Package rekall :: Package plugins :: Package linux :: Module heap_analysis

Module heap_analysis

This module implements several classes, allowing the glibc heap analysis for a given process.

Classes
	HeapAnalysis Basic abstract class for linux heap analysis.
	HeapOverview Tries to gather a list of all arenas/heaps and all allocated chunks.
	HeapObjects Prints the structs of heap objects (such as allocated chunks, arenas, ...)
	HeapChunkDumper Dumps allocated/freed chunks from selected processes
	HeapPointerSearch Searches all chunks for the given string, regex or pointer(s).
	HeapReferenceSearch Examines the data part of the given chunk for references to other chunks.
	malloc_chunk Extends the malloc_chunk class
	malloc_state Extends the malloc_state class
	GlibcProfile32 Profile to parse basic Glibc structures.
	GlibcProfile64 Profile to parse basic Glibc structures.

Functions

get_vma_for_offset(vmas, offset)
Returns a list with identifier and vm_area that given offset belongs to.

source code

get_libc_filename(vmas)
Returns the libc file name from the vma, where the _LIBC_REGEX matches.

source code

get_libc_range(vmas)
Returns the lowest and highest address for the libc vma.

source code

get_mem_range_for_regex(vmas, regex)
Returns the lowest and highest address of memory areas belonging to the vm_areas, the given regex matches on.

source code

Variables
	__package__ = `'rekall.plugins.linux'`

Function Details

get_vma_for_offset(vmas, offset)

source code

Returns a list with identifier and vm_area that given offset belongs to. Expects the output from _get_vmas_for_task as argument.

get_libc_range(vmas)

source code

Returns the lowest and highest address for the libc vma. See also get_mem_range_for_regex.

get_mem_range_for_regex(vmas, regex)

source code

Returns the lowest and highest address of memory areas belonging to the vm_areas, the given regex matches on. The result is given as a list, where the lowest address is the first element. Expects the output from _get_vmas_for_task as argument.