Class HeapAnalysis

Sets _preserve_chunks to True. This forces all allocated chunk functions to store chunks in lists, which highly increases the speed of a second walk over those chunks. This feature can only be activated if performance is set to 'fast'.

Returns an aligned size. Originally used to align a user request size.

Returns all allocated chunks for a given arena. This function is basically a wrapper around _allocated_chunks_for_main_arena and allocated_chunks_for_thread_arena.

A mixin for plugins which require a valid kernel address space.

Args:
  dtb: A potential dtb to be used.

Overrides: object.__init__

(inherited documentation)

Returns the main_arena for the current task, which is the first arena in the arenas list. If the current instance is not intialized, it logs a warning.

This function iterates chunk after chunk until hitting mem_end. Tests for allocation status are not made via bins/fastbins but with chunk flags. Note: This function will not return the last chunk, if only_free or/and only_alloc is set as there is no PREV_INUSE bit which could be tested.

initializes the process address space and malloc_par struct and calls initialize_*. Should be the first method to be called for each task. Returns True if everything seems to be gone fine.

Searches all vmas or only the given ones for the given pointer(s). pointers = a list of int pointers regex = a regex identifying relevant vm_areas Returns a list of hits

Returns the chunks located at the given addresses. The address can be at the beginning or somewhere in the middle of the chunk.

Searches all chunks for the given pointer(s) and returns the ones containing them. It only searches the data part of a chunk (e.g. not fd/bk fields for bin chunks).

pointers = a list of int pointers search_string/search_regex = a string or regex to search for in a chunk search_struct = if set to True, also fields like size and fd/bk for bin chunks are included

Sets the class attribute self.statistics with a dict containing e.g. number of allocated/freed/fastbin chunks, their sizes...

Compares the calculated count and size of all MMAPPED chunks with the data from the malloc_par struct. Returns None on any errors, True if count and sizes match and otherwise False.

Returns statistics according to the mallinfo struct except for keepcost and usmblks. See http://man7.org/linux/man-pages/man3/mallinfo.3.html

Checks we are active.

This method will be called with the session to check if this specific class is active. This mechanism allows multiple implementations to all share the same name, as long as only one is actually active. For example, we can have a linux, windows and mac version of plugins with the "pslist" name.

This mixin provides the mixed class with a basic is_active() method which honors a mode member defined on the class and all its subclasses. The mode is additive (meaning each class and its subclasses are only active if the mode is active).

Overrides: plugin.ModeBasedActiveMixin.is_active

(inherited documentation)

Overrides: plugin.Command.ImplementationByClass

Overrides: plugin.Command.ImplementationByName