The MemoryObjectType type is intended to characterize generic memory objects.
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
The Custom_Properties construct is optional and enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.
The is_injected field specifies whether or not the particular memory object has had data/code injected into it by another process.
The is_mapped field specifies whether or not the particular memory object has been assigned a byte-for-byte correlation with some portion of a file or file-like resource.
The is_protected field specifies whether or not the particular memory object is protected (read/write only from the process that allocated it).
The is_volatile field specifies whether or not the particular memory object is volatile.
The Hashes field specifies any hashes of the particular memory object.
The Name field specifies the name of the particular memory object, if applicable.
The name of the source file or segment that produced the bytes that make the particular memory object.
The Region_Size field specifies the size of the particular memory region, in bytes.
The Block_Type field specifies the block type of a particular memory object.
The Region_Start_Address field specifies the starting address of the particular memory region.
The Region_End_Address field specifies the ending address of the particular memory region.
A description of features extracted from this memory region.