schemas.v1.2.0.cybox.objects.Win_Hook_Object.xsd Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of stix Show documentation
Show all versions of stix Show documentation
The Java bindings for STIX v.1.2.0.2
The newest version!
This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
Win_Event_Object
1.0
01/22/2014
The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML.
Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.
The Windows_Hook object is intended to characterize Windows hook procedures.
The WindowsHookObjectType type is intended to characterize Windows hook procedure objects.
For more information please see http://msdn.microsoft.com/en-us/library/windows/desktop/ms644990(v=vs.85).aspx.
The Type field specifies the type (i.e. WH_) of the Windows hook procedure, which refers to the type of event that the hook will intercept.
The Handle field specifies the handle associated with the Windows hook procedure. It uses the WindowsHandleObjectType type from the imported CybOX Windows Handle object.
The Hooking_Function_Name field specifies the name of the hooking function used by the Windows hook procedure.
The Hooking_Module field specifies the properties of the module that contains the hooking function used in the Windows hook procedure that is specified in the Hooking_Function_Name field. It uses the LibraryObjectType from the imported CybOX Library Object.
The Thread_ID field specifies the ID of the thread associated with the Windows procedure, if applicable.
WinHookType specifies Windows hook procedure types, via a union of the WinHookTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
The WinHookTypeEnum type is an enumeration of Windows hook procedure types.
Specifies a hook procedure that monitors messages before the system sends them to the destination window procedure.
Specifies a hook procedure that monitors messages after they have been processed by the destination window procedure.
Specifies a hook procedure that receives notifications useful to a CBT application.
Specifies a hook procedure useful for debugging other hook procedures.
Specifies a hook procedure that will be called when the application's foreground thread is about to become idle.
Specifies a hook procedure that monitors messages posted to a message queue.
Specifies a hook procedure that posts messages previously recorded by a WH_JOURNALRECORD hook procedure.
Specifies a hook procedure that records input messages posted to the system message queue.
Specifies a hook procedure that monitors keystroke messages.
Specifies a hook procedure that monitors low-level keyboard input events.
Specifies a hook procedure that monitors mouse messages.
Specifies a hook procedure that monitors low-level mouse input events.
Specifies a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar.
Specifies a hook procedure that receives notifications useful to shell applications.
Specifies a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar.