RubyGems - stix_schema_spy - Versions diffs - 1.0 → 1.1 - Mend

stix_schema_spy 1.0 → 1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (175) hide show

data/config/1.1.1/stix/cybox/objects/Win_Handle_Object.xsd ADDED Viewed

@@ -0,0 +1,351 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinHandleObj="http://cybox.mitre.org/objects#WinHandleObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" targetNamespace="http://cybox.mitre.org/objects#WinHandleObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Handle_Object</schema>
+			<version>2.1</version>
+			<date>01/22/2014</date>
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:element name="Windows_Handle" type="WinHandleObj:WindowsHandleObjectType">
+		<xs:annotation>
+			<xs:documentation>The Windows_Handle object is intended to characterize Windows handles.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsHandleObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsHandleObjectType type is intended to characterize Windows handles.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="cyboxCommon:ObjectPropertiesType">
+				<xs:sequence>
+					<xs:element name="ID" type="cyboxCommon:UnsignedIntegerObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The ID field refers to the unique number used to identify the handle.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Name field specifies the name of the handle.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Type" type="WinHandleObj:HandleType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Type field specifies the handle type, which is equivalent to the type of Windows object that the handle refers to.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Object_Address" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Object_Address field specifies the address of the Windows object that the handle refers to.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Access_Mask" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Access_Mask field specifies the access bitmask of the handle.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Pointer_Count" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Pointer_Count field specifies the count of pointer references to the Windows object that the handle refers to.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="WindowsHandleListType">
+		<xs:annotation>
+			<xs:documentation>The WindowsHandleListType type specifies a list of Windows handles, for re-use in other objects.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Handle" type="WinHandleObj:WindowsHandleObjectType" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>The Handle field characterizes a single Windows handle.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="HandleType">
+		<xs:annotation>
+			<xs:documentation>HandleType specifies Windows handle types via a union of the HandleTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
+		</xs:annotation>
+		<xs:simpleContent>
+			<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
+				<xs:simpleType>
+					<xs:union memberTypes="WinHandleObj:HandleTypeEnum xs:string"/>
+				</xs:simpleType>
+				<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
+					<xs:annotation>
+						<xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:restriction>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:simpleType name="HandleTypeEnum">
+		<xs:annotation>
+			<xs:documentation>The WindowsHandleType is a non-exhaustive enumeration of Windows handle types.</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="AccessToken">
+				<xs:annotation>
+					<xs:documentation>Specifies an access token handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Event">
+				<xs:annotation>
+					<xs:documentation>Specifies an event handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="File">
+				<xs:annotation>
+					<xs:documentation>Specifies a file handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="FileMapping">
+				<xs:annotation>
+					<xs:documentation>Specifies a file mapping handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Job">
+				<xs:annotation>
+					<xs:documentation>Specifies a job handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="IOCompletionPort">
+				<xs:annotation>
+					<xs:documentation>Specifies an IO completion port handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Mailslot">
+				<xs:annotation>
+					<xs:documentation>Specifies a mailslot handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Mutex">
+				<xs:annotation>
+					<xs:documentation>Specifies a mutex handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="NamedPipe">
+				<xs:annotation>
+					<xs:documentation>Specifies a named pipe handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Pipe">
+				<xs:annotation>
+					<xs:documentation>Specifies a pipe handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Process">
+				<xs:annotation>
+					<xs:documentation>Specifies a process handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Semaphore">
+				<xs:annotation>
+					<xs:documentation>Specifies a semaphore handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Thread">
+				<xs:annotation>
+					<xs:documentation>Specifies a thread handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Transaction">
+				<xs:annotation>
+					<xs:documentation>Specifies a transaction handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WaitableTimer">
+				<xs:annotation>
+					<xs:documentation>Specifies a waitable timer handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="RegistryKey">
+				<xs:annotation>
+					<xs:documentation>Specifies a registry key handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Window">
+				<xs:annotation>
+					<xs:documentation>Specifies a window handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="ServiceControlManager">
+				<xs:annotation>
+					<xs:documentation>Specifies a service control manager handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="CommunicationsDevice">
+				<xs:annotation>
+					<xs:documentation>Specifies a communications device handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="ConsoleInput">
+				<xs:annotation>
+					<xs:documentation>Specifies a console input handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="ConsoleScreenBuffer">
+				<xs:annotation>
+					<xs:documentation>Specifies a console screen buffer handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="MemoryResourceNotification">
+				<xs:annotation>
+					<xs:documentation>Specifies a memory resource notification handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Directory">
+				<xs:annotation>
+					<xs:documentation>Specifies a directory handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="SymbolicLink">
+				<xs:annotation>
+					<xs:documentation>Specifies a symbolic link handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Token">
+				<xs:annotation>
+					<xs:documentation>Specifies a token handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Profile">
+				<xs:annotation>
+					<xs:documentation>Specifies a profile handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WindowStation">
+				<xs:annotation>
+					<xs:documentation>Specifies a window station handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Port">
+				<xs:annotation>
+					<xs:documentation>Specifies a port handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WaitablePort">
+				<xs:annotation>
+					<xs:documentation>Specifies a waitable port handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Controller">
+				<xs:annotation>
+					<xs:documentation>Specifies a controller handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Driver">
+				<xs:annotation>
+					<xs:documentation>Specifies a driver handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Desktop">
+				<xs:annotation>
+					<xs:documentation>Specifies a desktop handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Adapter">
+				<xs:annotation>
+					<xs:documentation>Specifies an adapter handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Bitmap">
+				<xs:annotation>
+					<xs:documentation>Specifies a bitmap handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Brush">
+				<xs:annotation>
+					<xs:documentation>Specifies a brush handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="ColorSpace">
+				<xs:annotation>
+					<xs:documentation>Specifies a color space handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Cursor">
+				<xs:annotation>
+					<xs:documentation>Specifies a cursor handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="DeviceContext">
+				<xs:annotation>
+					<xs:documentation>Specifies a device context handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="EnhancedMetafile">
+				<xs:annotation>
+					<xs:documentation>Specifies an enhanced metafile handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Font">
+				<xs:annotation>
+					<xs:documentation>Specifies a font handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="GDIObject">
+				<xs:annotation>
+					<xs:documentation>Specifies a GDI object handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Hook">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Icon">
+				<xs:annotation>
+					<xs:documentation>Specifies an icon handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Instance">
+				<xs:annotation>
+					<xs:documentation>Specifies a module instance handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Menu">
+				<xs:annotation>
+					<xs:documentation>Specifies a menu handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Metafile">
+				<xs:annotation>
+					<xs:documentation>Specifies a metafile handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="DisplayMonitor">
+				<xs:annotation>
+					<xs:documentation>Specifies a display monitor handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Palette">
+				<xs:annotation>
+					<xs:documentation>Specifies a palette handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Pen">
+				<xs:annotation>
+					<xs:documentation>Specifies a pen handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Region">
+				<xs:annotation>
+					<xs:documentation>Specifies a region handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Resource">
+				<xs:annotation>
+					<xs:documentation>Specifies a resource handle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+		</xs:restriction>
+	</xs:simpleType>
+</xs:schema>

data/config/1.1.1/stix/cybox/objects/Win_Hook_Object.xsd ADDED Viewed

@@ -0,0 +1,152 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinHookObj="http://cybox.mitre.org/objects#WinHookObject-1" xmlns:LibraryObj="http://cybox.mitre.org/objects#LibraryObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:WinHandleObj="http://cybox.mitre.org/objects#WinHandleObject-2" targetNamespace="http://cybox.mitre.org/objects#WinHookObject-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.0">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Event_Object</schema>
+			<version>1.0</version>
+			<date>01/22/2014</date>
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#WinHandleObject-2" schemaLocation="Win_Handle_Object.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#LibraryObject-2" schemaLocation="Library_Object.xsd"/>
+	<xs:element name="Windows_Hook" type="WinHookObj:WindowsHookObjectType">
+		<xs:annotation>
+			<xs:documentation>The Windows_Hook object is intended to characterize Windows hook procedures.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsHookObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsHookObjectType type is intended to characterize Windows hook procedure objects.</xs:documentation>
+			<xs:documentation>For more information please see http://msdn.microsoft.com/en-us/library/windows/desktop/ms644990(v=vs.85).aspx.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="cyboxCommon:ObjectPropertiesType">
+				<xs:sequence>
+					<xs:element name="Type" type="WinHookObj:WinHookType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Type field specifies the type (i.e. WH_) of the Windows hook procedure, which refers to the type of event that the hook will intercept.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Handle" type="WinHandleObj:WindowsHandleObjectType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Handle field specifies the handle associated with the  Windows hook procedure. It uses the WindowsHandleObjectType type from the imported CybOX Windows Handle object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element minOccurs="0" name="Hooking_Function_Name" type="cyboxCommon:StringObjectPropertyType">
+						<xs:annotation>
+							<xs:documentation>The Hooking_Function_Name field specifies the name of the hooking function used by the Windows hook procedure.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element minOccurs="0" name="Hooking_Module" type="LibraryObj:LibraryObjectType">
+						<xs:annotation>
+							<xs:documentation>The Hooking_Module field specifies the properties of the module that contains the hooking function used in the Windows hook procedure that is specified in the Hooking_Function_Name field. It uses the LibraryObjectType from the imported CybOX Library Object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element minOccurs="0" name="Thread_ID" type="cyboxCommon:NonNegativeIntegerObjectPropertyType">
+						<xs:annotation>
+							<xs:documentation>The Thread_ID field specifies the ID of the thread associated with the Windows procedure, if applicable.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="WinHookType">
+		<xs:annotation>
+			<xs:documentation>WinHookType specifies Windows hook procedure types, via a union of the WinHookTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
+		</xs:annotation>
+		<xs:simpleContent>
+			<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
+				<xs:simpleType>
+					<xs:union memberTypes="WinHookObj:WinHookTypeEnum xs:string"/>
+				</xs:simpleType>
+			</xs:restriction>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:simpleType name="WinHookTypeEnum">
+		<xs:annotation>
+			<xs:documentation>The WinHookTypeEnum type is an enumeration of Windows hook procedure types.</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="WH_CALLWNDPROC">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure that monitors messages before the system sends them to the destination window procedure.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WH_CALLWNDPROCRET">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure that monitors messages after they have been processed by the destination window procedure.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WH_CBT">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure that receives notifications useful to a CBT application.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WH_DEBUG">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure useful for debugging other hook procedures.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WH_FOREGROUNDIDLE">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure that will be called when the application's foreground thread is about to become idle.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WH_GETMESSAGE">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure that monitors messages posted to a message queue.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WH_JOURNALPLAYBACK">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure that posts messages previously recorded by a WH_JOURNALRECORD hook procedure.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WH_JOURNALRECORD">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure that records input messages posted to the system message queue.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WH_KEYBOARD">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure that monitors keystroke messages.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WH_KEYBOARD_LL">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure that monitors low-level keyboard input events.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WH_MOUSE">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure that monitors mouse messages.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WH_MOUSE_LL">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure that monitors low-level mouse input events.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WH_MSGFILTER">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WH_SHELL">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure that receives notifications useful to shell applications.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="WH_SYSMSGFILTER">
+				<xs:annotation>
+					<xs:documentation>Specifies a hook procedure that monitors messages generated as a result of an input event in a dialog box, message box, menu, or scroll bar.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+		</xs:restriction>
+	</xs:simpleType>
+</xs:schema>

data/config/1.1.1/stix/cybox/objects/Win_Kernel_Hook_Object.xsd ADDED Viewed

@@ -0,0 +1,109 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinKernelHookObj="http://cybox.mitre.org/objects#WinKernelHookObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" targetNamespace="http://cybox.mitre.org/objects#WinKernelHookObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Kernel_Hook_Object</schema>
+			<version>2.1</version>
+			<date>01/22/2014</date>
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:element name="Windows_Kernel_Hook" type="WinKernelHookObj:WindowsKernelHookObjectType">
+		<xs:annotation>
+			<xs:documentation>The Windows_Kernel_Hook object is intended to characterize Windows kernel function hooks.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsKernelHookObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsKernelHookObjectType type is intended to characterize Windows kernel function hooks.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="cyboxCommon:ObjectPropertiesType">
+				<xs:sequence>
+					<xs:element name="Digital_Signature_Hooking" type="cyboxCommon:DigitalSignatureInfoType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Digital_Signature_Hooked field is optional and specifies the digital signature of the hooking code.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Digital_Signature_Hooked" type="cyboxCommon:DigitalSignatureInfoType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Digital_Signature_Hooked field is optional and specifies the digital signature of the hooked code.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Hooking_Address" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Hooking_Address field is optional and specifies the address from where the hooking occurs.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Hook_Description" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Hook_Description field is optional and provides a description of the nature of the hook.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Hooked_Function" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Hooked_Function field specifies the name of the function that is hooked.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Hooked_Module" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Hooked_Module field specifies the name of the module that is hooked.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Hooking_Module" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Hooking_Module field specifies the name of the module that is doing the hooking.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Type" type="WinKernelHookObj:KernelHookType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Type field specifies the type of hook being characterized.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="KernelHookType">
+		<xs:annotation>
+			<xs:documentation>KernelHookType specifies Windows kernel hook types via a union of the KernelHookTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
+		</xs:annotation>
+		<xs:simpleContent>
+			<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
+				<xs:simpleType>
+					<xs:union memberTypes="WinKernelHookObj:KernelHookTypeEnum xs:string"/>
+				</xs:simpleType>
+				<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
+					<xs:annotation>
+						<xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:restriction>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:simpleType name="KernelHookTypeEnum">
+		<xs:annotation>
+			<xs:documentation>The KernelHookTypeEnum type is a non-exhaustive enumeration of Windows kernel hook types.</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="IAT_API">
+				<xs:annotation>
+					<xs:documentation>Specifies a kernel hook type of IAT_API.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Inline_Function">
+				<xs:annotation>
+					<xs:documentation>Specifies an inline function type of kernel hook.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="Instruction_Hooking">
+				<xs:annotation>
+					<xs:documentation>Specifies an instruction hooking type of kernel hook.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+		</xs:restriction>
+	</xs:simpleType>
+</xs:schema>