Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Module obj :: Class BaseObject
[frames] | no frames]

Class BaseObject

source code

Nested Classes
  __metaclass__
Give each object a unique ID.
Instance Methods
 
__init__(self, type_name=None, offset=0, vm=None, profile=None, parent=None, name='', context=None, session=None, **kwargs)
Constructor for Base object.		 source code
 
GetData(self)
Returns the raw data of this object.		 source code
 
proxied(self) source code
 
write(self, value)
Function for writing the object back to disk		 source code
 
__nonzero__(self)
This method is called when we test the truth value of an Object.		 source code
 
__eq__(self, other) source code
 
__hash__(self)
hash(x)		 source code
 
m(self, memname) source code
 
is_valid(self) source code
 
deref(self, vm=None)
An alias for dereference - less to type.		 source code
 
dereference(self, vm=None) source code
 
reference(self)
Produces a pointer to this object.		 source code
 
cast(self, type_name=None, vm=None, **kwargs) source code
 
v(self, vm=None)
Do the actual reading and decoding of this member		 source code
 
__str__(self)
str(x)		 source code
 
__unicode__(self) source code
 
__repr__(self)
repr(x)		 source code
 
__dir__(self)
Hide any members with _.		 source code
 
__format__(self, formatspec)
default object formatter		 source code

Inherited from object: __delattr__, __getattribute__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __subclasshook__

Class Methods
 
getproperties(cls)
Return all members that are intended to represent some data.		 source code
Class Variables
  obj_parent = <No parent>
  obj_name = <No name>
  obj_producers = None
hash(x)
Properties
  obj_size
  obj_end
  parents
Returns all the parents of this object.
  indices
Returns (usually 1) representation(s) of self usable as dict keys.

Inherited from object: __class__

Method Details

__init__(self, type_name=None, offset=0, vm=None, profile=None, parent=None, name='', context=None, session=None, **kwargs)
(Constructor)

source code  
Constructor for Base object.

Args:
  type_name: The name of the type of this object. This different
     from the class name, since the same class may implement many types
     (e.g. Struct implements every instance in the vtype definition).

  offset: The offset within the address space to this object exists.

  vm: The address space this object uses to read itself from.

  profile: The profile this object may use to dereference other
   types.

  parent: The object which created this object.

  name: The name of this object.

  context: An opaque dict which is passed to all objects created from
    this object. This dict may contain context specific information
    which each derived instance can use.

  kwargs: Arbitrary args this object may accept - these can be passed in
     the vtype language definition.
Overrides: object.__init__

__nonzero__(self)
(Boolean test operator)

source code  
This method is called when we test the truth value of an Object.

In rekall we consider an object to have True truth value only when it is
a valid object. Its possible for example to have a Pointer object which
is not valid - this will have a truth value of False.

You should be testing for validity like this:
if X:
   # object is valid

Do not test for validity like this:

if int(X) == 0:

or

if X is None:
  .....

the later form is not going to work when X is a NoneObject.

__hash__(self)
(Hashing function)

source code 

hash(x)

Overrides: object.__hash__
(inherited documentation)

reference(self)

source code 

Produces a pointer to this object.

This is the same as the C & operator and is the opposite of deref().

v(self, vm=None)

source code 

Do the actual reading and decoding of this member

When vm is specified, we are asked to evaluate this object is another address space than the one it was created on. Derived classes should allow for this.

__str__(self)
(Informal representation operator)

source code 

str(x)

Overrides: object.__str__
(inherited documentation)

__repr__(self)
(Representation operator)

source code 

repr(x)

Overrides: object.__repr__
(inherited documentation)

__format__(self, formatspec)

source code 

default object formatter

Overrides: object.__format__
(inherited documentation)

Property Details

obj_size

Get Method:
unreachable.obj_size(self)

obj_end

Get Method:
unreachable.obj_end(self)

parents

Returns all the parents of this object.

Get Method:
unreachable.parents(self) - Returns all the parents of this object.

indices

Returns (usually 1) representation(s) of self usable as dict keys.

Using full base objects for indexing can be slow, especially with Structs. This method returns a representation of the object that is a suitable key - either the value of a primitive type, or the memory address of the more complex ones.

Get Method:
unreachable.indices(self) - Returns (usually 1) representation(s) of self usable as dict keys.

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:51 2017 http://epydoc.sourceforge.net