Source Code for Module rekall.plugins.darwin.pas2kas

 1  # Rekall Memory Forensics 
 2  # 
 3  # Copyright 2015 Google Inc. All Rights Reserved. 
 4  # 
 5  # Authors: 
 6  # Michael Cohen <scudette@users.sourceforge.net> 
 7  # 
 8  # This program is free software; you can redistribute it and/or modify 
 9  # it under the terms of the GNU General Public License as published by 
10  # the Free Software Foundation; either version 2 of the License, or (at 
11  # your option) any later version. 
12  # 
13  # This program is distributed in the hope that it will be useful, but 
14  # WITHOUT ANY WARRANTY; without even the implied warranty of 
15  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
16  # General Public License for more details. 
17  # 
18  # You should have received a copy of the GNU General Public License 
19  # along with this program; if not, write to the Free Software 
20  # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 
21  # 
22   
23  # pylint: disable=protected-access 
24   
25  from rekall.plugins.common import pas2kas 
26  from rekall.plugins.darwin import common 
27   
28   
29 -class DarwinPas2Vas(pas2kas.Pas2VasMixin, common.ProcessFilterMixin, 
30                      common.AbstractDarwinCommand): 
31      """Resolves a physical address to a virtual addrress in a process.""" 
32   
33   
34 -class DarwinPas2VasResolver(pas2kas.Pas2VasResolver): 
35 -    def GetTaskStruct(self, addrress): 
36          return self.session.profile.proc(addrress) 
37   
38   
39 -class DarwinPas2VasResolverHook(common.AbstractDarwinParameterHook): 
40      """Provide the Pas2Vas resolver.""" 
41   
42      name = "physical_address_resolver" 
43   
44 -    def calculate(self): 
45          return DarwinPas2VasResolver(session=self.session) 
46