Profile to parse basic Glibc structures.
|
__init__(self,
version=None,
**kwargs)
x.__init__(...) initializes x; see help(type(x)) for signature |
source code
|
|
|
|
|
|
|
Object(self,
type_name=None,
offset=None,
vm=None,
name=None,
parent=None,
context=None,
**kwargs)
A function which instantiates the object named in type_name (as
a string) from the type in profile passing optional args of
kwargs.
(Inherited from rekall.obj.Profile) |
source code
|
|
|
|
|
|
|
|
|
|
|
add_classes(self,
classes_dict=None,
**kwargs)
Add the classes in the dict to our object classes mapping.
(Inherited from rekall.obj.Profile) |
source code
|
|
|
|
|
add_constants(self,
constants=None,
constants_are_addresses=False,
**_)
Add the kwargs as constants for this profile.
(Inherited from rekall.obj.Profile) |
source code
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
get_constant_object(self,
constant,
target=None,
target_args=None,
vm=None,
**kwargs)
A help function for retrieving pointers from the symbol table.
(Inherited from rekall.obj.Profile) |
source code
|
|
|
|
|
get_nearest_constant_by_address(self,
address,
below=True)
Returns the closest constant below or equal to the address.
(Inherited from rekall.obj.Profile) |
source code
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Inherited from object :
__delattr__ ,
__format__ ,
__getattribute__ ,
__hash__ ,
__new__ ,
__reduce__ ,
__reduce_ex__ ,
__setattr__ ,
__sizeof__ ,
__str__ ,
__subclasshook__
|
|
glibc_base_vtype_32 = { ' _heap_info ' : [ 16, { ' ar_ptr ' : [ 0, [ ' Poi ...
|
|
mp_224_vtype_32 = { ' malloc_par ' : [ 48, { ' arena_max ' : [ 16, [ ' uns ...
|
|
mp_220_vtype_32 = { ' malloc_par ' : [ 52, { ' arena_max ' : [ 16, [ ' uns ...
|
|
ms_223_vtype_32 = { ' malloc_state ' : [ 1108, { ' attached_threads ' : ...
|
|
ms_220_vtype_32 = { ' malloc_state ' : [ 1104, { ' binmap ' : [ 1072, [ ' ...
|
|
version_dict = { ' 220 ' : [ { ' _heap_info ' : [ 16, { ' ar_ptr ' : [ 0, [ ' P ...
|
|
COMMON_CLASSES = { ' Array ' : <class 'rekall.obj.Array'>, ' BitFie ...
(Inherited from rekall.obj.Profile)
|
|
EMPTY_DESCRIPTOR = [ 0, { } ]
(Inherited from rekall.obj.Profile)
|
|
METADATA = { ' arch ' : ' I386 ' , ' data_model ' : ' ILP32 ' }
(Inherited from rekall.plugins.overlays.basic.Profile32Bits)
|
|
applied_modifications = None
hash(x)
(Inherited from rekall.obj.Profile)
|
|
classes = { ' APIBaseProfile ' : <class 'rekall.plugins.response.c...
(Inherited from rekall.obj.Profile)
|
|
classes_by_name = { None: [ <class 'rekall.obj.Profile'>, <class...
(Inherited from rekall.obj.Profile)
|
|
constants = None
hash(x)
(Inherited from rekall.obj.Profile)
|
|
overlays = None
hash(x)
(Inherited from rekall.obj.Profile)
|
|
plugin_feature = ' Profile '
(Inherited from rekall.obj.Profile)
|
|
types = None
hash(x)
(Inherited from rekall.obj.Profile)
|
|
vtypes = None
hash(x)
(Inherited from rekall.obj.Profile)
|