Module

module

The Module object describes the load attributes of a module.

Attributes

Caption	Name	Type	Description
Base Address	`base_address`	String	The memory address where the module was loaded.
File	`file`	File[]	Entity:`FILE` The module file object.
Function Name	`function_name`	String	The entry-point function of the module. The system calls the entry-point function whenever a process or thread loads or unloads the module.
Load Type	`load_type`	String	The load type, normalized to the caption of the load_type_id value. In the case of 'Other', it is defined by the event source.
Load Type ID	`load_type_id`	Integer	The normalized identifier for how the module was loaded in memory. `1`: Standard (`STANDARD`) `2`: Non Standard (`NON_STANDARD`) `3`: ShellCode (`SHELLCODE`) `4`: Mapped (`MAPPED`) `5`: NonStandard Backed (`NONSTANDARD_BACKED`) `0`: Unknown (`UNKNOWN`) `99`: Other (`OTHER`)
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Start Address	`start_address`	String	The start address of the execution.
Type	`type`	String	The module type.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

These objects and events reference Module in their attributes:

Module references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0

Updated 22 days ago