Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,095 questions
ProcMon does not recognize types of device/interface property values in the Registry
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 70%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEM%3C/text%3E%3C/svg%3E)
Eugene Muzychenko
21
Reputation points
@Mark Russinovich
Since Windows 8, the system has changed the format of the device/interface property data stored in CCS\Enum...\Properties and CCS\Control\DeviceClasses...\Properties. The data type is encoded in the Registry value type as 0xFFFFnnnn, where the "nnnn" contains a DEVPROP_TYPE_xxx type. But ProcMon doesn't decode such types, displaying them as "unknown" with a decimal value (for example, 4294901785 or 4294901767).
In itself, this is not a big problem. But ProcMon does not display the data if value type is not recognized. So all ReqQueryValue/RegSetValue events for such values contain no data at all.
Until decoding of such types is implemented, it would be great to display the data at least in the form of a byte sequence.
Sysinternals