Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package overlays :: Module basic :: Class WinFileTime
[frames] | no frames]

Class WinFileTime

source code

Class for handling Windows Time Stamps

Nested Classes
  __metaclass__
Give each object a unique ID. (Inherited from rekall.obj.BaseObject)
Instance Methods
 
__init__(self, is_utc=False, **kwargs)
Constructor for Base object.		 source code
 
as_windows_timestamp(self) source code
 
v(self, vm=None)
Do the actual reading and decoding of this member		 source code
 
GetData(self)
Returns the raw data of this object. (Inherited from rekall.obj.BaseObject)		 source code
 
__abs__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__add__(self, other) (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp) source code
 
__and__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__dir__(self)
Hide any members with _. (Inherited from rekall.obj.BaseObject)		 source code
 
__div__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__divmod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__eq__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__float__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__floordiv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__format__(self, formatspec)
default object formatter (Inherited from rekall.obj.BaseObject)		 source code
 
__ge__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__gt__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__hash__(self)
hash(x) (Inherited from rekall.obj.BaseObject)		 source code
 
__hex__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__index__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__int__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__invert__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__le__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__long__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__lshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__lt__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__mod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__mul__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__ne__(self, other) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__neg__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__nonzero__(self)
This method is called when we test the truth value of an Object. (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp)		 source code
 
__oct__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__or__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__pos__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__pow__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__radd__(self, other) (Inherited from rekall.obj.NativeType) source code
 
__rand__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rdiv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rdivmod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__repr__(self)
repr(x) (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp)		 source code
 
__rfloordiv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rlshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rmod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rmul__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__ror__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rpow__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rrshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rsub__(self, other) (Inherited from rekall.obj.NativeType) source code
 
__rtruediv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__rxor__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__str__(self)
str(x) (Inherited from rekall.obj.BaseObject)		 source code
 
__sub__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__truediv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
__unicode__(self) (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp) source code
 
__xor__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn) source code
 
as_arrow(self) (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp) source code
 
as_datetime(self) (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp) source code
 
cast(self, type_name=None, vm=None, **kwargs) (Inherited from rekall.obj.BaseObject) source code
 
cdecl(self) (Inherited from rekall.obj.NativeType) source code
 
deref(self, vm=None)
An alias for dereference - less to type. (Inherited from rekall.obj.BaseObject)		 source code
 
dereference(self, vm=None) (Inherited from rekall.obj.BaseObject) source code
 
display(self, custom_tz=None, utc_shift=None) (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp) source code
 
is_valid(self) (Inherited from rekall.obj.BaseObject) source code
 
m(self, memname) (Inherited from rekall.obj.BaseObject) source code
 
proxied(self) (Inherited from rekall.obj.NativeType) source code
 
reference(self)
Produces a pointer to this object. (Inherited from rekall.obj.BaseObject)		 source code
 
write(self, data)
Writes the data back into the address space (Inherited from rekall.obj.NativeType)		 source code

Inherited from object: __delattr__, __getattribute__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __subclasshook__

Class Methods
 
getproperties(cls)
Return all members that are intended to represent some data. (Inherited from rekall.obj.BaseObject)		 source code
Class Variables
  obj_name = <No name> (Inherited from rekall.obj.BaseObject)
  obj_parent = <No parent> (Inherited from rekall.obj.BaseObject)
  obj_producers = None
hash(x) (Inherited from rekall.obj.BaseObject)
  timeformat = 'YYYY-MM-DD HH:mm:ss' (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp)
Properties
  indices
Returns (usually 1) representation(s) of self usable as dict keys. (Inherited from rekall.obj.BaseObject)
  obj_end (Inherited from rekall.obj.BaseObject)
  obj_size (Inherited from rekall.obj.NativeType)
  parents
Returns all the parents of this object. (Inherited from rekall.obj.BaseObject)

Inherited from object: __class__

Method Details

__init__(self, is_utc=False, **kwargs)
(Constructor)

source code  
Constructor for Base object.

Args:
  type_name: The name of the type of this object. This different
     from the class name, since the same class may implement many types
     (e.g. Struct implements every instance in the vtype definition).

  offset: The offset within the address space to this object exists.

  vm: The address space this object uses to read itself from.

  profile: The profile this object may use to dereference other
   types.

  parent: The object which created this object.

  name: The name of this object.

  context: An opaque dict which is passed to all objects created from
    this object. This dict may contain context specific information
    which each derived instance can use.

  kwargs: Arbitrary args this object may accept - these can be passed in
     the vtype language definition.
Overrides: object.__init__
(inherited documentation)

v(self, vm=None)

source code 

Do the actual reading and decoding of this member

When vm is specified, we are asked to evaluate this object is another address space than the one it was created on. Derived classes should allow for this.

Overrides: obj.BaseObject.v
(inherited documentation)

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:30 2017 http://epydoc.sourceforge.net