viewer9 documentation

RegCreateKey PML Operation

RegAccess ("Desired Access" in Procmon) is bit flags.

RegAccessGranted ("Granted Access" in Procmon) is returned in the evresults, the same as in RegOpenKey (and only shown in Procmon if it differs from the Desired Access, as described in that article).

RegDispos ("Disposition" in Procmon) is enumerated "REG_CREATED_NEW_KEY" or "REG_OPENED_EXISTING_KEY".

Example from 32-bit PML

Hover over field values like Time, ResultCode, RegAccess, RegAccessGranted, RegDispos, and bytes of evdata and evresults in this example to see tooltips as they appear in viewer9. The tooltip of the first byte of a color patch tells the field name.

RegCreateKey opcode=2,1

ev=1855

Time:2022-05-17 14:24:33.6614486
Duration:0.0000555
ResultCode:SUCCESS
Tid:1416
Path:HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
RegAccess:Notify
RegAccessGranted:Notify
RegDispos:REG_OPENED_EXISTING_KEY

evdata[0-71] file offset 509062

040 80 00 00 10 00 00 00 @.......
848 4b 43 55 5c 53 6f 66 HKCU\Sof
1674 77 61 72 65 5c 4d 69 tware\Mi
2463 72 6f 73 6f 66 74 5c crosoft\
3257 69 6e 64 6f 77 73 5c Windows\
4043 75 72 72 65 6e 74 56 CurrentV
4865 72 73 69 6f 6e 5c 49 ersion\I
566e 74 65 72 6e 65 74 20 nternet
6453 65 74 74 69 6e 67 73 Settings

evresults[0-7] file offset 509136

010 00 00 00 02 00 00 00 ........

Call Stack stacksize=63

StackAddressmodModNameModPath
0x816d40c871ntoskrnl.exe + 0x26b0c8C:\Windows\system32\ntoskrnl.exe
0x8184cbe371ntoskrnl.exe + 0x3e3be3C:\Windows\system32\ntoskrnl.exe
0x817686dd71ntoskrnl.exe + 0x2ff6ddC:\Windows\system32\ntoskrnl.exe
0x816d1c3a71ntoskrnl.exe + 0x268c3aC:\Windows\system32\ntoskrnl.exe
0x8173b54f71ntoskrnl.exe + 0x2d254fC:\Windows\system32\ntoskrnl.exe
0x8173b2d671ntoskrnl.exe + 0x2d22d6C:\Windows\system32\ntoskrnl.exe
0x8155ce2b71ntoskrnl.exe + 0xf3e2bC:\Windows\system32\ntoskrnl.exe
0x7714bbba57ntdll.dll + 0x6bbbaC:\Windows\SYSTEM32\ntdll.dll
0x74b9d73737KERNELBASE.dll + 0x2d737C:\Windows\system32\KERNELBASE.dll
0x74b9d8e937KERNELBASE.dll + 0x2d8e9C:\Windows\system32\KERNELBASE.dll
0x74b9d96837KERNELBASE.dll + 0x2d968C:\Windows\system32\KERNELBASE.dll
0x54d071ec707chrome.dll + 0xb971ecC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x54d0709a707chrome.dll + 0xb9709aC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x54d07015707chrome.dll + 0xb97015C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x54d06f4b707chrome.dll + 0xb96f4bC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x55963415707chrome.dll + 0x17f3415C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x54fc40be707chrome.dll + 0xe540beC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x54fc3710707chrome.dll + 0xe53710C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x5640330f707chrome.dll + 0x229330fC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x57513a8e707chrome.dll + 0x33a3a8eC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x5574bcc8707chrome.dll + 0x15dbcc8C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x5459426c707chrome.dll + 0x42426cC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x555c5854707chrome.dll + 0x1455854C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x555c569d707chrome.dll + 0x145569dC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x54593742707chrome.dll + 0x423742C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x5770454d707chrome.dll + 0x359454dC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x547b5a0f707chrome.dll + 0x645a0fC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x58881d8b707chrome.dll + 0x4711d8bC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x5a60a43b707chrome.dll + 0x649a43bC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x5a60a34a707chrome.dll + 0x649a34aC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x5a60ae91707chrome.dll + 0x649ae91C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x59e07264707chrome.dll + 0x5c97264C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x58d546db707chrome.dll + 0x4be46dbC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x566cc441707chrome.dll + 0x255c441C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x58c9c5a4707chrome.dll + 0x4b2c5a4C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x58c9ea5a707chrome.dll + 0x4b2ea5aC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x58c9e471707chrome.dll + 0x4b2e471C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x58c9b8e6707chrome.dll + 0x4b2b8e6C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x58684caf707chrome.dll + 0x4514cafC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x58c9bd60707chrome.dll + 0x4b2bd60C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x57023d38707chrome.dll + 0x2eb3d38C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x57022faf707chrome.dll + 0x2eb2fafC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x5720a9d1707chrome.dll + 0x309a9d1C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x5720a836707chrome.dll + 0x309a836C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x56f4b830707chrome.dll + 0x2ddb830C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x56f4ac80707chrome.dll + 0x2ddac80C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x56f5afd7707chrome.dll + 0x2deafd7C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x5419a4bc707chrome.dll + 0x2a4bcC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x54b29706707chrome.dll + 0x9b9706C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x54e36a42707chrome.dll + 0xcc6a42C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x55389739707chrome.dll + 0x1219739C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x553894ac707chrome.dll + 0x12194acC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x55389265707chrome.dll + 0x1219265C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x553889da707chrome.dll + 0x12189daC:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x56222909707chrome.dll + 0x20b2909C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x54ab4809707chrome.dll + 0x944809C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x54ab2ff9707chrome.dll + 0x942ff9C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x54ab2bb1707chrome.dll + 0x942bb1C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll
0x339f55706chrome.exe + 0x79f55C:\Program Files\Google\Chrome\Application\chrome.exe
0x3070aa706chrome.exe + 0x470aaC:\Program Files\Google\Chrome\Application\chrome.exe
0x3067c1706chrome.exe + 0x467c1C:\Program Files\Google\Chrome\Application\chrome.exe
0x7549ba9846KERNEL32.DLL + 0x7ba98C:\Windows\system32\KERNEL32.DLL
0x7549ba4646KERNEL32.DLL + 0x7ba46C:\Windows\system32\KERNEL32.DLL

See also

Posted 4 Jul 2022 last updated 15 Nov 2022   As viewer9 is just starting out, discussion is invited via email. Please send questions and comments to forum@viewer9.com directly. Threads that might be valuable to other users will be posted as part of the documentation. Posted messages will not include your address or your full name, and might be shortened for brevity.

Copyright 2022, bryantlite, Inc.