Package rekall :: Package plugins :: Package overlays :: Package linux :: Module linux

Module linux

Author: Brendan Dolan-Gavitt

License: GNU General Public License 2.0 or later

Contact: brendandg@gatech.edu

Organization: Georgia Institute of Technology

Classes
	list_head A list_head makes a doubly linked list.
	hlist_head
	hlist_node
	inet_sock Class for an internet socket object
	files_struct
	dentry
	task_struct
	timespec
	net_device
	PermissionFlags A Flags object for printing vm_area_struct permissions in a format like rwx or r-x
	kgid_t Newer kernels use this struct instead of an int.
	kuid_t Newer kernels use this struct instead of an int.
	proc_dir_entry
	page
	InodePermission
	Linux
	Linux32
	Linux64
	LinuxConfigProfileLoader Linux profiles can carry the original Kconfig in the $CONFIG section.

Variables
	linux_overlay = `{'cpuinfo_x86': [None, {'x86_model_id': [None,...`
	__package__ = `'rekall.plugins.overlays.linux'`

Variables Details

linux_overlay

Value:

{'cpuinfo_x86': [None,
                 {'x86_model_id': [None,
                                   ['UnicodeString', {'length': 64}]],
                  'x86_vendor_id': [None,
                                    ['UnicodeString', {'length': 16}]]
}],
 'd_name': [None,
            {'d_name': [None, ['Pointer', {'target': 'String'}]]}],
...