Memory
The module matches memory accesses made by the sample
Fields
Field name |
Required |
Variables |
Regex |
Type |
|---|---|---|---|---|
structure |
True |
False |
False |
enum[“Peb”, “Peb.Flag”, “Teb”] |
mode |
False |
False |
False |
enum[“Read”, “Write”, “Execute”] |
Example
{
module: "Memory",
structure: "PEB.flag",
mode: "Read"
}