Showing:

Annotations
Diagrams
Facets
Source
Used by
Main schema Memory_Object.xsd
Namespace http://cybox.mitre.org/objects#MemoryObject-2
Annotations
 
This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
Element MemoryObj:Memory_Region
Namespace http://cybox.mitre.org/objects#MemoryObject-2
Annotations
 
The Memory_Region object is intended to characterize generic memory objects.
Diagram
Diagram Memory_Object_xsd.tmp#MemoryObjectType_is_injected Memory_Object_xsd.tmp#MemoryObjectType_is_mapped Memory_Object_xsd.tmp#MemoryObjectType_is_protected Memory_Object_xsd.tmp#MemoryObjectType_is_volatile Memory_Object_xsd.tmp#MemoryObjectType_Hashes Memory_Object_xsd.tmp#MemoryObjectType_Name Memory_Object_xsd.tmp#MemoryObjectType_Memory_Source Memory_Object_xsd.tmp#MemoryObjectType_Region_Size Memory_Object_xsd.tmp#MemoryObjectType_Block_Type Memory_Object_xsd.tmp#MemoryObjectType_Region_Start_Address Memory_Object_xsd.tmp#MemoryObjectType_Region_End_Address Memory_Object_xsd.tmp#MemoryObjectType_Extracted_Features Memory_Object_xsd.tmp#MemoryObjectType
Type MemoryObj:MemoryObjectType
Type hierarchy
Children MemoryObj:Block_Type, MemoryObj:Extracted_Features, MemoryObj:Hashes, MemoryObj:Memory_Source, MemoryObj:Name, MemoryObj:Region_End_Address, MemoryObj:Region_Size, MemoryObj:Region_Start_Address
Source
 
<xs:element name="Memory_Region" type="MemoryObj:MemoryObjectType">
  <xs:annotation>
    <xs:documentation>The Memory_Region object is intended to characterize generic memory objects.</xs:documentation>
  </xs:annotation>
</xs:element>
Element MemoryObj:MemoryObjectType / MemoryObj:Hashes
Namespace http://cybox.mitre.org/objects#MemoryObject-2
Annotations
 
The Hashes field specifies any hashes of the particular memory object.
Diagram
Diagram
Type HashListType
Source
 
<xs:element name="Hashes" type="cyboxCommon:HashListType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Hashes field specifies any hashes of the particular memory object.</xs:documentation>
  </xs:annotation>
</xs:element>
Element MemoryObj:MemoryObjectType / MemoryObj:Name
Namespace http://cybox.mitre.org/objects#MemoryObject-2
Annotations
 
The Name field specifies the name of the particular memory object, if applicable.
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Name field specifies the name of the particular memory object, if applicable.</xs:documentation>
  </xs:annotation>
</xs:element>
Element MemoryObj:MemoryObjectType / MemoryObj:Memory_Source
Namespace http://cybox.mitre.org/objects#MemoryObject-2
Annotations
 
The name of the source file or segment that produced the bytes that make the particular memory object.
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="Memory_Source" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The name of the source file or segment that produced the bytes that make the particular memory object.</xs:documentation>
  </xs:annotation>
</xs:element>
Element MemoryObj:MemoryObjectType / MemoryObj:Region_Size
Namespace http://cybox.mitre.org/objects#MemoryObject-2
Annotations
 
The Region_Size field specifies the size of the particular memory region, in bytes.
Diagram
Diagram
Type UnsignedLongObjectPropertyType
Source
 
<xs:element name="Region_Size" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Region_Size field specifies the size of the particular memory region, in bytes.</xs:documentation>
  </xs:annotation>
</xs:element>
Element MemoryObj:MemoryObjectType / MemoryObj:Block_Type
Namespace http://cybox.mitre.org/objects#MemoryObject-2
Annotations
 
The Block_Type field specifies the block type of a particular memory object.
Diagram
Diagram Memory_Object_xsd.tmp#BlockType_datatype Memory_Object_xsd.tmp#BlockType
Type MemoryObj:BlockType
Type hierarchy
Source
 
<xs:element name="Block_Type" type="MemoryObj:BlockType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Block_Type field specifies the block type of a particular memory object.</xs:documentation>
  </xs:annotation>
</xs:element>
Element MemoryObj:MemoryObjectType / MemoryObj:Region_Start_Address
Namespace http://cybox.mitre.org/objects#MemoryObject-2
Annotations
 
The Region_Start_Address field specifies the starting address of the particular memory region.
Diagram
Diagram
Type HexBinaryObjectPropertyType
Source
 
<xs:element name="Region_Start_Address" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Region_Start_Address field specifies the starting address of the particular memory region.</xs:documentation>
  </xs:annotation>
</xs:element>
Element MemoryObj:MemoryObjectType / MemoryObj:Region_End_Address
Namespace http://cybox.mitre.org/objects#MemoryObject-2
Annotations
 
The Region_End_Address field specifies the ending address of the particular memory region.
Diagram
Diagram
Type HexBinaryObjectPropertyType
Source
 
<xs:element name="Region_End_Address" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Region_End_Address field specifies the ending address of the particular memory region.</xs:documentation>
  </xs:annotation>
</xs:element>
Element MemoryObj:MemoryObjectType / MemoryObj:Extracted_Features
Namespace http://cybox.mitre.org/objects#MemoryObject-2
Annotations
 
A description of features extracted from this memory region.
Diagram
Diagram
Type ExtractedFeaturesType
Source
 
<xs:element name="Extracted_Features" type="cyboxCommon:ExtractedFeaturesType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>A description of features extracted from this memory region.</xs:documentation>
  </xs:annotation>
</xs:element>
Complex Type MemoryObj:MemoryObjectType
Namespace http://cybox.mitre.org/objects#MemoryObject-2
Annotations
 
The MemoryObjectType type is intended to characterize generic memory objects.
Diagram
Diagram Memory_Object_xsd.tmp#MemoryObjectType_is_injected Memory_Object_xsd.tmp#MemoryObjectType_is_mapped Memory_Object_xsd.tmp#MemoryObjectType_is_protected Memory_Object_xsd.tmp#MemoryObjectType_is_volatile Memory_Object_xsd.tmp#MemoryObjectType_Hashes Memory_Object_xsd.tmp#MemoryObjectType_Name Memory_Object_xsd.tmp#MemoryObjectType_Memory_Source Memory_Object_xsd.tmp#MemoryObjectType_Region_Size Memory_Object_xsd.tmp#MemoryObjectType_Block_Type Memory_Object_xsd.tmp#MemoryObjectType_Region_Start_Address Memory_Object_xsd.tmp#MemoryObjectType_Region_End_Address Memory_Object_xsd.tmp#MemoryObjectType_Extracted_Features
Type extension of ObjectPropertiesType
Type hierarchy
Used by
Children MemoryObj:Block_Type, MemoryObj:Extracted_Features, MemoryObj:Hashes, MemoryObj:Memory_Source, MemoryObj:Name, MemoryObj:Region_End_Address, MemoryObj:Region_Size, MemoryObj:Region_Start_Address
Source
 
<xs:complexType name="MemoryObjectType" mixed="false">
  <xs:annotation>
    <xs:documentation>The MemoryObjectType type is intended to characterize generic memory objects.</xs:documentation>
  </xs:annotation>
  <xs:complexContent>
    <xs:extension base="cyboxCommon:ObjectPropertiesType">
      <xs:sequence>
        <xs:element name="Hashes" type="cyboxCommon:HashListType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Hashes field specifies any hashes of the particular memory object.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Name field specifies the name of the particular memory object, if applicable.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Memory_Source" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The name of the source file or segment that produced the bytes that make the particular memory object.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Region_Size" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Region_Size field specifies the size of the particular memory region, in bytes.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Block_Type" type="MemoryObj:BlockType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Block_Type field specifies the block type of a particular memory object.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Region_Start_Address" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Region_Start_Address field specifies the starting address of the particular memory region.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Region_End_Address" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Region_End_Address field specifies the ending address of the particular memory region.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Extracted_Features" type="cyboxCommon:ExtractedFeaturesType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>A description of features extracted from this memory region.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
      <xs:attribute name="is_injected" type="xs:boolean">
        <xs:annotation>
          <xs:documentation>The is_injected field specifies whether or not the particular memory object has had data/code injected into it by another process.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
      <xs:attribute name="is_mapped" type="xs:boolean">
        <xs:annotation>
          <xs:documentation>The is_mapped field specifies whether or not the particular memory object has been assigned a byte-for-byte correlation with some portion of a file or file-like resource.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
      <xs:attribute name="is_protected" type="xs:boolean">
        <xs:annotation>
          <xs:documentation>The is_protected field specifies whether or not the particular memory object is protected (read/write only from the process that allocated it).</xs:documentation>
        </xs:annotation>
      </xs:attribute>
      <xs:attribute name="is_volatile" type="xs:boolean">
        <xs:annotation>
          <xs:documentation>The is_volatile field specifies whether or not the particular memory object is volatile.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Complex Type MemoryObj:BlockType
Namespace http://cybox.mitre.org/objects#MemoryObject-2
Annotations
 
BlockType specifies memory block types, via a union of the BlockTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
Diagram
Diagram Memory_Object_xsd.tmp#BlockType_datatype
Type restriction of BaseObjectPropertyType
Type hierarchy
Used by
Source
 
<xs:complexType name="BlockType">
  <xs:annotation>
    <xs:documentation>BlockType specifies memory block types, via a union of the BlockTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="cyboxCommon:BaseObjectPropertyType">
      <xs:simpleType>
        <xs:union memberTypes="MemoryObj:BlockTypeEnum xs:string"/>
      </xs:simpleType>
      <xs:attribute fixed="string" name="datatype" type="cyboxCommon:DatatypeEnum" use="optional">
        <xs:annotation>
          <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type MemoryObj:BlockTypeEnum
Namespace http://cybox.mitre.org/objects#MemoryObject-2
Annotations
 
The BlockTypeEnum is a non-exhaustive enumeration of memory block types.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Initialized 
Indicates that the memory block is initialized.
enumeration Uninitialized 
Indicates that the memory block is uninitialized.
enumeration Overlay 
Indicates that the memory block is an overlay.
enumeration Bit-mapped 
Indicates that the memory block is bit-mapped.
enumeration Byte-mapped 
Indicates that the memory block is byte-mapped.
Source
 
<xs:simpleType name="BlockTypeEnum">
  <xs:annotation>
    <xs:documentation>The BlockTypeEnum is a non-exhaustive enumeration of memory block types.</xs:documentation>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Initialized">
      <xs:annotation>
        <xs:documentation>Indicates that the memory block is initialized.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Uninitialized">
      <xs:annotation>
        <xs:documentation>Indicates that the memory block is uninitialized.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Overlay">
      <xs:annotation>
        <xs:documentation>Indicates that the memory block is an overlay.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Bit-mapped">
      <xs:annotation>
        <xs:documentation>Indicates that the memory block is bit-mapped.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Byte-mapped">
      <xs:annotation>
        <xs:documentation>Indicates that the memory block is byte-mapped.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Attribute MemoryObj:BlockType / @datatype
Namespace No namespace
Annotations
 
This attribute is optional and specifies the expected type for the value of the specified property.
Type DatatypeEnum
Used by
Complex Type MemoryObj:BlockType
Source
 
<xs:attribute fixed="string" name="datatype" type="cyboxCommon:DatatypeEnum" use="optional">
  <xs:annotation>
    <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute MemoryObj:MemoryObjectType / @is_injected
Namespace No namespace
Annotations
 
The is_injected field specifies whether or not the particular memory object has had data/code injected into it by another process.
Type xs:boolean
Used by
Source
 
<xs:attribute name="is_injected" type="xs:boolean">
  <xs:annotation>
    <xs:documentation>The is_injected field specifies whether or not the particular memory object has had data/code injected into it by another process.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute MemoryObj:MemoryObjectType / @is_mapped
Namespace No namespace
Annotations
 
The is_mapped field specifies whether or not the particular memory object has been assigned a byte-for-byte correlation with some portion of a file or file-like resource.
Type xs:boolean
Used by
Source
 
<xs:attribute name="is_mapped" type="xs:boolean">
  <xs:annotation>
    <xs:documentation>The is_mapped field specifies whether or not the particular memory object has been assigned a byte-for-byte correlation with some portion of a file or file-like resource.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute MemoryObj:MemoryObjectType / @is_protected
Namespace No namespace
Annotations
 
The is_protected field specifies whether or not the particular memory object is protected (read/write only from the process that allocated it).
Type xs:boolean
Used by
Source
 
<xs:attribute name="is_protected" type="xs:boolean">
  <xs:annotation>
    <xs:documentation>The is_protected field specifies whether or not the particular memory object is protected (read/write only from the process that allocated it).</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute MemoryObj:MemoryObjectType / @is_volatile
Namespace No namespace
Annotations
 
The is_volatile field specifies whether or not the particular memory object is volatile.
Type xs:boolean
Used by
Source
 
<xs:attribute name="is_volatile" type="xs:boolean">
  <xs:annotation>
    <xs:documentation>The is_volatile field specifies whether or not the particular memory object is volatile.</xs:documentation>
  </xs:annotation>
</xs:attribute>
XML Schema documentation generated by ® XML Editor.