This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org. Win_Kernel_Hook_Object 2.1 01/22/2014 The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included. The Windows_Kernel_Hook object is intended to characterize Windows kernel function hooks. The WindowsKernelHookObjectType type is intended to characterize Windows kernel function hooks. The Digital_Signature_Hooked field is optional and specifies the digital signature of the hooking code. The Digital_Signature_Hooked field is optional and specifies the digital signature of the hooked code. The Hooking_Address field is optional and specifies the address from where the hooking occurs. The Hook_Description field is optional and provides a description of the nature of the hook. The Hooked_Function field specifies the name of the function that is hooked. The Hooked_Module field specifies the name of the module that is hooked. The Hooking_Module field specifies the name of the module that is doing the hooking. The Type field specifies the type of hook being characterized. KernelHookType specifies Windows kernel hook types via a union of the KernelHookTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications. This attribute is optional and specifies the expected type for the value of the specified property. The KernelHookTypeEnum type is a non-exhaustive enumeration of Windows kernel hook types. Specifies a kernel hook type of IAT_API. Specifies an inline function type of kernel hook. Specifies an instruction hooking type of kernel hook.