Package rekall :: Package plugins :: Package overlays :: Package linux :: Module elf

Module elf

This file implements elf file parsing.

References: http://downloads.openwatcom.org/ftp/devel/docs/elf-64-gen.pdf /usr/include/linux/elf.h

Classes
	ELFFileImplementation An implementation of a parser for ELF files.
	ELFProfile A profile for ELF files.

Variables
	elf_vtypes = `{'elf64_hdr': [64, {'e_ehsize': [52, ['short unsi...`
	elf_overlays = `{'elf64_hdr': [None, {'e_ident': [None, ['Signa...`
	__package__ = `'rekall.plugins.overlays.linux'`

Variables Details

elf_vtypes

Value:

{'elf64_hdr': [64,
               {'e_ehsize': [52, ['short unsigned int']],
                'e_entry': [24, ['long long unsigned int']],
                'e_flags': [48, ['unsigned int']],
                'e_ident': [0, ['array', 16, ['unsigned char']]],
                'e_machine': [18, ['short unsigned int']],
                'e_phentsize': [54, ['short unsigned int']],
                'e_phnum': [56, ['short unsigned int']],
...

elf_overlays

Value:

{'elf64_hdr': [None,
               {'e_ident': [None,
                            ['Signature',
                             {'value': '\x7fELF\x02\x01\x01'}]],
                'e_phoff': [None,
                            ['Pointer',
                             {'target': 'Array',
                              'target_args': {'count': <function <lamb
...