Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package linux :: Module keepassx :: Class Keepassx
[frames] | no frames]

Class Keepassx

source code

Gathers password entries for keepassx. The retrieved content of those entries comprises the username, title, URL and Comment.

Nested Classes
  __metaclass__
Automatic Plugin Registration through metaclasses. (Inherited from rekall.plugin.Command)
  top_level_class
A command can be run from the rekall command line. (Inherited from rekall.plugin.Command)
Instance Methods
 
collect(self)
Collect data that will be passed to renderer.table_row.		 source code
 
__init__(self, **kwargs)
A mixin for plugins which require a valid kernel address space. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
__iter__(self)
Make plugins that define collect iterable, as convenience. (Inherited from rekall.plugin.Command)		 source code
 
__repr__(self)
repr(x) (Inherited from rekall.plugin.Command)		 source code
 
__str__(self)
Render into a string using the text renderer. (Inherited from rekall.plugin.Command)		 source code
 
activate_chunk_preservation(self)
Sets _preserve_chunks to True. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
calculate_statistics(self)
Sets the class attribute self.statistics with a dict containing e.g. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
check_and_report_size_inconsistencies(self)
Calls size comparison methods to verify the gathered chunks and prints warnings on any discrepancies. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
collect_as_dicts(self) (Inherited from rekall.plugin.TypedProfileCommand) source code
 
column_types(self)
Returns instances for each column definition. (Inherited from rekall.plugin.TypedProfileCommand)		 source code
 
compare_mmapped_chunks_with_mp_(self)
Compares the calculated count and size of all MMAPPED chunks with the data from the malloc_par struct. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
filter_processes(self)
Filters eprocess list using pids lists. (Inherited from rekall.plugins.linux.common.LinProcessFilter)		 source code
 
get_aligned_address(self, address, different_align_mask=None)
Returns an aligned address or MINSIZE, if given MIN_CHUNK_SIZE as argument. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
get_aligned_size(self, size)
Returns an aligned size. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
get_all_allocated_chunks(self)
Returns all allocated chunks, no matter to what arena they belong or if they are MMAPPED or not. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
get_all_allocated_chunks_for_arena(self, arena)
Returns all allocated chunks for a given arena. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
get_all_allocated_main_chunks(self)
Returns all allocated chunks belonging to the main arena (excludes thread and MMAPPED chunks). (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
get_all_allocated_thread_chunks(self)
Returns all allocated chunks which belong to a thread arena. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
get_all_chunks(self)
Returns all chunks (allocated, freed and MMAPPED chunks). (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
get_all_freed_bin_chunks(self)
Returns all freed chunks, no matter to what arena they belong. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
get_all_freed_chunks(self)
Returns all top chunks, freed chunks and freed fastbin chunks, no matter to what arena they belong. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
get_all_freed_fastbin_chunks(self)
Returns all freed fastbin chunks, no matter to what arena they belong. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
get_all_mmapped_chunks(self)
Returns all allocated MMAPPED chunks. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
get_chunks_for_addresses(self, addresses, ignore_prevsize=False)
Returns the chunks located at the given addresses. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
get_column(self, name) (Inherited from rekall.plugin.TypedProfileCommand) source code
 
get_column_type(self, name) (Inherited from rekall.plugin.TypedProfileCommand) source code
 
get_main_arena(self)
Returns the main_arena for the current task, which is the first arena in the arenas list. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
get_mallinfo_string(self)
Returns statistics according to the mallinfo struct except for keepcost and usmblks. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
get_plugin(self, name, **kwargs)
Returns an instance of the named plugin. (Inherited from rekall.plugin.Command)		 source code
 
getkeys(self) (Inherited from rekall.plugin.TypedProfileCommand) source code
 
heap_for_ptr(self, ptr)
Returns the heap from the internal heap lists, the given pointer belongs to. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
init_for_task(self, task)
initializes the process address space and malloc_par struct and calls initialize_*. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
iterate_through_chunks(self, first_chunk, mem_end, only_free=False, only_alloc=False)
This function iterates chunk after chunk until hitting mem_end. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
list_from_task_head(self) (Inherited from rekall.plugins.linux.common.LinProcessFilter) source code
 
list_tasks(self) (Inherited from rekall.plugins.linux.common.LinProcessFilter) source code
 
reflect(self, member) (Inherited from rekall.plugin.TypedProfileCommand) source code
 
render(self, renderer, **options) (Inherited from rekall.plugin.TypedProfileCommand) source code
 
search_chunks_for_needle(self, search_string=None, search_regex=None, pointers=None, search_struct=False)
Searches all chunks for the given pointer(s) and returns the ones containing them. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
search_vmas_for_needle(self, search_string=None, search_regex=None, pointers=None, vmas=None, hidden_mmap_vmas=None, vma_regex=None)
Searches all vmas or only the given ones for the given pointer(s). (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
 
virtual_process_from_physical_offset(self, physical_offset)
Tries to return an task in virtual space from a physical offset. (Inherited from rekall.plugins.linux.common.LinProcessFilter)		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __subclasshook__

Class Methods
 
GetActiveClasses(cls, session)
Return only the active commands based on config. (Inherited from rekall.plugin.Command)		 source code
 
GetPrototype(cls, session)
Return an instance of this plugin with suitable default arguments. (Inherited from rekall.plugin.Command)		 source code
 
ImplementationByClass(self, name) source code
 
ImplementationByName(self, name) source code
 
args(cls, metadata) (Inherited from rekall.plugin.PhysicalASMixin) source code
 
is_active(cls, session)
Checks we are active. (Inherited from rekall.plugins.linux.heap_analysis.HeapAnalysis)		 source code
Class Variables
  table_header = [{'name': 'divider', 'type': 'Divider'}, {'hidd...
hash(x)
  METHODS = ['InitTask'] (Inherited from rekall.plugins.linux.common.LinProcessFilter)
  PHYSICAL_AS_REQUIRED = True (Inherited from rekall.plugin.PhysicalASMixin)
  PROFILE_REQUIRED = True (Inherited from rekall.plugin.ProfileCommand)
  ROW_OPTIONS = set(['annotation', 'depth', 'hex_width', 'highli... (Inherited from rekall.plugin.TypedProfileCommand)
  classes = {'AFF4Acquire': <class 'rekall.plugins.tools.aff4acq... (Inherited from rekall.plugin.Command)
  classes_by_name = {None: [<class 'rekall.plugins.tools.ipython... (Inherited from rekall.plugin.Command)
  error_status = None
hash(x) (Inherited from rekall.plugin.Command)
  interactive = False (Inherited from rekall.plugin.Command)
  mode = 'mode_linux_memory'
hash(x) (Inherited from rekall.plugins.linux.common.AbstractLinuxCommandPlugin)
  plugin_args = None
hash(x) (Inherited from rekall.plugin.ArgsParserMixin)
  plugin_feature = 'Command' (Inherited from rekall.plugin.Command)
  producer = False (Inherited from rekall.plugin.Command)
  table_options = {} (Inherited from rekall.plugin.TypedProfileCommand)
Properties
  filtering_requested (Inherited from rekall.plugins.linux.common.LinProcessFilter)
  name (Inherited from rekall.plugin.Command)

Inherited from object: __class__

Method Details

collect(self)

source code 

Collect data that will be passed to renderer.table_row.

Overrides: plugin.TypedProfileCommand.collect
(inherited documentation)

ImplementationByClass(self, name)
Class Method

source code 
Overrides: plugin.Command.ImplementationByClass

ImplementationByName(self, name)
Class Method

source code 
Overrides: plugin.Command.ImplementationByName

Class Variable Details

table_header

hash(x)

Value:
[{'name': 'divider', 'type': 'Divider'},
 {'hidden': True, 'name': 'task'},
 {'name': 'entry', 'width': 6},
 {'name': 'title', 'width': 26},
 {'name': 'url', 'width': 28},
 {'name': 'username', 'width': 28},
 {'name': 'comment', 'width': 44}]

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:24 2017 http://epydoc.sourceforge.net