2.6.5
winreg.winreg_SecBuf.inherit Inherit Unsigned integer, 1 byte 1.0.0 to 2.6.5
winreg.winreg_SecBuf.length Length Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_SecBuf.sd Sd Label 1.0.0 to 2.6.5
winreg.winreg_SetKeySecurity.access_mask Access Mask Unsigned integer, 4 bytes 1.0.0 to 1.10.14
winreg.winreg_SetKeySecurity.sec_info Sec Info Unsigned integer, 4 bytes 1.12.0 to 2.6.5
winreg.winreg_SetValue.data Data Unsigned integer, 1 byte 1.0.0 to 2.6.5
winreg.winreg_SetValue.name Name Character string 1.0.0 to 2.6.5
winreg.winreg_SetValue.size Size Unsigned integer, 4 bytes 1.0.0 to 2.6.5
winreg.winreg_SetValue.type Type Label 1.0.0 to 2.6.5
winreg.winreg_String.name Name Character string 1.0.0 to 2.6.5
winreg.winreg_String.name_len Name Len Unsigned integer, 2 bytes 1.0.0 to 2.6.5
winreg.winreg_String.name_size Name Size Unsigned integer, 2 bytes 1.0.0 to 2.6.5
winreg.winreg_StringBuf.length Length Unsigned integer, 2 bytes 1.0.0 to 2.6.5
winreg.winreg_StringBuf.name Name Unsigned integer, 2 bytes 1.0.0 to 2.6.5
winreg.winreg_StringBuf.size Size Unsigned integer, 2 bytes 1.0.0 to 2.6.5
winreg.winreg_UnLoadKey.handle Handle Sequence of bytes 1.12.0 to 2.6.5
winreg.winreg_UnLoadKey.subkey Subkey Character string 1.12.0 to 2.6.5
winreg.winreg_ValNameBuf.length Length Unsigned integer, 2 bytes 1.12.0 to 2.6.5
winreg.winreg_ValNameBuf.name Name Unsigned integer, 2 bytes 1.12.0 to 2.6.5
winreg.winreg_ValNameBuf.size Size Unsigned integer, 2 bytes 1.12.0 to 2.6.5
Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More