viewer9 documentation

RegUnloadKey PML Operation

Example from 64-bit PML

Hover over field values like Time, ResultCode, and bytes of evdata in this example to see tooltips as they appear in viewer9. The tooltip of the first byte of a color patch tells the field name.

RegUnloadKey opcode=2,13

ev=12181 modify=1

Time:2012-03-06 11:36:53.4068069
Duration:0.2739826
ResultCode:SUCCESS
Tid:3352
Path:HKLM\BCD00000000

evdata[0-17] file offset 5649009

010 80 48 4b 4c 4d 5c 42 ..HKLM\B
843 44 30 30 30 30 30 30 CD000000
1630 30 00

Call Stack stacksize=37

StackAddressmodModNameModPath
0xfffff80001d9119d1ntoskrnl.exe + 0x38819dC:\Windows\system32\ntoskrnl.exe
0xfffff80001e27fe11ntoskrnl.exe + 0x41efe1C:\Windows\system32\ntoskrnl.exe
0xfffff80001a62f331ntoskrnl.exe + 0x59f33C:\Windows\system32\ntoskrnl.exe
0x77cb838a0ntdll.dll + 0x4838aC:\Windows\System32\ntdll.dll
0xff2a9fdc204vssvc.exe + 0x109fdcC:\Windows\system32\vssvc.exe
0xff2a9eb9204vssvc.exe + 0x109eb9C:\Windows\system32\vssvc.exe
0xff2a6ea8204vssvc.exe + 0x106ea8C:\Windows\system32\vssvc.exe
0xff2a162f204vssvc.exe + 0x10162fC:\Windows\system32\vssvc.exe
0xff2b74f3204vssvc.exe + 0x1174f3C:\Windows\system32\vssvc.exe
0xff2a5e1e204vssvc.exe + 0x105e1eC:\Windows\system32\vssvc.exe
0xff286609204vssvc.exe + 0xe6609C:\Windows\system32\vssvc.exe
0x7fef837f1ce155VSSAPI.DLL + 0xcf1ceC:\Windows\system32\VSSAPI.DLL
0x7fef836cc68155VSSAPI.DLL + 0xbcc68C:\Windows\system32\VSSAPI.DLL
0x7fef836c003155VSSAPI.DLL + 0xbc003C:\Windows\system32\VSSAPI.DLL
0x7fefe9d5ec5192RPCRT4.dll + 0x45ec5C:\Windows\system32\RPCRT4.dll
0x7fefe9b1f46192RPCRT4.dll + 0x21f46C:\Windows\system32\RPCRT4.dll
0x7fefea744b7192RPCRT4.dll + 0xe44b7C:\Windows\system32\RPCRT4.dll
0x7fefff3f000203OLEAUT32.dll + 0x8f000C:\Windows\system32\OLEAUT32.dll
0x7feffc889b9199ole32.dll + 0x1589b9C:\Windows\system32\ole32.dll
0x7feffc8892b199ole32.dll + 0x15892bC:\Windows\system32\ole32.dll
0x7feffb5d5e3199ole32.dll + 0x2d5e3C:\Windows\system32\ole32.dll
0x7feffc887c6199ole32.dll + 0x1587c6C:\Windows\system32\ole32.dll
0x7feffc8855f199ole32.dll + 0x15855fC:\Windows\system32\ole32.dll
0x7feffc87314199ole32.dll + 0x157314C:\Windows\system32\ole32.dll
0x7fefe9d68d4192RPCRT4.dll + 0x468d4C:\Windows\system32\RPCRT4.dll
0x7fefe9d69f0192RPCRT4.dll + 0x469f0C:\Windows\system32\RPCRT4.dll
0x7fefe9ab042192RPCRT4.dll + 0x1b042C:\Windows\system32\RPCRT4.dll
0x7fefe9aafbb192RPCRT4.dll + 0x1afbbC:\Windows\system32\RPCRT4.dll
0x7fefe9aaf4a192RPCRT4.dll + 0x1af4aC:\Windows\system32\RPCRT4.dll
0x7fefe9d7080192RPCRT4.dll + 0x47080C:\Windows\system32\RPCRT4.dll
0x7fefe9d62bb192RPCRT4.dll + 0x462bbC:\Windows\system32\RPCRT4.dll
0x7fefe9d5e1a192RPCRT4.dll + 0x45e1aC:\Windows\system32\RPCRT4.dll
0x7fefe9b7769192RPCRT4.dll + 0x27769C:\Windows\system32\RPCRT4.dll
0x7fefe9b7714192RPCRT4.dll + 0x27714C:\Windows\system32\RPCRT4.dll
0x7fefe9b77a4192RPCRT4.dll + 0x277a4C:\Windows\system32\RPCRT4.dll
0x775cbe3d140kernel32.dll + 0x1be3dC:\Windows\system32\kernel32.dll
0x77c966110ntdll.dll + 0x26611C:\Windows\System32\ntdll.dll

See also

Posted 4 Jul 2022 last updated 15 Nov 2022   As viewer9 is just starting out, discussion is invited via email. Please send questions and comments to forum@viewer9.com directly. Threads that might be valuable to other users will be posted as part of the documentation. Posted messages will not include your address or your full name, and might be shortened for brevity.

Copyright 2022, bryantlite, Inc.