The WindowsHookObjectType type is intended to characterize Windows hook procedure objects.
For more information please see http://msdn.microsoft.com/en-us/library/windows/desktop/ms644990(v=vs.85).aspx.
| Field Name | Type | Description |
|---|---|---|
| @object_referenceoptional | QName |
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to. |
| Custom_Properties0..1 | CustomPropertiesType |
The Custom_Properties construct is optional and enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas. |
| Type0..1 | WinHookType |
The Type field specifies the type (i.e. WH_) of the Windows hook procedure, which refers to the type of event that the hook will intercept. |
| Handle0..1 | WindowsHandleObjectType |
The Handle field specifies the handle associated with the Windows hook procedure. It uses the WindowsHandleObjectType type from the imported CybOX Windows Handle object. |
| Hooking_Function_Name0..1 | StringObjectPropertyType |
The Hooking_Function_Name field specifies the name of the hooking function used by the Windows hook procedure. |
| Hooking_Module0..1 | LibraryObjectType |
The Hooking_Module field specifies the properties of the module that contains the hooking function used in the Windows hook procedure that is specified in the Hooking_Function_Name field. It uses the LibraryObjectType from the imported CybOX Library Object. |
| Thread_ID0..1 | NonNegativeIntegerObjectPropertyType |
The Thread_ID field specifies the ID of the thread associated with the Windows procedure, if applicable. |