Trees | Indices | Help |
|
---|
|
Scan the physical memory attempting to find hypervisors. Once EPT values are found, you can use them to inspect virtual machines with any of the rekall modules by using the --ept parameter and specifying the guest virtual machine profile. Supports the detection of the following virtualization techonlogies: * Intel VT-X with EPT. Microarchitectures: + Westmere + Nehalem + Sandybridge + Ivy Bridge + Haswell * Intel VT-X without EPT (unsupported page translation in rekall). + Penryn For the specific processor models that support EPT, please check: http://ark.intel.com/products/virtualizationtechnology.
Nested Classes | |
__metaclass__ Automatic Plugin Registration through metaclasses. (Inherited from rekall.plugin.Command) |
|
top_level_class A command can be run from the rekall command line. (Inherited from rekall.plugin.Command) |
Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
Inherited from |
Class Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Class Variables | |
PHYSICAL_AS_REQUIRED = True
(Inherited from rekall.plugin.PhysicalASMixin)
|
|
ROW_OPTIONS =
(Inherited from rekall.plugin.TypedProfileCommand)
|
|
classes =
(Inherited from rekall.plugin.Command)
|
|
classes_by_name =
(Inherited from rekall.plugin.Command)
|
|
error_status = None hash(x) (Inherited from rekall.plugin.Command) |
|
interactive = False
(Inherited from rekall.plugin.Command)
|
|
mode = None hash(x) (Inherited from rekall.plugin.Command) |
|
plugin_args = None hash(x) (Inherited from rekall.plugin.ArgsParserMixin) |
|
plugin_feature =
(Inherited from rekall.plugin.Command)
|
|
producer = False
(Inherited from rekall.plugin.Command)
|
|
table_header = None hash(x) (Inherited from rekall.plugin.TypedProfileCommand) |
|
table_options =
(Inherited from rekall.plugin.TypedProfileCommand)
|
Properties | |
name (Inherited from rekall.plugin.Command) | |
Inherited from |
Method Details |
A mixin for those plugins requiring a physical address space. Args: physical_address_space: The physical address space to use. If not specified we use the following options: 1) session.physical_address_space, 2) Guess using the load_as() plugin, 3) Use session.kernel_address_space.base.
|
Produce results on the renderer given. Each plugin should implement this method to produce output on the renderer. The framework will initialize the plugin and provide it with some kind of renderer to write output on. The plugin should not assume that the renderer is actually TextRenderer, only that the methods defined in the BaseRenderer exist. Args: renderer: A renderer based at rekall.ui.renderer.BaseRenderer.
|
|
|
Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:17 2017 | http://epydoc.sourceforge.net |