Package rekall :: Package plugins :: Package overlays :: Package darwin :: Module darwin

Module darwin

Author: Michael Cohen <scudette@gmail.com>

Classes
	LIST_ENTRY XNU defines lists inline using an annonymous struct.
	llinfo_arp
	queue_entry A queue_entry is an externalized linked list.
	sockaddr_dl
	fileproc Represents an open file, owned by a process.
	socket Provides human-readable accessors for sockets of the more common AFs.
	sockaddr
	vm_map_entry
	clist
	tty
	proc Represents a Darwin process.
	vnode
	cnode
	zone
	ifnet
	session
	OSDictionary The OSDictionary is a general purpose associative array described:
	OSOrderedSet An OSOrderedSet is a list of OSObject instances.
	Darwin32 A Darwin profile.
	Darwin64 Support for 64 bit darwin systems.

Variables
	darwin_overlay = `{'EfiMemoryRange': [None, {'Type': [None, ['E...`
	darwin_enums = `{'pr_type': {1: 'SOCK_STREAM', 2: 'SOCK_DGRAM',...`
	darwin64_types = `{'LIST_ENTRY': [16, {'le_next': [0, ['Pointer...`
	__package__ = `'rekall.plugins.overlays.darwin'`

Variables Details

darwin_overlay

Value:

{'EfiMemoryRange': [None,
                    {'Type': [None,
                              ['Enumeration',
                               {'choices': {0: 'kEfiReservedMemoryType
',
                                            1: 'kEfiLoaderCode',
                                            2: 'kEfiLoaderData',
                                            3: 'kEfiBootServicesCode',
...

darwin_enums

Value:

{'pr_type': {1: 'SOCK_STREAM',
             2: 'SOCK_DGRAM',
             3: 'SOCK_RAW',
             4: 'SOCK_RDM',
             5: 'SOCK_SEQPACKET'},
 'sa_family_t': {0: 'AF_UNSPEC',
                 1: 'AF_UNIX',
                 2: 'AF_INET',
...

darwin64_types

Value:

{'LIST_ENTRY': [16,
                {'le_next': [0, ['Pointer']],
                 'le_prev': [8, ['Pointer', {'target': 'Pointer'}]]}]}