valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f48619ed28
osquery-1/specs/process_memory_map.table
Teddy Reed a105924804 Move specs to a top-level path, add query examples 
1. Example queries will run with an (optional) integration test.
2. Fix bad accesses with OS X package BOMs
3. Move spec files from ./osquery/tables/specs to ./specs
4. Remove server parsers (netlib) from client builds.
2015-06-03 10:39:05 -07:00

18 lines
816 B
Plaintext
Raw Blame History

table_name("process_memory_map")
description("Process memory mapped files and pseudo device/regions.")
schema([
Column("pid", INTEGER, "Process (or thread) ID", index=True),
Column("start", TEXT, "Virtual start address (hex)"),
Column("end", TEXT, "Virtual end address (hex)"),
Column("permissions", TEXT, "r=read, w=write, x=execute, p=private (cow)"),
Column("offset", BIGINT, "Offset into mapped path"),
Column("device", TEXT, "MA:MI Major/minor device ID"),
Column("inode", INTEGER, "Mapped path inode, 0 means uninitialized (BSS)"),
Column("path", TEXT, "Path to mapped file or mapped type"),
Column("pseudo", INTEGER, "1 if path is a pseudo path, else 0"),
])
implementation("processes@genProcessMemoryMap")
examples([
"select * from process_memory_map where pid = 1",
])
Reference in New Issue View Git Blame Copy Permalink