Microsoft-Windows-KernelStreaming

30 events across 3 channels

Event ID	Title	Channel
200	KS_PnpAddDevice Start.	Operational
200	KS_PnpAddDevice Start.	WINDOWS_KS_CHANNEL
201	KS_PnpAddDevice Stop.	Operational
201	KS_PnpAddDevice Stop.	WINDOWS_KS_CHANNEL
202	KS_StreamingRequest Start, pIrp: pIrp.	Analytic
202	KS_StreamingRequest Start, pIrp: pIrp.	WINDOWS_KS_CHANNEL
203	KS_StreamingRequest Stop, pIrp: pIrp.	Analytic
203	KS_StreamingRequest Stop, pIrp: pIrp.	WINDOWS_KS_CHANNEL
204	KS_CameraGrab Start, ProcessId: ProcessId, PinId: PinId, FilterAddress: …	Operational
204	KS_CameraGrab Start, ProcessId: ProcessId, PinId: PinId, FilterAddress: …	WINDOWS_KS_CHANNEL
205	KS_CameraGrab Stop, Status: Status.	Operational
205	KS_CameraGrab Stop, Status: Status.	WINDOWS_KS_CHANNEL
206	KS_WNF Register.	Operational
206	KS_WNF Register.	WINDOWS_KS_CHANNEL
207	KS_WNF Unregister.	Operational
207	KS_WNF Unregister.	WINDOWS_KS_CHANNEL
208	KS_WNFPinState Update, FilterExt: FilterExt, PinState: PinState.	Operational
208	KS_WNFPinState Update, FilterExt: FilterExt, PinState: PinState.	WINDOWS_KS_CHANNEL
209	KS_WNFNotification Fire, EntryCount: EntryCount.	Operational
209	KS_WNFNotification Fire, EntryCount: EntryCount.	WINDOWS_KS_CHANNEL
210	KS_DisplayOff StopStreams.	Operational
210	KS_DisplayOff StopStreams.	WINDOWS_KS_CHANNEL
211	KS_IoProbeandLock Start, PinId: PinId, BufSize: BufSize.	Analytic
211	KS_IoProbeandLock Start, PinId: PinId, BufSize: BufSize.	WINDOWS_KS_CHANNEL
212	KS_IoProbeandLock End, PinId: PinId, BufSize: BufSize.	Analytic
212	KS_IoProbeandLock End, PinId: PinId, BufSize: BufSize.	WINDOWS_KS_CHANNEL
213	KS_QueryInterface Start, pKsDevice: pKsDevice, pIrp: pIrp, InterfaceGuid: …	Operational
213	KS_QueryInterface Start, pKsDevice: pKsDevice, pIrp: pIrp, InterfaceGuid: …	WINDOWS_KS_CHANNEL
214	KS_QueryInterface Stop, pKsDevice: pKsDevice, pIrp: pIrp, InterfaceGuid: …	Operational
214	KS_QueryInterface Stop, pKsDevice: pKsDevice, pIrp: pIrp, InterfaceGuid: …	WINDOWS_KS_CHANNEL

Event ID 200 — KS_PnpAddDevice Start.

Provider: Microsoft-Windows-KernelStreaming
Channel: Operational
Task: KS_PnpAddDevice
Opcode: Start

Description

KS_PnpAddDevice Start.

Message #

KS_PnpAddDevice Start.

Event ID 200 — KS_PnpAddDevice Start.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_PnpAddDevice
Opcode: Start

Description

KS_PnpAddDevice Start.

Message #

KS_PnpAddDevice Start.

Event ID 201 — KS_PnpAddDevice Stop.

Provider: Microsoft-Windows-KernelStreaming
Channel: Operational
Task: KS_PnpAddDevice
Opcode: Stop

Description

KS_PnpAddDevice Stop.

Message #

KS_PnpAddDevice Stop.

Event ID 201 — KS_PnpAddDevice Stop.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_PnpAddDevice
Opcode: Stop

Description

KS_PnpAddDevice Stop.

Message #

KS_PnpAddDevice Stop.

Event ID 202 — KS_StreamingRequest Start, pIrp: pIrp.

Provider: Microsoft-Windows-KernelStreaming
Channel: Analytic
Task: KS_StreamingRequest
Opcode: Start

Description

KS_StreamingRequest Start, pIrp: pIrp.

Message #

KS_StreamingRequest Start, pIrp: %1.

Fields #

Name	Description
`pIrp` Pointer	—

Event ID 202 — KS_StreamingRequest Start, pIrp: pIrp.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_StreamingRequest
Opcode: Start

Description

KS_StreamingRequest Start, pIrp: pIrp.

Message #

KS_StreamingRequest Start, pIrp: %1.

Fields #

Name	Description
`pIrp` Pointer	—

Event ID 203 — KS_StreamingRequest Stop, pIrp: pIrp.

Provider: Microsoft-Windows-KernelStreaming
Channel: Analytic
Task: KS_StreamingRequest
Opcode: Stop

Description

KS_StreamingRequest Stop, pIrp: pIrp.

Message #

KS_StreamingRequest Stop, pIrp: %1.

Fields #

Name	Description
`pIrp` Pointer	—

Event ID 203 — KS_StreamingRequest Stop, pIrp: pIrp.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_StreamingRequest
Opcode: Stop

Description

KS_StreamingRequest Stop, pIrp: pIrp.

Message #

KS_StreamingRequest Stop, pIrp: %1.

Fields #

Name	Description
`pIrp` Pointer	—

Event ID 204 — KS_CameraGrab Start, ProcessId: ProcessId, PinId: PinId, FilterAddress: FilterAddress.

Provider: Microsoft-Windows-KernelStreaming
Channel: Operational
Task: KS_CameraGrab
Opcode: Start

Description

KS_CameraGrab Start, ProcessId: ProcessId, PinId: PinId, FilterAddress: FilterAddress.

Message #

KS_CameraGrab Start, ProcessId: %1, PinId: %2, FilterAddress: %3.

Fields #

Name	Description
`ProcessId` Pointer	—
`PinId` UInt32	—
`FilterAddress` Pointer	—

Event ID 204 — KS_CameraGrab Start, ProcessId: ProcessId, PinId: PinId, FilterAddress: FilterAddress.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_CameraGrab
Opcode: Start

Description

KS_CameraGrab Start, ProcessId: ProcessId, PinId: PinId, FilterAddress: FilterAddress.

Message #

KS_CameraGrab Start, ProcessId: %1, PinId: %2, FilterAddress: %3.

Fields #

Name	Description
`ProcessId` Pointer	—
`PinId` UInt32	—
`FilterAddress` Pointer	—

Event ID 205 — KS_CameraGrab Stop, Status: Status.

Provider: Microsoft-Windows-KernelStreaming
Channel: Operational
Task: KS_CameraGrab
Opcode: Stop

Description

KS_CameraGrab Stop, Status: Status.

Message #

KS_CameraGrab Stop, Status: %1.

Fields #

Name	Description
`Status` HexInt32	— NTSTATUS reference

Event ID 205 — KS_CameraGrab Stop, Status: Status.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_CameraGrab
Opcode: Stop

Description

KS_CameraGrab Stop, Status: Status.

Message #

KS_CameraGrab Stop, Status: %1.

Fields #

Name	Description
`Status` HexInt32	— NTSTATUS reference

Event ID 206 — KS_WNF Register.

Provider: Microsoft-Windows-KernelStreaming
Channel: Operational
Task: KS_WNF

Description

KS_WNF Register.

Message #

KS_WNF Register.

Event ID 206 — KS_WNF Register.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_WNF

Description

KS_WNF Register.

Message #

KS_WNF Register.

Event ID 207 — KS_WNF Unregister.

Provider: Microsoft-Windows-KernelStreaming
Channel: Operational
Task: KS_WNF

Description

KS_WNF Unregister.

Message #

KS_WNF Unregister.

Event ID 207 — KS_WNF Unregister.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_WNF

Description

KS_WNF Unregister.

Message #

KS_WNF Unregister.

Event ID 208 — KS_WNFPinState Update, FilterExt: FilterExt, PinState: PinState.

Provider: Microsoft-Windows-KernelStreaming
Channel: Operational
Task: KS_WNFPinState

Description

KS_WNFPinState Update, FilterExt: FilterExt, PinState: PinState.

Message #

KS_WNFPinState Update, FilterExt: %1, PinState: %2.

Fields #

Name	Description
`FilterExt` Pointer	—
`PinState` UInt32	—

Event ID 208 — KS_WNFPinState Update, FilterExt: FilterExt, PinState: PinState.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_WNFPinState

Description

KS_WNFPinState Update, FilterExt: FilterExt, PinState: PinState.

Message #

KS_WNFPinState Update, FilterExt: %1, PinState: %2.

Fields #

Name	Description
`FilterExt` Pointer	—
`PinState` UInt32	—

Event ID 209 — KS_WNFNotification Fire, EntryCount: EntryCount.

Provider: Microsoft-Windows-KernelStreaming
Channel: Operational
Task: KS_WNFNotification

Description

KS_WNFNotification Fire, EntryCount: EntryCount.

Message #

KS_WNFNotification Fire, EntryCount: %1.

Fields #

Name	Description
`EntryCount` UInt32	—

Event ID 209 — KS_WNFNotification Fire, EntryCount: EntryCount.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_WNFNotification

Description

KS_WNFNotification Fire, EntryCount: EntryCount.

Message #

KS_WNFNotification Fire, EntryCount: %1.

Fields #

Name	Description
`EntryCount` UInt32	—

Event ID 210 — KS_DisplayOff StopStreams.

Provider: Microsoft-Windows-KernelStreaming
Channel: Operational
Task: KS_DisplayOff

Description

KS_DisplayOff StopStreams.

Message #

KS_DisplayOff StopStreams.

Event ID 210 — KS_DisplayOff StopStreams.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_DisplayOff

Description

KS_DisplayOff StopStreams.

Message #

KS_DisplayOff StopStreams.

Event ID 211 — KS_IoProbeandLock Start, PinId: PinId, BufSize: BufSize.

Provider: Microsoft-Windows-KernelStreaming
Channel: Analytic
Task: KS_IoProbeandLock
Opcode: Start

Description

KS_IoProbeandLock Start, PinId: PinId, BufSize: BufSize.

Message #

KS_IoProbeandLock Start, PinId: %1, BufSize: %2.

Fields #

Name	Description
`PinId` HexInt32	—
`BufSize` UInt32	—

Event ID 211 — KS_IoProbeandLock Start, PinId: PinId, BufSize: BufSize.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_IoProbeandLock
Opcode: Start

Description

KS_IoProbeandLock Start, PinId: PinId, BufSize: BufSize.

Message #

KS_IoProbeandLock Start, PinId: %1, BufSize: %2.

Fields #

Name	Description
`PinId` HexInt32	—
`BufSize` UInt32	—

Event ID 212 — KS_IoProbeandLock End, PinId: PinId, BufSize: BufSize.

Provider: Microsoft-Windows-KernelStreaming
Channel: Analytic
Task: KS_IoProbeandLock
Opcode: Stop

Description

KS_IoProbeandLock End, PinId: PinId, BufSize: BufSize.

Message #

KS_IoProbeandLock End, PinId: %1, BufSize: %2.

Fields #

Name	Description
`PinId` HexInt32	—
`BufSize` UInt32	—

Event ID 212 — KS_IoProbeandLock End, PinId: PinId, BufSize: BufSize.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_IoProbeandLock
Opcode: Stop

Description

KS_IoProbeandLock End, PinId: PinId, BufSize: BufSize.

Message #

KS_IoProbeandLock End, PinId: %1, BufSize: %2.

Fields #

Name	Description
`PinId` HexInt32	—
`BufSize` UInt32	—

Event ID 213 — KS_QueryInterface Start, pKsDevice: pKsDevice, pIrp: pIrp, InterfaceGuid: InterfaceGuid, Status: Status.

Provider: Microsoft-Windows-KernelStreaming
Channel: Operational
Task: KS_QueryInterface
Opcode: Start

Description

KS_QueryInterface Start, pKsDevice: pKsDevice, pIrp: pIrp, InterfaceGuid: InterfaceGuid, Status: Status.

Message #

KS_QueryInterface Start, pKsDevice: %1, pIrp: %2, InterfaceGuid: %3, Status: %4.

Fields #

Name	Description
`pKsDevice` Pointer	—
`pIrp` Pointer	—
`InterfaceGuid` GUID	—
`Status` UInt32	— NTSTATUS reference

Event ID 213 — KS_QueryInterface Start, pKsDevice: pKsDevice, pIrp: pIrp, InterfaceGuid: InterfaceGuid, Status: Status.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_QueryInterface
Opcode: Start

Description

KS_QueryInterface Start, pKsDevice: pKsDevice, pIrp: pIrp, InterfaceGuid: InterfaceGuid, Status: Status.

Message #

KS_QueryInterface Start, pKsDevice: %1, pIrp: %2, InterfaceGuid: %3, Status: %4.

Fields #

Name	Description
`pKsDevice` Pointer	—
`pIrp` Pointer	—
`InterfaceGuid` GUID	—
`Status` UInt32	— NTSTATUS reference

Event ID 214 — KS_QueryInterface Stop, pKsDevice: pKsDevice, pIrp: pIrp, InterfaceGuid: InterfaceGuid, Status: Status.

Provider: Microsoft-Windows-KernelStreaming
Channel: Operational
Task: KS_QueryInterface
Opcode: Stop

Description

KS_QueryInterface Stop, pKsDevice: pKsDevice, pIrp: pIrp, InterfaceGuid: InterfaceGuid, Status: Status.

Message #

KS_QueryInterface Stop, pKsDevice: %1, pIrp: %2, InterfaceGuid: %3, Status: %4.

Fields #

Name	Description
`pKsDevice` Pointer	—
`pIrp` Pointer	—
`InterfaceGuid` GUID	—
`Status` UInt32	— NTSTATUS reference

Event ID 214 — KS_QueryInterface Stop, pKsDevice: pKsDevice, pIrp: pIrp, InterfaceGuid: InterfaceGuid, Status: Status.

Provider: Microsoft-Windows-KernelStreaming
Channel: WINDOWS_KS_CHANNEL
Task: KS_QueryInterface
Opcode: Stop

Description

KS_QueryInterface Stop, pKsDevice: pKsDevice, pIrp: pIrp, InterfaceGuid: InterfaceGuid, Status: Status.

Message #

KS_QueryInterface Stop, pKsDevice: %1, pIrp: %2, InterfaceGuid: %3, Status: %4.

Fields #

Name	Description
`pKsDevice` Pointer	—
`pIrp` Pointer	—
`InterfaceGuid` GUID	—
`Status` UInt32	— NTSTATUS reference