Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package linux :: Module common :: Class LinuxKASLR
[frames] | no frames]

Class LinuxKASLR

source code

The Kernel Address Space Randomization constant.

Note that this function assumes the profile is already correct. It is not called during the profile guessing phase. So in reality this will only come into play when the user provided the profile specifically.

Nested Classes
  __metaclass__
Automatic Plugin Registration through metaclasses. (Inherited from rekall.kb.ParameterHook)
  top_level_class
A mechanism for automatically calculating a parameter. (Inherited from rekall.kb.ParameterHook)
Instance Methods
 
calculate(self)
Derive the value of the parameter.		 source code
 
__init__(self, session)
x.__init__(...) initializes x; see help(type(x)) for signature (Inherited from rekall.kb.ParameterHook)		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Methods
 
ImplementationByClass(self, name) source code
 
ImplementationByName(self, name) source code
 
is_active(cls, session)
Checks we are active. (Inherited from rekall.plugin.ModeBasedActiveMixin)		 source code
Class Variables
  name = 'kernel_slide'
hash(x)
  classes = {'AMD64Mode': <class 'rekall.plugins.modes.AMD64Mode... (Inherited from rekall.kb.ParameterHook)
  classes_by_name = {'ObjectTypeMap': [<class 'rekall.plugins.ov... (Inherited from rekall.kb.ParameterHook)
  expiry = None
hash(x) (Inherited from rekall.kb.ParameterHook)
  mode = 'mode_linux_memory'
hash(x) (Inherited from rekall.plugins.linux.common.AbstractLinuxParameterHook)
  plugin_feature = 'ParameterHook' (Inherited from rekall.kb.ParameterHook)
  volatile = True (Inherited from rekall.kb.ParameterHook)
Properties

Inherited from object: __class__

Method Details

calculate(self)

source code 

Derive the value of the parameter.

Overrides: kb.ParameterHook.calculate
(inherited documentation)

ImplementationByClass(self, name)
Class Method

source code 
Overrides: kb.ParameterHook.ImplementationByClass

ImplementationByName(self, name)
Class Method

source code 
Overrides: kb.ParameterHook.ImplementationByName

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:20 2017 http://epydoc.sourceforge.net