Source code for cybox.objects.win_kernel_object

# Copyright (c) 2017, The MITRE Corporation. All rights reserved.
# See LICENSE.txt for complete terms.

from mixbox import entities
from mixbox import fields

import cybox.bindings.win_kernel_object as win_kernel_binding
from cybox.common import ObjectProperties, HexBinary, NonNegativeInteger


[docs]class IDTEntry(entities.Entity): _namespace = "http://cybox.mitre.org/objects#WinKernelObject-2" _binding = win_kernel_binding _binding_class = win_kernel_binding.IDTEntryType type_attr = fields.TypedField("Type_Attr", HexBinary) offset_high = fields.TypedField("Offset_High", HexBinary) offset_low = fields.TypedField("Offset_Low", HexBinary) offset_middle = fields.TypedField("Offset_Middle", HexBinary) selector = fields.TypedField("Selector", HexBinary)
[docs]class IDTEntryList(entities.EntityList): _binding = win_kernel_binding _binding_class = win_kernel_binding.IDTEntryListType _namespace = "http://cybox.mitre.org/objects#WinKernelObject-2" idt_entry = fields.TypedField("IDT_Entry", IDTEntry, multiple=True)
[docs]class SSDTEntry(entities.Entity): _namespace = "http://cybox.mitre.org/objects#WinKernelObject-2" _binding = win_kernel_binding _binding_class = win_kernel_binding.SSDTEntryType hooked = fields.TypedField("hooked") service_table_base = fields.TypedField("Service_Table_Base", HexBinary) service_counter_table_base = fields.TypedField("Service_Counter_Table_Base", HexBinary) number_of_services = fields.TypedField("Number_Of_Services", NonNegativeInteger) argument_table_base = fields.TypedField("Argument_Table_Base", HexBinary)
[docs]class SSDTEntryList(entities.EntityList): _binding = win_kernel_binding _binding_class = win_kernel_binding.SSDTEntryListType _namespace = "http://cybox.mitre.org/objects#WinKernelObject-2" ssdt_entry = fields.TypedField("SSDT_Entry", SSDTEntry, multiple=True)
[docs]class WinKernel(ObjectProperties): _binding = win_kernel_binding _binding_class = win_kernel_binding.WindowsKernelObjectType _namespace = "http://cybox.mitre.org/objects#WinKernelObject-2" _XSI_NS = "WinKernelObj" _XSI_TYPE = "WindowsKernelObjectType" idt = fields.TypedField("IDT", IDTEntryList) ssdt = fields.TypedField("SSDT", SSDTEntryList)