Guides

Module

Suggest Edits

module

The Module object describes the load attributes of a module.

Attributes

CaptionNameTypeDescription
Base Address base_address String The memory address where the module was loaded.
File file File[] Entity:FILE
The module file object.
Function Name function_name String The entry-point function of the module. The system calls the entry-point function whenever a process or thread loads or unloads the module.
Load Type load_type String The load type, normalized to the caption of the load_type_id value. In the case of 'Other', it is defined by the event source.
Load Type ID load_type_id Integer The normalized identifier for how the module was loaded in memory.
  • 0: Unknown (UNKNOWN)
  • 1: Standard (STANDARD)
  • 2: Non Standard (NON_STANDARD)
  • 3: ShellCode (SHELLCODE)
  • 4: Mapped (MAPPED)
  • 5: NonStandard Backed (NONSTANDARD_BACKED)
  • 99: Other (OTHER)
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Start Address start_address String The start address of the execution.
Type type String The module type.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.

Relationships

Module shown in context

Inbound Relationships

These objects and events reference Module in their attributes:

Outbound Relationships

Module references the following objects and events in its attributes:

This page describes ocsf-1.4.0

Updated 3 days ago