Microsoft-Windows-NtfsLog_cdac24ce683a371108c05bb363714355
708 events across 1 channel
| Event ID | Title | Channel |
|---|---|---|
| 10 | Operational | |
| 11 | Operational | |
| 12 | Operational | |
| 13 | Operational | |
| 14 | Operational | |
| 15 | Operational | |
| 16 | Operational | |
| 17 | Operational | |
| 18 | Operational | |
| 19 | Operational | |
| 20 | Operational | |
| 21 | Operational | |
| 22 | Operational | |
| 23 | Operational | |
| 24 | Operational | |
| 25 | Operational | |
| 26 | Operational | |
| 27 | Operational | |
| 28 | Operational | |
| 29 | Operational | |
| 30 | Operational | |
| 31 | Operational | |
| 32 | Operational | |
| 33 | Operational | |
| 34 | Operational | |
| 35 | Operational | |
| 36 | Operational | |
| 37 | Operational | |
| 38 | Operational | |
| 39 | Operational | |
| 40 | Operational | |
| 41 | Operational | |
| 42 | Operational | |
| 43 | Operational | |
| 44 | Operational | |
| 45 | Operational | |
| 46 | Operational | |
| 47 | Operational | |
| 48 | Operational | |
| 49 | Operational | |
| 50 | Operational | |
| 51 | Operational | |
| 52 | Operational | |
| 53 | Operational | |
| 54 | Operational | |
| 55 | Operational | |
| 56 | Operational | |
| 57 | Operational | |
| 58 | Operational | |
| 59 | Operational | |
| 60 | Operational | |
| 61 | Operational | |
| 62 | Operational | |
| 63 | Operational | |
| 64 | Operational | |
| 65 | Operational | |
| 66 | Operational | |
| 67 | Operational | |
| 68 | Operational | |
| 69 | Operational | |
| 70 | Operational | |
| 71 | Operational | |
| 72 | Operational | |
| 73 | Operational | |
| 74 | Operational | |
| 75 | Operational | |
| 76 | Operational | |
| 77 | Operational | |
| 78 | Operational | |
| 79 | Operational | |
| 80 | Operational | |
| 81 | Operational | |
| 82 | Operational | |
| 83 | Operational | |
| 84 | Operational | |
| 85 | Operational | |
| 86 | Operational | |
| 87 | Operational | |
| 88 | Operational | |
| 89 | Operational | |
| 90 | Operational | |
| 91 | Operational | |
| 92 | Operational | |
| 93 | Operational | |
| 94 | Operational | |
| 95 | Operational | |
| 96 | Operational | |
| 97 | Operational | |
| 98 | Operational | |
| 99 | Operational | |
| 100 | Operational | |
| 101 | Operational | |
| 102 | Operational | |
| 103 | Operational | |
| 104 | Operational | |
| 105 | Operational | |
| 106 | Operational | |
| 107 | Operational | |
| 108 | Operational | |
| 109 | Operational | |
| 110 | Operational | |
| 111 | Operational | |
| 112 | Operational | |
| 113 | Operational | |
| 114 | Operational | |
| 115 | Operational | |
| 116 | Operational | |
| 117 | Operational | |
| 118 | Operational | |
| 119 | Operational | |
| 120 | Operational | |
| 121 | Operational | |
| 122 | Operational | |
| 123 | Operational | |
| 124 | Operational | |
| 125 | Operational | |
| 126 | Operational | |
| 127 | Operational | |
| 128 | Operational | |
| 129 | Operational | |
| 130 | Operational | |
| 131 | Operational | |
| 132 | Operational | |
| 133 | Operational | |
| 134 | Operational | |
| 135 | Operational | |
| 136 | Operational | |
| 137 | Operational | |
| 138 | Operational | |
| 139 | Operational | |
| 140 | Operational | |
| 141 | Operational | |
| 142 | Operational | |
| 143 | Operational | |
| 144 | Operational | |
| 145 | Operational | |
| 146 | Operational | |
| 147 | Operational | |
| 148 | Operational | |
| 149 | Operational | |
| 150 | Operational | |
| 151 | Operational | |
| 152 | Operational | |
| 153 | Operational | |
| 154 | Operational | |
| 155 | Operational | |
| 156 | Operational | |
| 157 | Operational | |
| 158 | Operational | |
| 159 | Operational | |
| 160 | Operational | |
| 161 | Operational | |
| 162 | Operational | |
| 163 | Operational | |
| 164 | Operational | |
| 165 | Operational | |
| 166 | Operational | |
| 167 | Operational | |
| 168 | Operational | |
| 169 | Operational | |
| 170 | Operational | |
| 171 | Operational | |
| 172 | Operational | |
| 173 | Operational | |
| 174 | Operational | |
| 175 | Operational | |
| 176 | Operational | |
| 177 | Operational | |
| 178 | Operational | |
| 179 | Operational | |
| 180 | Operational | |
| 181 | Operational | |
| 182 | Operational | |
| 183 | Operational | |
| 184 | Operational | |
| 185 | Operational | |
| 186 | Operational | |
| 187 | Operational | |
| 188 | Operational | |
| 189 | Operational | |
| 190 | Operational | |
| 191 | Operational | |
| 192 | Operational | |
| 193 | Operational | |
| 194 | Operational | |
| 195 | Operational | |
| 196 | Operational | |
| 197 | Operational | |
| 198 | Operational | |
| 199 | Operational | |
| 200 | Operational | |
| 201 | Operational | |
| 202 | Operational | |
| 203 | Operational | |
| 204 | Operational | |
| 205 | Operational | |
| 206 | Operational | |
| 207 | Operational | |
| 208 | Operational | |
| 209 | Operational | |
| 210 | Operational | |
| 211 | Operational | |
| 212 | Operational | |
| 213 | Operational | |
| 214 | Operational | |
| 215 | Operational | |
| 216 | Operational | |
| 217 | Operational | |
| 218 | Operational | |
| 219 | Operational | |
| 220 | Operational | |
| 221 | Operational | |
| 222 | Operational | |
| 223 | Operational | |
| 224 | Operational | |
| 225 | Operational | |
| 226 | Operational | |
| 227 | Operational | |
| 228 | Operational | |
| 229 | Operational | |
| 230 | Operational | |
| 231 | Operational | |
| 232 | Operational | |
| 233 | Operational | |
| 234 | Operational | |
| 235 | Operational | |
| 236 | Operational | |
| 237 | Operational | |
| 238 | Operational | |
| 239 | Operational | |
| 240 | Operational | |
| 241 | Operational | |
| 242 | Operational | |
| 243 | Operational | |
| 244 | Operational | |
| 245 | Operational | |
| 246 | Operational | |
| 247 | Operational | |
| 248 | Operational | |
| 249 | Operational | |
| 250 | Operational | |
| 251 | Operational | |
| 252 | Operational | |
| 253 | Operational | |
| 254 | Operational | |
| 255 | Operational | |
| 256 | Operational | |
| 257 | Operational | |
| 258 | Operational | |
| 259 | Operational | |
| 260 | Operational | |
| 261 | Operational | |
| 262 | Operational | |
| 263 | Operational | |
| 264 | Operational | |
| 265 | Operational | |
| 266 | Operational | |
| 267 | Operational | |
| 268 | Operational | |
| 269 | Operational | |
| 270 | Operational | |
| 271 | Operational | |
| 272 | Operational | |
| 273 | Operational | |
| 274 | Operational | |
| 275 | Operational | |
| 276 | Operational | |
| 277 | Operational | |
| 278 | Operational | |
| 279 | Operational | |
| 280 | Operational | |
| 281 | Operational | |
| 282 | Operational | |
| 283 | Operational | |
| 284 | Operational | |
| 285 | Operational | |
| 286 | Operational | |
| 287 | Operational | |
| 288 | Operational | |
| 289 | Operational | |
| 290 | Operational | |
| 291 | Operational | |
| 292 | Operational | |
| 293 | Operational | |
| 294 | Operational | |
| 295 | Operational | |
| 296 | Operational | |
| 297 | Operational | |
| 298 | Operational | |
| 299 | Operational | |
| 300 | Operational | |
| 301 | Operational | |
| 302 | Operational | |
| 303 | Operational | |
| 304 | Operational | |
| 305 | Operational | |
| 306 | Operational | |
| 307 | Operational | |
| 308 | Operational | |
| 309 | Operational | |
| 310 | Operational | |
| 311 | Operational | |
| 312 | Operational | |
| 313 | Operational | |
| 314 | Operational | |
| 315 | Operational | |
| 316 | Operational | |
| 317 | Operational | |
| 318 | Operational | |
| 319 | Operational | |
| 320 | Operational | |
| 321 | Operational | |
| 322 | Operational | |
| 323 | Operational | |
| 324 | Operational | |
| 325 | Operational | |
| 326 | Operational | |
| 327 | Operational | |
| 328 | Operational | |
| 329 | Operational | |
| 330 | Operational | |
| 331 | Operational | |
| 332 | Operational | |
| 333 | Operational | |
| 334 | Operational | |
| 335 | Operational | |
| 336 | Operational | |
| 337 | Operational | |
| 338 | Operational | |
| 339 | Operational | |
| 340 | Operational | |
| 341 | Operational | |
| 342 | Operational | |
| 343 | Operational | |
| 344 | Operational | |
| 345 | Operational | |
| 346 | Operational | |
| 347 | Operational | |
| 348 | Operational | |
| 349 | Operational | |
| 350 | Operational | |
| 351 | Operational | |
| 352 | Operational | |
| 353 | Operational | |
| 354 | Operational | |
| 355 | Operational | |
| 356 | Operational | |
| 357 | Operational | |
| 358 | Operational | |
| 359 | Operational | |
| 360 | Operational | |
| 361 | Operational | |
| 362 | Operational | |
| 363 | Operational | |
| 364 | Operational | |
| 365 | Operational | |
| 366 | Operational | |
| 367 | Operational | |
| 368 | Operational | |
| 369 | Operational | |
| 370 | Operational | |
| 371 | Operational | |
| 372 | Operational | |
| 373 | Operational | |
| 374 | Operational | |
| 375 | Operational | |
| 376 | Operational | |
| 377 | Operational | |
| 378 | Operational | |
| 379 | Operational | |
| 380 | Operational | |
| 381 | Operational | |
| 382 | Operational | |
| 383 | Operational | |
| 384 | Operational | |
| 385 | Operational | |
| 386 | Operational | |
| 387 | Operational | |
| 388 | Operational | |
| 389 | Operational | |
| 390 | Operational | |
| 391 | Operational | |
| 392 | Operational | |
| 393 | Operational | |
| 394 | Operational | |
| 395 | Operational | |
| 396 | Operational | |
| 397 | Operational | |
| 398 | Operational | |
| 399 | Operational | |
| 400 | Operational | |
| 401 | Operational | |
| 402 | Operational | |
| 403 | Operational | |
| 404 | Operational | |
| 405 | Operational | |
| 406 | Operational | |
| 407 | Operational | |
| 408 | Operational | |
| 409 | Operational | |
| 410 | Operational | |
| 411 | Operational | |
| 412 | Operational | |
| 413 | Operational | |
| 414 | Operational | |
| 415 | Operational | |
| 416 | Operational | |
| 417 | Operational | |
| 418 | Operational | |
| 419 | Operational | |
| 420 | Operational | |
| 421 | Operational | |
| 422 | Operational | |
| 423 | Operational | |
| 424 | Operational | |
| 425 | Operational | |
| 426 | Operational | |
| 427 | Operational | |
| 428 | Operational | |
| 429 | Operational | |
| 430 | Operational | |
| 431 | Operational | |
| 432 | Operational | |
| 433 | Operational | |
| 434 | Operational | |
| 435 | Operational | |
| 436 | Operational | |
| 437 | Operational | |
| 438 | Operational | |
| 439 | Operational | |
| 440 | Operational | |
| 441 | Operational | |
| 442 | Operational | |
| 443 | Operational | |
| 444 | Operational | |
| 445 | Operational | |
| 446 | Operational | |
| 447 | Operational | |
| 448 | Operational | |
| 449 | Operational | |
| 450 | Operational | |
| 451 | Operational | |
| 452 | Operational | |
| 453 | Operational | |
| 454 | Operational | |
| 455 | Operational | |
| 456 | Operational | |
| 457 | Operational | |
| 458 | Operational | |
| 459 | Operational | |
| 460 | Operational | |
| 461 | Operational | |
| 462 | Operational | |
| 463 | Operational | |
| 464 | Operational | |
| 465 | Operational | |
| 466 | Operational | |
| 467 | Operational | |
| 468 | Operational | |
| 469 | Operational | |
| 470 | Operational | |
| 471 | Operational | |
| 472 | Operational | |
| 473 | Operational | |
| 474 | Operational | |
| 475 | Operational | |
| 476 | Operational | |
| 477 | Operational | |
| 478 | Operational | |
| 479 | Operational | |
| 480 | Operational | |
| 481 | Operational | |
| 482 | Operational | |
| 483 | Operational | |
| 484 | Operational | |
| 485 | Operational | |
| 486 | Operational | |
| 487 | Operational | |
| 488 | Operational | |
| 489 | Operational | |
| 490 | Operational | |
| 491 | Operational | |
| 492 | Operational | |
| 493 | Operational | |
| 494 | Operational | |
| 495 | Operational | |
| 496 | Operational | |
| 497 | Operational | |
| 498 | Operational | |
| 499 | Operational | |
| 500 | Operational | |
| 501 | Operational | |
| 502 | Operational | |
| 503 | Operational | |
| 504 | Operational | |
| 505 | Operational | |
| 506 | Operational | |
| 507 | Operational | |
| 508 | Operational | |
| 509 | Operational | |
| 510 | Operational | |
| 511 | Operational | |
| 512 | Operational | |
| 513 | Operational | |
| 514 | Operational | |
| 515 | Operational | |
| 516 | Operational | |
| 517 | Operational | |
| 518 | Operational | |
| 519 | Operational | |
| 520 | Operational | |
| 521 | Operational | |
| 522 | Operational | |
| 523 | Operational | |
| 524 | Operational | |
| 525 | Operational | |
| 526 | Operational | |
| 527 | Operational | |
| 528 | Operational | |
| 529 | Operational | |
| 530 | Operational | |
| 531 | Operational | |
| 532 | Operational | |
| 533 | Operational | |
| 534 | Operational | |
| 535 | Operational | |
| 536 | Operational | |
| 537 | Operational | |
| 538 | Operational | |
| 539 | Operational | |
| 540 | Operational | |
| 541 | Operational | |
| 542 | Operational | |
| 543 | Operational | |
| 544 | Operational | |
| 545 | Operational | |
| 546 | Operational | |
| 547 | Operational | |
| 548 | Operational | |
| 549 | Operational | |
| 550 | Operational | |
| 551 | Operational | |
| 552 | Operational | |
| 553 | Operational | |
| 554 | Operational | |
| 555 | Operational | |
| 556 | Operational | |
| 557 | Operational | |
| 558 | Operational | |
| 559 | Operational | |
| 560 | Operational | |
| 561 | Operational | |
| 562 | Operational | |
| 563 | Operational | |
| 564 | Operational | |
| 565 | Operational | |
| 566 | Operational | |
| 567 | Operational | |
| 568 | Operational | |
| 569 | Operational | |
| 570 | Operational | |
| 571 | Operational | |
| 572 | Operational | |
| 573 | Operational | |
| 574 | Operational | |
| 575 | Operational | |
| 576 | Operational | |
| 577 | Operational | |
| 578 | Operational | |
| 579 | Operational | |
| 580 | Operational | |
| 581 | Operational | |
| 582 | Operational | |
| 583 | Operational | |
| 584 | Operational | |
| 585 | Operational | |
| 586 | Operational | |
| 587 | Operational | |
| 588 | Operational | |
| 589 | Operational | |
| 590 | Operational | |
| 591 | Operational | |
| 592 | Operational | |
| 593 | Operational | |
| 594 | Operational | |
| 595 | Operational | |
| 596 | Operational | |
| 597 | Operational | |
| 598 | Operational | |
| 599 | Operational | |
| 600 | Operational | |
| 601 | Operational | |
| 602 | Operational | |
| 603 | Operational | |
| 604 | Operational | |
| 605 | Operational | |
| 606 | Operational | |
| 607 | Operational | |
| 608 | Operational | |
| 609 | Operational | |
| 610 | Operational | |
| 611 | Operational | |
| 612 | Operational | |
| 613 | Operational | |
| 614 | Operational | |
| 615 | Operational | |
| 616 | Operational | |
| 617 | Operational | |
| 618 | Operational | |
| 619 | Operational | |
| 620 | Operational | |
| 621 | Operational | |
| 622 | Operational | |
| 623 | Operational | |
| 624 | Operational | |
| 625 | Operational | |
| 626 | Operational | |
| 627 | Operational | |
| 628 | Operational | |
| 629 | Operational | |
| 630 | Operational | |
| 631 | Operational | |
| 632 | Operational | |
| 633 | Operational | |
| 634 | Operational | |
| 635 | Operational | |
| 636 | Operational | |
| 637 | Operational | |
| 638 | Operational | |
| 639 | Operational | |
| 640 | Operational | |
| 641 | Operational | |
| 642 | Operational | |
| 643 | Operational | |
| 644 | Operational | |
| 645 | Operational | |
| 646 | Operational | |
| 647 | Operational | |
| 648 | Operational | |
| 649 | Operational | |
| 650 | Operational | |
| 651 | Operational | |
| 652 | Operational | |
| 653 | Operational | |
| 654 | Operational | |
| 655 | Operational | |
| 656 | Operational | |
| 657 | Operational | |
| 658 | Operational | |
| 659 | Operational | |
| 660 | Operational | |
| 661 | Operational | |
| 662 | Operational | |
| 663 | Operational | |
| 664 | Operational | |
| 665 | Operational | |
| 666 | Operational | |
| 667 | Operational | |
| 668 | Operational | |
| 669 | Operational | |
| 670 | Operational | |
| 671 | Operational | |
| 672 | Operational | |
| 673 | Operational | |
| 674 | Operational | |
| 675 | Operational | |
| 676 | Operational | |
| 677 | Operational | |
| 678 | Operational | |
| 679 | Operational | |
| 680 | Operational | |
| 681 | Operational | |
| 682 | Operational | |
| 683 | Operational | |
| 684 | Operational | |
| 685 | Operational | |
| 686 | Operational | |
| 687 | Operational | |
| 688 | Operational | |
| 689 | Operational | |
| 690 | Operational | |
| 691 | Operational | |
| 692 | Operational | |
| 693 | Operational | |
| 694 | Operational | |
| 695 | Operational | |
| 696 | Operational | |
| 697 | Operational | |
| 698 | Operational | |
| 699 | Operational | |
| 700 | Operational | |
| 701 | Operational | |
| 702 | Operational | |
| 703 | Operational | |
| 704 | Operational | |
| 705 | Operational | |
| 706 | Operational | |
| 707 | Operational | |
| 708 | Operational | |
| 709 | Operational | |
| 710 | Operational | |
| 711 | Operational | |
| 712 | Operational | |
| 713 | Operational | |
| 714 | Operational | |
| 715 | Operational | |
| 716 | Operational | |
| 717 | Operational |
Event ID 10 —
Fields
| Name | Description |
|---|---|
A10_Vcn | — |
A11_AttributeFormNonresidentLowestVcn | — |
A12_AttributeFormNonresidentHighestVcn | — |
A13_AllocationClusters | — |
Event ID 11 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Scb | — |
Event ID 12 —
Fields
| Name | Description |
|---|---|
A10_FileObject | — |
A11_Scb | — |
A12_StartingVcn | — |
A13_ClusterCount | — |
A14_Flags | — |
A15_CcbForWriteExtend | — |
Event ID 13 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_FileObject | — |
A12_Scb | — |
A13_StartingVcn | — |
A14_ClusterCount | — |
A15_Flags | — |
A16_CcbForWriteExtend | — |
Event ID 14 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_PurgeOffset | — |
Event ID 15 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_PurgeOffset | — |
A12_PurgeChunkLength | — |
Event ID 16 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_LastVcn | — |
A12_AttributeInstance | — |
Event ID 17 —
Fields
| Name | Description |
|---|---|
A10_NtfsFullFileRefNumber_FcbFileReference | — |
Event ID 18 —
Fields
| Name | Description |
|---|---|
A10_NtfsFullFileRefNumber_FcbFileReference | — |
Event ID 19 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_ValueLength | — |
A12_AttributeFlags | — |
Event ID 20 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_LastVcn | — |
A15_NewHighestVcn | — |
A16_PassCount | — |
Event ID 21 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_ContextFoundAttributeAttributeFormNonresidentLowestVcn | — |
A15_ContextFoundAttributeAttributeFormNonresidentHighestVcn | — |
A16_ContextAttributeListEntryLowestVcn | — |
Event ID 22 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_ContextFoundAttributeAttributeFormNonresidentLowestVcn | — |
A15_ContextFoundAttributeAttributeFormNonresidentHighestVcn | — |
A16_ContextAttributeListEntryLowestVcn | — |
Event ID 23 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_ContextFoundAttributeAttributeFormNonresidentLowestVcn | — |
A15_ContextFoundAttributeAttributeFormNonresidentHighestVcn | — |
A16_ContextAttributeListEntryLowestVcn | — |
A17_PassCount | — |
Event ID 24 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_ContextFoundAttributeAttributeFormNonresidentLowestVcn | — |
A15_ContextFoundAttributeAttributeFormNonresidentHighestVcn | — |
A16_ContextAttributeListEntryLowestVcn | — |
Event ID 25 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_NtfsFrsConsolidationStatisticsMergeSkipCount | — |
Event ID 26 —
Fields
| Name | Description |
|---|---|
A10_FileRecordSegmentNumberHighPart | — |
A11_FileRecordSegmentNumberLowPart | — |
A12_NtfsFullSegmentNumber_FileRecordBaseFileRecordSegment | — |
A13_AttributeTypeCode | — |
Event ID 27 —
Fields
| Name | Description |
|---|---|
A10_FileRecordSegmentNumberHighPart | — |
A11_FileRecordSegmentNumberLowPart | — |
A12_NtfsFullSegmentNumber_FileRecordBaseFileRecordSegment | — |
A13_AttributeTypeCode | — |
Event ID 28 —
Fields
| Name | Description |
|---|---|
A10_FcbVcb | — |
A11_IrpContext | — |
A12_PULONGLONG_FcbFileReference | — |
A13_StdInfoAttrListEntrySignature | — |
A14_StdInfoAttrListEntryLastCompactedSize | — |
A15_CurrentAttributeListSize | — |
Event ID 29 —
Fields
| Name | Description |
|---|---|
A10_FcbVcb | — |
A11_IrpContext | — |
A12_PULONGLONG_FcbFileReference | — |
A13_StdInfoAttrListEntrySignature | — |
A14_StdInfoAttrListEntryLastCompactedSize | — |
A15_NewStdInfoAttrListEntryLastCompactedSize | — |
Event ID 30 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_i | — |
A12_MAX_MOVEABLE_ATTRIBUTES | — |
A13_AttributeTypeCode | — |
A14_AttributeRecordLength | — |
A15_AttributeInstance | — |
Event ID 31 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_SizeNeeded | — |
A12_AttributeTypeCode | — |
A13_AttributeRecordLength | — |
A14_AttributeFormCode | — |
A15_AttributeInstance | — |
Event ID 32 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_SizeNeeded | — |
A12_BytesToFree | — |
A13_MappingPairSize | — |
A14_NewMappingPairSize | — |
Event ID 33 —
Fields
| Name | Description |
|---|---|
A10_FileRecordSegmentNumberHighPart | — |
A11_FileRecordSegmentNumberLowPart | — |
A12_NtfsFullSegmentNumber_FileRecordBaseFileRecordSegment | — |
A13_StartZero | — |
A14_ZeroLength | — |
Event ID 34 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_ScbAttributeTypeCode | — |
A15__ScbAttributeName | — |
A16_NewStartVcn | — |
A17_NewHalfWayVcn | — |
A18_NewFinalVcn | — |
A19_PackedMode | — |
A20_TryPrior | — |
Event ID 35 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_ScbAttributeTypeCode | — |
A15__ScbAttributeName | — |
A16_FileRecordSequenceNumber | — |
A17_FileRecordSegmentNumberLowPart | — |
A18_NewStartVcn | — |
A19_LastVcn | — |
A20_NewFinalVcn | — |
Event ID 36 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_ScbAttributeTypeCode | — |
A15__ScbAttributeName | — |
A16_FileRecordSequenceNumber | — |
A17_FileRecordSegmentNumberLowPart | — |
A18_NewStartVcn | — |
A19_LastVcn | — |
A20_NewFinalVcn | — |
Event ID 37 —
Fields
| Name | Description |
|---|---|
A10_ScbVcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_NewFinalVcn | — |
Event ID 38 —
Fields
| Name | Description |
|---|---|
A10_ScbVcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_NewHalfWayVcn | — |
A15_RangePtr | — |
Event ID 39 —
Fields
| Name | Description |
|---|---|
A10_ScbVcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_NewHalfWayVcn | — |
A15_RangePtr | — |
Event ID 40 —
Fields
| Name | Description |
|---|---|
A10_ScbVcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_NtfsMcbArray | — |
A15_NtfsMcbArrayStartingVcn | — |
A16_NtfsMcbArrayEndingVcn | — |
Event ID 41 —
Fields
| Name | Description |
|---|---|
A10_ScbVcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_NtfsMcbArray | — |
A15_NtfsMcbArrayStartingVcn | — |
A16_NtfsMcbArrayEndingVcn | — |
Event ID 42 —
Fields
| Name | Description |
|---|---|
A10_ScbVcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_NtfsMcbArray | — |
A15_NtfsMcbArrayStartingVcn | — |
A16_NtfsMcbArrayEndingVcn | — |
Event ID 43 —
Fields
| Name | Description |
|---|---|
A10_ScbVcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_NtfsMcbArray | — |
A15_NtfsMcbArrayStartingVcn | — |
A16_NtfsMcbArrayEndingVcn | — |
Event ID 44 —
Fields
| Name | Description |
|---|---|
A10_ScbVcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_NewFinalVcnInMcb | — |
A15_NewFinalVcn | — |
Event ID 45 —
Fields
| Name | Description |
|---|---|
A10_ScbVcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_NewStartVcn | — |
A15_LastVcn | — |
A16_NewFinalVcn | — |
A17_NewFinalVcnInMcb | — |
A18_NumberOfRanges | — |
A19_DeletedNextAttribute | — |
A20_Mcb1StartWithNewStartVcn | — |
A21_Mcb1HoldNewStartVcn | — |
A22_Mcb2StartWithNewStartVcn | — |
A23_Mcb2HoldNewStartVcn | — |
A24_McbArraySizeInUseChange | — |
Event ID 46 —
Fields
| Name | Description |
|---|---|
A10_ScbVcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_NewStartVcn | — |
A15_DeletedNextAttributeNewFinalVcnInMcbLastVcn1 | — |
Event ID 47 —
Fields
| Name | Description |
|---|---|
A10_ScbVcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_LastVcn | — |
A15_NewFinalVcnInMcb | — |
Event ID 48 —
Fields
| Name | Description |
|---|---|
A10_ScbVcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_ScbAttributeTypeCode | — |
A15__ScbAttributeName | — |
A16_PULONGLONG_ContextAttributeListEntrySegmentReference | — |
A17_OldLowestVcn | — |
A18_StartVcn | — |
A19_NewAttributeInstance | — |
Event ID 49 —
Fields
| Name | Description |
|---|---|
A10_ScbVcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_PULONGLONG_ScbFcbFileReference | — |
A14_ScbAttributeTypeCode | — |
A15__ScbAttributeName | — |
A16_OldLowestVcn | — |
A17_StartVcn | — |
A18_OldHighestVcn | — |
A19_LastVcn | — |
A20_FileRecordSequenceNumber | — |
A21_FileRecordSegmentNumberLowPart | — |
Event ID 50 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
Event ID 51 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14__VolumeId | — |
A15_VcbVcbState | — |
Event ID 52 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Fcb | — |
A13_PULONGLONG_FcbFileReference | — |
A14_AllFlagsFirstRequest | — |
Event ID 53 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Fcb | — |
A13_PULONGLONG_FcbFileReference | — |
Event ID 54 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Fcb | — |
A13_PULONGLONG_FcbFileReference | — |
Event ID 55 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Fcb | — |
A13_PULONGLONG_FcbFileReference | — |
A14_FrsConsolidationContextRestartAttributeTypeCode | — |
A15__FrsConsolidationContextRestartAttributeName | — |
A16_FrsConsolidationContextRestartVcn | — |
A17_FrsConsolidationContextRestartAttributeListEntryOffset | — |
A18_AttributeListEntryOffset | — |
A19_AttrContextAttributeListAttributeListFormNonresidentValidDataLength | — |
A20_AttributeListGrowBy | — |
A21_AttributeListGrowBy | — |
Event ID 56 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Fcb | — |
A13_PULONGLONG_FcbFileReference | — |
A14_FrsConsolidationContextRestartAttributeTypeCode | — |
A15__FrsConsolidationContextRestartAttributeName | — |
A16_FrsConsolidationContextRestartVcn | — |
A17_FrsConsolidationContextInstance | — |
A18_FrsConsolidationContextRestartAttributeListEntryOffset | — |
A19_AttrContextAttributeListAttributeListFormNonresidentValidDataLength | — |
Event ID 57 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Fcb | — |
A13_PULONGLONG_FcbFileReference | — |
A14_FrsConsolidationContextRestartAttributeTypeCode | — |
A15__FrsConsolidationContextRestartAttributeName | — |
A16_FrsConsolidationContextRestartVcn | — |
A17_FrsConsolidationContextInstance | — |
A18_FrsConsolidationContextRestartAttributeListEntryOffset | — |
A19_AttrContextAttributeListAttributeListFormNonresidentValidDataLength | — |
Event ID 58 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Fcb | — |
A13_PULONGLONG_FcbFileReference | — |
A14_Scb | — |
Event ID 59 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Fcb | — |
A13_PULONGLONG_FcbFileReference | — |
Event ID 60 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_PULONGLONG_FrsConsolidationContextFileReference | — |
A13_IrpContextExceptionStatus | — |
Event ID 61 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Fcb | — |
A13_PULONGLONG_FcbFileReference | — |
Event ID 62 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Fcb | — |
A13_PULONGLONG_FcbFileReference | — |
Event ID 63 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Fcb | — |
A13_FileRef | — |
A14_ExceptionStatus | — |
Event ID 64 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Fcb | — |
A13_FileRef | — |
A14_RemovedFcb | — |
A15_AllFlagsFcbAcquired | — |
A16_IrpContextTransactionId | — |
Event ID 65 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_EndTimeQuadPart1000NtfsPerformanceFrequencyQuadPart | — |
A13_FrsConsolidationContextTotalTime1000NtfsPerformanceFrequencyQuadPart | — |
Event ID 66 —
Fields
| Name | Description |
|---|---|
A10_FcbVcb | — |
A11_IrpContext | — |
A12_PULONGLONG_FcbFileReference | — |
A13_StdInfoAttrListEntrySignature | — |
A14_StdInfoAttrListEntryLastCompactedSize | — |
A15_AttributeListSize | — |
Event ID 67 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12_Scb | — |
A13__ScbMcb | — |
A14_OriginalStartingVcn | — |
A15_ClusterCount | — |
A16_AllocateAll | — |
A17_TargetLcnNULLTargetLcnULONGLONG1 | — |
A18_PreAllocated | — |
A19_UseDelayedAllocation | — |
Event ID 68 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12_Scb | — |
A13__ScbMcb | — |
A14_OriginalStartingVcn | — |
A15_ClusterCount | — |
A16_AllocateAll | — |
A17_TargetLcnNULLTargetLcnULONGLONG1 | — |
A18_PreAllocated | — |
A19_UseDelayedAllocation | — |
Event ID 69 —
Fields
| Name | Description |
|---|---|
A10_FoundClusterCount | — |
A11_Scb | — |
A12_ScbTotalAllocated | — |
Event ID 70 —
Fields
| Name | Description |
|---|---|
A10_FoundClusterCount | — |
A11_Scb | — |
A12_ScbTotalAllocated | — |
A13_ScbState | — |
A14_IrpContextState2 | — |
A15_AllocateWithNoHole | — |
Event ID 71 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_ClustersAllocated | — |
Event ID 72 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_ClustersAllocated | — |
Event ID 73 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12_Scb | — |
A13__ScbMcb | — |
A14_StartingVcn | — |
A15_EndingVcn | — |
Event ID 74 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_PULONGLONG_ScbFcbFileReference | — |
A12_StartingVcn | — |
A13_EndingVcn | — |
Event ID 75 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12_Scb | — |
A13__ScbMcb | — |
A14_StartingVcn | — |
A15_EndingVcn | — |
Event ID 76 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_PULONGLONG_ScbFcbFileReference | — |
A12_AdjLcn | — |
A13_AdjClusterCount | — |
Event ID 77 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 78 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_DeallocatedClusters | — |
A12_DeallocatedClustersLsnQuadPart | — |
A13_DeallocatedClustersClusterCount | — |
A14_DeallocatedClustersFlags | — |
A15_VcbDeallocatedClusters | — |
A16_VcbDeallocatedClustersAdjClusterCount | — |
Event ID 79 —
Fields
| Name | Description |
|---|---|
A10_ClusterCount | — |
A11_Scb | — |
A12_TotalAllocated | — |
A13_TotalAllocated | — |
Event ID 80 —
Fields
| Name | Description |
|---|---|
A10_ClusterCount | — |
A11_Scb | — |
A12_TotalAllocated | — |
A13_ScbState | — |
A14_IrpContextState2 | — |
Event ID 81 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_VcbDeallocatedClusters | — |
A12_VcbDeallocatedClustersClustersRemoved | — |
Event ID 82 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_ClustersDeallocated | — |
Event ID 83 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_ClustersDeallocated | — |
Event ID 84 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12_FirstBit | — |
A13_BeyondFinalBit | — |
A14_RedoOperation | — |
A15_UndoOperation | — |
Event ID 85 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11__Bitmap | — |
A12_BaseLcn | — |
A13_CurrentLcn | — |
Event ID 86 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12_StartingLcn | — |
A13_ClusterCount | — |
Event ID 87 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11__Bitmap | — |
A12_BaseLcn | — |
A13_StartingLcn | — |
Event ID 88 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Bitmap | — |
A12_BitMapOffset | — |
A13_NumberOfBits | — |
Event ID 89 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12_StartingLcn | — |
A13_ClusterCount | — |
Event ID 90 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11__Bitmap | — |
A12_BaseLcn | — |
A13_StartingLcn | — |
Event ID 91 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Bitmap | — |
A12_BitMapOffset | — |
A13_NumberOfBits | — |
Event ID 92 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12_Bitmap | — |
A13_StartingBitmapLcn | — |
A14_SetBits | — |
Event ID 93 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Bitmap | — |
A12_StartingBit | — |
A13_EndingBit | — |
Event ID 94 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Results | — |
Event ID 95 —
Fields
| Name | Description |
|---|---|
A10_i | — |
A11_OriginalSystemBitmapisizeofOriginalSystemBitmap0 | — |
Event ID 96 —
Event ID 97 —
Fields
| Name | Description |
|---|---|
A10_Length | — |
A11_BinIndex | — |
A12_Key | — |
A13_BitPosition | — |
A14_GroupIndex | — |
A15_GroupShiftFactor | — |
Event ID 98 —
Fields
| Name | Description |
|---|---|
A10_Length | — |
A11_BinIndex | — |
A12_TotalBins | — |
Event ID 99 —
Fields
| Name | Description |
|---|---|
A10_BinIndex | — |
A11_MAXLONGLONG | — |
A12_TotalBins | — |
Event ID 100 —
Fields
| Name | Description |
|---|---|
A10_BinIndex | — |
A11_MaxLength | — |
A12_GroupIndex | — |
A13_RelativeBinIndex | — |
A14_MaxKey | — |
Event ID 101 —
Fields
| Name | Description |
|---|---|
A10_NtfsCachedRunBinGroupShift | — |
A11_NtfsCachedRunBinGroupSize | — |
A12_NtfsCachedRunBinGroupMask | — |
Event ID 102 —
Fields
| Name | Description |
|---|---|
A10_BinIndex | — |
A11_MaxLength | — |
A12_MaxLength | — |
Event ID 103 —
Fields
| Name | Description |
|---|---|
A10_StartingCluster | — |
A11_ClusterCount | — |
A12_VcbTotalClustersCommitted | — |
A13_VcbTotalClusters | — |
A14_VcbFreeClusters | — |
Event ID 104 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_FirstBitToClear | — |
A12_BeyondLastBitToClear1 | — |
Event ID 105 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 106 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_FreeClusterBase1 | — |
A12_FreeClusterCount1 | — |
Event ID 107 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 108 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_FreeClusterBase2 | — |
A12_FreeClusterCount2 | — |
Event ID 109 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_PsGetCurrentThread | — |
A12_VcbTotalClustersCommitted | — |
A13_VcbTotalClusters | — |
A14_VcbTPMapSizeOfBitMap | — |
Event ID 110 —
Fields
| Name | Description |
|---|---|
A10_IrpContextMajorFunction | — |
Event ID 111 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_StartingZero | — |
A12_ByteCount | — |
A13_ExtentsDescriptor | — |
A14_ExtentsDescriptorIndex | — |
A15_ExtentsDescriptorStartOffset | — |
A16_Offset | — |
A17_MaxRuns | — |
Event ID 112 —
Fields
| Name | Description |
|---|---|
A10_RunIndex | — |
A11_ExtentsDescriptorRunRunIndexBasePage | — |
A12_ExtentsDescriptorRunRunIndexPageCount | — |
A13_ExtentLength | — |
A14_Offset | — |
A15_RunIndexStartOffset | — |
Event ID 113 —
Event ID 114 —
Fields
| Name | Description |
|---|---|
A10_LengthInExtent | — |
A11_ByteCount | — |
Event ID 115 —
Fields
| Name | Description |
|---|---|
A10_StartingPhysicalAddrQuadPart | — |
A11_LengthInExtent | — |
Event ID 116 —
Fields
| Name | Description |
|---|---|
A10_ExtentsDescriptorIndex | — |
A11_ExtentsDescriptorStartOffset | — |
Event ID 117 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_StartingOffset | — |
A12_BeyondEndOffset | — |
Event ID 118 —
Fields
| Name | Description |
|---|---|
A10_DataSetRangeIndex | — |
A11_DsmBufferDataSetRangesDataSetRangeIndexStartingOffset | — |
A12_DsmBufferDataSetRangesDataSetRangeIndexLengthInBytes | — |
Event ID 119 —
Fields
| Name | Description |
|---|---|
A10_RemainingClusterCount | — |
A11_DataSetRangeIndex | — |
Event ID 120 —
Fields
| Name | Description |
|---|---|
A10_DsmByteAddressRangesTotalNumberOfRanges | — |
A11_DsmByteAddressRangesNumberOfRangesReturned | — |
Event ID 121 —
Fields
| Name | Description |
|---|---|
A10_Index | — |
A11_DsmByteAddressRangesRangesIndexStartAddress | — |
A12_DsmByteAddressRangesRangesIndexLengthInBytes | — |
Event ID 122 —
Fields
| Name | Description |
|---|---|
A10_StartingPhysicalAddrQuadPart | — |
A11_LengthInExtent | — |
Event ID 123 —
Fields
| Name | Description |
|---|---|
A10_ExtentsDescriptorIndex | — |
A11_ExtentsDescriptorStartOffset | — |
Event ID 124 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_StartingZero | — |
A12_BeyondEndOffset | — |
A13_ByteCount | — |
A14_ExtentsDescriptor | — |
A15_ExtentsDescriptorIndexExtentsDescriptorIndex0 | — |
A16_ExtentsDescriptorStartOffsetExtentsDescriptorStartOffset0 | — |
Event ID 125 —
Fields
| Name | Description |
|---|---|
A10_ExtentsDescriptorIndex | — |
A11_ExtentsDescriptorStartOffset | — |
Event ID 126 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Scb | — |
A12_StartOffset | — |
A13_ByteCount | — |
Event ID 127 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
Event ID 128 —
Fields
| Name | Description |
|---|---|
A10_TypeOfOpen | — |
Event ID 129 —
Fields
| Name | Description |
|---|---|
A10_Status | — |
Event ID 130 —
Fields
| Name | Description |
|---|---|
A10_Status | — |
Event ID 131 —
Fields
| Name | Description |
|---|---|
A10_Status | — |
Event ID 132 —
Fields
| Name | Description |
|---|---|
A10_Irp | — |
A11_IrpContext | — |
A12_Vcb | — |
A13_CreateContextFileObject | — |
A14_CreateContextFileObjectRelatedFileObject | — |
A15__CreateContextFileObjectFileName | — |
A16_CreateContextIrpSpParametersCreateOptions | — |
A17_CreateContextIrpSpParametersCreateFileAttributes | — |
A18_CreateContextDesiredAccess | — |
A19_CreateContextIrpSpParametersCreateShareAccess | — |
A20_CreateContextIrpSpParametersCreateEaLength | — |
Event ID 133 —
Fields
| Name | Description |
|---|---|
A10_Irp | — |
A11_IrpContext | — |
A12_Vcb | — |
A13_CreateContextFileObject | — |
A14_CreateContextFileObjectRelatedFileObject | — |
A15__CreateContextFileObjectFileName | — |
A16_CreateContextIrpSpParametersCreateOptions | — |
A17_CreateContextIrpSpParametersCreateFileAttributes | — |
A18_CreateContextDesiredAccess | — |
A19_CreateContextIrpSpParametersCreateShareAccess | — |
A20_CreateContextIrpSpParametersCreateEaLength | — |
Event ID 134 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbVcbState | — |
Event ID 135 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_CreateDisposition | — |
Event ID 136 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbVcbState | — |
Event ID 137 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_IrpSpParametersCreateShareAccess | — |
A15_ReadULongNoFence_VcbCleanupCount | — |
A16_BiasedCleanupCount | — |
Event ID 138 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbVcbState | — |
Event ID 139 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_IrpSpParametersCreateShareAccess | — |
A15_VcbReadOnlyCloseCount | — |
A16_VcbCloseCount | — |
A17_VcbSystemFileCloseCount | — |
Event ID 140 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_FcbVcb | — |
A12__FcbVcbVolumeName | — |
A13_WppCountedStringWFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHFcbVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_FcbCleanupCount | — |
A17_FcbFcbState | — |
A18_IrpSpFlags | — |
Event ID 141 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_FcbVcb | — |
A12__FcbVcbVolumeName | — |
A13_WppCountedStringWFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHFcbVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_FcbFcbState | — |
A17_IrpSpFlags | — |
Event ID 142 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_FcbVcb | — |
A12__FcbVcbVolumeName | — |
A13_WppCountedStringWFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHFcbVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_IrpContextState | — |
A17_IrpSpFlags | — |
Event ID 143 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_ThisFcbFcbState | — |
A17_CreateContextIrpSpParametersCreateOptions24_0x000000ff | — |
A18_CreateContextIrpSpParametersCreateSecurityContextDesiredAccess | — |
Event ID 144 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_CreateContextCurrentFcbVcb | — |
A12__CreateContextCurrentFcbVcbVolumeName | — |
A13_WppCountedStringWCreateContextCurrentFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHCreateContextCurrentFcbVcbVpb | — |
A14_CreateContextCurrentFcb | — |
A15_NtfsFullFileRefNumber_CreateContextCurrentFcbFileReference | — |
A16_CreateContextCurrentFcbInfoFileAttributes | — |
A17_CreateContextCurrentFcbTxfRmcbRmState | — |
Event ID 145 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_CreateContextCurrentFcbVcb | — |
A12__CreateContextCurrentFcbVcbVolumeName | — |
A13_WppCountedStringWCreateContextCurrentFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHCreateContextCurrentFcbVcbVpb | — |
A14_CreateContextCurrentFcb | — |
A15_NtfsFullFileRefNumber_CreateContextCurrentFcbFileReference | — |
A16_CreateContextCurrentFcbFcbState | — |
A17_CreateContextIrpSpParametersCreateOptions24_0x000000ff | — |
A18_CreateContextIrpSpParametersCreateSecurityContextDesiredAccess | — |
Event ID 146 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_ThisFcbFcbState | — |
Event ID 147 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_ThisFcbFcbState | — |
A17_CreateContextIrpSpParametersCreateOptions24_0x000000ff | — |
A18_CreateContextIrpSpParametersCreateSecurityContextDesiredAccess | — |
Event ID 148 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_ThisFcbTxfRmcbRmState | — |
Event ID 149 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ParentScbFcbVcb | — |
A12__ParentScbFcbVcbVolumeName | — |
A13_WppCountedStringWParentScbFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHParentScbFcbVcbVpb | — |
A14_ParentScbFcb | — |
A15_NtfsFullFileRefNumber_ParentScbFcbFileReference | — |
A16_ParentScbFcbFcbState | — |
A17_ParentScbFcbTxfRmcbRmState | — |
A18_AttrTypeCode | — |
Event ID 150 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_CreateContextIrpSpParametersCreateOptions | — |
A17_CcbFlags | — |
Event ID 151 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ParentScbVcb | — |
A12__ParentScbVcbVolumeName | — |
A13_WppCountedStringWParentScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHParentScbVcbVpb | — |
A14_ParentScbFcb | — |
A15_NtfsFullFileRefNumber_ParentScbFcbFileReference | — |
A16_ParentScbFcbFcbState | — |
A17_ParentScbFcbTxfRmcbRmState | — |
Event ID 152 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_ThisFcbTxfRmcbRmState | — |
Event ID 153 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_ThisEaInformationNeedEaCount | — |
A17_CreateContextIrpSpParametersCreateOptions | — |
A18_CcbFlags | — |
Event ID 154 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_AttrTypeCode | — |
A17_CreateDisposition | — |
Event ID 155 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_CreateDisposition | — |
Event ID 156 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_ThisFcbFcbState | — |
A17_AttrTypeCode | — |
Event ID 157 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_ThisFcbInfoFileAttributes | — |
A17_FileAttributes | — |
Event ID 158 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_CreateContextIrpSpParametersCreateOptions | — |
Event ID 159 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_CreateContextThisScbAttributeTypeCode | — |
A17_CreateContextThisScbState | — |
A18_CreateContextThisScbScbTypeDataHighWaterMark | — |
Event ID 160 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_AttrCode | — |
A15_CreateDisposition | — |
Event ID 161 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_AttrCode | — |
A15_IrpSpParametersCreateSecurityContextAccessStateOriginalDesiredAccess | — |
Event ID 162 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_AttrCode | — |
Event ID 163 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisScbVcb | — |
A12__ThisScbVcbVolumeName | — |
A13_WppCountedStringWThisScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisScbVcbVpb | — |
A14_ThisScbFcb | — |
A15_NtfsFullFileRefNumber_ThisScbFcbFileReference | — |
A16_ThisScb | — |
A17_ThisScbAttributeTypeCode | — |
A18__ThisScbAttributeName | — |
A19_IrpSpParametersCreateShareAccess | — |
A20_IrpSpParametersCreateSecurityContextAccessStatePreviouslyGrantedAccess | — |
Event ID 164 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisScbVcb | — |
A12__ThisScbVcbVolumeName | — |
A13_WppCountedStringWThisScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisScbVcbVpb | — |
A14_ThisScbFcb | — |
A15_NtfsFullFileRefNumber_ThisScbFcbFileReference | — |
A16_ThisScb | — |
A17_ThisScbAttributeTypeCode | — |
A18__ThisScbAttributeName | — |
Event ID 165 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisScbVcb | — |
A12__ThisScbVcbVolumeName | — |
A13_WppCountedStringWThisScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisScbVcbVpb | — |
A14_ThisScbFcb | — |
A15_NtfsFullFileRefNumber_ThisScbFcbFileReference | — |
A16_ThisScb | — |
A17_ThisScbAttributeTypeCode | — |
A18__ThisScbAttributeName | — |
A19_IrpSpParametersCreateSecurityContextAccessStatePreviouslyGrantedAccess | — |
Event ID 166 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisScbVcb | — |
A12__ThisScbVcbVolumeName | — |
A13_WppCountedStringWThisScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisScbVcbVpb | — |
A14_ThisScbFcb | — |
A15_NtfsFullFileRefNumber_ThisScbFcbFileReference | — |
A16_ThisScb | — |
A17_ThisScbMarkHandleDisallowWritesCount | — |
A18_IrpSpParametersCreateSecurityContextDesiredAccess | — |
Event ID 167 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisScbVcb | — |
A12__ThisScbVcbVolumeName | — |
A13_WppCountedStringWThisScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisScbVcbVpb | — |
A14_ThisScbFcb | — |
A15_NtfsFullFileRefNumber_ThisScbFcbFileReference | — |
A16_ThisScb | — |
A17_ThisScbAttributeTypeCode | — |
A18__ThisScbAttributeName | — |
A19_IrpSpParametersCreateShareAccess | — |
A20_GrantedAccess | — |
Event ID 168 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisScbVcb | — |
A12__ThisScbVcbVolumeName | — |
A13_WppCountedStringWThisScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisScbVcbVpb | — |
A14_ThisScbFcb | — |
A15_NtfsFullFileRefNumber_ThisScbFcbFileReference | — |
A16_IrpSpParametersCreateShareAccess | — |
A17_IrpSpFileObjectFlags | — |
Event ID 169 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisScbVcb | — |
A12__ThisScbVcbVolumeName | — |
A13_WppCountedStringWThisScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisScbVcbVpb | — |
A14_ThisScbFcb | — |
A15_NtfsFullFileRefNumber_ThisScbFcbFileReference | — |
A16_ThisScb | — |
A17_ThisScbAttributeTypeCode | — |
A18__ThisScbAttributeName | — |
A19_IrpSpParametersCreateShareAccess | — |
A20_GrantedAccess | — |
Event ID 170 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_IrpSpParametersCreateShareAccess | — |
A17_IrpSpFileObjectFlags | — |
Event ID 171 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_IrpSpParametersCreateSecurityContextDesiredAccess | — |
A17_ThisFcbInfoFileAttributes | — |
A18_IrpSpFlags | — |
Event ID 172 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_CurrentFcbVcb | — |
A12__CurrentFcbVcbVolumeName | — |
A13_WppCountedStringWCurrentFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHCurrentFcbVcbVpb | — |
A14_CurrentFcb | — |
A15_NtfsFullFileRefNumber_CurrentFcbFileReference | — |
A16_CurrentFcbInfoFileAttributes | — |
A17_NtfsDataFlags | — |
Event ID 173 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_CurrentFcbVcb | — |
A12__CurrentFcbVcbVolumeName | — |
A13_WppCountedStringWCurrentFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHCurrentFcbVcbVpb | — |
A14_CurrentFcb | — |
A15_NtfsFullFileRefNumber_CurrentFcbFileReference | — |
A16_CurrentFcbInfoFileAttributes | — |
A17_ThisScbAttributeFlags | — |
Event ID 174 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisScbVcb | — |
A12__ThisScbVcbVolumeName | — |
A13_WppCountedStringWThisScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisScbVcbVpb | — |
A14_ThisScbFcb | — |
A15_NtfsFullFileRefNumber_ThisScbFcbFileReference | — |
A16_CreateContextCurrentFcbCleanupCount | — |
A17_NtfsDataEncryptionCallBackTableImplementationFlags | — |
Event ID 175 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_CurrentFcb | — |
A12_NtfsFullFileRefNumber_CurrentFcbFileReference | — |
A13_CurrentFcbTxfRmcbRmState | — |
Event ID 176 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_LcbFcbVcb | — |
A12__LcbFcbVcbVolumeName | — |
A13_WppCountedStringWLcbFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHLcbFcbVcbVpb | — |
A14_LcbFcb | — |
A15_NtfsFullFileRefNumber_LcbFcbFileReference | — |
A16_WppCountedStringWLcbFileNameAttrFileNameUSHORTLcbFileNameAttrFileNameLength | — |
A17_DesiredAccess | — |
A18_DesiredShareAccess | — |
A19_IoShareAccessFlags | — |
A20_LinkShareAccessOpenCount | — |
A21_LinkShareAccessDeleters | — |
A22_LinkShareAccessSharedDelete | — |
Event ID 177 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_ScbAttributeTypeCode | — |
A17__ScbAttributeName | — |
A18_DesiredAccess | — |
A19_DesiredShareAccess | — |
A20_IoShareAccessFlags | — |
A21_ShareAccessOpenCount | — |
A22_ShareAccessReaders | — |
A23_ShareAccessWriters | — |
A24_ShareAccessDeleters | — |
A25_ShareAccessSharedRead | — |
A26_ShareAccessSharedWrite | — |
A27_ShareAccessSharedDelete | — |
Event ID 178 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_ScbAttributeTypeCode | — |
A17__ScbAttributeName | — |
A18_WppCountedStringWLcbFileNameAttrFileNameUSHORTLcbFileNameAttrFileNameLength | — |
A19_DesiredAccess | — |
A20_DesiredShareAccess | — |
A21_IoShareAccessFlags | — |
A22_ShareAccessOpenCount | — |
A23_ShareAccessReaders | — |
A24_ShareAccessWriters | — |
A25_ShareAccessDeleters | — |
A26_ShareAccessSharedRead | — |
A27_ShareAccessSharedWrite | — |
A28_ShareAccessSharedDelete | — |
A29_LinkShareAccessOpenCount | — |
A30_LinkShareAccessDeleters | — |
A31_LinkShareAccessSharedDelete | — |
Event ID 179 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_ScbAttributeTypeCode | — |
A17__ScbAttributeName | — |
A18_ARGUMENT_PRESENTLcbWppCountedStringWLcbFileNameAttrFileNameUSHORTLcbFileNameAttrFileNameLengthWppCountedStringWNULL0 | — |
A19_AccessStatePreviouslyGrantedAccess | — |
A20_AccessStateFlags | — |
A21_DesiredShareAccess | — |
A22_CreateDisposition | — |
A23_ScbShareAccessOpenCount | — |
A24_ScbShareAccessReaders | — |
A25_ScbShareAccessWriters | — |
A26_ScbShareAccessDeleters | — |
A27_ScbShareAccessSharedRead | — |
A28_ARGUMENT_PRESENTLcbLcbLinkShareAccessDeleters0 | — |
Event ID 180 —
Fields
| Name | Description |
|---|---|
A10_FILEID_FROM_SOURCEFileNLine | — |
A11_LINENUM_FROM_SOURCEFileNLine | — |
A12_Status | — |
A13__ProcessName | — |
Event ID 181 —
Fields
| Name | Description |
|---|---|
A10_FILEID_FROM_SOURCEFileNLine | — |
A11_LINENUM_FROM_SOURCEFileNLine | — |
A12_Status | — |
A13__ProcessName | — |
Event ID 182 —
Fields
| Name | Description |
|---|---|
A10_FILEID_FROM_SOURCEFileNLine | — |
A11_LINENUM_FROM_SOURCEFileNLine | — |
A12_Status | — |
A13__ProcessName | — |
Event ID 183 —
Fields
| Name | Description |
|---|---|
A10_FILEID_FROM_SOURCEFileNLine | — |
A11_LINENUM_FROM_SOURCEFileNLine | — |
A12_Status | — |
A13__ProcessName | — |
Event ID 184 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_StartingCluster | — |
A12_RunLength | — |
Event ID 185 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 186 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
A12_MarkUnusedContextDeallocatedClusters | — |
A13__MarkUnusedContextDeallocatedClustersMcb | — |
Event ID 187 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_StartingCluster | — |
A12_RunLength | — |
A13__MarkUnusedContextDeallocatedClustersMcb | — |
Event ID 188 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11__MarkUnusedContextDeallocatedClustersMcb | — |
Event ID 189 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
A12_IrpContext | — |
Event ID 190 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 191 —
Fields
| Name | Description |
|---|---|
A10_Src | — |
A11_Dst | — |
A12_SrcClustersCount | — |
A13_SrcDeallocatedClustersClusterCount | — |
A14_SrcDsmAttrDataSetRangesLength | — |
Event ID 192 —
Fields
| Name | Description |
|---|---|
A10_Src | — |
A11_Dst | — |
A12_SrcClustersCount | — |
A13_DstClustersCount | — |
A14_DstDsmAttrDataSetRangesLength | — |
A15_DstFirstDataSetRangePtrLengthInBytes | — |
A16_DstFirstDataSetRangePtrStartingOffset | — |
Event ID 193 —
Event ID 194 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
A12_VcbDeallocatedClusters | — |
A13_VcbDeallocatedClustersListLengthInTrim | — |
A14_VcbDeallocatedClustersListLengthToDrain | — |
A15_ClustersClusterCount | — |
A16_InitialRanges | — |
Event ID 195 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
A12_StartingLcn | — |
A13_ClusterCount | — |
A14_FreeClusterBase1 | — |
A15_FreeClusterCount1 | — |
A16_FreeClusterBase2 | — |
A17_FreeClusterCount2 | — |
Event ID 196 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 197 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_VcbCloseCount | — |
Event ID 198 —
Event ID 199 —
Fields
| Name | Description |
|---|---|
A10_Irp | — |
Event ID 200 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
Event ID 201 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 202 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 203 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 204 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_SmallMarkUnusedContext | — |
A12_MarkUnusedContext | — |
Event ID 205 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
Event ID 206 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
Event ID 207 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
A12_TrimEntryCount | — |
A13_DataSetRangePtrStartingOffset | — |
A14_DataSetRangePtrLengthInBytes | — |
Event ID 208 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
A12_IrpUsed | — |
Event ID 209 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
A12_Status | — |
Event ID 210 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
Event ID 211 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
Event ID 212 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_Status | — |
A12_MarkUnusedContext | — |
A13_MarkUnusedContextNULL__MarkUnusedContextDeallocatedClustersNULLMarkUnusedContextDeallocatedClustersClusterCount1LL | — |
Event ID 213 —
Event ID 214 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_DeallocatedClusters | — |
Event ID 215 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_DeallocatedClusters | — |
Event ID 216 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_DeallocatedClusters | — |
Event ID 217 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_All | — |
Event ID 218 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 219 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 220 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 221 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 222 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_DeallocatedClustersToWaitForDeallocatedClusters | — |
Event ID 223 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 224 —
Fields
| Name | Description |
|---|---|
A10_IrpContextVcb | — |
A11_DeallocatedClustersToWaitForDeallocatedClusters | — |
Event ID 225 —
Fields
| Name | Description |
|---|---|
A10_WaitInSeconds | — |
A11_CurrentTimeQuadPartDeallocatedClustersToWaitForEndTimeQuadPartULONGCurrentTimeQuadPartDeallocatedClustersToWaitForEndTimeQuadPartNtfsDataSystemTimeIncrementINTERVAL_ONE_SECOND0 | — |
A12_IrpContext | — |
A13_IrpContextVcb | — |
A14_DeallocatedClusters | — |
Event ID 226 —
Fields
| Name | Description |
|---|---|
A10_WaitInSeconds | — |
A11_CurrentTimeQuadPartDeallocatedClustersToWaitForEndTimeQuadPartULONGCurrentTimeQuadPartDeallocatedClustersToWaitForEndTimeQuadPartNtfsDataSystemTimeIncrementINTERVAL_ONE_SECOND0 | — |
A12_IrpContext | — |
A13_IrpContextVcb | — |
A14_DeallocatedClusters | — |
Event ID 227 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_VcbDeallocatedClustersListLengthInTrim | — |
Event ID 228 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 229 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 230 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_AcquiredVcb | — |
Event ID 231 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
Event ID 232 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
A12_RunIndex | — |
A13_StartingOffset | — |
A14_LengthInBytes | — |
Event ID 233 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
A12_DataSetRangeCount | — |
A13_McbRunCount | — |
A14_SmartTrimFreeRangeCount | — |
Event ID 234 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
A12_RunIndex | — |
A13_DataSetRangeStartingOffset | — |
A14_DataSetRangeLengthInBytes | — |
Event ID 235 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_StartingLcn | — |
A12_ClusterCount | — |
A13_FirstTpMapBit | — |
A14_LastTpMapBit | — |
Event ID 236 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_SmartTrimStateSlabRangesCount | — |
Event ID 237 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_SlabRangeIndex | — |
A12_SlabRangeFirstTPMapBit | — |
A13_SlabRangeLastTPMapBit | — |
Event ID 238 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 239 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 240 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 241 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_AcquiredBitmap | — |
Event ID 242 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_TpMapBit | — |
Event ID 243 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_TpMapBit | — |
Event ID 244 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_TpMapBit | — |
A12_SlabBaseLcn | — |
A13_SlabLengthInClusters | — |
Event ID 245 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 246 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 247 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 248 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbVcbState | — |
A15_IrpSpFlags | — |
Event ID 249 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Status | — |
Event ID 250 —
Event ID 251 —
Event ID 252 —
Event ID 253 —
Fields
| Name | Description |
|---|---|
A10_ScbVcb | — |
A11_StartingVbo | — |
A12_ByteCount | — |
Event ID 254 —
Fields
| Name | Description |
|---|---|
A10_FileObject | — |
Event ID 255 —
Fields
| Name | Description |
|---|---|
A10_ULONGBadVcn | — |
A11_PLARGE_INTEGER_BadVcnHighPart | — |
Event ID 256 —
Fields
| Name | Description |
|---|---|
A10_ULONGBadLcn | — |
A11_PLARGE_INTEGER_BadLcnHighPart | — |
Event ID 257 —
Event ID 258 —
Event ID 259 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12_NewBufferSize | — |
Event ID 260 —
Fields
| Name | Description |
|---|---|
A10_NewBufferSize | — |
A11_NtfsGetCompressionBufferSize | — |
Event ID 261 —
Fields
| Name | Description |
|---|---|
A10_Status | — |
Event ID 262 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12_NewBufferSize | — |
Event ID 263 —
Fields
| Name | Description |
|---|---|
A10_NewBufferSize | — |
A11_NtfsGetUsaBufferSizeVcb | — |
Event ID 264 —
Fields
| Name | Description |
|---|---|
A10_Status | — |
Event ID 265 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
A19_ScbPersist | — |
A20_CcbFlags | — |
Event ID 266 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 267 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 268 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
A19_ScbPersist | — |
A20_CcbFlags | — |
Event ID 269 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A14_MoveDataStartingVcnQuadPart | — |
A15_TransferClusters | — |
A16_Lcn | — |
A17_MoveDataStartingLcnQuadPart | — |
A18_CopyLength | — |
A19_FlagsUseDelayedAllocation | — |
A20_Status | — |
Event ID 270 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A14_MoveDataStartingVcnQuadPart | — |
A15_TransferClusters | — |
A16_Lcn | — |
A17_MoveDataStartingLcnQuadPart | — |
A18_CopyLength | — |
A19_FlagsUseDelayedAllocation | — |
A20_MyStatus | — |
Event ID 271 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A14_Lcn | — |
A15_CopyLength | — |
A16_MyStatus | — |
Event ID 272 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A14_MoveDataStartingLcnQuadPart | — |
A15_CopyLength | — |
A16_MyStatus | — |
Event ID 273 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A14_MoveDataStartingVcnQuadPart | — |
A15_TransferClusters | — |
A16_Lcn | — |
A17_MoveDataStartingLcnQuadPart | — |
A18_FlagsUseDelayedAllocation | — |
A19_ValidClusters | — |
Event ID 274 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A14_MoveDataStartingVcnQuadPart | — |
A15_TransferClusters | — |
Event ID 275 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_FcbVcb | — |
A12__FcbVcbVolumeName | — |
A13_WppCountedStringWFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHFcbVcbVpb | — |
A14_Fcb | — |
A15_FcbNULLNtfsFullFileRefNumber_FcbFileReference0 | — |
A16_CcbNULLCcbFlags0 | — |
Event ID 276 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18_ScbAttributeNameBuffer | — |
A19_ScbPersist | — |
A20_CcbFlags | — |
Event ID 277 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 278 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 279 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
A19_ScbPersist | — |
A20_CcbNULLCcbFlags0 | — |
Event ID 280 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_ScbHeaderValidDataLengthQuadPart | — |
A12_ScbHeaderFileSizeQuadPart | — |
A13_QueryDaxExtentsFileOffset | — |
A14_StartingVcn | — |
A15_QueryDaxExtentsLength | — |
Event ID 281 —
Fields
| Name | Description |
|---|---|
A10_QueryDaxExtentsFileOffset | — |
A11_QueryDaxExtentsLength | — |
A12_EffectiveInputFileRegionLength | — |
A13_StartingVcn | — |
A14_BeyondEndVcn | — |
A15_RemainingClusterCount | — |
A16_LastVcnInFile | — |
Event ID 282 —
Event ID 283 —
Fields
| Name | Description |
|---|---|
A10_RemainingClusterCount | — |
A11_DataSetRangeIndex | — |
A12_OutputBufferLength | — |
Event ID 284 —
Fields
| Name | Description |
|---|---|
A10_ExtentsDescriptorNumberOfValidRuns | — |
A11_MaxRuns | — |
A12_BytesReturned | — |
Event ID 285 —
Fields
| Name | Description |
|---|---|
A10_RemainingClusterCount | — |
A11_ExtentsDescriptorNumberOfValidRuns | — |
Event ID 286 —
Fields
| Name | Description |
|---|---|
A10_RemainingClusterCount | — |
A11_ExtentsDescriptorNumberOfValidRuns | — |
Event ID 287 —
Fields
| Name | Description |
|---|---|
A10_ExtentsDescriptorNumberOfValidRuns | — |
A11_MaxRuns | — |
A12_Status | — |
A13_BytesReturned | — |
Event ID 288 —
Fields
| Name | Description |
|---|---|
A10_ExtentsDescriptorRunIndexBasePage | — |
A11_ExtentsDescriptorRunIndexPageCount | — |
Event ID 289 —
Fields
| Name | Description |
|---|---|
A10_ZeroStart | — |
A11_ZeroEnd | — |
Event ID 290 —
Fields
| Name | Description |
|---|---|
A10_ZeroStart | — |
A11_ZeroEnd | — |
Event ID 291 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
A19_CcbFlags | — |
Event ID 292 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
A19_ARGUMENT_PRESENTCcbCcbAccessFlags0 | — |
A20_ARGUMENT_PRESENTCreateContextCreateContextPreviouslyGrantedAccess0 | — |
Event ID 293 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
A19_CcbFlags | — |
Event ID 294 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_FcbVcb | — |
A12__FcbVcbVolumeName | — |
A13_WppCountedStringWFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHFcbVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_CcbNULLCcbFlags0 | — |
Event ID 295 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
A19_ScbVcbVpbRealDeviceFlags | — |
Event ID 296 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_RenameCleanupTargetLinkFcb | — |
A15_NtfsFullFileRefNumber_RenameCleanupTargetLinkFcbFileReference | — |
A16_RenameCleanupTargetLinkFcbFcbState | — |
Event ID 297 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_RenameCleanupTargetLinkFcb | — |
A15_NtfsFullFileRefNumber_RenameCleanupTargetLinkFcbFileReference | — |
A16_RenameCleanupTargetLinkFcbTxfFcbTxfNumWriters | — |
Event ID 298 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_LcbToDeleteFcb | — |
A15_NtfsFullFileRefNumber_LcbToDeleteFcbFileReference | — |
A16_LcbToDelete | — |
A17_WppCountedStringWLcbToDeleteFileNameAttrFileNameUSHORTLcbToDeleteFileNameAttrFileNameLength | — |
A18_LcbToDeleteTxfNumWriters | — |
Event ID 299 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_RenameCleanupTargetLinkFcb | — |
A15_NtfsFullFileRefNumber_RenameCleanupTargetLinkFcbFileReference | — |
A16_RenameCleanupTargetLinkFcbCleanupCount | — |
Event ID 300 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_LcbToDeleteFcb | — |
A15_NtfsFullFileRefNumber_LcbToDeleteFcbFileReference | — |
A16_LcbToDelete | — |
A17_WppCountedStringWLcbToDeleteFileNameAttrFileNameUSHORTLcbToDeleteFileNameAttrFileNameLength | — |
A18_LcbToDeleteCleanupCount | — |
A19_SplitPrimaryLcb | — |
A20_SplitPrimaryLcbNULLWppCountedStringWSplitPrimaryLcbFileNameAttrFileNameUSHORTSplitPrimaryLcbFileNameAttrFileNameLengthWppCountedStringWNULL0 | — |
A21_SplitPrimaryLcbNULLSplitPrimaryLcbCleanupCount0 | — |
Event ID 301 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_LcbFcb | — |
A15_NtfsFullFileRefNumber_LcbFcbFileReference | — |
A16_LcbFcbFcbState | — |
A17_Lcb | — |
A18_WppCountedStringWLcbFileNameAttrFileNameUSHORTLcbFileNameAttrFileNameLength | — |
A19_LcbFileNameAttrFlags | — |
A20_LcbLcbState | — |
Event ID 302 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_ScbFcbInfoFileAttributes | — |
Event ID 303 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_TargetParentScbFcb | — |
A15_NtfsFullFileRefNumber_TargetParentScbFcbFileReference | — |
A16_TargetParentScbFcbFcbState | — |
Event ID 304 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_TargetParentScbFcb | — |
A15_NtfsFullFileRefNumber_TargetParentScbFcbFileReference | — |
A16_TargetParentScbFcbInfoFileAttributes | — |
A17_TargetParentScbFcbFcbState | — |
Event ID 305 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
Event ID 306 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_NtfsFullFileRefNumber_TargetParentScbFcbFileReference | — |
Event ID 307 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16__CcbFullFileName | — |
Event ID 308 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16__CcbFullFileName | — |
A17_TxfVisibleLinks | — |
Event ID 309 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16__CcbFullFileName | — |
A17_AccessStatus | — |
Event ID 310 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_TargetParentScbFcb | — |
A15_NtfsFullFileRefNumber_TargetParentScbFcbFileReference | — |
A16__NewLinkName | — |
Event ID 311 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_TargetParentScbFcb | — |
A15_NtfsFullFileRefNumber_TargetParentScbFcbFileReference | — |
A16__NewLinkName | — |
A17_TargetParentScbFcbTxfRmcbRmState | — |
Event ID 312 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_LcbFcb | — |
A15_NtfsFullFileRefNumber_LcbFcbFileReference | — |
A16_Lcb | — |
A17_WppCountedStringWLcbFileNameAttrFileNameUSHORTLcbFileNameAttrFileNameLength | — |
Event ID 313 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_LcbFcb | — |
A15_NtfsFullFileRefNumber_LcbFcbFileReference | — |
A16_Lcb | — |
A17_WppCountedStringWLcbFileNameAttrFileNameUSHORTLcbFileNameAttrFileNameLength | — |
A18_NtfsFullFileRefNumber_ParentScbFcbFileReference | — |
Event ID 314 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_NextScbVcb | — |
A12__NextScbVcbVolumeName | — |
A13_WppCountedStringWNextScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHNextScbVcbVpb | — |
A14_NextScbFcb | — |
A15_NtfsFullFileRefNumber_NextScbFcbFileReference | — |
A16_NextScbCleanupCount | — |
Event ID 315 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_NextScbVcb | — |
A12__NextScbVcbVolumeName | — |
A13_WppCountedStringWNextScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHNextScbVcbVpb | — |
A14_NextScbFcb | — |
A15_NtfsFullFileRefNumber_NextScbFcbFileReference | — |
A16_ByIdCcbs | — |
A17_NextScbCleanupCount | — |
Event ID 316 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
A19_ScbState | — |
A20_ScbScbTypeDataHighWaterMark | — |
Event ID 317 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_DirectoryScbVcb | — |
A12__DirectoryScbVcbVolumeName | — |
A13_WppCountedStringWDirectoryScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHDirectoryScbVcbVpb | — |
A14_DirectoryScbFcb | — |
A15_NtfsFullFileRefNumber_DirectoryScbFcbFileReference | — |
A16_ULONGIrpIoStatusInformation | — |
A17_BatchOplockCount | — |
Event ID 318 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12_Fcb | — |
A13_LocalFlagsEntireFlags | — |
Event ID 319 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Scb | — |
Event ID 320 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12_LocalFlagsEntireFlags | — |
Event ID 321 —
Fields
| Name | Description |
|---|---|
A10_VcbBitmapScb | — |
A11_Vcb | — |
Event ID 322 —
Fields
| Name | Description |
|---|---|
A10_VcbMftScb | — |
A11_Vcb | — |
Event ID 323 —
Fields
| Name | Description |
|---|---|
A10_PNTFS_DISK_FLUSH_CONTEXTContextVcb | — |
A11_Context | — |
Event ID 324 —
Fields
| Name | Description |
|---|---|
A10_PNTFS_DISK_FLUSH_CONTEXTContextVcb | — |
A11_Context | — |
A12_NtfsDataDiskFlushContextCompletedWorkItemListFlink | — |
Event ID 325 —
Event ID 326 —
Event ID 327 —
Fields
| Name | Description |
|---|---|
A10_Irp | — |
A11_IrpContext | — |
A12_IrpContextVcb | — |
A13_IrpSpMinorFunction | — |
A14_FsControlCode | — |
Event ID 328 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbVcbState | — |
A15_VcbDisallowDismountCount | — |
A16_ExplicitLock10 | — |
A17_ReadULongNoFence_VcbCleanupCount | — |
A18_UserHandleCountSystemHandleCountVcbExternalMetadataCleanupCount | — |
Event ID 329 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbVcbState | — |
Event ID 330 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Status | — |
Event ID 331 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Status | — |
Event ID 332 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbCloseCount | — |
A15_VcbSystemFileCloseCount | — |
A16_UserHandleCount | — |
Event ID 333 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 334 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ActiveRmCount | — |
A15_DefaultRmActive10 | — |
Event ID 335 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDVcbTxfVcbDefaultRm | — |
A12_VcbTxfVcbDefaultRmNULL_VcbTxfVcbDefaultRmRmIdNULL | — |
Event ID 336 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 337 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12__VolumeLabel | — |
A13__VcbDeviceName | — |
Event ID 338 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 339 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbVcbState | — |
Event ID 340 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbVcbState | — |
A15_VcbReadOnlyCloseCount | — |
A16_VcbCloseCount | — |
A17_VcbSystemFileCloseCount | — |
Event ID 341 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbVcbState | — |
Event ID 342 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 343 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 344 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbAccessFlags | — |
Event ID 345 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbAccessFlags | — |
Event ID 346 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbAccessFlags | — |
Event ID 347 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
A15_TypeOfOpen | — |
Event ID 348 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
A15_IrpRequestorMode | — |
Event ID 349 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 350 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 351 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbAccessFlags | — |
A15_CcbFlags | — |
Event ID 352 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbAccessFlags | — |
A15_CcbFlags | — |
A16_CallerId | — |
A17_ContextOwnerId | — |
Event ID 353 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16__CcbFullFileName | — |
A17_CcbAccessFlags | — |
A18_FileObjectWriteAccess10 | — |
Event ID 354 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16__CcbFullFileName | — |
A17_CcbAccessFlags | — |
A18_ScbAttributeFlags | — |
Event ID 355 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ZeroFlags | — |
A12_IrpRequestorMode | — |
Event ID 356 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Scb | — |
A12_IrpSpFileObject | — |
Event ID 357 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_EncryptionOperation | — |
Event ID 358 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16__CcbFullFileName | — |
A17_CcbAccessFlags | — |
Event ID 359 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16__CcbFullFileName | — |
A17_CcbAccessFlags | — |
Event ID 360 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 361 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 362 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 363 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 364 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 365 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16__CcbFullFileName | — |
A17_CcbAccessFlags | — |
A18_HandleInfoHandleInfo | — |
A19_IrpRequestorMode | — |
Event ID 366 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_DasdCcbNULLDasdCcbAccessFlags0 | — |
Event ID 367 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
A19_ScbPersist | — |
A20_HandleInfoHandleInfo | — |
Event ID 368 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_FcbFcbState2 | — |
A17_Scb | — |
A18_ScbAttributeTypeCode | — |
A19__ScbAttributeName | — |
A20_ScbPersist | — |
A21_HandleInfoHandleInfo | — |
Event ID 369 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_FcbFcbState | — |
A17_Scb | — |
A18_ScbAttributeTypeCode | — |
A19__ScbAttributeName | — |
A20_ScbPersist | — |
A21_HandleInfoHandleInfo | — |
A22_IrpRequestorMode | — |
Event ID 370 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_ScbFcbFcbState | — |
A17_HandleInfoHandleInfo | — |
Event ID 371 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
A19_HandleInfoHandleInfo | — |
Event ID 372 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
A19_ScbShareAccessWriters | — |
Event ID 373 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_TypeOfOpen | — |
A12_Vcb | — |
A13__VcbVolumeName | — |
A14_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A15_ScbFcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_CcbNULL_CcbFullFileNameNULL | — |
A18_CcbNULLCcbAccessFlags0 | — |
Event ID 374 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_TypeOfOpen | — |
A15_IrpSpFileObjectWriteAccess10 | — |
A16_ScbFcb | — |
A17_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A18_ScbAttributeTypeCode | — |
A19_ScbFcbFcbState | — |
A20_CcbNULL_CcbFullFileNameNULL | — |
Event ID 375 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 376 —
Fields
| Name | Description |
|---|---|
A10_PVOIDVcb | — |
A11_InputParameter | — |
Event ID 377 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 378 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 379 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_IrpContextVcb | — |
A12__IrpContextVcbVolumeName | — |
A13_WppCountedStringWIrpContextVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHIrpContextVcbVpb | — |
A14_NtfsDataFlags | — |
Event ID 380 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 381 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_VcbVcbState | — |
Event ID 382 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 383 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_CcbNULLCcbAccessFlags0 | — |
Event ID 384 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_IrpContextVcb | — |
A12__IrpContextVcbVolumeName | — |
A13_WppCountedStringWIrpContextVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHIrpContextVcbVpb | — |
Event ID 385 —
Fields
| Name | Description |
|---|---|
A10_ScrubResumeContextSystemScbIndex | — |
A11_ScrubResumeContextResumeVcn | — |
A12_ScrubResumeContextResumeVcnOffset | — |
Event ID 386 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_ScrubResumeContextResumeVcn | — |
A12_ScrubResumeContextResumeVcnOffset | — |
Event ID 387 —
Fields
| Name | Description |
|---|---|
A10_ScrubResumeContextSystemScbIndex | — |
Event ID 388 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_TypeOfOpen | — |
A15_ScbFcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17__CcbFullFileName | — |
A18_CcbAccessFlags | — |
Event ID 389 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_ScbTxfScb | — |
Event ID 390 —
Event ID 391 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_ScrubContextOperationStatus | — |
A12_ScrubContextNumberOfBytesRepaired | — |
A13_ScrubContextNumberOfBytesFailed | — |
A14_ScrubContextErrorFileOffset | — |
A15_ScrubContextErrorLength | — |
A16_ScrubContextParityExtentDataNumberOfParityExtents | — |
Event ID 392 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_Status | — |
A12_ScrubContextNumberOfBytesRepaired | — |
A13_ScrubContextNumberOfBytesFailed | — |
A14_ScrubContextParityExtentDataNumberOfParityExtents | — |
Event ID 393 —
Fields
| Name | Description |
|---|---|
A10_InternalFileReference | — |
Event ID 394 —
Fields
| Name | Description |
|---|---|
A10_InternalFileReference | — |
Event ID 395 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_ScrubIoCount | — |
A12_IrpCancel | — |
A13_ScrubContextParityExtentDataNumberOfParityExtents | — |
Event ID 396 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11__ScbAttributeName | — |
Event ID 397 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11__ScbAttributeName | — |
Event ID 398 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_StartingVcn | — |
Event ID 399 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_FileScrubOffset | — |
A12_SectorAlignedVdl | — |
Event ID 400 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_StartingVcn | — |
Event ID 401 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_StartingVcn | — |
A12_ClusterCount | — |
Event ID 402 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_StartingVcn | — |
Event ID 403 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_DsmRangeStartingOffset | — |
A12_DsmRangeStartingOffsetDsmRangeLengthInBytes | — |
A13_DsmRangeLengthInBytes | — |
A14_StartingVcn | — |
A15_StartingVcnOffset | — |
A16_SectorAlignedVdl | — |
Event ID 404 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_StartingVcn | — |
A12_ScrubContextErrorFileOffset | — |
A13_ScrubbedLength | — |
A14_ScrubContextOperationStatus | — |
A15_ScrubContextNumberOfBytesFailed | — |
A16_ScrubContextNumberOfBytesRepaired | — |
A17_NewParityExtentCount | — |
Event ID 405 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_Status | — |
Event ID 406 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_Status | — |
Event ID 407 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_ScbTxfScb | — |
Event ID 408 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11__ScbAttributeName | — |
Event ID 409 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11__ScbAttributeName | — |
Event ID 410 —
Event ID 411 —
Event ID 412 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_StartingVcn | — |
Event ID 413 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_StartingVcn | — |
Event ID 414 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_StartingVcn | — |
A12_ClusterCount | — |
Event ID 415 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_RepairDataSetRangeStartingOffset | — |
A12_RepairDataSetRangeStartingOffsetRepairDataSetRangeLengthInBytes | — |
A13_RepairDataSetRangeLengthInBytes | — |
A14_RepairFileOffset | — |
Event ID 416 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_Status | — |
Event ID 417 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_IrpStatus | — |
Event ID 418 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_RepairCopiesOutputStatus | — |
Event ID 419 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_TypeOfOpen | — |
A15_ScbFcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17__CcbFullFileName | — |
A18_CcbAccessFlags | — |
Event ID 420 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_TypeOfOpen | — |
A15_ScbFcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_CcbNULL_CcbFullFileNameNULL | — |
A18_CcbNULLCcbAccessFlags0 | — |
Event ID 421 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_TypeOfOpen | — |
A15_ScbFcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_CcbNULL_CcbFullFileNameNULL | — |
A18_CcbNULLCcbAccessFlags0 | — |
Event ID 422 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_TypeOfOpen | — |
A15_ScbFcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_CcbNULL_CcbFullFileNameNULL | — |
A18_CcbNULLCcbAccessFlags0 | — |
Event ID 423 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
Event ID 424 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_TypeOfOpen | — |
A15_ScbFcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_CcbNULL_CcbFullFileNameNULL | — |
A18_IrpRequestorMode | — |
Event ID 425 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_TypeOfOpen | — |
A12_Vcb | — |
A13__VcbVolumeName | — |
A14_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A15_ScbFcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_CcbNULL_CcbFullFileNameNULL | — |
A18_VcbVcbState | — |
Event ID 426 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
A19_ScbPersist | — |
A20_CcbNULLCcbFlags0 | — |
Event ID 427 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_FcbInfoFileAttributes | — |
A17_IrpSpFlags | — |
Event ID 428 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_CcbNULL_CcbFullFileNameNULL | — |
A17_IrpRequestorMode | — |
Event ID 429 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_CcbNULL_CcbFullFileNameNULL | — |
A17_VcbVcbState | — |
Event ID 430 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
A19_ScbPersist | — |
A20_CcbNULLCcbFlags0 | — |
Event ID 431 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_FcbInfoFileAttributes | — |
A17_IrpSpFlags | — |
Event ID 432 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_NtfsFullFileRefNumber_FcbFileReference | — |
A15_CcbNULL_CcbFullFileNameNULL | — |
A16_CcbNULLCcbAccessFlags0 | — |
Event ID 433 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_TypeOfOpen | — |
A12_Vcb | — |
A13__VcbVolumeName | — |
A14_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A15_ScbFcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_ScbAttributeTypeCode | — |
A18_ScbFcbFcbState2 | — |
A19_CcbNULL_CcbFullFileNameNULL | — |
A20_CcbNULLCcbAccessFlags0 | — |
A21_CcbNULLCcbFlags20 | — |
Event ID 434 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_TypeOfOpen | — |
A12_Vcb | — |
A13__VcbVolumeName | — |
A14_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A15_ScbFcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_ScbAttributeTypeCode | — |
A18_CcbNULL_CcbFullFileNameNULL | — |
A19_CcbNULLCcbAccessFlags0 | — |
Event ID 435 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_CcbNULL_CcbFullFileNameNULL | — |
A17_CcbNULLCcbAccessFlags0 | — |
Event ID 436 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_PsGetCurrentThread | — |
A12_Status | — |
A13__DeletedFiles | — |
Event ID 437 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_PsGetCurrentThread | — |
A12_Status | — |
Event ID 438 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_PsGetCurrentThread | — |
A12_Status | — |
A13__FileNameToDelete | — |
Event ID 439 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_PsGetCurrentThread | — |
A12_Status | — |
Event ID 440 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_PsGetCurrentThread | — |
A12_Status | — |
Event ID 441 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_TypeOfOpen | — |
A12_Vcb | — |
A13__VcbVolumeName | — |
A14_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A15_ScbFcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_CcbNULL_CcbFullFileNameNULL | — |
A18_CcbNULLCcbAccessFlags0 | — |
A19_EffectiveMode | — |
Event ID 442 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_StartOffset | — |
A12_Length | — |
A13_StartVcn | — |
A14_BeyondEndVcn | — |
Event ID 443 —
Fields
| Name | Description |
|---|---|
A10_Status | — |
A11_OutputNumBadRanges | — |
Event ID 444 —
Fields
| Name | Description |
|---|---|
A10_FsInputRangeIndex | — |
A11_FsInputRangesFsInputRangeIndexFileOffset | — |
A12_FsInputRangesFsInputRangeIndexVolumeOffset | — |
A13_FsInputRangesFsInputRangeIndexLengthInBytes | — |
Event ID 445 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_Status | — |
A12_BOOLEANAbnormalTermination | — |
Event ID 446 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_Status | — |
Event ID 447 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_IrpContextVcb | — |
A12__IrpContextVcbVolumeName | — |
A13_WppCountedStringWIrpContextVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHIrpContextVcbVpb | — |
Event ID 448 —
Event ID 449 —
Fields
| Name | Description |
|---|---|
A10_Table | — |
A11_ParentScb | — |
A12__ParentScbScbTypeIndexNormalizedName | — |
A13_RemainingName | — |
Event ID 450 —
Event ID 451 —
Fields
| Name | Description |
|---|---|
A10_FoundLcb | — |
A11__FoundLcbExactCaseLinkLinkName | — |
Event ID 452 —
Event ID 453 —
Fields
| Name | Description |
|---|---|
A10_Table | — |
A11_NewHashEntryHashValue | — |
A12_NewHashEntryFullNameLength | — |
A13_NewHashEntryHashLcb | — |
A14__NewHashEntryHashLcbExactCaseLinkLinkName | — |
Event ID 454 —
Fields
| Name | Description |
|---|---|
A10_Table | — |
A11_HashValue | — |
A12_HashLcb | — |
A13__HashLcbExactCaseLinkLinkName | — |
Event ID 455 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_VcbCheckpointInjectionCount | — |
Event ID 456 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_PercentFull | — |
A12_VcbWaitForCcLoggedDataActivityCount | — |
Event ID 457 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 458 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 459 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 460 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_VcbCleanCheckpointCount | — |
Event ID 461 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_VcbOverflowedDPTCount | — |
Event ID 462 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_VcbFuzzyCheckpointCount | — |
Event ID 463 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_VcbFlushOldestFOCount | — |
Event ID 464 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_NtfsFullSegmentNumber_ScbFcbFileReference | — |
Event ID 465 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_DirtyPageContextOldestFileObject | — |
Event ID 466 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbVcbState | — |
Event ID 467 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 468 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 469 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_IrpContextTransactionId | — |
Event ID 470 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_IrpContextTransactionId | — |
Event ID 471 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_IrpContextOriginatingIrp | — |
A12_PsGetCurrentThread | — |
A13_IrpContextExceptionStatus | — |
Event ID 472 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_IrpContextOriginatingIrp | — |
A12_PsGetCurrentThread | — |
A13_IrpContextExceptionStatus | — |
Event ID 473 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_IrpContextOriginatingIrp | — |
A12_PsGetCurrentThread | — |
A13_IrpContextExceptionStatus | — |
A14_FailedFlushCount | — |
Event ID 474 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_IrpContextOriginatingIrp | — |
A12_PsGetCurrentThread | — |
A13_IrpContextExceptionStatus | — |
Event ID 475 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_IrpContextOriginatingIrp | — |
A12_PsGetCurrentThread | — |
A13_IrpContextExceptionStatus | — |
Event ID 476 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_IrpContextTransactionId | — |
Event ID 477 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_IrpContextTransactionId | — |
Event ID 478 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_ActiveLsnQuadPart | — |
A12_ClearAll | — |
Event ID 479 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 480 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 481 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_ClustersClusterCount | — |
Event ID 482 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 483 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 484 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_Clusters | — |
A12_ClustersClusterCount | — |
A13_ClustersLsnQuadPart | — |
A14_ClustersFlags | — |
Event ID 485 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_Clusters | — |
A12_i | — |
A13_StartingLcn | — |
A14_ClusterCount | — |
Event ID 486 —
Event ID 487 —
Fields
| Name | Description |
|---|---|
A10_Status | — |
Event ID 488 —
Fields
| Name | Description |
|---|---|
A10_Status | — |
Event ID 489 —
Fields
| Name | Description |
|---|---|
A10_Status | — |
Event ID 490 —
Fields
| Name | Description |
|---|---|
A10_Status | — |
Event ID 491 —
Event ID 492 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_StartingLcn | — |
A12_ULONGClusterCount | — |
Event ID 493 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_StartingLcnStartingIndex | — |
A12_runLength | — |
Event ID 494 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_Status | — |
Event ID 495 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_MarkUnusedContext | — |
Event ID 496 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 497 —
Fields
| Name | Description |
|---|---|
A10_McbScb | — |
A11_Mcb | — |
A12_StartingVcn | — |
A13_Count | — |
Event ID 498 —
Fields
| Name | Description |
|---|---|
A10_Mcb | — |
Event ID 499 —
Fields
| Name | Description |
|---|---|
A10_McbScb | — |
A11_Mcb | — |
A12_Vcn | — |
A13_Lcn | — |
A14_RunCount | — |
Event ID 500 —
Fields
| Name | Description |
|---|---|
A10_Mcb | — |
A11_Result | — |
Event ID 501 —
Fields
| Name | Description |
|---|---|
A10_McbScb | — |
A11_Mcb | — |
A12_StartingVcn | — |
A13_EndingVcn | — |
A14_TruncateOnly | — |
Event ID 502 —
Fields
| Name | Description |
|---|---|
A10_Mcb | — |
Event ID 503 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_BootSector | — |
Event ID 504 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_BootSector | — |
A12_CheckNumber | — |
Event ID 505 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_IrpContextExceptionStatus | — |
Event ID 506 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12__VolumeLabel | — |
A13__VcbDeviceName | — |
Event ID 507 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 508 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 509 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
Event ID 510 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_AttrListAllocationSize | — |
Event ID 511 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_Scb | — |
A13_AttrListAllocationSize | — |
Event ID 512 —
Fields
| Name | Description |
|---|---|
A10_ExceptionCode | — |
Event ID 513 —
Fields
| Name | Description |
|---|---|
A10_ExceptionCode | — |
Event ID 514 —
Fields
| Name | Description |
|---|---|
A10_ExceptionCode | — |
Event ID 515 —
Fields
| Name | Description |
|---|---|
A10_IrpContextLogFullReason | — |
A11_BackTrace0 | — |
A12_BackTrace1 | — |
A13_BackTrace2 | — |
A14_BackTrace3 | — |
A15_BackTrace4 | — |
A16_BackTrace5 | — |
A17_BackTrace6 | — |
A18_BackTrace7 | — |
A19_BackTrace8 | — |
A20_BackTrace9 | — |
A21_BackTrace10 | — |
A22_BackTrace11 | — |
A23_BackTrace12 | — |
A24_BackTrace13 | — |
A25_BackTrace14 | — |
A26_BackTrace15 | — |
A27_BackTrace16 | — |
A28_BackTrace17 | — |
A29_BackTrace18 | — |
A30_BackTrace19 | — |
Event ID 516 —
Fields
| Name | Description |
|---|---|
A10_ExceptionCode | — |
Event ID 517 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_ExceptionCode | — |
Event ID 518 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_ExceptionCode | — |
Event ID 519 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Irp | — |
A12_IrpContextVcb | — |
A13_NtfsFailedAborts | — |
A14_GetExceptionCode | — |
Event ID 520 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Irp | — |
A12_IrpContextVcb | — |
A13_NextScb | — |
A14_PULONGLONG_NextScbFcbFileReference | — |
Event ID 521 —
Fields
| Name | Description |
|---|---|
A10_IrpSpParametersWriteByteOffsetHighPart | — |
A11_IrpSpParametersWriteByteOffsetLowPart | — |
Event ID 522 —
Fields
| Name | Description |
|---|---|
A10_ExceptionCode | — |
A11_IrpSpParametersWriteByteOffsetHighPart | — |
A12_IrpSpParametersWriteByteOffsetLowPart | — |
Event ID 523 —
Fields
| Name | Description |
|---|---|
A10_IrpSpMajorFunction | — |
A11_IrpSpMinorFunction | — |
A12_Irp | — |
A13_IrpContext | — |
A14_Status | — |
Event ID 524 —
Fields
| Name | Description |
|---|---|
A10_IrpSpMajorFunction | — |
A11_IrpSpMinorFunction | — |
A12_Irp | — |
A13_IrpContext | — |
A14_Status | — |
Event ID 525 —
Event ID 526 —
Event ID 527 —
Fields
| Name | Description |
|---|---|
A10_MinTrimTotalSize | — |
Event ID 528 —
Fields
| Name | Description |
|---|---|
A10_MaxTrimTotalSize | — |
Event ID 529 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16__CcbFullFileName | — |
A17_CcbAccessFlags | — |
A18_IrpSpMinorFunction | — |
Event ID 530 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16__CcbFullFileName | — |
A17_CcbAccessFlags | — |
A18_IrpSpMinorFunction | — |
Event ID 531 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16__CcbFullFileName | — |
A17_CcbAccessFlags | — |
A18_IrpSpMinorFunction | — |
Event ID 532 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDVcbTxfVcbDefaultRm | — |
A12__VcbTxfVcbDefaultRmRmId | — |
Event ID 533 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_IrpContextVcb | — |
A12__IrpContextVcbVolumeName | — |
A13_WppCountedStringWIrpContextVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHIrpContextVcbVpb | — |
Event ID 534 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_TypeOfOpen | — |
A12_Vcb | — |
A13__VcbVolumeName | — |
A14_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A15_ScbFcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17__CcbFullFileName | — |
A18_CcbAccessFlags | — |
A19_CcbFlags | — |
Event ID 535 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
Event ID 536 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16__CcbFullFileName | — |
A17_CcbAccessFlags | — |
A18_IrpSpFileObjectWriteAccess | — |
Event ID 537 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16__CcbFullFileName | — |
A17_CcbAccessFlags | — |
A18_IrpSpFileObjectWriteAccess | — |
Event ID 538 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16__CcbFullFileName | — |
A17_CcbAccessFlags | — |
A18_IrpSpFileObjectWriteAccess | — |
Event ID 539 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_VcbLogFileObject | — |
A12_IrpContext | — |
Event ID 540 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
Event ID 541 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_VcbLogFileObject | — |
A12_IrpContext | — |
Event ID 542 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_IrpContextTransactionId | — |
Event ID 543 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_IrpContextTransactionId | — |
Event ID 544 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_FileRecordSegmentNumberHighPart | — |
A12_FileRecordSegmentNumberLowPart | — |
A13_NtfsFullSegmentNumber_FileRecordBaseFileRecordSegment | — |
Event ID 545 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_FileRecordSegmentNumberHighPart | — |
A12_FileRecordSegmentNumberLowPart | — |
A13_NtfsFullSegmentNumber_FileRecordBaseFileRecordSegment | — |
Event ID 546 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_FileRecordSegmentNumberHighPart | — |
A12_FileRecordSegmentNumberLowPart | — |
A13_NtfsFullSegmentNumber_FileRecordBaseFileRecordSegment | — |
A14_AttributeTypeCode | — |
A15_LogRecordRecordOffset | — |
A16_Length | — |
Event ID 547 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_FileRecordSegmentNumberHighPart | — |
A12_FileRecordSegmentNumberLowPart | — |
A13_NtfsFullSegmentNumber_FileRecordBaseFileRecordSegment | — |
A14_PATTRIBUTE_RECORD_HEADERDataTypeCode | — |
Event ID 548 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_FileRecordSegmentNumberHighPart | — |
A12_FileRecordSegmentNumberLowPart | — |
A13_NtfsFullSegmentNumber_FileRecordBaseFileRecordSegment | — |
A14_NtfsFullSegmentNumber_FileReference | — |
Event ID 549 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_FileRecordSegmentNumberHighPart | — |
A12_FileRecordSegmentNumberLowPart | — |
A13_NtfsFullSegmentNumber_FileRecordBaseFileRecordSegment | — |
A14_AttributeFormNonresidentAllocatedLength | — |
A15_AttributeFormNonresidentFileSize | — |
A16_AttributeFormNonresidentValidDataLength | — |
A17_AttributeFormNonresidentTotalAllocated | — |
A18_SizesAllocationSize | — |
A19_SizesFileSize | — |
A20_SizesValidDataLength | — |
A21_SizesTotalAllocated | — |
Event ID 550 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12__Bitmap | — |
Event ID 551 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12__Bitmap | — |
Event ID 552 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_FcbVcb | — |
A12__FcbVcbVolumeName | — |
A13_WppCountedStringWFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHFcbVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
Event ID 553 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_FcbVcb | — |
A12__FcbVcbVolumeName | — |
A13_WppCountedStringWFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHFcbVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16__CcbFullFileName | — |
A17_CcbAccessFlags | — |
Event ID 554 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_FcbVcb | — |
A12__FcbVcbVolumeName | — |
A13_WppCountedStringWFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHFcbVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16__CcbFullFileName | — |
Event ID 555 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_ThisFcbTxfFcbTxfNumWriters | — |
Event ID 556 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_Status | — |
Event ID 557 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_ThisFcbInfoFileAttributes | — |
Event ID 558 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_ThisFcbInfoFileAttributes | — |
Event ID 559 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
Event ID 560 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_ThisFcbInfoFileAttributes | — |
A17_IrpSpFlags | — |
Event ID 561 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_CcbAccessFlags | — |
A17_AccessStatus | — |
Event ID 562 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ThisFcbVcb | — |
A12__ThisFcbVcbVolumeName | — |
A13_WppCountedStringWThisFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHThisFcbVcbVpb | — |
A14_ThisFcb | — |
A15_NtfsFullFileRefNumber_ThisFcbFileReference | — |
A16_NextScb | — |
A17_NextScbAttributeTypeCode | — |
A18__NextScbAttributeName | — |
Event ID 563 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_CcbNULL_CcbFullFileNameNULL | — |
A17_CcbNULLCcbAccessFlags0 | — |
Event ID 564 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbVcbState | — |
Event ID 565 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_CcbNULL_CcbFullFileNameNULL | — |
A17_CcbNULLCcbAccessFlags0 | — |
Event ID 566 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_CcbNULL_CcbFullFileNameNULL | — |
A17_CcbNULLCcbAccessFlags0 | — |
Event ID 567 —
Event ID 568 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_TypeOfOpen | — |
A12_Vcb | — |
A13__VcbVolumeName | — |
A14_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A15_Fcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_CcbNULL_CcbFullFileNameNULL | — |
A18_CcbNULLCcbAccessFlags0 | — |
Event ID 569 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_TypeOfOpen | — |
A12_Vcb | — |
A13__VcbVolumeName | — |
A14_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A15_Fcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_CcbNULL_CcbFullFileNameNULL | — |
A18_CcbNULLCcbAccessFlags0 | — |
Event ID 570 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_TypeOfOpen | — |
A12_Vcb | — |
A13__VcbVolumeName | — |
A14_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A15_Fcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_CcbNULL_CcbFullFileNameNULL | — |
A18_CcbNULLCcbAccessFlags0 | — |
Event ID 571 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_FcbVcb | — |
A12__FcbVcbVolumeName | — |
A13_WppCountedStringWFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHFcbVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_FcbFcbState | — |
A17_CcbNULL_CcbFullFileNameNULL | — |
Event ID 572 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_FcbVcb | — |
A12__FcbVcbVolumeName | — |
A13_WppCountedStringWFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHFcbVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_CcbNULL_CcbFullFileNameNULL | — |
A17_CcbNULLCcbAccessFlags0 | — |
Event ID 573 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_CcbNULL_CcbFullFileNameNULL | — |
A17_CcbNULLCcbAccessFlags0 | — |
A18_Flags | — |
Event ID 574 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_CcbNULL_CcbFullFileNameNULL | — |
A17_CcbNULLCcbAccessFlags0 | — |
Event ID 575 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_Status | — |
Event ID 576 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_Status | — |
Event ID 577 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
A11_ScbTotalAllocated | — |
Event ID 578 —
Fields
| Name | Description |
|---|---|
A10_CurrentClusters | — |
A11_CurrentClustersLsnQuadPart | — |
Event ID 579 —
Fields
| Name | Description |
|---|---|
A10_ClustersLinkAsHead | — |
A11_FlagsToMatch | — |
A12_InsertAfter | — |
Event ID 580 —
Fields
| Name | Description |
|---|---|
A10_Clusters | — |
A11_ClustersFlags | — |
Event ID 581 —
Fields
| Name | Description |
|---|---|
A10_Clusters | — |
A11_NumberOfRuns | — |
Event ID 582 —
Fields
| Name | Description |
|---|---|
A10_Clusters | — |
Event ID 583 —
Event ID 584 —
Fields
| Name | Description |
|---|---|
A10_FlagOnClustersFlagsDEALLOCATED_CLUSTERS_FLAG_NO_DANGLING_MDL | — |
A11_Clusters | — |
A12_Lcn | — |
A13_ClusterCount | — |
Event ID 585 —
Fields
| Name | Description |
|---|---|
A10_FlagOnClustersFlagsDEALLOCATED_CLUSTERS_FLAG_NO_DANGLING_MDL | — |
A11_Clusters | — |
A12_Lcn | — |
A13_ClusterCount | — |
Event ID 586 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_TxfFcbFlags | — |
A17_ShareMode | — |
Event ID 587 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_GrantedAccess | — |
Event ID 588 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_GrantedAccess | — |
Event ID 589 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_GrantedAccess | — |
A17_NextTxfVscbReaderCleanupCount | — |
Event ID 590 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_CallerFunction | — |
A12_CallerFile | — |
A13_CallerLineNumber | — |
A14_PVOIDTxfRmcb | — |
A15__TxfRmcbRmId | — |
A16_PVOIDTxfTrans | — |
A17__TxfTransKtmUow | — |
A18_AbortReasonStatus | — |
Event ID 591 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_CallerFunction | — |
A12_CallerFile | — |
A13_CallerLineNumber | — |
A14_PVOIDTxfRmcb | — |
A15__TxfRmcbRmId | — |
A16_PVOIDTxfTrans | — |
A17__TxfTransKtmUow | — |
A18_Status | — |
Event ID 592 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13_TxfTrans | — |
A14__TxfTransKtmUow | — |
Event ID 593 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13_TxfTrans | — |
A14__TxfTransKtmUow | — |
Event ID 594 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDCalloutParametersTxfFlushTxfRmcb | — |
A12__CalloutParametersTxfFlushTxfRmcbRmId | — |
A13_GetExceptionCode | — |
Event ID 595 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
Event ID 596 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
Event ID 597 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
Event ID 598 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
Event ID 599 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
Event ID 600 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
Event ID 601 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
Event ID 602 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_FailureStatus | — |
Event ID 603 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_FailureStatus | — |
Event ID 604 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_Status | — |
Event ID 605 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbTxfVcbFlags | — |
Event ID 606 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_TempStatus | — |
A12_PVOIDVcb | — |
Event ID 607 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_GetExceptionCode | — |
A12_Status | — |
A13_PVOIDVcb | — |
Event ID 608 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDVcb | — |
A12_TXF_MAX_RESET_ATTEMPTS_ON_MOUNT | — |
A13_OldStatus | — |
Event ID 609 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_GetExceptionCode | — |
A12_PVOIDVcb | — |
Event ID 610 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_NT_SUCCESSStatusSucceededFAILED | — |
A12_PVOIDTxfRmcb | — |
A13__TxfRmcbRmId | — |
A14_Status | — |
Event ID 611 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 612 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 613 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 614 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbTxfVcbFlags | — |
Event ID 615 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 616 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_VcbTxfVcbFlags | — |
Event ID 617 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 618 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13_LogNestingLevel | — |
A14_DiskNestingLevel | — |
Event ID 619 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 620 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 621 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13__ClfsRestartAreaRmId | — |
Event ID 622 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_Status | — |
A12_PVOIDTxfRmcb | — |
A13__TxfRmcbRmId | — |
Event ID 623 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 624 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 625 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 626 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13_Status | — |
A14_AbnormalTerminationabnormaltermination | — |
Event ID 627 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_TxfIsDefaultRmTxfRmcbdefaultsecondary | — |
A12_PVOIDTxfRmcb | — |
A13__TxfRmcbRmId | — |
A14_ForceDirtyShutdownDIRTYCLEAN | — |
Event ID 628 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 629 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_FcbVcb | — |
A12__FcbVcbVolumeName | — |
A13_WppCountedStringWFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHFcbVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_FcbFileReference | — |
A16_FcbCleanupCount | — |
Event ID 630 —
Fields
| Name | Description |
|---|---|
A10_FILEID_FROM_SOURCEFileNLine | — |
A11_LINENUM_FROM_SOURCEFileNLine | — |
A12_TxfRmcb | — |
A13__TxfRmcbRmId | — |
A14_Status | — |
Event ID 631 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__OldGuid | — |
A13__TxfRmcbRmId | — |
Event ID 632 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13_PVOIDTxfTrans | — |
A14__TxfTransKtmUow | — |
A15_Status | — |
Event ID 633 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__OldGuid | — |
A13__TxfRmcbRmId | — |
Event ID 634 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_RmRootFcbVcb | — |
A12__RmRootFcbVcbVolumeName | — |
A13_WppCountedStringWRmRootFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHRmRootFcbVcbVpb | — |
A14_RmRootFcb | — |
Event ID 635 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_FcbVcb | — |
A12__FcbVcbVolumeName | — |
A13_WppCountedStringWFcbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHFcbVcbVpb | — |
A14_BackupInfoFlags | — |
Event ID 636 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 637 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_Status | — |
A12_PVOIDFileObject | — |
Event ID 638 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 639 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__CcbFullFileName | — |
A19_CcbFlags | — |
Event ID 640 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_CcbTxfFo | — |
A18_CcbTxfFoKtmTrans | — |
A19_ScbFcbTxfRmcb | — |
A20_CcbFullFileNameBuffer | — |
Event ID 641 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17__CcbFullFileName | — |
A18_CcbAccessFlags | — |
A19_FileObjectWriteAccess | — |
A20_FileObjectDeleteAccess | — |
Event ID 642 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13_ExceptionCode | — |
Event ID 643 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_TransactionNotification | — |
A12_TransactionAlreadyPreparedPREPARED | — |
A13__TxfTransKtmUow | — |
A14_PVOIDTxfRmcb | — |
A15__TxfRmcbRmId | — |
A16_Status | — |
Event ID 644 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13_TxfTrans | — |
A14__TxfTransKtmUow | — |
Event ID 645 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13_TxfTrans | — |
A14__TxfTransKtmUow | — |
Event ID 646 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTransTxfRmcb | — |
A12__TransTxfRmcbRmId | — |
A13_FlushStatus | — |
Event ID 647 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13_Trans | — |
A14__TransKtmUow | — |
Event ID 648 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_CallStack0 | — |
A12_CallStack1 | — |
A13_CallStack2 | — |
A14_CallStack3 | — |
A15_CallStack4 | — |
Event ID 649 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13_Trans | — |
A14__TransKtmUow | — |
Event ID 650 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_Status | — |
A12_PVOIDTrans | — |
A13__TransKtmUow | — |
A14_PVOIDTxfRmcb | — |
A15__TxfRmcbRmId | — |
Event ID 651 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_Status | — |
A12_PVOIDTxfRmcb | — |
A13__TxfRmcbRmId | — |
A14_PVOIDTrans | — |
A15__TransKtmUow | — |
Event ID 652 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 653 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 654 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 655 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 656 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13_OldestTrans | — |
A14__OldestTransKtmUow | — |
Event ID 657 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13_Status | — |
A14_OldestTrans | — |
A15__OldestTransKtmUow | — |
Event ID 658 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 659 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 660 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13_PVOIDTransToDereference | — |
A14__TransToDereferenceKtmUow | — |
A15_Status | — |
Event ID 661 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 662 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 663 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PinnedStatus | — |
A12_PVOIDTxfRmcb | — |
A13__TxfRmcbRmId | — |
A14_Status | — |
Event ID 664 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 665 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 666 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 667 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 668 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 669 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 670 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 671 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 672 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 673 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 674 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
A13_IsEncrypted_TopsFcbInfoencryptedcompressed | — |
Event ID 675 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 676 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 677 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 678 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 679 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 680 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 681 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 682 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 683 —
Fields
| Name | Description |
|---|---|
A10___FUNCTION__ | — |
A11_PVOIDTxfRmcb | — |
A12__TxfRmcbRmId | — |
Event ID 684 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_TypeOfOpen | — |
A12_Vcb | — |
A13__VcbVolumeName | — |
A14_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A15_Fcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_CcbNULL_CcbFullFileNameNULL | — |
A18_CcbNULLCcbAccessFlags0 | — |
Event ID 685 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_VcbFirstValidUsn | — |
A13_FirstValidUsn | — |
A14_TrackUsnJournalFileSize | — |
A15_TrackUsnJournalAllocationSize | — |
A16_TrackUsnJournalMaxSize | — |
A17_TrackUsnJournalDeltaAllocation | — |
Event ID 686 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_FirstValidUsn1 | — |
A13_SavedReserved | — |
A14_RequiredReserved | — |
Event ID 687 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_UsnJournalHeaderAllocationSizeQuadPart | — |
A13_UsnJournalHeaderFileSizeQuadPart | — |
A14_UsnJournalHeaderValidDataLengthQuadPart | — |
A15_UsnJournalTotalAllocated | — |
Event ID 688 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_UsnJournalHeaderAllocationSizeQuadPart | — |
A13_UsnJournalHeaderFileSizeQuadPart | — |
A14_UsnJournalHeaderValidDataLengthQuadPart | — |
A15_UsnJournalTotalAllocated | — |
Event ID 689 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
Event ID 690 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
Event ID 691 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_TypeOfOpen | — |
A12_Vcb | — |
A13__VcbVolumeName | — |
A14_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A15_Fcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
Event ID 692 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_Fcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_CcbNULL_CcbFullFileNameNULL | — |
A17_CcbNULLCcbAccessFlags0 | — |
Event ID 693 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_TypeOfOpen | — |
A12_Vcb | — |
A13__VcbVolumeName | — |
A14_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A15_Fcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_CcbNULL_CcbFullFileNameNULL | — |
A18_CcbNULLCcbAccessFlags0 | — |
Event ID 694 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_ScbVcb | — |
A12__ScbVcbVolumeName | — |
A13_WppCountedStringWScbVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHScbVcbVpb | — |
A14_ScbFcb | — |
A15_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A16_Scb | — |
A17_ScbAttributeTypeCode | — |
A18__ScbAttributeName | — |
A19_ScbCleanupCount | — |
Event ID 695 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_IrpContextOriginatingIrp | — |
A13_PsGetCurrentThread | — |
A14_ScbHeaderAllocationSizeQuadPart | — |
A15_ScbHeaderFileSizeQuadPart | — |
A16_ScbHeaderValidDataLengthQuadPart | — |
A17_NewAllocationSize | — |
Event ID 696 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_IrpContextOriginatingIrp | — |
A13_PsGetCurrentThread | — |
A14_ScbHeaderAllocationSizeQuadPart | — |
A15_ScbHeaderFileSizeQuadPart | — |
A16_ScbHeaderValidDataLengthQuadPart | — |
A17_ScbTotalAllocated | — |
Event ID 697 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_IrpContextOriginatingIrp | — |
A13_PsGetCurrentThread | — |
Event ID 698 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_IrpContext | — |
A12_IrpContextOriginatingIrp | — |
A13_PsGetCurrentThread | — |
Event ID 699 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_IrpContextOriginatingIrp | — |
A12_PsGetCurrentThread | — |
A13_IrpContextExceptionStatus | — |
Event ID 700 —
Fields
| Name | Description |
|---|---|
A10_RemainingClusterCount | — |
A11_Scb | — |
A12_Vcn | — |
A13_Lcn | — |
A14_ClusterCount | — |
Event ID 701 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 702 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 703 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 704 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 705 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 706 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 707 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
Event ID 708 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Vcb | — |
A12__VolumeLabel | — |
A13__VcbDeviceName | — |
Event ID 709 —
Fields
| Name | Description |
|---|---|
A10_IrpContext | — |
A11_Status | — |
A12_FileReference | — |
A13_Fcb | — |
A14_Source | — |
A15_TopLevelExceptionStatus | — |
Event ID 710 —
Fields
| Name | Description |
|---|---|
A10_Vcb | — |
A11_WasDirty | — |
A12_NtfsFullSegmentNumber_BugCheckFileReference | — |
A13_Source | — |
Event ID 711 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_TypeOfOpen | — |
A12_Vcb | — |
A13__VcbVolumeName | — |
A14_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A15_Fcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_FsInformationClass | — |
A18_Scb | — |
Event ID 712 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_TypeOfOpen | — |
A12_Vcb | — |
A13__VcbVolumeName | — |
A14_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A15_Fcb | — |
A16_NtfsFullFileRefNumber_ScbFcbFileReference | — |
A17_FsInformationClass | — |
A18_Scb | — |
Event ID 713 —
Fields
| Name | Description |
|---|---|
A10_IrpSpParametersWriteByteOffsetHighPart | — |
A11_IrpSpParametersWriteByteOffsetLowPart | — |
A12_IrpContextTopLevelIrpContextExceptionStatus | — |
Event ID 714 —
Fields
| Name | Description |
|---|---|
A10_Scb | — |
Event ID 715 —
Fields
| Name | Description |
|---|---|
A10_PsGetCurrentThread | — |
A11_Vcb | — |
A12__VcbVolumeName | — |
A13_WppCountedStringWVcbVpbVolumeLabelSAFE_VPB_VOLUME_LABEL_LENGTHVcbVpb | — |
A14_ByteRange | — |
A15_HIGHEST_WRITABLE_SECTOR_ON_ACTIVE_VOLUMEVcbSectorSizeInfoLogicalBytesPerSector | — |
Event ID 716 —
Fields
| Name | Description |
|---|---|
A10_StartingVbo | — |
A11_ScbHeaderValidDataLengthQuadPart | — |
A12_ptrdiff_tScb | — |
Event ID 717 —
Fields
| Name | Description |
|---|---|
A10_ByteRange | — |
A11_SectorAlignedVdl | — |
A12_ptrdiff_tScb | — |