Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package overlays :: Package darwin :: Module darwin :: Class proc
[frames] | no frames]

Class proc

source code

Represents a Darwin process.

Nested Classes
  __metaclass__
Give each object a unique ID. (Inherited from rekall.obj.BaseObject)
Instance Methods
 
get_open_files(self)
Gets all open files (sockets, pipes...) owned by this proc.		 source code
 
get_process_address_space(self) source code
 
validate(self)
Use heuristics to guess whether this proc is valid.		 source code
 
GetData(self)
Returns the raw data of this object. (Inherited from rekall.obj.BaseObject)		 source code
 
SetMember(self, attr, value)
Write a value to a member. (Inherited from rekall.obj.Struct)		 source code
 
__comparator__(self, other, method) (Inherited from rekall.obj.BaseAddressComparisonMixIn) source code
 
__dir__(self)
Hide any members with _. (Inherited from rekall.obj.BaseObject)		 source code
 
__eq__(self, other) (Inherited from rekall.obj.BaseAddressComparisonMixIn) source code
 
__format__(self, formatspec)
default object formatter (Inherited from rekall.obj.BaseObject)		 source code
 
__ge__(self, other) (Inherited from rekall.obj.BaseAddressComparisonMixIn) source code
 
__getattr__(self, attr) (Inherited from rekall.obj.Struct) source code
 
__gt__(self, other) (Inherited from rekall.obj.BaseAddressComparisonMixIn) source code
 
__hash__(self)
hash(x) (Inherited from rekall.obj.Struct)		 source code
 
__init__(self, members=None, struct_size=0, callable_members=None, **kwargs)
This must be instantiated with a dict of members. (Inherited from rekall.obj.Struct)		 source code
 
__int__(self)
Return our offset as an integer. (Inherited from rekall.obj.Struct)		 source code
 
__le__(self, other) (Inherited from rekall.obj.BaseAddressComparisonMixIn) source code
 
__long__(self) (Inherited from rekall.obj.Struct) source code
 
__lt__(self, other) (Inherited from rekall.obj.BaseAddressComparisonMixIn) source code
 
__ne__(self, other) (Inherited from rekall.obj.BaseAddressComparisonMixIn) source code
 
__nonzero__(self)
This method is called when we test the truth value of an Object. (Inherited from rekall.obj.BaseObject)		 source code
 
__repr__(self)
repr(x) (Inherited from rekall.obj.Struct)		 source code
 
__str__(self)
str(x) (Inherited from rekall.obj.BaseObject)		 source code
 
__unicode__(self) (Inherited from rekall.obj.Struct) source code
 
cast(self, type_name=None, vm=None, **kwargs) (Inherited from rekall.obj.BaseObject) source code
 
deref(self, vm=None)
An alias for dereference - less to type. (Inherited from rekall.obj.BaseObject)		 source code
 
dereference(self, vm=None) (Inherited from rekall.obj.BaseObject) source code
 
is_valid(self) (Inherited from rekall.obj.BaseObject) source code
 
m(self, attr, allow_callable_attributes=False)
Fetch the member named by attr. (Inherited from rekall.obj.Struct)		 source code
 
multi_m(self, *args, **opts)
Retrieve a set of fields in order. (Inherited from rekall.obj.Struct)		 source code
 
preamble_size(self)
The number of bytes before the object which are part of the object. (Inherited from rekall.obj.Struct)		 source code
 
proxied(self) (Inherited from rekall.obj.BaseObject) source code
 
reference(self)
Produces a pointer to this object. (Inherited from rekall.obj.BaseObject)		 source code
 
v(self, vm=None)
When a struct is evaluated we just return our offset. (Inherited from rekall.obj.Struct)		 source code
 
walk_list(self, list_member, include_current=True, deref_as=None)
Walk a single linked list in this struct. (Inherited from rekall.obj.Struct)		 source code
 
write(self, value)
Function for writing the object back to disk (Inherited from rekall.obj.BaseObject)		 source code

Inherited from object: __delattr__, __getattribute__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __subclasshook__

Class Methods
 
getproperties(cls)
Return all members that are intended to represent some data. (Inherited from rekall.obj.BaseObject)		 source code
Class Variables
  obj_name = <No name> (Inherited from rekall.obj.BaseObject)
  obj_parent = <No parent> (Inherited from rekall.obj.BaseObject)
  obj_producers = None
hash(x) (Inherited from rekall.obj.BaseObject)
Properties
  vads
  command
  cr3
  is_64bit
  argv
  indices
Returns (usually 1) representation(s) of self usable as dict keys. (Inherited from rekall.obj.Struct)
  obj_end (Inherited from rekall.obj.BaseObject)
  obj_size (Inherited from rekall.obj.Struct)
  parents
Returns all the parents of this object. (Inherited from rekall.obj.BaseObject)

Inherited from object: __class__

Method Details

get_open_files(self)

source code  
Gets all open files (sockets, pipes...) owned by this proc.

Yields:
  tuple of (fd, fileproc, flags)

Property Details

vads

Get Method:
unreachable.vads(self)

command

Get Method:
unreachable.command(self)

cr3

Get Method:
unreachable.cr3(self)

is_64bit

Get Method:
unreachable.is_64bit(self)

argv

Get Method:
unreachable.argv(self)

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:31 2017 http://epydoc.sourceforge.net