| Trees | Indices | Help |
|
|---|
|
|
A pointer reads an 'address' object from the address space.
| Nested Classes | |
|
__metaclass__ Give each object a unique ID. (Inherited from rekall.obj.BaseObject) |
|
| Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Inherited from |
|||
| Class Methods | |||
|
|||
| Static Methods | |||
|
|||
| Class Variables | |
obj_name = <No name>
(Inherited from rekall.obj.BaseObject)
|
|
obj_parent = <No parent>
(Inherited from rekall.obj.BaseObject)
|
|
obj_producers = Nonehash(x) (Inherited from rekall.obj.BaseObject) |
|
| Properties | |
| obj_size | |
|
indices Returns (usually 1) representation(s) of self usable as dict keys. |
|
| obj_end (Inherited from rekall.obj.BaseObject) | |
|
parents Returns all the parents of this object. (Inherited from rekall.obj.BaseObject) |
|
|
Inherited from |
|
| Method Details |
Constructor.
Args:
target: The name of the target object (A string). We use the profile
to instantiate it.
target_args: The target will receive these as kwargs.
|
Do the actual reading and decoding of this member When vm is specified, we are asked to evaluate this object is another address space than the one it was created on. Derived classes should allow for this.
|
|
Writes the data back into the address space
|
|
Returns if what we are pointing to is valid
|
Indexing a pointer indexes its target. Note this is different than C which treats pointers as arrays: struct foobar *p1; struct foobar *p2[]; In C: p[1] -> struct foobar p[2] -> struct foobar * In Rekall: p[1] -> Not allowed since structs do not have []. p[2] -> struct foobar. |
|
Hide any members with _.
|
|
This method is used in comparison operations. This ideas here is to make it possible to easily write a condition such as: while ptr: ... ptr += 1 Pointers are considered non-zero if they are invalid (i.e. what they point to is not mapped in. This is very subtle and might be the wrong choice. Note that if the kernel actually maps the zero page in (which can happen in some situations), then a null pointer is actually valid.
|
Return a new pointer advanced by this many positions. Note that as usual for pointer arithmetic, the pointer moves by steps of the size of the target.
|
|
repr(x)
|
|
Dereference ourselves into another type, or address space. This method allows callers to explicitly override the setting in the profile for this pointer. Args: target: The target to override. target_args: The args to instantiate this target with. vm: The address space to dereference the pointer in. profile: If a new profile should be used to instantiate the target. |
| Property Details |
obj_size
|
indicesReturns (usually 1) representation(s) of self usable as dict keys. Using full base objects for indexing can be slow, especially with Structs. This method returns a representation of the object that is a suitable key - either the value of a primitive type, or the memory address of the more complex ones.
|
| Trees | Indices | Help |
|
|---|
| Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:53 2017 | http://epydoc.sourceforge.net |