Package rekall :: Package plugins :: Package common :: Module memmap :: Class MemDumpMixin

Class MemDumpMixin

Dump the addressable memory for a process.

Note that because the addressable memory is sparse we do not maintain alignment in the output file. Instead, we also write an index file which describes all the sparse runs in the dump - but the dump file has all the data concatenated.

Instance Methods

dump_process(self, eprocess, fd, index_fd)

source code

render(self, renderer)

source code

CopyToFile(self, address_space, start, end, outfd)
Copy a part of the address space to the output file. (Inherited from rekall.plugins.core.DirectoryDumperMixin)

source code

__init__(self, *args_, **kwargs)
Dump to a directory. (Inherited from rekall.plugins.core.DirectoryDumperMixin)

source code

check_dump_dir(self, dump_dir=None) (Inherited from rekall.plugins.core.DirectoryDumperMixin)

source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Methods

args(cls, parser)
Declare the command line args we need. (Inherited from rekall.plugins.common.memmap.MemmapMixIn)

source code

Class Variables
	name = `'memdump'`
	default_dump_dir = `'.'` (Inherited from rekall.plugins.core.DirectoryDumperMixin)
	dump_dir_optional = `True` (Inherited from rekall.plugins.core.DirectoryDumperMixin)

Properties
Inherited from `object`: `__class__`

Method Details

render(self, renderer)

source code

Overrides: MemmapMixIn.render