| Trees | Indices | Help |
|
|---|
|
|
A command can be run from the rekall command line.
Commands can be automatically imported into the shell's namespace and are expected to produce textual (or other) output.
In order to define a new command simply extend this class.
| Nested Classes | |
|
__metaclass__ Automatic Plugin Registration through metaclasses. |
|
|
top_level_class A command can be run from the rekall command line. |
|
| Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Inherited from |
|||
| Class Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
| Class Variables | |
interactive = False
|
|
producer = False
|
|
error_status = Nonehash(x) |
|
mode = Nonehash(x) |
|
classes = |
|
classes_by_name = |
|
plugin_feature = |
|
| Properties | |
| name | |
|
Inherited from |
|
| Method Details |
Return an instance of this plugin with suitable default arguments.
In most general applications, types are declared at compile time and
remain immutable, or at least available throughout the program's
lifecycle. Rekall, on the other hand, leave many of the decisions
usually made at type declaration time until late in the runtime,
when the profile data is available. For this reason, in many of the
cases when other applications would interrogate classes (for attributes
and properties, among other things), in Rekall we must interrogate
their instances, which have access to profile data. In order to
make this possible slightly earlier in the runtime than when running
the plugin, we introduce the concept of prototypes, which are
instances of the plugin or struct with the current session and profile
available, but with no data or arguments set.
Arguments:
session
Returns:
And instance of this Command with suitable default arguments.
|
The constructor for this command.
Commands can take arbitrary named args and have access to the running
session.
Args:
session: The session we will use. Many options are taken from the
session by default, if not provided. This allows users to omit
specifying many options.
ignore_required: If this is true plugin constructors must allow the
plugin to be instantiated with no parameters. All parameter
validation shall be disabled and construction must succeed.
|
Returns an instance of the named plugin.
The new plugin will initialized with the current session and optional
kwargs.
Args:
name: The generic name of the plugin (i.e. the __name attribute,
e.g. pslist).
kwargs: Extra args to use for instantiating the plugin.
|
Render into a string using the text renderer.
|
repr(x)
|
Make plugins that define collect iterable, as convenience.
Because this:
for x in session.plugins.get_some_data():
# do stuff
Is nicer than this:
for x in session.plugins.get_some_data().collect():
# do stuff
|
Produce results on the renderer given. Each plugin should implement this method to produce output on the renderer. The framework will initialize the plugin and provide it with some kind of renderer to write output on. The plugin should not assume that the renderer is actually TextRenderer, only that the methods defined in the BaseRenderer exist. Args: renderer: A renderer based at rekall.ui.renderer.BaseRenderer. |
| Class Variable Details |
classes
|
classes_by_name
|
| Property Details |
name
|
| Trees | Indices | Help |
|
|---|
| Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:55 2017 | http://epydoc.sourceforge.net |
