Source Code for Module rekall.kb

 1  # This module provides for a central knowledge base which plugins can use to 
 2  # collect information. 
 3   
 4  from rekall import plugin 
 5  from rekall_lib import registry 
 6   
 7   
 8 -class ParameterHook(plugin.ModeBasedActiveMixin): 
 9      """A mechanism for automatically calculating a parameter. 
10   
11      The session contains many parameters which are calculated through the 
12      various plugins, or provided by the user. These parameters essentially 
13      represent a growing body of knowledge about the image we are currently 
14      analysing. 
15   
16      Some plugins require this information before they can continue. If the 
17      information is already known, we do not need to re-derive it, and the value 
18      can be cached in the session. 
19   
20      A ParameterHook is a class which is called to find out the value of a 
21      parameter when it is not known. 
22      """ 
23      __abstract = True 
24   
25      __metaclass__ = registry.MetaclassRegistry 
26   
27      # The name of the parameter we will be calculating. This class will 
28      # automatically be called when someone accessed this name, and it is not 
29      # already known. 
30      name = None 
31   
32      # The number of seconds this parameter can be assumed valid - or None if the 
33      # parameter does not expire. NOTE that expiry is only considered in the 
34      # physical_address_space.metadata("live") == True. 
35      expiry = None 
36   
37      # Signifies if this parameter is considered volatile (i.e. is likely to 
38      # change on a live system). 
39      volatile = True 
40   
41 -    def __init__(self, session): 
42          if session == None: 
43              raise RuntimeError("Session must be set") 
44   
45          self.session = session 
46   
47 -    def calculate(self): 
48          """Derive the value of the parameter.""" 
49