This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org. Win_Process_Object 2.0 04/08/2013 The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. Copyright (c) 2012-2013, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included. Windows_Process object is intended to characterize Windows processes. The WindowsProcessObjectType type is intended to characterize Windows processes. The Handle_List field specifies a list of Windows Handles opened or used by the process. The Priority field speciifes the current priority of the process in Windows. The Section_List field specifies the memory sections used by the process. The Security_ID field specifies the Security ID (SID) value assigned to the process. The Startup_Info field specifies the STARTUP_INFO struct used by the process. The Security_Type field specifies the type of Security ID (SID) assigned to the process. The Window_Title field specifies the title of the main window of the process. The aslr_enabled field specifies whether Address Space Layout Randomization (ASLR) is enabled for the process. The dep_enabled field specifies whether Data Execution Prevention (DEP) is enabled for the process. The MemorySectionListType type specifies a list of memory sections used by the process. The Memory_Section field specifies a memory section used by the process. It imports and uses the MemoryObjectType from the CybOX Memory Object. The StartupInfoType type encapsulates the information contained in the STARTUPINFO struct for the process. The lpDesktop field specifies the name of the desktop, or the name of both the desktop and window station for this process. The lpTitle field specifies the title displayed in the title bar if a new console window is created. The dwX field specifies the x offset of the upper left corner of a window if a new window is created, in pixels. The dwY field specifies the y offset of the upper left corner of a window if a new window is created, in pixels. The dwXSize field specifies the width of the window if a new window is created, in pixels. The dwYSize field specifies the height of the window if a new window is created, in pixels. The dwXCountChars field specifies the screen buffer width, in character columns. The dwYCountChars field specifies the screen buffer height, in character rows. The dwFillAttribute field specifies the initial text and background colors if a new console window is created in a console application. The dwFlags field specifies a bitfield that determines whether certain STARTUPINFO members are used when the process creates a window. The wShowWindow field specifies STARTF_USESHOWWINDOW, this member can be any of the values that can be specified in the nCmdShow parameter for the ShowWindow function, except for SW_SHOWDEFAULT. The hStdInput field specifies the standard input handle for the process. The hStdOutput field specifies the standard output handle for the process. The hStdError field specifies the standard error handle for the process.