Display Filter Reference: Remote Registry Service
Protocol field name: winreg
Versions: 1.0.0 to 4.4.2
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| winreg | Access Mask | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Handle | Byte sequence | 1.0.0 to 4.4.2 |
| winreg | Data Size | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Inherit | Unsigned integer (8 bits) | 1.0.0 to 4.4.2 |
| winreg | Sec Data | Label | 1.0.0 to 4.4.2 |
| winreg | Data | Unsigned integer (8 bits) | 1.0.0 to 4.4.2 |
| winreg | Len | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Size | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Operation | Unsigned integer (16 bits) | 1.0.0 to 4.4.2 |
| winreg | Length | Unsigned integer (32 bits) | 1.0.0 to 1.10.14 |
| winreg | Name | Character string | 1.0.0 to 1.10.14 |
| winreg | Offset | Unsigned integer (32 bits) | 1.0.0 to 1.10.14 |
| winreg | Type | Unsigned integer (32 bits) | 1.0.0 to 1.10.14 |
| winreg | Ve Type | Label | 1.12.0 to 4.4.2 |
| winreg | Ve Valuelen | Unsigned integer (32 bits) | 1.12.0 to 4.4.2 |
| winreg | Ve Valuename | Label | 1.12.0 to 4.4.2 |
| winreg | Ve Valueptr | Unsigned integer (32 bits) | 1.12.0 to 4.4.2 |
| winreg | KeySecurityData | Label | 1.0.0 to 4.4.2 |
| winreg | Actual Size | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Max Size | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Offset | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | System Name | Unsigned integer (16 bits) | 1.0.0 to 4.4.2 |
| winreg | Windows Error | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Server | Unsigned integer (16 bits) | 1.0.0 to 4.4.2 |
| winreg | KEY CREATE LINK | Boolean | 1.0.0 to 4.4.2 |
| winreg | KEY CREATE SUB KEY | Boolean | 1.0.0 to 4.4.2 |
| winreg | KEY ENUMERATE SUB KEYS | Boolean | 1.0.0 to 4.4.2 |
| winreg | KEY NOTIFY | Boolean | 1.0.0 to 4.4.2 |
| winreg | KEY QUERY VALUE | Boolean | 1.0.0 to 4.4.2 |
| winreg | KEY SET VALUE | Boolean | 1.0.0 to 4.4.2 |
| winreg | KEY WOW64 32KEY | Boolean | 1.0.0 to 4.4.2 |
| winreg | KEY WOW64 64KEY | Boolean | 1.0.0 to 4.4.2 |
| winreg | Action Taken | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Keyclass | Character string | 1.0.0 to 4.4.2 |
| winreg | Name | Character string | 1.0.0 to 4.4.2 |
| winreg | New Handle | Byte sequence | 1.0.0 to 4.4.2 |
| winreg | Options | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Secdesc | Label | 1.0.0 to 4.4.2 |
| winreg | Key | Character string | 1.0.0 to 4.4.2 |
| winreg | Access Mask | Unsigned integer (32 bits) | 1.12.0 to 4.4.2 |
| winreg | Handle | Byte sequence | 1.12.0 to 4.4.2 |
| winreg | Key | Character string | 1.12.0 to 4.4.2 |
| winreg | Reserved | Unsigned integer (32 bits) | 1.12.0 to 4.4.2 |
| winreg | Value | Character string | 1.0.0 to 4.4.2 |
| winreg | Enum Index | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Keyclass | Label | 1.0.0 to 4.4.2 |
| winreg | Last Changed Time | Date and time | 1.0.0 to 4.4.2 |
| winreg | Name | Label | 1.0.0 to 4.4.2 |
| winreg | Enum Index | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Length | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Name | Label | 1.0.0 to 4.4.2 |
| winreg | Size | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Type | Label | 1.0.0 to 4.4.2 |
| winreg | Value | Unsigned integer (8 bits) | 1.0.0 to 4.4.2 |
| winreg | Sec Info | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Version | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Do Reboot | Unsigned integer (8 bits) | 1.12.0 to 4.4.2 |
| winreg | Force Apps | Unsigned integer (8 bits) | 1.0.0 to 4.4.2 |
| winreg | Hostname | Unsigned integer (16 bits) | 1.0.0 to 4.4.2 |
| winreg | Message | Label | 1.0.0 to 4.4.2 |
| winreg | Reboot | Unsigned integer (8 bits) | 1.0.0 to 1.10.14 |
| winreg | Timeout | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Do Reboot | Unsigned integer (8 bits) | 1.12.0 to 4.4.2 |
| winreg | Force Apps | Unsigned integer (8 bits) | 1.0.0 to 4.4.2 |
| winreg | Hostname | Unsigned integer (16 bits) | 1.0.0 to 4.4.2 |
| winreg | Message | Label | 1.0.0 to 4.4.2 |
| winreg | Reason | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Reboot | Unsigned integer (8 bits) | 1.0.0 to 1.10.14 |
| winreg | Timeout | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | REG OPTION BACKUP RESTORE | Boolean | 1.12.0 to 4.4.2 |
| winreg | REG OPTION CREATE LINK | Boolean | 1.12.0 to 4.4.2 |
| winreg | REG OPTION OPEN LINK | Boolean | 1.12.0 to 4.4.2 |
| winreg | REG OPTION VOLATILE | Boolean | 1.12.0 to 4.4.2 |
| winreg | Filename | Character string | 1.0.0 to 4.4.2 |
| winreg | Keyname | Character string | 1.0.0 to 4.4.2 |
| winreg | Notify Filter | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | String1 | Character string | 1.0.0 to 4.4.2 |
| winreg | String2 | Character string | 1.0.0 to 4.4.2 |
| winreg | Unknown | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Unknown2 | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Watch Subtree | Unsigned integer (8 bits) | 1.0.0 to 4.4.2 |
| winreg | REG NOTIFY CHANGE ATTRIBUTES | Boolean | 1.12.0 to 4.4.2 |
| winreg | REG NOTIFY CHANGE LAST SET | Boolean | 1.12.0 to 4.4.2 |
| winreg | REG NOTIFY CHANGE NAME | Boolean | 1.12.0 to 4.4.2 |
| winreg | REG NOTIFY CHANGE SECURITY | Boolean | 1.12.0 to 4.4.2 |
| winreg | Access Mask | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Access Mask | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Access Mask | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Keyname | Character string | 1.0.0 to 4.4.2 |
| winreg | Options | Unsigned integer (32 bits) | 1.12.0 to 4.4.2 |
| winreg | Parent Handle | Byte sequence | 1.0.0 to 4.4.2 |
| winreg | Unknown | Unsigned integer (32 bits) | 1.0.0 to 1.10.14 |
| winreg | Classname | Character string | 1.0.0 to 4.4.2 |
| winreg | Last Changed Time | Date and time | 1.0.0 to 4.4.2 |
| winreg | Max Classlen | Unsigned integer (32 bits) | 1.12.0 to 4.4.2 |
| winreg | Max Subkeylen | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Max Subkeysize | Unsigned integer (32 bits) | 1.0.0 to 1.10.14 |
| winreg | Max Valbufsize | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Max Valnamelen | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Num Subkeys | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Num Values | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Secdescsize | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Buffer | Unsigned integer (8 bits) | 1.0.0 to 4.4.2 |
| winreg | Buffer Size | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Key Handle | Byte sequence | 1.0.0 to 4.4.2 |
| winreg | Num Values | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Values | Label | 1.0.0 to 1.10.14 |
| winreg | Values In | Label | 1.12.0 to 4.4.2 |
| winreg | Values Out | Label | 1.12.0 to 4.4.2 |
| winreg | Buffer | Unsigned integer (8 bits) | 1.12.0 to 4.4.2 |
| winreg | Key Handle | Byte sequence | 1.12.0 to 4.4.2 |
| winreg | Needed | Unsigned integer (32 bits) | 1.12.0 to 4.4.2 |
| winreg | Num Values | Unsigned integer (32 bits) | 1.12.0 to 4.4.2 |
| winreg | Offered | Unsigned integer (32 bits) | 1.12.0 to 4.4.2 |
| winreg | Values In | Label | 1.12.0 to 4.4.2 |
| winreg | Values Out | Label | 1.12.0 to 4.4.2 |
| winreg | Data | Unsigned integer (8 bits) | 1.0.0 to 4.4.2 |
| winreg | Data Length | Unsigned integer (32 bits) | 1.12.0 to 4.4.2 |
| winreg | Data Size | Unsigned integer (32 bits) | 1.12.0 to 4.4.2 |
| winreg | Length | Unsigned integer (32 bits) | 1.0.0 to 1.10.14 |
| winreg | Size | Unsigned integer (32 bits) | 1.0.0 to 1.10.14 |
| winreg | Type | Label | 1.0.0 to 4.4.2 |
| winreg | Value Name | Character string | 1.0.0 to 4.4.2 |
| winreg | Handle | Byte sequence | 1.12.0 to 4.4.2 |
| winreg | New File | Character string | 1.12.0 to 4.4.2 |
| winreg | Old File | Character string | 1.12.0 to 4.4.2 |
| winreg | Subkey | Character string | 1.12.0 to 4.4.2 |
| winreg | Filename | Character string | 1.0.0 to 4.4.2 |
| winreg | Flags | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Handle | Byte sequence | 1.0.0 to 4.4.2 |
| winreg | REG FORCE RESTORE | Boolean | 1.12.0 to 4.4.2 |
| winreg | REG NO LAZY FLUSH | Boolean | 1.12.0 to 4.4.2 |
| winreg | REG REFRESH HIVE | Boolean | 1.12.0 to 4.4.2 |
| winreg | REG WHOLE HIVE VOLATILE | Boolean | 1.12.0 to 4.4.2 |
| winreg | Filename | Character string | 1.0.0 to 4.4.2 |
| winreg | Handle | Byte sequence | 1.0.0 to 4.4.2 |
| winreg | Sec Attrib | Label | 1.0.0 to 4.4.2 |
| winreg | Filename | Character string | 1.12.0 to 4.4.2 |
| winreg | Flags | Unsigned integer (32 bits) | 1.12.0 to 4.4.2 |
| winreg | Handle | Byte sequence | 1.12.0 to 4.4.2 |
| winreg | Sec Attrib | Label | 1.12.0 to 4.4.2 |
| winreg | Inherit | Unsigned integer (8 bits) | 1.0.0 to 4.4.2 |
| winreg | Length | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Sd | Label | 1.0.0 to 4.4.2 |
| winreg | Access Mask | Unsigned integer (32 bits) | 1.0.0 to 1.10.14 |
| winreg | Sec Info | Unsigned integer (32 bits) | 1.12.0 to 4.4.2 |
| winreg | Data | Unsigned integer (8 bits) | 1.0.0 to 4.4.2 |
| winreg | Name | Character string | 1.0.0 to 4.4.2 |
| winreg | Size | Unsigned integer (32 bits) | 1.0.0 to 4.4.2 |
| winreg | Type | Label | 1.0.0 to 4.4.2 |
| winreg | Name | Character string | 1.0.0 to 4.4.2 |
| winreg | Name Len | Unsigned integer (16 bits) | 1.0.0 to 4.4.2 |
| winreg | Name Size | Unsigned integer (16 bits) | 1.0.0 to 4.4.2 |
| winreg | Length | Unsigned integer (16 bits) | 1.0.0 to 4.4.2 |
| winreg | Name | Unsigned integer (16 bits) | 1.0.0 to 4.4.2 |
| winreg | Size | Unsigned integer (16 bits) | 1.0.0 to 4.4.2 |
| winreg | Handle | Byte sequence | 1.12.0 to 4.4.2 |
| winreg | Subkey | Character string | 1.12.0 to 4.4.2 |
| winreg | Length | Unsigned integer (16 bits) | 1.12.0 to 4.4.2 |
| winreg | Name | Unsigned integer (16 bits) | 1.12.0 to 4.4.2 |
| winreg | Size | Unsigned integer (16 bits) | 1.12.0 to 4.4.2 |