Upravit

Sdílet prostřednictvím


Registry class

This class is the parent class for registry events.

The following syntax is simplified from MOF code.

Syntax

[Guid("{ae53722e-c863-11d2-8659-00c04fa321a1}"), EventVersion(2)]
class Registry : MSNT_SystemTrace
{
};

Members

The Registry class does not define any members.

Remarks

To enable registry events in an NT Kernel logging session, specify the EVENT_TRACE_FLAG_REGISTRY in the EnableFlags member of an EVENT_TRACE_PROPERTIES structure when calling the StartTrace function.

Event trace consumers can implement special processing for registry events by calling the SetTraceCallback function and specifying RegistryGuid as the pGuid parameter. Use the following event types to identify the actual registry event when consuming events.

Event type Description
EVENT_TRACE_TYPE_REGCREATE(Event type value is 10)
Create key event. The Registry_TypeGroup1 MOF class defines the event data for this event.
EVENT_TRACE_TYPE_REGDELETE(Event type value is 12)
Delete key event. The Registry_TypeGroup1 MOF class defines the event data for this event.
EVENT_TRACE_TYPE_REGDELETEVALUE(Event type value is 15)
Delete value event. The Registry_TypeGroup1 MOF class defines the event data for this event.
EVENT_TRACE_TYPE_REGENUMERATEKEY(Event type value is 17)
Enumerate key event. The Registry_TypeGroup1 MOF class defines the event data for this event.
EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY(Event type value is 18)
Enumerate value key event. The Registry_TypeGroup1 MOF class defines the event data for this event.
EVENT_TRACE_TYPE_REGFLUSH(Event type value is 21)
Flush key event. The Registry_TypeGroup1 MOF class defines the event data for this event.
EVENT_TRACE_TYPE_REGKCBDMP(Event type value is 22)
Create key event. Generated when a registry operation uses handles rather than strings to reference subkeys. The Registry_TypeGroup1 MOF class defines the event data for this event.
EVENT_TRACE_TYPE_REGOPEN(Event type value is 11)
Open key event. The Registry_TypeGroup1 MOF class defines the event data for this event.
EVENT_TRACE_TYPE_REGQUERY(Event type value is 13)
Query key event. The Registry_TypeGroup1 MOF class defines the event data for this event.
EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE(Event type value is 19)
Query multiple value event. The Registry_TypeGroup1 MOF class defines the event data for this event.
EVENT_TRACE_TYPE_REGQUERYVALUE(Event type value is 16)
Query value event. The Registry_TypeGroup1 MOF class defines the event data for this event.
EVENT_TRACE_TYPE_REGSETINFORMATION(Event type value is 20)
Set information event. The Registry_TypeGroup1 MOF class defines the event data for this event.
EVENT_TRACE_TYPE_REGSETVALUE(Event type value is 14)
Set value event. The Registry_TypeGroup1 MOF class defines the event data for this event.
Event type value, 23 delete key event. Generated when a registry operation uses handles rather than strings to reference subkeys. The Registry_TypeGroup1 MOF class defines the event data for this event.
Event type value, 24 Enumerates the registry keys open at the beginning of the session. The Registry_TypeGroup1 MOF class defines the event data for this event.
Event type value, 25 Enumerates the registry keys open at the end of the session.The Registry_TypeGroup1 MOF class defines the event data for this event.
Event type value, 26 The Registry_TypeGroup1 MOF class defines the event data for this event.
Event type value, 27 Open key event. The Registry_TypeGroup1 MOF class defines the event data for this event.

 

Requirements

Requirement Value
Minimum supported client
Windows Vista [desktop apps only]
Minimum supported server
Windows Server 2008 [desktop apps only]

See also

MSNT_SystemTrace

Registry_TypeGroup1

Registry_V0

Registry_V1