Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package linux :: Module heap_analysis :: Class GlibcProfile64
[frames] | no frames]

Class GlibcProfile64

source code

Profile to parse basic Glibc structures.

Nested Classes
  __metaclass__
Automatic Plugin Registration through metaclasses. (Inherited from rekall.obj.Profile)
  top_level_class
A collection of types relating to a single compilation unit. (Inherited from rekall.obj.Profile)
Instance Methods
 
__init__(self, version=None, **kwargs)
x.__init__(...) initializes x; see help(type(x)) for signature		 source code
 
EnsureInitialized(self) (Inherited from rekall.obj.Profile) source code
 
GetPrototype(self, type_name)
Return a prototype of objects of type 'type_name'. (Inherited from rekall.obj.Profile)		 source code
 
Object(self, type_name=None, offset=None, vm=None, name=None, parent=None, context=None, **kwargs)
A function which instantiates the object named in type_name (as a string) from the type in profile passing optional args of kwargs. (Inherited from rekall.obj.Profile)		 source code
 
__dir__(self)
Support tab completion. (Inherited from rekall.obj.Profile)		 source code
 
__getattr__(self, attr)
Make it easier to instantiate individual members. (Inherited from rekall.obj.Profile)		 source code
 
__repr__(self)
repr(x) (Inherited from rekall.obj.Profile)		 source code
 
__unicode__(self) (Inherited from rekall.obj.Profile) source code
 
add_classes(self, classes_dict=None, **kwargs)
Add the classes in the dict to our object classes mapping. (Inherited from rekall.obj.Profile)		 source code
 
add_constant_type(self, constant, target, target_args) (Inherited from rekall.obj.Profile) source code
 
add_constants(self, constants=None, constants_are_addresses=False, **_)
Add the kwargs as constants for this profile. (Inherited from rekall.obj.Profile)		 source code
 
add_enums(self, **kwargs)
Add the kwargs as an enum for this profile. (Inherited from rekall.obj.Profile)		 source code
 
add_overlay(self, overlay)
Add an overlay to the current overlay stack. (Inherited from rekall.obj.Profile)		 source code
 
add_reverse_enums(self, **kwargs)
Add the kwargs as a reverse enum for this profile. (Inherited from rekall.obj.Profile)		 source code
 
add_types(self, abstract_types) (Inherited from rekall.obj.Profile) source code
 
compile_type(self, type_name)
Compile the specific type and ensure it exists in the type cache. (Inherited from rekall.obj.Profile)		 source code
 
copy(self)
Makes a copy of this profile. (Inherited from rekall.obj.Profile)		 source code
 
flush_cache(self) (Inherited from rekall.obj.Profile) source code
 
get_constant(self, constant, is_address=False)
Retrieve a constant from the profile. (Inherited from rekall.obj.Profile)		 source code
 
get_constant_by_address(self, address) (Inherited from rekall.obj.Profile) source code
 
get_constant_object(self, constant, target=None, target_args=None, vm=None, **kwargs)
A help function for retrieving pointers from the symbol table. (Inherited from rekall.obj.Profile)		 source code
 
get_enum(self, enum_name, field=None) (Inherited from rekall.obj.Profile) source code
 
get_nearest_constant_by_address(self, address, below=True)
Returns the closest constant below or equal to the address. (Inherited from rekall.obj.Profile)		 source code
 
get_obj_offset(self, name, member)
Returns a member's offset within the struct. (Inherited from rekall.obj.Profile)		 source code
 
get_obj_size(self, name)
Returns the size of a struct (Inherited from rekall.obj.Profile)		 source code
 
get_reverse_enum(self, enum_name, field=None) (Inherited from rekall.obj.Profile) source code
 
has_class(self, class_name) (Inherited from rekall.obj.Profile) source code
 
has_type(self, type_name) (Inherited from rekall.obj.Profile) source code
 
integer_to_address(self, virtual_address) (Inherited from rekall.obj.Profile) source code
 
legacy_field_descriptor(self, typeList)
Converts the list expression into a target, target_args notation. (Inherited from rekall.obj.Profile)		 source code
 
list_to_type(self, name, typeList)
Parses a specification list and returns a VType object. (Inherited from rekall.obj.Profile)		 source code
 
merge(self, other)
Merges another profile into this one. (Inherited from rekall.obj.Profile)		 source code
 
merge_symbols(self, other, *args) (Inherited from rekall.obj.Profile) source code
 
metadata(self, name, default=None)
Obtain metadata about this profile. (Inherited from rekall.obj.Profile)		 source code
 
metadatas(self, *args)
Obtain metadata about this profile. (Inherited from rekall.obj.Profile)		 source code
 
obj_has_member(self, name, member)
Returns whether an object has a certain member (Inherited from rekall.obj.Profile)		 source code
 
set_metadata(self, name, value) (Inherited from rekall.obj.Profile) source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Methods
 
ImplementationByClass(self, name) source code
 
ImplementationByName(self, name) source code
 
Initialize(cls, profile)
Install required types, classes and constants. (Inherited from rekall.plugins.overlays.basic.ProfileLP64)		 source code
 
LoadProfileFromData(cls, data, session=None, name=None, profile=None)
Creates a profile directly from a JSON object. (Inherited from rekall.obj.Profile)		 source code
Class Variables
  glibc_base_vtype_64 = {'_heap_info': [32, {'ar_ptr': [0, ['Poi...
  mp_220_vtype_64 = {'malloc_par': [88, {'arena_max': [32, ['lon...
  mp_224_vtype_64 = {'malloc_par': [80, {'arena_max': [32, ['lon...
  ms_223_vtype_64 = {'malloc_state': [2192, {'attached_threads':...
  ms_220_vtype_64 = {'malloc_state': [2184, {'binmap': [2136, ['...
  version_dict = {'220': [{'_heap_info': [32, {'ar_ptr': [0, ['P...
  COMMON_CLASSES = {'Array': <class 'rekall.obj.Array'>, 'BitFie... (Inherited from rekall.obj.Profile)
  EMPTY_DESCRIPTOR = [0, {}] (Inherited from rekall.obj.Profile)
  METADATA = {'arch': 'AMD64', 'data_model': 'LP64'} (Inherited from rekall.plugins.overlays.basic.ProfileLP64)
  applied_modifications = None
hash(x) (Inherited from rekall.obj.Profile)
  classes = {'APIBaseProfile': <class 'rekall.plugins.response.c... (Inherited from rekall.obj.Profile)
  classes_by_name = {None: [<class 'rekall.obj.Profile'>, <class... (Inherited from rekall.obj.Profile)
  constants = None
hash(x) (Inherited from rekall.obj.Profile)
  overlays = None
hash(x) (Inherited from rekall.obj.Profile)
  plugin_feature = 'Profile' (Inherited from rekall.obj.Profile)
  types = None
hash(x) (Inherited from rekall.obj.Profile)
  vtypes = None
hash(x) (Inherited from rekall.obj.Profile)
Properties

Inherited from object: __class__

Method Details

__init__(self, version=None, **kwargs)
(Constructor)

source code 

x.__init__(...) initializes x; see help(type(x)) for signature

Overrides: object.__init__
(inherited documentation)

ImplementationByClass(self, name)
Class Method

source code 
Overrides: obj.Profile.ImplementationByClass

ImplementationByName(self, name)
Class Method

source code 
Overrides: obj.Profile.ImplementationByName

Class Variable Details

glibc_base_vtype_64

Value:
{'_heap_info': [32,
                {'ar_ptr': [0,
                            ['Pointer',
                             {'target': 'malloc_state',
                              'target_args': None}]],
                 'mprotect_size': [24, ['long unsigned int']],
                 'pad': [32,
                         ['Array', {'count': 0, 'target': 'char', 'tar\
...

mp_220_vtype_64

Value:
{'malloc_par': [88,
                {'arena_max': [32, ['long unsigned int']],
                 'arena_test': [24, ['long unsigned int']],
                 'max_mmapped_mem': [64, ['long unsigned int']],
                 'max_n_mmaps': [48, ['int']],
                 'max_total_mem': [72, ['long unsigned int']],
                 'mmap_threshold': [16, ['long unsigned int']],
                 'mmapped_mem': [56, ['long unsigned int']],
...

mp_224_vtype_64

Value:
{'malloc_par': [80,
                {'arena_max': [32, ['long unsigned int']],
                 'arena_test': [24, ['long unsigned int']],
                 'max_mmapped_mem': [64, ['long unsigned int']],
                 'max_n_mmaps': [48, ['int']],
                 'mmap_threshold': [16, ['long unsigned int']],
                 'mmapped_mem': [56, ['long unsigned int']],
                 'n_mmaps': [40, ['int']],
...

ms_223_vtype_64

Value:
{'malloc_state': [2192,
                  {'attached_threads': [2168, ['long unsigned int']],
                   'binmap': [2136,
                              ['Array',
                               {'count': 4,
                                'target': 'unsigned int',
                                'target_args': None}]],
                   'bins': [104, ['Array', {'count': 254, 'target': 'P\
...

ms_220_vtype_64

Value:
{'malloc_state': [2184,
                  {'binmap': [2136,
                              ['Array',
                               {'count': 4,
                                'target': 'unsigned int',
                                'target_args': None}]],
                   'bins': [104,
                            ['Array', {'count': 254, 'target': 'Pointe\
...

version_dict

Value:
{'220': [{'_heap_info': [32,
                         {'ar_ptr': [0,
                                     ['Pointer',
                                      {'target': 'malloc_state',
                                       'target_args': None}]],
                          'mprotect_size': [24, ['long unsigned int']]\
,
                          'pad': [32, ['Array', {'count': 0, 'target':\
...

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:23 2017 http://epydoc.sourceforge.net