Heads up! These docs are for STIX 1.1.1, which is not the latest version (1.2). View the latest!

WindowsHandleObjectTypeWin Handle Object Schema

The WindowsHandleObjectType type is intended to characterize Windows handles.


Fields

Field Name Type Description
@object_referenceoptional QName

The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.

Custom_Properties0..1 CustomPropertiesType

The Custom_Properties construct is optional and enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.

ID0..1 UnsignedIntegerObjectPropertyType

The ID field refers to the unique number used to identify the handle.

Name0..1 StringObjectPropertyType

The Name field specifies the name of the handle.

Type0..1 HandleType

The Type field specifies the handle type, which is equivalent to the type of Windows object that the handle refers to.

Object_Address0..1 UnsignedLongObjectPropertyType

The Object_Address field specifies the address of the Windows object that the handle refers to.

Access_Mask0..1 UnsignedLongObjectPropertyType

The Access_Mask field specifies the access bitmask of the handle.

Pointer_Count0..1 UnsignedLongObjectPropertyType

The Pointer_Count field specifies the count of pointer references to the Windows object that the handle refers to.