| Trees | Indices | Help |
|
|---|
|
|
| Nested Classes | |
|
__metaclass__ Automatic Plugin Registration through metaclasses. (Inherited from rekall.scan.BaseScanner) |
|
|
top_level_class Base class for all scanners. (Inherited from rekall.scan.BaseScanner) |
|
| Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Inherited from |
|||
| Class Methods | |||
|
|||
|
|||
| Class Variables | |
checks = |
|
classes = |
|
classes_by_name = |
|
overlap = 1024
(Inherited from rekall.scan.BaseScanner)
|
|
plugin_feature = |
|
progress_message = |
|
| Properties | |
|
Inherited from |
| Method Details |
The base scanner. Args: profile: The profile to use for this scan. address_space: The address space we use for scanning. window_size: The size of the overlap window between each buffer read.
|
Check an address. This calls our constraints on the offset and returns if any contraints did not match. Args: offset: The offset to test (in self.address_space). Returns: None if the offset is not a hit, the hit if the hit is correct.
|
Skip uninteresting regions. Where should we go next? By default we go 1 byte ahead, but if some of the checkers have skippers, we may actually go much farther. Checkers with skippers basically tell us that there is no way they can match anything before the skipped result, so there is no point in trying them on all the data in between. This optimization is useful to really speed things up.
|
Scan the region from offset for maxlen.
Args:
offset: The starting offset in our current address space to scan.
maxlen: The maximum length to scan. If not provided we just scan until
there is no data.
Yields:
offsets where all the constrainst are satisfied.
|
|
|
| Trees | Indices | Help |
|
|---|
| Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:04 2017 | http://epydoc.sourceforge.net |