Heads up! These docs are for STIX 1.1.1, which is not the latest version (1.2). View the latest!

WindowsMemoryPageRegionObjectTypeWin Memory Page Region Object Schema

The WindowsMemoryPageRegionObjectType type is intended to characterize Windows memory page regions.


Fields

Field Name Type Description
@object_referenceoptional QName

The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.

Custom_Properties0..1 CustomPropertiesType

The Custom_Properties construct is optional and enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.

@is_injectedoptional boolean

The is_injected field specifies whether or not the particular memory object has had data/code injected into it by another process.

@is_mappedoptional boolean

The is_mapped field specifies whether or not the particular memory object has been assigned a byte-for-byte correlation with some portion of a file or file-like resource.

@is_protectedoptional boolean

The is_protected field specifies whether or not the particular memory object is protected (read/write only from the process that allocated it).

@is_volatileoptional boolean

The is_volatile field specifies whether or not the particular memory object is volatile.

Hashes0..1 HashListType

The Hashes field specifies any hashes of the particular memory object.

Name0..1 StringObjectPropertyType

The Name field specifies the name of the particular memory object, if applicable.

Memory_Source0..1 StringObjectPropertyType

The name of the source file or segment that produced the bytes that make the particular memory object.

Region_Size0..1 UnsignedLongObjectPropertyType

The Region_Size field specifies the size of the particular memory region, in bytes.

Block_Type0..1 BlockType

The Block_Type field specifies the block type of a particular memory object.

Region_Start_Address0..1 HexBinaryObjectPropertyType

The Region_Start_Address field specifies the starting address of the particular memory region.

Region_End_Address0..1 HexBinaryObjectPropertyType

The Region_End_Address field specifies the ending address of the particular memory region.

Extracted_Features0..1 ExtractedFeaturesType

A description of features extracted from this memory region.

Type0..1 MemoryPageTypeType

The Type field specifies the type of pages in the memory page region.

Allocation_Base_Address0..1 HexBinaryObjectPropertyType

The Allocation_Base_Address field specifies the base address of the memory page region when the region was first allocated.

Allocation_Protect0..1 MemoryPageProtectionType

The Allocation_Protect field specifies the memory protection option for the memory page region when the region was initially allocated.

State0..1 MemoryPageStateType

The State field specifies the state of the memory pages in the region.

Protect0..1 MemoryPageProtectionType

The Protect field specifies the access protection of the memory pages in the region.