Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package overlays :: Module basic :: Class String
[frames] | no frames]

Class String

source code

Class for dealing with Null terminated C Strings.

Note that these strings are _not_ text strings - they are effectively bytes arrays and therefore are not encoded in any particular unicode encoding.

Nested Classes
  __metaclass__
Give each object a unique ID. (Inherited from rekall.obj.BaseObject)
Instance Methods
 
__init__(self, length=1024, max_length=1024000, term='\x00', **kwargs)
Constructor.		 source code
 
startswith(self, other) source code
 
v(self, vm=None)
Do the actual reading and decoding of this member		 source code
 
write(self, data)
Writes the data back into the address space		 source code
 
proxied(self)
Return an object to be proxied		 source code
 
__str__(self)
str(x)		 source code
 
__unicode__(self) source code
 
__len__(self) source code
 
__getitem__(self, *args) source code
 
__add__(self, other)
Set up mappings for concat		 source code
 
__radd__(self, other)
Set up mappings for reverse concat		 source code
 
GetData(self)
Returns the raw data of this object. (Inherited from rekall.obj.BaseObject)		 source code
 
__abs__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__and__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__dir__(self)
Hide any members with _. (Inherited from rekall.obj.BaseObject)		 source code
 
__div__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__divmod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__eq__(self, *args, **kw) (Inherited from rekall.obj.StringProxyMixIn) source code
 
__float__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__floordiv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__format__(self, formatspec)
default object formatter (Inherited from rekall.obj.BaseObject)		 source code
 
__ge__(self, *args, **kw) (Inherited from rekall.obj.StringProxyMixIn) source code
 
__gt__(self, *args, **kw) (Inherited from rekall.obj.StringProxyMixIn) source code
 
__hash__(self)
hash(x) (Inherited from rekall.obj.BaseObject)		 source code
 
__hex__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__index__(self, *args, **kw) (Inherited from rekall.obj.StringProxyMixIn) source code
 
__int__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__invert__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__le__(self, *args, **kw) (Inherited from rekall.obj.StringProxyMixIn) source code
 
__long__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__lshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__lt__(self, *args, **kw) (Inherited from rekall.obj.StringProxyMixIn) source code
 
__mod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__mul__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__ne__(self, other) (Inherited from rekall.obj.StringProxyMixIn) source code
 
__neg__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__nonzero__(self)
This method is called when we test the truth value of an Object. (Inherited from rekall.obj.BaseObject)		 source code
 
__oct__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__or__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__pos__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__pow__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rand__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rdiv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rdivmod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__repr__(self)
repr(x) (Inherited from rekall.obj.NativeType)		 source code
 
__rfloordiv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rlshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rmod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rmul__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__ror__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rpow__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rrshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rsub__(self, other) (Inherited from rekall.obj.NativeType) source code
 
__rtruediv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rxor__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__sub__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__truediv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__xor__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
cast(self, type_name=None, vm=None, **kwargs) (Inherited from rekall.obj.BaseObject) source code
 
cdecl(self) (Inherited from rekall.obj.NativeType) source code
 
deref(self, vm=None)
An alias for dereference - less to type. (Inherited from rekall.obj.BaseObject)		 source code
 
dereference(self, vm=None) (Inherited from rekall.obj.BaseObject) source code
 
is_valid(self) (Inherited from rekall.obj.BaseObject) source code
 
m(self, memname) (Inherited from rekall.obj.BaseObject) source code
 
reference(self)
Produces a pointer to this object. (Inherited from rekall.obj.BaseObject)		 source code

Inherited from object: __delattr__, __getattribute__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __subclasshook__

Class Methods
 
getproperties(cls)
Return all members that are intended to represent some data. (Inherited from rekall.obj.BaseObject)		 source code
Class Variables
  obj_name = <No name> (Inherited from rekall.obj.BaseObject)
  obj_parent = <No parent> (Inherited from rekall.obj.BaseObject)
  obj_producers = None
hash(x) (Inherited from rekall.obj.BaseObject)
Properties
  obj_end
  indices
Returns (usually 1) representation(s) of self usable as dict keys.
  obj_size
This is equivalent to strlen() plus the terminator.
  parents
Returns all the parents of this object. (Inherited from rekall.obj.BaseObject)

Inherited from object: __class__

Method Details

__init__(self, length=1024, max_length=1024000, term='\x00', **kwargs)
(Constructor)

source code  
Constructor.

Args:
   length: The maximum length of the string.

   terminator: The terminator for this string. If None, there will be no
      checking for null terminations (Pure character array).
Overrides: object.__init__

v(self, vm=None)

source code 

Do the actual reading and decoding of this member

When vm is specified, we are asked to evaluate this object is another address space than the one it was created on. Derived classes should allow for this.

Overrides: obj.BaseObject.v
(inherited documentation)

write(self, data)

source code 

Writes the data back into the address space

Overrides: obj.BaseObject.write
(inherited documentation)

proxied(self)

source code 

Return an object to be proxied

Overrides: obj.BaseObject.proxied

__str__(self)
(Informal representation operator)

source code 

str(x)

Overrides: object.__str__
(inherited documentation)

__unicode__(self)

source code 
Overrides: obj.BaseObject.__unicode__

__add__(self, other)
(Addition operator)

source code 

Set up mappings for concat

Overrides: obj.NumericProxyMixIn.__add__

__radd__(self, other)
(Right-side addition operator)

source code 

Set up mappings for reverse concat

Overrides: obj.NumericProxyMixIn.__radd__

Property Details

obj_end

Get Method:
unreachable.obj_end(self)

indices

Returns (usually 1) representation(s) of self usable as dict keys.

Using full base objects for indexing can be slow, especially with Structs. This method returns a representation of the object that is a suitable key - either the value of a primitive type, or the memory address of the more complex ones.

Get Method:
unreachable.indices(self)

obj_size

This is equivalent to strlen() plus the terminator.

Get Method:
unreachable.obj_size(self) - This is equivalent to strlen() plus the terminator.

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:30 2017 http://epydoc.sourceforge.net