Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package common :: Package efilter_plugins :: Module helpers :: Class EfilterRunner
[frames] | no frames]

Class EfilterRunner

source code

An easy to use class for using Efilter.

The Efilter interface is fairly complex but most people just want to filter
a range of callables. This class is a helper class to help with using
Efilter.

All one needs to do is to extend this class and implement any functions
which should exist in the EFilter namespace. For example, to add a foo()
function:

class NewRunner(search.EfilterRunner):
    def run_foo(self):
        for x in range(10):
            yield dict(A=x, B=2*x)


for x in NewRunner().filter("select * from foo()"):
    print x

{'A': 0, 'B': 0}
{'A': 1, 'B': 2}
{'A': 2, 'B': 4}
{'A': 3, 'B': 6}
{'A': 4, 'B': 8}
Instance Methods
 
resolve(self, name) source code
 
getmembers_runtime(self) source code
 
filter(self, query, **query_args) source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __init__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Properties

Inherited from object: __class__

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:02 2017 http://epydoc.sourceforge.net