This documentation does not apply to the most recent version of uberAgent. Click here for the latest version.
Remote Thread Event Properties
The following event properties can be used with create remote thread events in uAQL queries (event type
Process.CreateRemoteThread). In addition to the properties listed here, the common properties are applicable, too.
|Property name||uAQL Data Type||Description|
||Integer||The thread identifier of the newly created thread.|
||Integer||The process identifier of the process that runs the newly created thread.|
||Integer||The process identifier of the process that has initiated the remote thread.|
||Integer||The absolute address in virtual memory where the function is located.|
||String||The name of the library where the function that was started is located in.|
||String||The name of the function that was started as entry point for the new thread.|
Your email address will not be published. Required fields are marked *