Package rekall :: Package plugins :: Package overlays :: Package linux :: Module dwarfparser

Module dwarfparser

A parser for dwarf modules which generates vtypes.

Classes
	DIETag
	DW_TAG_typedef
	DW_TAG_volatile_type
	DW_TAG_base_type A base type.
	DW_TAG_structure_type A struct definition.
	DW_TAG_union_type
	DW_TAG_pointer_type
	DW_TAG_subroutine_type
	DW_TAG_array_type
	DW_TAG_subrange_type These specify the count of arrays.
	DW_TAG_member
	DW_TAG_enumeration_type Holds enumerations.
	DW_TAG_enumerator An enumeration.
	DWARFParser A parser for DWARF files.
	DwarfParser Parse the dwarf file and dump a vtype structure from it.

Functions

PatchPyElftools()
Upgrade pyelftools to support DWARF 4.

source code

describe_DWARF_expr(expr, structs)
Textual description of a DWARF expression encoded in 'expr'.

source code

DIEFactory(die, types, parents)
Returns an instance of the DIE object.

source code

Variables
	DIE_LOOKUP = `{'DW_TAG_array_type': <class 'rekall.plugins.over...`
	__package__ = `'rekall.plugins.overlays.linux'`

Function Details

PatchPyElftools()

source code

Upgrade pyelftools to support DWARF 4.

Hopefully these fixes will be pushed upstream soon.

describe_DWARF_expr(expr, structs)

source code

Textual description of a DWARF expression encoded in 'expr'. structs should come from the entity encompassing the expression - it's needed to be able to parse it correctly.

Variables Details

DIE_LOOKUP

Value:

{'DW_TAG_array_type': <class 'rekall.plugins.overlays.linux.dwarfparse
r.DW_TAG_array_type'>,
 'DW_TAG_base_type': <class 'rekall.plugins.overlays.linux.dwarfparser
.DW_TAG_base_type'>,
 'DW_TAG_const_type': <class 'rekall.plugins.overlays.linux.dwarfparse
r.DW_TAG_typedef'>,
 'DW_TAG_enumeration_type': <class 'rekall.plugins.overlays.linux.dwar
fparser.DW_TAG_enumeration_type'>,
...