Registry_V1 class
This class is the parent class for registry events.
The following syntax is simplified from MOF code.
Syntax
[Guid("{ae53722e-c863-11d2-8659-00c04fa321a1}"), EventVersion(1)]
class Registry_V1 : MSNT_SystemTrace
{
};
Members
The Registry_V1 class does not define any members.
Remarks
To enable registry events in an NT Kernel logging session, specify the EVENT_TRACE_FLAG_REGISTRY in the EnableFlags member of an EVENT_TRACE_PROPERTIES structure when calling the StartTrace function.
Event trace consumers can implement special processing for registry events by calling the SetTraceCallback function and specifying RegistryGuid as the pGuid parameter. Use the following event types to identify the actual registry event when consuming events.
| Event type | Description |
|---|---|
| EVENT_TRACE_TYPE_REGCREATE(Event type value is 10) |
Create key event. The Registry_TypeGroup1 MOF class defines the event data for this event. |
| EVENT_TRACE_TYPE_REGDELETE(Event type value is 12) |
Delete key event. The Registry_TypeGroup1 MOF class defines the event data for this event. |
| EVENT_TRACE_TYPE_REGDELETEVALUE(Event type value is 15) |
Delete value event. The Registry_TypeGroup1 MOF class defines the event data for this event. |
| EVENT_TRACE_TYPE_REGENUMERATEKEY(Event type value is 17) |
Enumerate key event. The Registry_TypeGroup1 MOF class defines the event data for this event. |
| EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY(Event type value is 18) |
Enumerate value key event. The Registry_TypeGroup1 MOF class defines the event data for this event. |
| EVENT_TRACE_TYPE_REGFLUSH(Event type value is 21) |
Flush key event. The Registry_TypeGroup1 MOF class defines the event data for this event. |
| EVENT_TRACE_TYPE_REGKCBDMP(Event type value is 22) |
Generated when a registry operation uses handles rather than strings to reference subkeys. These events are recorded once for each handle—the first time the handle is referenced. Repeated references to the handle do not generate multiple events. The Registry_TypeGroup1 MOF class defines the event data for this event. Windows 2000: This value is not supported. |
| EVENT_TRACE_TYPE_REGOPEN(Event type value is 11) |
Open key event. The Registry_TypeGroup1 MOF class defines the event data for this event. |
| EVENT_TRACE_TYPE_REGQUERY(Event type value is 13) |
Query key event. The Registry_TypeGroup1 MOF class defines the event data for this event. |
| EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE(Event type value is 19) |
Query multiple value event. The Registry_TypeGroup1 MOF class defines the event data for this event. |
| EVENT_TRACE_TYPE_REGQUERYVALUE(Event type value is 16) |
Query value event. The Registry_TypeGroup1 MOF class defines the event data for this event. |
| EVENT_TRACE_TYPE_REGSETINFORMATION(Event type value is 20) |
Set information event. The Registry_TypeGroup1 MOF class defines the event data for this event. |
| EVENT_TRACE_TYPE_REGSETVALUE(Event type value is 14) |
Set value event. The Registry_TypeGroup1 MOF class defines the event data for this event. |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows XP [desktop apps only] |
| Minimum supported server |
Windows Server 2003 [desktop apps only] |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for