viewer9 documentation Index  Home

RegQueryKeySecurity PML Operation

Example from 64-bit PML

Hover over field values like Time, ResultCode, and bytes of evdata in this example to see tooltips as they appear in viewer9. The tooltip of the first byte of a color patch tells the field name.

RegQueryKeySecurity opcode=2,17

ev=107749

Time:2022-05-17 16:06:31.1513654
Duration:0.0000028
ResultCode:BUFFER TOO SMALL
Tid:3284
Path:HKLM\SOFTWARE\Microsoft\WBEM\CIMOM

evdata[0-35] file offset 60755168

022 80 48 4b 4c 4d 5c 53 ".HKLM\S
84f 46 54 57 41 52 45 5c OFTWARE\
164d 69 63 72 6f 73 6f 66 Microsof
2474 5c 57 42 45 4d 5c 43 t\WBEM\C
3249 4d 4f 4d IMOM

Call Stack stacksize=25

StackAddressmodModNameModPath
0xfffff80002c2e470161ntoskrnl.exe + 0x3e0470C:\Windows\system32\ntoskrnl.exe
0xfffff80002bc92a0161ntoskrnl.exe + 0x37b2a0C:\Windows\system32\ntoskrnl.exe
0xfffff80002b39cb6161ntoskrnl.exe + 0x2ebcb6C:\Windows\system32\ntoskrnl.exe
0xfffff800028eff53161ntoskrnl.exe + 0xa1f53C:\Windows\system32\ntoskrnl.exe
0x77c8aa4a2ntdll.dll + 0x6aa4aC:\Windows\SYSTEM32\ntdll.dll
0x77a09c170kernel32.dll + 0x9c17C:\Windows\system32\kernel32.dll
0x77a0cb5d0kernel32.dll + 0xcb5dC:\Windows\system32\kernel32.dll
0x7fef5081a5b564framedynos.dll + 0x1a5bC:\Windows\System32\framedynos.dll
0x7fef5081995564framedynos.dll + 0x1995C:\Windows\System32\framedynos.dll
0x7fef50817cf564framedynos.dll + 0x17cfC:\Windows\System32\framedynos.dll
0x7fef50880fa564framedynos.dll + 0x80faC:\Windows\System32\framedynos.dll
0x7fef5088159564framedynos.dll + 0x8159C:\Windows\System32\framedynos.dll
0x7fef4fe19fc680wmipcima.dll + 0x119fcC:\Windows\system32\wbem\wmipcima.dll
0x7fef4fd7bcd680wmipcima.dll + 0x7bcdC:\Windows\system32\wbem\wmipcima.dll
0x7feff40a01255ole32.dll + 0x1a012C:\Windows\system32\ole32.dll
0x7feff3f906555ole32.dll + 0x9065C:\Windows\system32\ole32.dll
0x7feff50de3655ole32.dll + 0x11de36C:\Windows\system32\ole32.dll
0x7feff439b5155ole32.dll + 0x49b51C:\Windows\system32\ole32.dll
0xffe928e1673wmiprvse.exe + 0x128e1C:\Windows\system32\wbem\wmiprvse.exe
0xffe928cd673wmiprvse.exe + 0x128cdC:\Windows\system32\wbem\wmiprvse.exe
0xffe832d7673wmiprvse.exe + 0x32d7C:\Windows\system32\wbem\wmiprvse.exe
0xffe82ed1673wmiprvse.exe + 0x2ed1C:\Windows\system32\wbem\wmiprvse.exe
0xffe89890673wmiprvse.exe + 0x9890C:\Windows\system32\wbem\wmiprvse.exe
0x77a1556d0kernel32.dll + 0x1556dC:\Windows\system32\kernel32.dll
0x77c7372d2ntdll.dll + 0x5372dC:\Windows\SYSTEM32\ntdll.dll

See also

Posted 4 Jul 2022 last updated 15 Nov 2022   As viewer9 is just starting out, discussion is invited via email. Please send questions and comments to forum@viewer9.com directly. Threads that might be valuable to other users will be posted as part of the documentation. Posted messages will not include your address or your full name, and might be shortened for brevity.

Copyright 2022, bryantlite, Inc.