Trees | Indices | Help |
|
---|
|
A scanner that searches for a signature.
The signature is given as a list of strings and this scanner checks that each part of the signature is present in memory in ascending order.
Nested Classes | |
__metaclass__ Automatic Plugin Registration through metaclasses. (Inherited from rekall.scan.ScannerCheck) |
|
top_level_class A scanner check is a special class which is invoked on an AS to check for a specific condition. (Inherited from rekall.scan.ScannerCheck) |
Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
Inherited from |
Class Methods | |||
|
|||
|
Class Variables | |
classes =
(Inherited from rekall.scan.ScannerCheck)
|
|
classes_by_name =
(Inherited from rekall.scan.ScannerCheck)
|
|
plugin_feature =
(Inherited from rekall.scan.ScannerCheck)
|
Properties | |
Inherited from |
Method Details |
Init. Args: needles: A list of strings we search for. **kwargs: passthrough. Raises: RuntimeError: No needles provided.
|
Is the needle found at 'offset'? Arguments: buffer_as: An address space object with a chunk of data that can be checked for the needle. offset: The offset in the address space to check.
|
Determine how many bytes we can skip. If you want to speed up the scanning define this method - it will be used to skip the data which is obviously not going to match. You will need to return the number of bytes from offset to skip to. We take the maximum number of bytes to guarantee that all checks have a chance of passing. Args: buffer_as: A BufferAddressSpace instance wrapping self.address_space, containing a copy of the data at the specified offset. offset: The offset in the address space to check. Returns: Number of bytes to be skipped.
|
|
|
Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:04 2017 | http://epydoc.sourceforge.net |