viewer9 documentation

RegDeleteKey PML Operation

Example from 64-bit PML

Hover over field values like Time, ResultCode, and bytes of evdata in this example to see tooltips as they appear in viewer9. The tooltip of the first byte of a color patch tells the field name.

RegDeleteKey opcode=2,9

ev=3663 modify=1

Time:2022-05-17 20:43:17.4371492
Duration:0.0000098
ResultCode:SUCCESS
Tid:8
Path:HKLM\System\CurrentControlSet\Enum\ROOT\LEGACY_RDYBOOST\0000\Control

evdata[0-69] file offset 1187253

044 80 48 4b 4c 4d 5c 53 D.HKLM\S
879 73 74 65 6d 5c 43 75 ystem\Cu
1672 72 65 6e 74 43 6f 6e rrentCon
2474 72 6f 6c 53 65 74 5c trolSet\
3245 6e 75 6d 5c 52 4f 4f Enum\ROO
4054 5c 4c 45 47 41 43 59 T\LEGACY
485f 52 44 59 42 4f 4f 53 _RDYBOOS
5654 5c 30 30 30 30 5c 43 T\0000\C
646f 6e 74 72 6f 6c ontrol

Call Stack stacksize=11

StackAddressmodModNameModPath
0xfffff80002be347049ntoskrnl.exe + 0x3e0470C:\Windows\system32\ntoskrnl.exe
0xfffff80002caf1e749ntoskrnl.exe + 0x4ac1e7C:\Windows\system32\ntoskrnl.exe
0xfffff800028a4f5349ntoskrnl.exe + 0xa1f53C:\Windows\system32\ntoskrnl.exe
0xfffff8000289a6c049ntoskrnl.exe + 0x976c0C:\Windows\system32\ntoskrnl.exe
0xfffff80002c3cc6349ntoskrnl.exe + 0x439c63C:\Windows\system32\ntoskrnl.exe
0xfffff80002d8b78749ntoskrnl.exe + 0x588787C:\Windows\system32\ntoskrnl.exe
0xfffff80002d8c20f49ntoskrnl.exe + 0x58920fC:\Windows\system32\ntoskrnl.exe
0xfffff80002d8f46349ntoskrnl.exe + 0x58c463C:\Windows\system32\ntoskrnl.exe
0xfffff80002cf25b949ntoskrnl.exe + 0x4ef5b9C:\Windows\system32\ntoskrnl.exe
0xfffff80002b422e849ntoskrnl.exe + 0x33f2e8C:\Windows\system32\ntoskrnl.exe
0xfffff8000289cec649ntoskrnl.exe + 0x99ec6C:\Windows\system32\ntoskrnl.exe

See also

Posted 4 Jul 2022 last updated 15 Nov 2022   As viewer9 is just starting out, discussion is invited via email. Please send questions and comments to forum@viewer9.com directly. Threads that might be valuable to other users will be posted as part of the documentation. Posted messages will not include your address or your full name, and might be shortened for brevity.

Copyright 2022, bryantlite, Inc.