valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
191fc7df53
osquery-1/specs/windows/appcompat_shims.table
Mitchell Grenier 6065c26f1d Make all descriptions use periods consistently. (#3324)
2017-05-25 12:43:58 -07:00

15 lines
811 B
Plaintext
Raw Blame History

table_name("appcompat_shims")
description("Application Compatibility shims are a way to persist malware. This table presents the AppCompat Shim information from the registry in a nice format. See http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf for more details.")
schema([
Column("executable", TEXT, "Name of the executable that is being shimmed. This is pulled from the registry."),
Column("path", TEXT, "This is the path to the SDB database."),
Column("description", TEXT, "Description of the SDB."),
Column("install_time", INTEGER, "Install time of the SDB"),
Column("type", TEXT, "Type of the SDB database."),
Column("sdb_id", TEXT, "Unique GUID of the SDB."),
])
implementation("appcompat_shims@genShims")
examples([
"select * from appcompat_shims;",
])
Reference in New Issue View Git Blame Copy Permalink