Display Filter Reference: Remote Registry Service
Protocol field name: winreg
Versions: 1.0.0 to 3.4.5
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| winreg.access_mask | Access Mask | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.handle | Handle | Sequence of bytes | 1.0.0 to 3.4.5 |
| winreg.KeySecurityAttribute.data_size | Data Size | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.KeySecurityAttribute.inherit | Inherit | Unsigned integer, 1 byte | 1.0.0 to 3.4.5 |
| winreg.KeySecurityAttribute.sec_data | Sec Data | Label | 1.0.0 to 3.4.5 |
| winreg.KeySecurityData.data | Data | Unsigned integer, 1 byte | 1.0.0 to 3.4.5 |
| winreg.KeySecurityData.len | Len | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.KeySecurityData.size | Size | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.opnum | Operation | Unsigned integer, 2 bytes | 1.0.0 to 3.4.5 |
| winreg.QueryMultipleValue.length | Length | Unsigned integer, 4 bytes | 1.0.0 to 1.10.14 |
| winreg.QueryMultipleValue.name | Name | Character string | 1.0.0 to 1.10.14 |
| winreg.QueryMultipleValue.offset | Offset | Unsigned integer, 4 bytes | 1.0.0 to 1.10.14 |
| winreg.QueryMultipleValue.type | Type | Unsigned integer, 4 bytes | 1.0.0 to 1.10.14 |
| winreg.QueryMultipleValue.ve_type | Ve Type | Label | 1.12.0 to 3.4.5 |
| winreg.QueryMultipleValue.ve_valuelen | Ve Valuelen | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| winreg.QueryMultipleValue.ve_valuename | Ve Valuename | Label | 1.12.0 to 3.4.5 |
| winreg.QueryMultipleValue.ve_valueptr | Ve Valueptr | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| winreg.sd | KeySecurityData | Label | 1.0.0 to 3.4.5 |
| winreg.sd.actual_size | Actual Size | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.sd.max_size | Max Size | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.sd.offset | Offset | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.system_name | System Name | Unsigned integer, 2 bytes | 1.0.0 to 3.4.5 |
| winreg.werror | Windows Error | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_AbortSystemShutdown.server | Server | Unsigned integer, 2 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_AccessMask.KEY_CREATE_LINK | KEY CREATE LINK | Boolean | 1.0.0 to 3.4.5 |
| winreg.winreg_AccessMask.KEY_CREATE_SUB_KEY | KEY CREATE SUB KEY | Boolean | 1.0.0 to 3.4.5 |
| winreg.winreg_AccessMask.KEY_ENUMERATE_SUB_KEYS | KEY ENUMERATE SUB KEYS | Boolean | 1.0.0 to 3.4.5 |
| winreg.winreg_AccessMask.KEY_NOTIFY | KEY NOTIFY | Boolean | 1.0.0 to 3.4.5 |
| winreg.winreg_AccessMask.KEY_QUERY_VALUE | KEY QUERY VALUE | Boolean | 1.0.0 to 3.4.5 |
| winreg.winreg_AccessMask.KEY_SET_VALUE | KEY SET VALUE | Boolean | 1.0.0 to 3.4.5 |
| winreg.winreg_AccessMask.KEY_WOW64_32KEY | KEY WOW64 32KEY | Boolean | 1.0.0 to 3.4.5 |
| winreg.winreg_AccessMask.KEY_WOW64_64KEY | KEY WOW64 64KEY | Boolean | 1.0.0 to 3.4.5 |
| winreg.winreg_CreateKey.action_taken | Action Taken | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_CreateKey.keyclass | Keyclass | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_CreateKey.name | Name | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_CreateKey.new_handle | New Handle | Sequence of bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_CreateKey.options | Options | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_CreateKey.secdesc | Secdesc | Label | 1.0.0 to 3.4.5 |
| winreg.winreg_DeleteKey.key | Key | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_DeleteKeyEx.access_mask | Access Mask | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_DeleteKeyEx.handle | Handle | Sequence of bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_DeleteKeyEx.key | Key | Character string | 1.12.0 to 3.4.5 |
| winreg.winreg_DeleteKeyEx.reserved | Reserved | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_DeleteValue.value | Value | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_EnumKey.enum_index | Enum Index | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_EnumKey.keyclass | Keyclass | Label | 1.0.0 to 3.4.5 |
| winreg.winreg_EnumKey.last_changed_time | Last Changed Time | Date and time | 1.0.0 to 3.4.5 |
| winreg.winreg_EnumKey.name | Name | Label | 1.0.0 to 3.4.5 |
| winreg.winreg_EnumValue.enum_index | Enum Index | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_EnumValue.length | Length | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_EnumValue.name | Name | Label | 1.0.0 to 3.4.5 |
| winreg.winreg_EnumValue.size | Size | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_EnumValue.type | Type | Label | 1.0.0 to 3.4.5 |
| winreg.winreg_EnumValue.value | Value | Unsigned integer, 1 byte | 1.0.0 to 3.4.5 |
| winreg.winreg_GetKeySecurity.sec_info | Sec Info | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_GetVersion.version | Version | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_InitiateSystemShutdown.do_reboot | Do Reboot | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| winreg.winreg_InitiateSystemShutdown.force_apps | Force Apps | Unsigned integer, 1 byte | 1.0.0 to 3.4.5 |
| winreg.winreg_InitiateSystemShutdown.hostname | Hostname | Unsigned integer, 2 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_InitiateSystemShutdown.message | Message | Label | 1.0.0 to 3.4.5 |
| winreg.winreg_InitiateSystemShutdown.reboot | Reboot | Unsigned integer, 1 byte | 1.0.0 to 1.10.14 |
| winreg.winreg_InitiateSystemShutdown.timeout | Timeout | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_InitiateSystemShutdownEx.do_reboot | Do Reboot | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| winreg.winreg_InitiateSystemShutdownEx.force_apps | Force Apps | Unsigned integer, 1 byte | 1.0.0 to 3.4.5 |
| winreg.winreg_InitiateSystemShutdownEx.hostname | Hostname | Unsigned integer, 2 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_InitiateSystemShutdownEx.message | Message | Label | 1.0.0 to 3.4.5 |
| winreg.winreg_InitiateSystemShutdownEx.reason | Reason | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_InitiateSystemShutdownEx.reboot | Reboot | Unsigned integer, 1 byte | 1.0.0 to 1.10.14 |
| winreg.winreg_InitiateSystemShutdownEx.timeout | Timeout | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_KeyOptions.REG_OPTION_BACKUP_RESTORE | REG OPTION BACKUP RESTORE | Boolean | 1.12.0 to 3.4.5 |
| winreg.winreg_KeyOptions.REG_OPTION_CREATE_LINK | REG OPTION CREATE LINK | Boolean | 1.12.0 to 3.4.5 |
| winreg.winreg_KeyOptions.REG_OPTION_OPEN_LINK | REG OPTION OPEN LINK | Boolean | 1.12.0 to 3.4.5 |
| winreg.winreg_KeyOptions.REG_OPTION_VOLATILE | REG OPTION VOLATILE | Boolean | 1.12.0 to 3.4.5 |
| winreg.winreg_LoadKey.filename | Filename | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_LoadKey.keyname | Keyname | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_NotifyChangeKeyValue.notify_filter | Notify Filter | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_NotifyChangeKeyValue.string1 | String1 | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_NotifyChangeKeyValue.string2 | String2 | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_NotifyChangeKeyValue.unknown | Unknown | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_NotifyChangeKeyValue.unknown2 | Unknown2 | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_NotifyChangeKeyValue.watch_subtree | Watch Subtree | Unsigned integer, 1 byte | 1.0.0 to 3.4.5 |
| winreg.winreg_NotifyChangeType.REG_NOTIFY_CHANGE_ATTRIBUTES | REG NOTIFY CHANGE ATTRIBUTES | Boolean | 1.12.0 to 3.4.5 |
| winreg.winreg_NotifyChangeType.REG_NOTIFY_CHANGE_LAST_SET | REG NOTIFY CHANGE LAST SET | Boolean | 1.12.0 to 3.4.5 |
| winreg.winreg_NotifyChangeType.REG_NOTIFY_CHANGE_NAME | REG NOTIFY CHANGE NAME | Boolean | 1.12.0 to 3.4.5 |
| winreg.winreg_NotifyChangeType.REG_NOTIFY_CHANGE_SECURITY | REG NOTIFY CHANGE SECURITY | Boolean | 1.12.0 to 3.4.5 |
| winreg.winreg_OpenHKCU.access_mask | Access Mask | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_OpenHKPD.access_mask | Access Mask | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_OpenKey.access_mask | Access Mask | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_OpenKey.keyname | Keyname | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_OpenKey.options | Options | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_OpenKey.parent_handle | Parent Handle | Sequence of bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_OpenKey.unknown | Unknown | Unsigned integer, 4 bytes | 1.0.0 to 1.10.14 |
| winreg.winreg_QueryInfoKey.classname | Classname | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_QueryInfoKey.last_changed_time | Last Changed Time | Date and time | 1.0.0 to 3.4.5 |
| winreg.winreg_QueryInfoKey.max_classlen | Max Classlen | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_QueryInfoKey.max_subkeylen | Max Subkeylen | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_QueryInfoKey.max_subkeysize | Max Subkeysize | Unsigned integer, 4 bytes | 1.0.0 to 1.10.14 |
| winreg.winreg_QueryInfoKey.max_valbufsize | Max Valbufsize | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_QueryInfoKey.max_valnamelen | Max Valnamelen | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_QueryInfoKey.num_subkeys | Num Subkeys | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_QueryInfoKey.num_values | Num Values | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_QueryInfoKey.secdescsize | Secdescsize | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_QueryMultipleValues.buffer | Buffer | Unsigned integer, 1 byte | 1.0.0 to 3.4.5 |
| winreg.winreg_QueryMultipleValues.buffer_size | Buffer Size | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_QueryMultipleValues.key_handle | Key Handle | Sequence of bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_QueryMultipleValues.num_values | Num Values | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_QueryMultipleValues.values | Values | Label | 1.0.0 to 1.10.14 |
| winreg.winreg_QueryMultipleValues.values_in | Values In | Label | 1.12.0 to 3.4.5 |
| winreg.winreg_QueryMultipleValues.values_out | Values Out | Label | 1.12.0 to 3.4.5 |
| winreg.winreg_QueryMultipleValues2.buffer | Buffer | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| winreg.winreg_QueryMultipleValues2.key_handle | Key Handle | Sequence of bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_QueryMultipleValues2.needed | Needed | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_QueryMultipleValues2.num_values | Num Values | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_QueryMultipleValues2.offered | Offered | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_QueryMultipleValues2.values_in | Values In | Label | 1.12.0 to 3.4.5 |
| winreg.winreg_QueryMultipleValues2.values_out | Values Out | Label | 1.12.0 to 3.4.5 |
| winreg.winreg_QueryValue.data | Data | Unsigned integer, 1 byte | 1.0.0 to 3.4.5 |
| winreg.winreg_QueryValue.data_length | Data Length | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_QueryValue.data_size | Data Size | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_QueryValue.length | Length | Unsigned integer, 4 bytes | 1.0.0 to 1.10.14 |
| winreg.winreg_QueryValue.size | Size | Unsigned integer, 4 bytes | 1.0.0 to 1.10.14 |
| winreg.winreg_QueryValue.type | Type | Label | 1.0.0 to 3.4.5 |
| winreg.winreg_QueryValue.value_name | Value Name | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_ReplaceKey.handle | Handle | Sequence of bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_ReplaceKey.new_file | New File | Character string | 1.12.0 to 3.4.5 |
| winreg.winreg_ReplaceKey.old_file | Old File | Character string | 1.12.0 to 3.4.5 |
| winreg.winreg_ReplaceKey.subkey | Subkey | Character string | 1.12.0 to 3.4.5 |
| winreg.winreg_RestoreKey.filename | Filename | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_RestoreKey.flags | Flags | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_RestoreKey.handle | Handle | Sequence of bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_RestoreKeyFlags.REG_FORCE_RESTORE | REG FORCE RESTORE | Boolean | 1.12.0 to 3.4.5 |
| winreg.winreg_RestoreKeyFlags.REG_NO_LAZY_FLUSH | REG NO LAZY FLUSH | Boolean | 1.12.0 to 3.4.5 |
| winreg.winreg_RestoreKeyFlags.REG_REFRESH_HIVE | REG REFRESH HIVE | Boolean | 1.12.0 to 3.4.5 |
| winreg.winreg_RestoreKeyFlags.REG_WHOLE_HIVE_VOLATILE | REG WHOLE HIVE VOLATILE | Boolean | 1.12.0 to 3.4.5 |
| winreg.winreg_SaveKey.filename | Filename | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_SaveKey.handle | Handle | Sequence of bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_SaveKey.sec_attrib | Sec Attrib | Label | 1.0.0 to 3.4.5 |
| winreg.winreg_SaveKeyEx.filename | Filename | Character string | 1.12.0 to 3.4.5 |
| winreg.winreg_SaveKeyEx.flags | Flags | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_SaveKeyEx.handle | Handle | Sequence of bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_SaveKeyEx.sec_attrib | Sec Attrib | Label | 1.12.0 to 3.4.5 |
| winreg.winreg_SecBuf.inherit | Inherit | Unsigned integer, 1 byte | 1.0.0 to 3.4.5 |
| winreg.winreg_SecBuf.length | Length | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_SecBuf.sd | Sd | Label | 1.0.0 to 3.4.5 |
| winreg.winreg_SetKeySecurity.access_mask | Access Mask | Unsigned integer, 4 bytes | 1.0.0 to 1.10.14 |
| winreg.winreg_SetKeySecurity.sec_info | Sec Info | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_SetValue.data | Data | Unsigned integer, 1 byte | 1.0.0 to 3.4.5 |
| winreg.winreg_SetValue.name | Name | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_SetValue.size | Size | Unsigned integer, 4 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_SetValue.type | Type | Label | 1.0.0 to 3.4.5 |
| winreg.winreg_String.name | Name | Character string | 1.0.0 to 3.4.5 |
| winreg.winreg_String.name_len | Name Len | Unsigned integer, 2 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_String.name_size | Name Size | Unsigned integer, 2 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_StringBuf.length | Length | Unsigned integer, 2 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_StringBuf.name | Name | Unsigned integer, 2 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_StringBuf.size | Size | Unsigned integer, 2 bytes | 1.0.0 to 3.4.5 |
| winreg.winreg_UnLoadKey.handle | Handle | Sequence of bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_UnLoadKey.subkey | Subkey | Character string | 1.12.0 to 3.4.5 |
| winreg.winreg_ValNameBuf.length | Length | Unsigned integer, 2 bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_ValNameBuf.name | Name | Unsigned integer, 2 bytes | 1.12.0 to 3.4.5 |
| winreg.winreg_ValNameBuf.size | Size | Unsigned integer, 2 bytes | 1.12.0 to 3.4.5 |
Go Beyond with Riverbed Technology
I have a lot of traffic...
ANSWER: SteelCentral™ AppResponse 11
- • Full stack analysis – from packets to pages
- • Rich performance metrics & pre-defined insights for fast problem identification/resolution
- • Modular, flexible solution for deeply-analyzing network & application performance