Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package overlays :: Module basic :: Class UnixTimeStamp
[frames] | no frames]

Class UnixTimeStamp

source code

A unix timestamp (seconds since the epoch).

Nested Classes
  __metaclass__
Give each object a unique ID. (Inherited from rekall.obj.BaseObject)
Instance Methods
 
__init__(self, format_string='I', **kwargs)
Constructor for Base object.		 source code
 
__nonzero__(self)
This method is called when we test the truth value of an Object.		 source code
 
__add__(self, other) source code
 
display(self, custom_tz=None, utc_shift=None) source code
 
__unicode__(self) source code
 
__repr__(self)
repr(x)		 source code
 
as_arrow(self) source code
 
as_datetime(self) source code
 
GetData(self)
Returns the raw data of this object. (Inherited from rekall.obj.BaseObject)		 source code
 
__abs__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__and__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__dir__(self)
Hide any members with _. (Inherited from rekall.obj.BaseObject)		 source code
 
__div__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__divmod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__eq__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__float__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__floordiv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__format__(self, formatspec)
default object formatter (Inherited from rekall.obj.BaseObject)		 source code
 
__ge__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__gt__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__hash__(self)
hash(x) (Inherited from rekall.obj.BaseObject)		 source code
 
__hex__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__index__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__int__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__invert__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__le__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__long__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__lshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__lt__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__mod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__mul__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__ne__(self, other) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__neg__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__oct__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__or__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__pos__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__pow__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__radd__(self, other) (Inherited from rekall.obj.NativeType) source code
 
__rand__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rdiv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rdivmod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rfloordiv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rlshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rmod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rmul__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__ror__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rpow__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rrshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rsub__(self, other) (Inherited from rekall.obj.NativeType) source code
 
__rtruediv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rxor__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__str__(self)
str(x) (Inherited from rekall.obj.BaseObject)		 source code
 
__sub__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__truediv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__xor__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
cast(self, type_name=None, vm=None, **kwargs) (Inherited from rekall.obj.BaseObject) source code
 
cdecl(self) (Inherited from rekall.obj.NativeType) source code
 
deref(self, vm=None)
An alias for dereference - less to type. (Inherited from rekall.obj.BaseObject)		 source code
 
dereference(self, vm=None) (Inherited from rekall.obj.BaseObject) source code
 
is_valid(self) (Inherited from rekall.obj.BaseObject) source code
 
m(self, memname) (Inherited from rekall.obj.BaseObject) source code
 
proxied(self) (Inherited from rekall.obj.NativeType) source code
 
reference(self)
Produces a pointer to this object. (Inherited from rekall.obj.BaseObject)		 source code
 
v(self, vm=None)
Do the actual reading and decoding of this member (Inherited from rekall.obj.NativeType)		 source code
 
write(self, data)
Writes the data back into the address space (Inherited from rekall.obj.NativeType)		 source code

Inherited from object: __delattr__, __getattribute__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __subclasshook__

Class Methods
 
getproperties(cls)
Return all members that are intended to represent some data. (Inherited from rekall.obj.BaseObject)		 source code
Class Variables
  timeformat = 'YYYY-MM-DD HH:mm:ss'
  obj_name = <No name> (Inherited from rekall.obj.BaseObject)
  obj_parent = <No parent> (Inherited from rekall.obj.BaseObject)
  obj_producers = None
hash(x) (Inherited from rekall.obj.BaseObject)
Properties
  indices
Returns (usually 1) representation(s) of self usable as dict keys. (Inherited from rekall.obj.BaseObject)
  obj_end (Inherited from rekall.obj.BaseObject)
  obj_size (Inherited from rekall.obj.NativeType)
  parents
Returns all the parents of this object. (Inherited from rekall.obj.BaseObject)

Inherited from object: __class__

Method Details

__init__(self, format_string='I', **kwargs)
(Constructor)

source code  
Constructor for Base object.

Args:
  type_name: The name of the type of this object. This different
     from the class name, since the same class may implement many types
     (e.g. Struct implements every instance in the vtype definition).

  offset: The offset within the address space to this object exists.

  vm: The address space this object uses to read itself from.

  profile: The profile this object may use to dereference other
   types.

  parent: The object which created this object.

  name: The name of this object.

  context: An opaque dict which is passed to all objects created from
    this object. This dict may contain context specific information
    which each derived instance can use.

  kwargs: Arbitrary args this object may accept - these can be passed in
     the vtype language definition.
Overrides: object.__init__
(inherited documentation)

__nonzero__(self)
(Boolean test operator)

source code  
This method is called when we test the truth value of an Object.

In rekall we consider an object to have True truth value only when it is
a valid object. Its possible for example to have a Pointer object which
is not valid - this will have a truth value of False.

You should be testing for validity like this:
if X:
   # object is valid

Do not test for validity like this:

if int(X) == 0:

or

if X is None:
  .....

the later form is not going to work when X is a NoneObject.
Overrides: obj.BaseObject.__nonzero__
(inherited documentation)

__add__(self, other)
(Addition operator)

source code 
Overrides: obj.NumericProxyMixIn.__add__

__unicode__(self)

source code 
Overrides: obj.BaseObject.__unicode__

__repr__(self)
(Representation operator)

source code 

repr(x)

Overrides: object.__repr__
(inherited documentation)

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:30 2017 http://epydoc.sourceforge.net