Windows Kernel Trace
141 events across 1 channel
| Event ID | Title | Channel |
|---|---|---|
| 0 | ETW Trace | |
| 1 | ETW Trace | |
| 2 | ETW Trace | |
| 3 | ETW Trace | |
| 4 | ETW Trace | |
| 5 | ETW Trace | |
| 8 | ETW Trace | |
| 10 | ETW Trace | |
| 11 | ETW Trace | |
| 12 | ETW Trace | |
| 13 | ETW Trace | |
| 14 | ETW Trace | |
| 15 | ETW Trace | |
| 16 | ETW Trace | |
| 17 | ETW Trace | |
| 18 | ETW Trace | |
| 19 | ETW Trace | |
| 20 | ETW Trace | |
| 21 | ETW Trace | |
| 22 | ETW Trace | |
| 23 | ETW Trace | |
| 24 | ETW Trace | |
| 25 | ETW Trace | |
| 26 | ETW Trace | |
| 27 | ETW Trace | |
| 28 | ETW Trace | |
| 29 | ETW Trace | |
| 30 | ETW Trace | |
| 31 | ETW Trace | |
| 32 | ETW Trace | |
| 33 | ETW Trace | |
| 34 | ETW Trace | |
| 35 | ETW Trace | |
| 36 | ETW Trace | |
| 37 | ETW Trace | |
| 38 | ETW Trace | |
| 39 | ETW Trace | |
| 40 | ETW Trace | |
| 41 | ETW Trace | |
| 42 | ETW Trace | |
| 43 | ETW Trace | |
| 44 | ETW Trace | |
| 45 | ETW Trace | |
| 46 | ETW Trace | |
| 47 | ETW Trace | |
| 48 | ETW Trace | |
| 49 | ETW Trace | |
| 50 | ETW Trace | |
| 51 | ETW Trace | |
| 52 | ETW Trace | |
| 53 | ETW Trace | |
| 55 | ETW Trace | |
| 56 | ETW Trace | |
| 57 | ETW Trace | |
| 58 | ETW Trace | |
| 59 | ETW Trace | |
| 60 | ETW Trace | |
| 61 | ETW Trace | |
| 62 | ETW Trace | |
| 63 | ETW Trace | |
| 64 | ETW Trace | |
| 65 | ETW Trace | |
| 66 | ETW Trace | |
| 67 | ETW Trace | |
| 68 | ETW Trace | |
| 69 | ETW Trace | |
| 70 | ETW Trace | |
| 71 | ETW Trace | |
| 72 | ETW Trace | |
| 73 | ETW Trace | |
| 74 | ETW Trace | |
| 75 | ETW Trace | |
| 76 | ETW Trace | |
| 77 | ETW Trace | |
| 79 | ETW Trace | |
| 80 | ETW Trace | |
| 81 | ETW Trace | |
| 82 | ETW Trace | |
| 83 | ETW Trace | |
| 84 | ETW Trace | |
| 92 | ETW Trace | |
| 93 | ETW Trace | |
| 94 | ETW Trace | |
| 95 | ETW Trace | |
| 96 | ETW Trace | |
| 97 | ETW Trace | |
| 98 | ETW Trace | |
| 99 | ETW Trace | |
| 100 | ETW Trace | |
| 101 | ETW Trace | |
| 102 | ETW Trace | |
| 103 | ETW Trace | |
| 104 | ETW Trace | |
| 105 | ETW Trace | |
| 106 | ETW Trace | |
| 107 | ETW Trace | |
| 108 | ETW Trace | |
| 114 | ETW Trace | |
| 122 | ETW Trace | |
| 123 | ETW Trace | |
| 127 | ETW Trace | |
| 128 | ETW Trace | |
| 129 | ETW Trace | |
| 130 | ETW Trace | |
| 131 | ETW Trace | |
| 132 | ETW Trace | |
| 133 | ETW Trace | |
| 134 | ETW Trace | |
| 135 | ETW Trace | |
| 144 | ETW Trace | |
| 145 | ETW Trace | |
| 146 | ETW Trace | |
| 147 | ETW Trace | |
| 148 | ETW Trace | |
| 149 | ETW Trace | |
| 150 | ETW Trace | |
| 160 | ETW Trace | |
| 161 | ETW Trace | |
| 162 | ETW Trace | |
| 163 | ETW Trace | |
| 164 | ETW Trace | |
| 165 | ETW Trace | |
| 166 | ETW Trace | |
| 167 | ETW Trace | |
| 168 | ETW Trace | |
| 169 | ETW Trace | |
| 170 | ETW Trace | |
| 171 | ETW Trace | |
| 172 | ETW Trace | |
| 173 | ETW Trace | |
| 174 | ETW Trace | |
| 176 | ETW Trace | |
| 177 | ETW Trace | |
| 192 | ETW Trace | |
| 193 | ETW Trace | |
| 208 | ETW Trace | |
| 209 | ETW Trace | |
| 210 | ETW Trace | |
| 211 | ETW Trace | |
| 212 | ETW Trace | |
| 213 | ETW Trace |
Event ID 0 —
Fields
| Name | Description |
|---|---|
FileObject | — |
FileName | — |
Event ID 1 —
Fields
| Name | Description |
|---|---|
ProcessId | — |
TThreadId | — |
StackBase | — |
StackLimit | — |
UserStackBase | — |
UserStackLimit | — |
Affinity | — |
Win32StartAddr | — |
TebBase | — |
SubProcessTag | — |
BasePriority | — |
PagePriority | — |
IoPriority | — |
ThreadFlags | — |
ThreadName | — |
Event ID 2 —
Fields
| Name | Description |
|---|---|
ProcessId | — |
TThreadId | — |
StackBase | — |
StackLimit | — |
UserStackBase | — |
UserStackLimit | — |
Affinity | — |
Win32StartAddr | — |
TebBase | — |
SubProcessTag | — |
BasePriority | — |
PagePriority | — |
IoPriority | — |
ThreadFlags | — |
ThreadName | — |
Event ID 3 —
Fields
| Name | Description |
|---|---|
ProcessId | — |
TThreadId | — |
StackBase | — |
StackLimit | — |
UserStackBase | — |
UserStackLimit | — |
Affinity | — |
Win32StartAddr | — |
TebBase | — |
SubProcessTag | — |
BasePriority | — |
PagePriority | — |
IoPriority | — |
ThreadFlags | — |
ThreadName | — |
Event ID 4 —
Fields
| Name | Description |
|---|---|
ProcessId | — |
TThreadId | — |
StackBase | — |
StackLimit | — |
UserStackBase | — |
UserStackLimit | — |
Affinity | — |
Win32StartAddr | — |
TebBase | — |
SubProcessTag | — |
BasePriority | — |
PagePriority | — |
IoPriority | — |
ThreadFlags | — |
ThreadName | — |
Event ID 5 —
Fields
| Name | Description |
|---|---|
GroupMask1 | — |
GroupMask2 | — |
GroupMask3 | — |
GroupMask4 | — |
GroupMask5 | — |
GroupMask6 | — |
GroupMask7 | — |
GroupMask8 | — |
KernelEventVersion | — |
Event ID 8 —
Event ID 10 —
Fields
| Name | Description |
|---|---|
MHz | — |
NumberOfProcessors | — |
MemSize | — |
PageSize | — |
AllocationGranularity | — |
ComputerName | — |
DomainName | — |
HyperThreadingFlag | — |
HighestUserAddress | — |
ProcessorArchitecture | — |
ProcessorLevel | — |
ProcessorRevision | — |
PaeEnabled | — |
NxEnabled | — |
MemorySpeed | — |
Event ID 11 —
Fields
| Name | Description |
|---|---|
DiskNumber | — |
IrpFlags | — |
TransferSize | — |
Reserved | — |
ByteOffset | — |
FileObject | — |
Irp | — |
HighResResponseTime | — |
IssuingThreadId | — |
Event ID 12 —
Fields
| Name | Description |
|---|---|
Irp | — |
IssuingThreadId | — |
Event ID 13 —
Fields
| Name | Description |
|---|---|
Irp | — |
IssuingThreadId | — |
Event ID 14 —
Fields
| Name | Description |
|---|---|
DiskNumber | — |
IrpFlags | — |
HighResResponseTime | — |
Irp | — |
IssuingThreadId | — |
Event ID 15 —
Fields
| Name | Description |
|---|---|
ProcessId | — |
ServiceState | — |
SubProcessTag | — |
ServiceName | — |
DisplayName | — |
ProcessName | — |
LoadOrderGroup | — |
SvchostGroup | — |
Event ID 16 —
Fields
| Name | Description |
|---|---|
S1 | — |
S2 | — |
S3 | — |
S4 | — |
S5 | — |
Pad1 | — |
Pad2 | — |
Pad3 | — |
Event ID 17 —
Fields
| Name | Description |
|---|---|
InitialTime | — |
Status | — |
Index | — |
KeyHandle | — |
KeyName | — |
Event ID 18 —
Fields
| Name | Description |
|---|---|
DiskNumber | — |
BusType | — |
DeviceType | — |
MediaType | — |
StartingOffset | — |
Size | — |
NumberOfFreeBlocks | — |
TotalNumberOfBlocks | — |
NextWritableAddress | — |
NumberOfSessions | — |
NumberOfTracks | — |
BytesPerSector | — |
DiscStatus | — |
LastSessionStatus | — |
DriveLetter | — |
FileSystemName | — |
DeviceName | — |
ManufacturerName | — |
Event ID 19 —
Fields
| Name | Description |
|---|---|
InitialTime | — |
Status | — |
Index | — |
KeyHandle | — |
KeyName | — |
Event ID 20 —
Fields
| Name | Description |
|---|---|
InitialTime | — |
Status | — |
Index | — |
KeyHandle | — |
KeyName | — |
Event ID 21 —
Fields
| Name | Description |
|---|---|
IRQAffinity | — |
IRQGroup | — |
Reserved | — |
IRQNum | — |
DeviceDescriptionLen | — |
DeviceDescription | — |
Event ID 22 —
Fields
| Name | Description |
|---|---|
ClassGuid | — |
UpperFiltersCount | — |
LowerFiltersCount | — |
DevStatus | — |
DevProblem | — |
DeviceID | — |
DeviceDescription | — |
FriendlyName | — |
PdoName | — |
ServiceName | — |
UpperFilters | — |
LowerFilters | — |
Event ID 23 —
Fields
| Name | Description |
|---|---|
TargetId | — |
DeviceType | — |
DeviceTimingMode | — |
LocationInformationLen | — |
LocationInformation | — |
Event ID 24 —
Fields
| Name | Description |
|---|---|
InitialTime | — |
Status | — |
Index | — |
KeyHandle | — |
KeyName | — |
Event ID 25 —
Fields
| Name | Description |
|---|---|
InitialTime | — |
Status | — |
Index | — |
KeyHandle | — |
KeyName | — |
Event ID 26 —
Fields
| Name | Description |
|---|---|
PID | — |
size | — |
daddr | — |
saddr | — |
dport | — |
sport | — |
startime | — |
endtime | — |
seqnum | — |
connid | — |
Event ID 27 —
Fields
| Name | Description |
|---|---|
PID | — |
size | — |
daddr | — |
saddr | — |
dport | — |
sport | — |
seqnum | — |
connid | — |
Event ID 28 —
Fields
| Name | Description |
|---|---|
PID | — |
size | — |
daddr | — |
saddr | — |
dport | — |
sport | — |
mss | — |
sackopt | — |
tsopt | — |
wsopt | — |
rcvwin | — |
rcvwinscale | — |
sndwinscale | — |
seqnum | — |
connid | — |
Event ID 29 —
Fields
| Name | Description |
|---|---|
PID | — |
size | — |
daddr | — |
saddr | — |
dport | — |
sport | — |
seqnum | — |
connid | — |
Event ID 30 —
Fields
| Name | Description |
|---|---|
PID | — |
size | — |
daddr | — |
saddr | — |
dport | — |
sport | — |
seqnum | — |
connid | — |
Event ID 31 —
Fields
| Name | Description |
|---|---|
AlignmentClusters | — |
AvgFreeSpaceSize | — |
ClustersPerSlab | — |
FragmentedDirectoryExtents | — |
FragmentedExtents | — |
FreeSpaceCount | — |
LargestFreeSpaceSize | — |
LastRunActualPurgeClusters | — |
LastRunClustersTrimmed | — |
LastRunFullDefragTime | — |
LastRunTime | — |
MFTSize | — |
TotalClusters | — |
TotalUsedClusters | — |
AvgFragmentsPerFile | — |
BytesPerCluster | — |
DirectoryCount | — |
FragmentedDirectories | — |
FragmentedFiles | — |
FragmentedSpace | — |
HardwareIssue | — |
InUseMFTRecords | — |
InUseSlabs | — |
LastRunActualPurgeSlabs | — |
LastRunInitialBackedSlabs | — |
LastRunPercentFragmentation | — |
LastRunPinnedSlabs | — |
LastRunPotentialPurgeSlabs | — |
LastRunSpaceInefficientSlabs | — |
LastRunTrimmedSlabs | — |
LastRunUnknownEvictFailSlabs | — |
LastRunVolsnapPinnedSlabs | — |
MFTFragmentCount | — |
MovableFiles | — |
TotalMFTRecords | — |
TotalSlabs | — |
UnmovableFiles | — |
VolumeId | — |
VolumePathNames | — |
Event ID 32 —
Fields
| Name | Description |
|---|---|
DeviceManufacturer | — |
DeviceManufacturerDisplayName | — |
DeviceModel | — |
DeviceModelDisplayName | — |
MobileOperator | — |
SocVersion | — |
BspVersion | — |
Event ID 33 —
Fields
| Name | Description |
|---|---|
ProcessId | — |
PageFaultCount | — |
HandleCount | — |
Reserved | — |
PeakVirtualSize | — |
PeakWorkingSetSize | — |
PeakPagefileUsage | — |
QuotaPeakPagedPoolUsage | — |
QuotaPeakNonPagedPoolUsage | — |
VirtualSize | — |
WorkingSetSize | — |
PagefileUsage | — |
QuotaPagedPoolUsage | — |
QuotaNonPagedPoolUsage | — |
PrivatePageCount | — |
Event ID 34 —
Fields
| Name | Description |
|---|---|
Counter1 | — |
Counter2 | — |
Counter3 | — |
Counter4 | — |
Counter5 | — |
Counter6 | — |
Counter7 | — |
Counter8 | — |
Counter9 | — |
Counter10 | — |
Counter11 | — |
Event ID 35 —
Fields
| Name | Description |
|---|---|
FileObject | — |
FileName | — |
Event ID 36 —
Fields
| Name | Description |
|---|---|
NewThreadId | — |
OldThreadId | — |
NewThreadPriority | — |
OldThreadPriority | — |
PreviousCState | — |
SpareByte | — |
OldThreadWaitReason | — |
ThreadFlags | — |
OldThreadState | — |
OldThreadWaitIdealProcessor | — |
NewThreadWaitTime | — |
Reserved | — |
Event ID 37 —
Fields
| Name | Description |
|---|---|
BootFlags | — |
FirmwareType | — |
SecureBootEnabled | — |
SecureBootCapable | — |
Reserved1 | — |
Reserved2 | — |
Event ID 38 —
Fields
| Name | Description |
|---|---|
Object | — |
ProcessId | — |
Handle | — |
ObjectType | — |
ObjectName | — |
Event ID 39 —
Fields
| Name | Description |
|---|---|
UniqueProcessKey | — |
ProcessId | — |
ParentId | — |
SessionId | — |
ExitStatus | — |
DirectoryTableBase | — |
Flags | — |
UserSID | — |
ImageFileName | — |
CommandLine | — |
PackageFullName | — |
ApplicationId | — |
ExitTime | — |
Event ID 40 —
Fields
| Name | Description |
|---|---|
ViewBase | — |
FileObject | — |
MiscInfo | — |
ViewSize | — |
ProcessId | — |
Event ID 41 —
Fields
| Name | Description |
|---|---|
SpinLockAddress | — |
CallerAddress | — |
AcquireTime | — |
ReleaseTime | — |
WaitTimeInCycles | — |
SpinCount | — |
ThreadId | — |
InterruptCount | — |
Irql | — |
AcquireDepth | — |
Flag | — |
Reserved | — |
Event ID 42 —
Event ID 43 —
Event ID 44 —
Event ID 45 —
Event ID 46 —
Fields
| Name | Description |
|---|---|
InstructionPointer | — |
ThreadId | — |
Count | — |
Reserved | — |
Event ID 47 —
Fields
| Name | Description |
|---|---|
InstructionPointer | — |
ThreadId | — |
ProfileSource | — |
Reserved | — |
Event ID 48 —
Fields
| Name | Description |
|---|---|
ThreadId | — |
OldPriority | — |
NewPriority | — |
Reserved | — |
Event ID 49 —
Fields
| Name | Description |
|---|---|
ThreadId | — |
OldPriority | — |
NewPriority | — |
Reserved | — |
Event ID 50 —
Fields
| Name | Description |
|---|---|
InitialTime | — |
Routine | — |
ReturnValue | — |
Vector | — |
Reserved | — |
MessageNumber | — |
Event ID 51 —
Fields
| Name | Description |
|---|---|
ThreadId | — |
OldPriority | — |
NewPriority | — |
Reserved | — |
Event ID 52 —
Fields
| Name | Description |
|---|---|
ThreadId | — |
OldPriority | — |
NewPriority | — |
Reserved | — |
Event ID 53 —
Fields
| Name | Description |
|---|---|
Affinity | — |
ThreadId | — |
Group | — |
Reserved | — |
Event ID 55 —
Fields
| Name | Description |
|---|---|
DiskNumber | — |
IrpFlags | — |
TransferSize | — |
Reserved | — |
ByteOffset | — |
FileObject | — |
Irp | — |
HighResResponseTime | — |
IssuingThreadId | — |
Event ID 56 —
Fields
| Name | Description |
|---|---|
DiskNumber | — |
IrpFlags | — |
TransferSize | — |
Reserved | — |
ByteOffset | — |
FileObject | — |
Irp | — |
HighResResponseTime | — |
IssuingThreadId | — |
Event ID 57 —
Fields
| Name | Description |
|---|---|
DiskNumber | — |
IrpFlags | — |
HighResResponseTime | — |
Irp | — |
IssuingThreadId | — |
Event ID 58 —
Fields
| Name | Description |
|---|---|
Irp | — |
IssuingThreadId | — |
Event ID 59 —
Fields
| Name | Description |
|---|---|
Irp | — |
IssuingThreadId | — |
Event ID 60 —
Fields
| Name | Description |
|---|---|
Irp | — |
IssuingThreadId | — |
Event ID 61 —
Fields
| Name | Description |
|---|---|
ThreadId | — |
SourceProcessorIndex | — |
TargetProcessorIndex | — |
Priority | — |
IdealProcessorAdjust | — |
OldIdealProcessorIndex | — |
Event ID 62 —
Fields
| Name | Description |
|---|---|
Entry | — |
ThreadId | — |
Event ID 63 —
Fields
| Name | Description |
|---|---|
ThreadId | — |
EntryCount | — |
Entries | — |
Event ID 64 —
Fields
| Name | Description |
|---|---|
IrpPtr | — |
FileObject | — |
TTID | — |
CreateOptions | — |
FileAttributes | — |
ShareAccess | — |
OpenPath | — |
Event ID 65 —
Fields
| Name | Description |
|---|---|
IrpPtr | — |
FileObject | — |
FileKey | — |
TTID | — |
Event ID 66 —
Fields
| Name | Description |
|---|---|
IrpPtr | — |
FileObject | — |
FileKey | — |
TTID | — |
Event ID 67 —
Fields
| Name | Description |
|---|---|
Offset | — |
IrpPtr | — |
FileObject | — |
FileKey | — |
TTID | — |
IoSize | — |
IoFlags | — |
Event ID 68 —
Fields
| Name | Description |
|---|---|
Offset | — |
IrpPtr | — |
FileObject | — |
FileKey | — |
TTID | — |
IoSize | — |
IoFlags | — |
Event ID 69 —
Fields
| Name | Description |
|---|---|
IrpPtr | — |
FileObject | — |
FileKey | — |
ExtraInfo | — |
TTID | — |
InfoClass | — |
Event ID 70 —
Fields
| Name | Description |
|---|---|
IrpPtr | — |
FileObject | — |
FileKey | — |
ExtraInfo | — |
TTID | — |
InfoClass | — |
Event ID 71 —
Fields
| Name | Description |
|---|---|
IrpPtr | — |
FileObject | — |
FileKey | — |
ExtraInfo | — |
TTID | — |
InfoClass | — |
Event ID 72 —
Fields
| Name | Description |
|---|---|
IrpPtr | — |
FileObject | — |
FileKey | — |
TTID | — |
Length | — |
InfoClass | — |
FileIndex | — |
FileName | — |
Event ID 73 —
Fields
| Name | Description |
|---|---|
IrpPtr | — |
FileObject | — |
FileKey | — |
TTID | — |
Event ID 74 —
Fields
| Name | Description |
|---|---|
IrpPtr | — |
FileObject | — |
FileKey | — |
ExtraInfo | — |
TTID | — |
InfoClass | — |
Event ID 75 —
Fields
| Name | Description |
|---|---|
IrpPtr | — |
FileObject | — |
FileKey | — |
ExtraInfo | — |
TTID | — |
InfoClass | — |
Event ID 76 —
Fields
| Name | Description |
|---|---|
SpinLockSpinThreshold | — |
SpinLockContentionSampleRate | — |
SpinLockAcquireSampleRate | — |
SpinLockHoldThreshold | — |
Event ID 77 —
Fields
| Name | Description |
|---|---|
IrpPtr | — |
FileObject | — |
FileKey | — |
TTID | — |
Length | — |
InfoClass | — |
FileIndex | — |
FileName | — |
Event ID 79 —
Fields
| Name | Description |
|---|---|
IrpPtr | — |
FileObject | — |
FileKey | — |
ExtraInfo | — |
TTID | — |
InfoClass | — |
FileName | — |
Event ID 80 —
Fields
| Name | Description |
|---|---|
IrpPtr | — |
FileObject | — |
FileKey | — |
ExtraInfo | — |
TTID | — |
InfoClass | — |
FileName | — |
Event ID 81 —
Fields
| Name | Description |
|---|---|
IrpPtr | — |
FileObject | — |
FileKey | — |
ExtraInfo | — |
TTID | — |
InfoClass | — |
FileName | — |
Event ID 82 —
Fields
| Name | Description |
|---|---|
Object | — |
Tag | — |
ProcessId | — |
Count | — |
Event ID 83 —
Fields
| Name | Description |
|---|---|
Object | — |
Tag | — |
ProcessId | — |
Count | — |
Event ID 84 —
Fields
| Name | Description |
|---|---|
Object | — |
Tag | — |
ProcessId | — |
Count | — |
Event ID 92 —
Fields
| Name | Description |
|---|---|
Vector | — |
Event ID 93 —
Fields
| Name | Description |
|---|---|
DeviceObject | — |
TimerRoutine | — |
Event ID 94 —
Fields
| Name | Description |
|---|---|
DeviceObject | — |
TimerRoutine | — |
Event ID 95 —
Fields
| Name | Description |
|---|---|
InitialTime | — |
Routine | — |
ReturnValue | — |
Vector | — |
Reserved | — |
Event ID 96 —
Fields
| Name | Description |
|---|---|
RoutineAddr | — |
FileObject | — |
FileContext | — |
IrpPtr | — |
CallbackDataPtr | — |
MajorFunction | — |
Event ID 97 —
Fields
| Name | Description |
|---|---|
RoutineAddr | — |
FileObject | — |
FileContext | — |
IrpPtr | — |
CallbackDataPtr | — |
MajorFunction | — |
Event ID 98 —
Fields
| Name | Description |
|---|---|
InitialTime | — |
RoutineAddr | — |
FileObject | — |
FileContext | — |
IrpPtr | — |
CallbackDataPtr | — |
MajorFunction | — |
Event ID 99 —
Fields
| Name | Description |
|---|---|
InitialTime | — |
RoutineAddr | — |
FileObject | — |
FileContext | — |
IrpPtr | — |
CallbackDataPtr | — |
MajorFunction | — |
Event ID 100 —
Fields
| Name | Description |
|---|---|
HeapHandle | — |
HRFlags | — |
HRPid | — |
HRRangeCount | — |
HRHeapTag | — |
Event ID 101 —
Fields
| Name | Description |
|---|---|
RoutineAddr | — |
FileObject | — |
FileContext | — |
IrpPtr | — |
CallbackDataPtr | — |
MajorFunction | — |
Status | — |
Event ID 102 —
Fields
| Name | Description |
|---|---|
HeapHandle | — |
HRAddress | — |
HRSize | — |
Event ID 103 —
Fields
| Name | Description |
|---|---|
HeapHandle | — |
HRAddress | — |
HRSize | — |
Event ID 104 —
Fields
| Name | Description |
|---|---|
DueTime | — |
MaximumDueTime | — |
Period | — |
Timer | — |
Callback | — |
CallbackContext | — |
TimerFlags | — |
Event ID 105 —
Fields
| Name | Description |
|---|---|
DueTime | — |
MaximumDueTime | — |
Period | — |
Timer | — |
Callback | — |
CallbackContext | — |
TimerFlags | — |
Event ID 106 —
Fields
| Name | Description |
|---|---|
Timer | — |
Event ID 107 —
Fields
| Name | Description |
|---|---|
Timer | — |
DisableCallback | — |
DisableContext | — |
TimerFlags | — |
Event ID 108 —
Fields
| Name | Description |
|---|---|
Timer | — |
DisableCallback | — |
DisableContext | — |
Event ID 114 —
Fields
| Name | Description |
|---|---|
CallCode | — |
IsFast | — |
IsNested | — |
Event ID 122 —
Fields
| Name | Description |
|---|---|
Rip | — |
Rax | — |
Rcx | — |
Rdx | — |
Rbx | — |
Rsp | — |
Rsi | — |
Rdi | — |
R8 | — |
R9 | — |
R10 | — |
R11 | — |
R12 | — |
R13 | — |
R14 | — |
R15 | — |
Event ID 123 —
Fields
| Name | Description |
|---|---|
Cpsr | — |
X0 | — |
X1 | — |
X2 | — |
X3 | — |
X4 | — |
X5 | — |
X6 | — |
X7 | — |
X8 | — |
X9 | — |
X10 | — |
X11 | — |
X12 | — |
X13 | — |
X14 | — |
X15 | — |
X16 | — |
X17 | — |
X18 | — |
X19 | — |
X20 | — |
X21 | — |
X22 | — |
X23 | — |
X24 | — |
X25 | — |
X26 | — |
X27 | — |
X28 | — |
Fp | — |
Lr | — |
Sp | — |
Pc | — |
Event ID 127 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
SizeInBytes | — |
Flags | — |
Event ID 128 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
RegionSize | — |
ProcessId | — |
Flags | — |
CommitSizeInBytes | — |
Event ID 129 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
RegionSize | — |
ProcessId | — |
Flags | — |
CommitSizeInBytes | — |
Event ID 130 —
Event ID 131 —
Event ID 132 —
Event ID 133 —
Event ID 134 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
SizeInBytes | — |
Flags | — |
Event ID 135 —
Event ID 144 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
Event ID 145 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
Event ID 146 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
Event ID 147 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
Event ID 148 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
Event ID 149 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
Event ID 150 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
Event ID 160 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 161 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 162 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 163 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 164 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 165 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 166 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 167 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 168 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 169 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 170 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 171 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 172 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 173 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 174 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 176 —
Fields
| Name | Description |
|---|---|
NewDllBaseAddress | — |
ParentDllBaseAddress | — |
LoadReason | — |
FilePath | — |
Event ID 177 —
Fields
| Name | Description |
|---|---|
NewDllBaseAddress | — |
ParentDllBaseAddress | — |
LoadReason | — |
FilePath | — |
Event ID 192 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String1 | — |
String2 | — |
Event ID 193 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String1 | — |
String2 | — |
Event ID 208 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 209 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 210 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 211 —
Fields
| Name | Description |
|---|---|
BaseAddress | — |
ErrorOpcode | — |
Code | — |
String | — |
Event ID 212 —
Fields
| Name | Description |
|---|---|
LdrLoadFlags | — |
LdrSearchFlags | — |
SearchInfo | — |
LoadReason | — |
FullDllName | — |
Event ID 213 —
Fields
| Name | Description |
|---|---|
SearchInfo | — |
Cwd | — |
AppDir | — |
DllDir | — |
DllLoadDir | — |