Skip to content

Enum: ModuleLoadTypeIdEnum

The normalized identifier for how the module was loaded in memory.

URI: ocsf:ModuleLoadTypeIdEnum

Permissible Values

Value Meaning Description
STANDARD None A normal module loaded by the normal windows loading mechanism i
NON_STANDARD None A module loaded in a way avoidant of normal windows procedures
SHELLCODE None A raw module in process memory that is READWRITE_EXECUTE and had a thread
MAPPED None A memory mapped file, typically created with CreatefileMapping/MapViewOfFile
NONSTANDARD_BACKED None A module loaded in a non standard way
UNKNOWN None The load type is unknown
OTHER None The load type is not mapped

Slots

Name Description
load_type_id The normalized identifier for how the module was loaded in memory

Identifier and Mapping Information

Schema Source

LinkML Source

name: ModuleLoadTypeIdEnum
description: The normalized identifier for how the module was loaded in memory.
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
  STANDARD:
    text: STANDARD
    description: 'A normal module loaded by the normal windows loading mechanism i.e.

      LoadLibrary.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '1'
      caption:
        tag: caption
        value: Standard
  NON_STANDARD:
    text: NON_STANDARD
    description: 'A module loaded in a way avoidant of normal windows procedures.
      i.e.

      Bootstrapped Loading/Manual Dll Loading.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '2'
      caption:
        tag: caption
        value: Non Standard
  SHELLCODE:
    text: SHELLCODE
    description: 'A raw module in process memory that is READWRITE_EXECUTE and had
      a thread

      started in its range.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '3'
      caption:
        tag: caption
        value: ShellCode
  MAPPED:
    text: MAPPED
    description: A memory mapped file, typically created with CreatefileMapping/MapViewOfFile.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '4'
      caption:
        tag: caption
        value: Mapped
  NONSTANDARD_BACKED:
    text: NONSTANDARD_BACKED
    description: 'A module loaded in a non standard way. However, GetModuleFileName
      succeeds on

      this allocation.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '5'
      caption:
        tag: caption
        value: NonStandard Backed
  UNKNOWN:
    text: UNKNOWN
    description: The load type is unknown.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '0'
      caption:
        tag: caption
        value: Unknown
  OTHER:
    text: OTHER
    description: 'The load type is not mapped. See the <code>load_type</code> attribute,
      which

      contains a data source specific value.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '99'
      caption:
        tag: caption
        value: Other