Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Module core
[frames] | no frames]

Module core

source code

This module implements core plugins.

Author: Michael Cohen <scudette@gmail.com>

Classes
  Info
Print information about various subsystems.
  TestInfo
Disable the Info test.
  FindDTB
A base class to be used by all the FindDTB implementation.
  LoadAddressSpace
Load address spaces into the session if its not already loaded.
  DirectoryDumperMixin
A mixin for plugins that want to dump files to a directory.
  Null
This plugin does absolutely nothing.
  LoadPlugins
Load user provided plugins.
  Printer
A plugin to print an object.
  Lister
A plugin to list objects.
  DT
Print a struct or other symbol.
  AddressMap
Label memory ranges.
  Dump
Hexdump an object or memory location.
  Grep
Search an address space for keywords.
  SetProcessContextMixin
Set the current process context.
  VtoPMixin
Prints information about the virtual to physical translation.
  RaisingTheRoof
A plugin that exists to break your tests and make you cry.
  TestRaisingTheRoof
Functions
 
MethodWithAddressSpace(process=None)
A decorator to do an operation in another address space.		 source code
Variables
  __package__ = 'rekall.plugins'
   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:46 2017 http://epydoc.sourceforge.net