Trees | Indices | Help |
|
---|
|
A scanner for DTB values. Handles both 32 and 64 bits.
The plugin also autodetects when the guest is running as a XEN ParaVirtualized guest and returns a compatible address space.
Nested Classes | |
__metaclass__ Automatic Plugin Registration through metaclasses. (Inherited from rekall.plugin.Command) |
|
top_level_class A command can be run from the rekall command line. (Inherited from rekall.plugin.Command) |
Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
Inherited from |
Class Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Class Variables | |
PHYSICAL_AS_REQUIRED = True
(Inherited from rekall.plugin.PhysicalASMixin)
|
|
PROFILE_REQUIRED = True
(Inherited from rekall.plugin.ProfileCommand)
|
|
ROW_OPTIONS =
(Inherited from rekall.plugin.TypedProfileCommand)
|
|
classes =
(Inherited from rekall.plugin.Command)
|
|
classes_by_name =
(Inherited from rekall.plugin.Command)
|
|
error_status = None hash(x) (Inherited from rekall.plugin.Command) |
|
interactive = False
(Inherited from rekall.plugin.Command)
|
|
mode =
hash(x) (Inherited from rekall.plugins.linux.common.AbstractLinuxCommandPlugin) |
|
plugin_args = None hash(x) (Inherited from rekall.plugin.ArgsParserMixin) |
|
plugin_feature =
(Inherited from rekall.plugin.Command)
|
|
producer = False
(Inherited from rekall.plugin.Command)
|
|
table_header = None hash(x) (Inherited from rekall.plugin.TypedProfileCommand) |
|
table_options =
(Inherited from rekall.plugin.TypedProfileCommand)
|
Properties | |
name (Inherited from rekall.plugin.Command) | |
Inherited from |
Method Details |
Returns a valid address_space if the dtb is valid.
|
Returns the correct address space class for this profile.
|
Tries to locate the DTB.
|
Produce results on the renderer given. Each plugin should implement this method to produce output on the renderer. The framework will initialize the plugin and provide it with some kind of renderer to write output on. The plugin should not assume that the renderer is actually TextRenderer, only that the methods defined in the BaseRenderer exist. Args: renderer: A renderer based at rekall.ui.renderer.BaseRenderer.
|
|
|
Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:20 2017 | http://epydoc.sourceforge.net |