osquery-1/specs/windows/winbaseobj.table

table_name("winbaseobj")
description("Lists named Windows objects in the default object directories, across all terminal services sessions.")
schema([
    Column("session_id", INTEGER, "Terminal Services Session Id"),
    Column("object_name", TEXT, "Object Name"),
    Column("object_type", TEXT, "Object Type"),
])
implementation("system/windows/Objects@genBaseNamedObjects")
examples([
  "select object_name, object_type from winbaseobj",
  "select * from winbaseobj where type='Mutant'",
])
querying of named objects in windows across terminal services sessions. even mutexes. (#4547) 2018-07-27 22:08:51 +00:00			`table_name("winbaseobj")`
			`description("Lists named Windows objects in the default object directories, across all terminal services sessions.")`
			`schema([`
Advert index not implemented (#5938) 2019-10-29 00:27:06 +00:00			`Column("session_id", INTEGER, "Terminal Services Session Id"),`
			`Column("object_name", TEXT, "Object Name"),`
querying of named objects in windows across terminal services sessions. even mutexes. (#4547) 2018-07-27 22:08:51 +00:00			`Column("object_type", TEXT, "Object Type"),`
			`])`
			`implementation("system/windows/Objects@genBaseNamedObjects")`
			`examples([`
			`"select object_name, object_type from winbaseobj",`
			`"select * from winbaseobj where type='Mutant'",`
			`])`