MemoryObjectTypeMemory Object Schema

The MemoryObjectType type is intended to characterize generic memory objects.


Fields

Field Name Type Description
@object_referenceoptional QName

The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.

Custom_Properties0..1 CustomPropertiesType

The Custom_Properties construct is optional and enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.

@is_injectedoptional boolean

The is_injected field specifies whether or not the particular memory object has had data/code injected into it by another process.

@is_mappedoptional boolean

The is_mapped field specifies whether or not the particular memory object has been assigned a byte-for-byte correlation with some portion of a file or file-like resource.

@is_protectedoptional boolean

The is_protected field specifies whether or not the particular memory object is protected (read/write only from the process that allocated it).

@is_volatileoptional boolean

The is_volatile field specifies whether or not the particular memory object is volatile.

Hashes0..1 HashListType

The Hashes field specifies any hashes of the particular memory object.

Name0..1 StringObjectPropertyType

The Name field specifies the name of the particular memory object, if applicable.

Memory_Source0..1 StringObjectPropertyType

The name of the source file or segment that produced the bytes that make the particular memory object.

Region_Size0..1 UnsignedLongObjectPropertyType

The Region_Size field specifies the size of the particular memory region, in bytes.

Block_Type0..1 BlockType

The Block_Type field specifies the block type of a particular memory object.

Region_Start_Address0..1 HexBinaryObjectPropertyType

The Region_Start_Address field specifies the starting address of the particular memory region.

Region_End_Address0..1 HexBinaryObjectPropertyType

The Region_End_Address field specifies the ending address of the particular memory region.

Extracted_Features0..1 ExtractedFeaturesType

A description of features extracted from this memory region.