| Trees | Indices | Help |
|
|---|
|
|
A specialized index that works on symbols-offsets.
| Nested Classes | |
|
__metaclass__ Automatic Plugin Registration through metaclasses. (Inherited from rekall.obj.Profile) |
|
|
top_level_class A collection of types relating to a single compilation unit. (Inherited from rekall.obj.Profile) |
|
| Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Inherited from |
|||
| Class Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
| Class Variables | |
COMMON_CLASSES = |
|
EMPTY_DESCRIPTOR = |
|
GOOD_MATCH = 0.75
(Inherited from rekall.plugins.common.profile_index.Index)
|
|
METADATA = |
|
PERFECT_MATCH = 1.0
(Inherited from rekall.plugins.common.profile_index.Index)
|
|
applied_modifications = Nonehash(x) (Inherited from rekall.obj.Profile) |
|
base_offset = 0
(Inherited from rekall.plugins.common.profile_index.Index)
|
|
classes = |
|
classes_by_name = |
|
constants = Nonehash(x) (Inherited from rekall.obj.Profile) |
|
index = Nonehash(x) (Inherited from rekall.plugins.common.profile_index.Index) |
|
overlays = Nonehash(x) (Inherited from rekall.obj.Profile) |
|
plugin_feature = |
|
types = Nonehash(x) (Inherited from rekall.obj.Profile) |
|
vtypes = Nonehash(x) (Inherited from rekall.obj.Profile) |
|
| Properties | |
| hashes | |
| traits | |
| profiles | |
| duplicates | |
|
Inherited from |
|
| Method Details |
x.__init__(...) initializes x; see help(type(x)) for signature
|
Returns which profiles in the index match a dict of symbols.
Returns:
A list of tuples of (profile, num_matched_traits).
|
Whether a profile matches another profile's trait. A trait is a list of tuples (symbol, offset) that uniquely identify a profile. |
Whether a raw profile (JSON) matches another profile's trait. A trait is a list of tuples (symbol, offset) that uniquely identify a profile. |
Builds a SymbolOffset index from traits, profiles, hashes and a spec.
Args:
hashes: A dictionary of hash:profile_id. Hashes must be obtained via
the SymbolOffsetIndex.CalculateRawProfileHash() method.
traits: A dictionary of profile_id:traits. Traits are the result
of calling the SymbolOffsetIndex.FindTraits() method.
profiles: A dictionary of profile_id metadata. Profile metadata
is obtained via SymbolOffsetIndex.GetProfileMetadata().
duplicates: A list of newly found profile ids that are duplicate.
|
Yields tuples of profile_id, traits. Each trait is a list of tuples of (symbol, offset) that make this profile unique within the repository. |
Modifies a dict of symbols so its offsets relative to base_symbol.
If no base_symbol is provided and the index itself doesn't define one
then returns the symbols as is.
Args:
symbols: A dictionary of symbol:value
base_symbol: The name of the symbol to base others' values on.
|
|
|
| Property Details |
hashes
|
traits
|
profiles
|
duplicates
|
| Trees | Indices | Help |
|
|---|
| Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:04 2017 | http://epydoc.sourceforge.net |