Package rekall :: Package plugins :: Package overlays :: Module basic :: Class timeval

Class timeval

Nested Classes
	__metaclass__ Give each object a unique ID. (Inherited from rekall.obj.BaseObject)

Instance Methods

v(self, vm=None)
Do the actual reading and decoding of this member

source code

GetData(self)
Returns the raw data of this object. (Inherited from rekall.obj.BaseObject)

source code

SetMember(self, attr, value)
Write a value to a member. (Inherited from rekall.obj.Struct)

source code

__abs__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__add__(self, other) (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp)

source code

__and__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__comparator__(self, other, method) (Inherited from rekall.obj.BaseAddressComparisonMixIn)

source code

__dir__(self)
Hide any members with _. (Inherited from rekall.obj.BaseObject)

source code

__div__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__divmod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__eq__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__float__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__floordiv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__format__(self, formatspec)
default object formatter (Inherited from rekall.obj.BaseObject)

source code

__ge__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__getattr__(self, attr) (Inherited from rekall.obj.Struct)

source code

__gt__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__hash__(self)
hash(x) (Inherited from rekall.obj.Struct)

source code

__hex__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__index__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__init__(self, format_string='I', **kwargs)
Constructor for Base object. (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp) source code

__int__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__invert__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__le__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__long__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__lshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__lt__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__mod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__mul__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__ne__(self, other) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__neg__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__nonzero__(self)
This method is called when we test the truth value of an Object. (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp)

source code

__oct__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__or__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__pos__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__pow__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__radd__(self, other) (Inherited from rekall.obj.NativeType)

source code

__rand__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__rdiv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__rdivmod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__repr__(self)
repr(x) (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp)

source code

__rfloordiv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__rlshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__rmod__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__rmul__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__ror__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__rpow__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__rrshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__rshift__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__rsub__(self, other) (Inherited from rekall.obj.NativeType)

source code

__rtruediv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__rxor__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__str__(self)
str(x) (Inherited from rekall.obj.BaseObject)

source code

__sub__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__truediv__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

__unicode__(self) (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp)

source code

__xor__(self, *args, **kw) (Inherited from rekall.obj.NumericProxyMixIn)

source code

as_arrow(self) (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp)

source code

as_datetime(self) (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp)

source code

cast(self, type_name=None, vm=None, **kwargs) (Inherited from rekall.obj.BaseObject)

source code

cdecl(self) (Inherited from rekall.obj.NativeType)

source code

deref(self, vm=None)
An alias for dereference - less to type. (Inherited from rekall.obj.BaseObject)

source code

dereference(self, vm=None) (Inherited from rekall.obj.BaseObject)

source code

display(self, custom_tz=None, utc_shift=None) (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp)

source code

is_valid(self) (Inherited from rekall.obj.BaseObject)

source code

m(self, attr, allow_callable_attributes=False)
Fetch the member named by attr. (Inherited from rekall.obj.Struct)

source code

multi_m(self, *args, **opts)
Retrieve a set of fields in order. (Inherited from rekall.obj.Struct)

source code

preamble_size(self)
The number of bytes before the object which are part of the object. (Inherited from rekall.obj.Struct)

source code

proxied(self) (Inherited from rekall.obj.NativeType)

source code

reference(self)
Produces a pointer to this object. (Inherited from rekall.obj.BaseObject)

source code

walk_list(self, list_member, include_current=True, deref_as=None)
Walk a single linked list in this struct. (Inherited from rekall.obj.Struct)

source code

write(self, data)
Writes the data back into the address space (Inherited from rekall.obj.NativeType)

source code

Inherited from object: __delattr__, __getattribute__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __subclasshook__

Class Methods

getproperties(cls)
Return all members that are intended to represent some data. (Inherited from rekall.obj.BaseObject)

source code

Class Variables
	obj_name = `<No name>` (Inherited from rekall.obj.BaseObject)
	obj_parent = `<No parent>` (Inherited from rekall.obj.BaseObject)
	obj_producers = `None` hash(x) (Inherited from rekall.obj.BaseObject)
	timeformat = `'YYYY-MM-DD HH:mm:ss'` (Inherited from rekall.plugins.overlays.basic.UnixTimeStamp)

Properties
	indices Returns (usually 1) representation(s) of self usable as dict keys. (Inherited from rekall.obj.Struct)
	obj_end (Inherited from rekall.obj.BaseObject)
	obj_size (Inherited from rekall.obj.NativeType)
	parents Returns all the parents of this object. (Inherited from rekall.obj.BaseObject)
Inherited from `object`: `__class__`

Method Details

v(self, vm=None)

source code

Do the actual reading and decoding of this member

When vm is specified, we are asked to evaluate this object is another address space than the one it was created on. Derived classes should allow for this.

Overrides: obj.BaseObject.v: (inherited documentation)