Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package darwin :: Module lsmod
[frames] | no frames]

Source Code for Module rekall.plugins.darwin.lsmod

 1  # Rekall Memory Forensics 
 2  # 
 3  # Copyright 2013 Google Inc. All Rights Reserved. 
 4  # 
 5  # This program is free software; you can redistribute it and/or modify 
 6  # it under the terms of the GNU General Public License as published by 
 7  # the Free Software Foundation; either version 2 of the License, or (at 
 8  # your option) any later version. 
 9  # 
10  # This program is distributed in the hope that it will be useful, but 
11  # WITHOUT ANY WARRANTY; without even the implied warranty of 
12  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
13  # General Public License for more details. 
14  # 
15  # You should have received a copy of the GNU General Public License 
16  # along with this program; if not, write to the Free Software 
17  # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 
18  """Enumerate all kernel modules.""" 
19   
20  __author__ = "Michael Cohen <scudette@google.com>" 
21   
22  from rekall.plugins.darwin import common 
23   
24   

25 -class DarwinLsmod(common.AbstractDarwinCommand): 

26      """Lists all kernel modules.""" 
27   
28      __name = "lsmod" 
29   
30      modlist = None 
31      mod_lookup = None 
32   

33 -    def get_module_list(self): 

34          # The kernel is also included in the module list to make it easier to 
35          # local pointers inside it. 
36          # See: xnu-2422.1.72/bsd/dev/dtrace/dtrace.c: 19843 
37          kernel = self.profile.get_constant_object( 
38              "_g_kernel_kmod_info", "kmod_info") 
39          if kernel: 
40              yield kernel 
41   
42          module = self.profile.get_constant_object( 
43              "_kmod", 
44              target="Pointer", 
45              target_args=dict( 
46                  target="kmod_info" 
47              ), 
48              vm=self.kernel_address_space) 
49   
50          # walk the modules list 
51          for m in module.walk_list("next", True): 
52              yield m 

53   

54 -    def render(self, renderer): 

55          renderer.table_header([("Address", "address", "[addrpad]"), 
56                                 ("Size", "size", "[addrpad]"), 
57                                 ("Refs", "refs", ">8"), 
58                                 ("Version", "version", ">12"), 
59                                 ("Name", "name", "")]) 
60   
61          for mod in self.get_module_list(): 
62              renderer.table_row(mod.address, 
63                                 mod.m("size"), 
64                                 mod.reference_count, 
65                                 mod.version, 
66                                 mod.name) 

67

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:49 2017 http://epydoc.sourceforge.net