"Fossies" - the Fresh Open Source Software Archive

Member "osquery-4.3.0/specs/windows/appcompat_shims.table" (14 Apr 2020, 811 Bytes) of package /linux/misc/osquery-4.3.0.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 table_name("appcompat_shims")
    2 description("Application Compatibility shims are a way to persist malware. This table presents the AppCompat Shim information from the registry in a nice format. See http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf for more details.")
    3 schema([
    4     Column("executable", TEXT, "Name of the executable that is being shimmed. This is pulled from the registry."),
    5     Column("path", TEXT, "This is the path to the SDB database."),
    6     Column("description", TEXT, "Description of the SDB."),
    7     Column("install_time", INTEGER, "Install time of the SDB"),
    8     Column("type", TEXT, "Type of the SDB database."),
    9     Column("sdb_id", TEXT, "Unique GUID of the SDB."),
   10 ])
   11 implementation("appcompat_shims@genShims")
   12 examples([
   13   "select * from appcompat_shims;",
   14 ])