Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package overlays :: Package linux :: Module linux :: Class Linux64
[frames] | no frames]

Class Linux64

source code

Nested Classes
  __metaclass__
Automatic Plugin Registration through metaclasses. (Inherited from rekall.obj.Profile)
  top_level_class
A collection of types relating to a single compilation unit. (Inherited from rekall.obj.Profile)
Instance Methods
 
EnsureInitialized(self) (Inherited from rekall.obj.Profile) source code
 
GetImageBase(self) (Inherited from rekall.plugins.overlays.linux.linux.Linux) source code
 
GetPageOffset(self)
Gets the page offset. (Inherited from rekall.plugins.overlays.linux.linux.Linux)		 source code
 
GetPrototype(self, type_name)
Return a prototype of objects of type 'type_name'. (Inherited from rekall.obj.Profile)		 source code
 
Object(self, type_name=None, offset=None, vm=None, name=None, parent=None, context=None, **kwargs)
A function which instantiates the object named in type_name (as a string) from the type in profile passing optional args of kwargs. (Inherited from rekall.obj.Profile)		 source code
 
__dir__(self)
Support tab completion. (Inherited from rekall.obj.Profile)		 source code
 
__getattr__(self, attr)
Make it easier to instantiate individual members. (Inherited from rekall.obj.Profile)		 source code
 
__init__(self, **kwargs)
x.__init__(...) initializes x; see help(type(x)) for signature (Inherited from rekall.plugins.overlays.basic.RelativeOffsetMixin)		 source code
 
__repr__(self)
repr(x) (Inherited from rekall.obj.Profile)		 source code
 
__unicode__(self) (Inherited from rekall.obj.Profile) source code
 
add_classes(self, classes_dict=None, **kwargs)
Add the classes in the dict to our object classes mapping. (Inherited from rekall.obj.Profile)		 source code
 
add_constant_type(self, constant, target, target_args) (Inherited from rekall.obj.Profile) source code
 
add_constants(self, constants=None, constants_are_absolute=False, **opts) (Inherited from rekall.plugins.overlays.basic.RelativeOffsetMixin) source code
 
add_enums(self, **kwargs)
Add the kwargs as an enum for this profile. (Inherited from rekall.obj.Profile)		 source code
 
add_kernel_config_options(self, **kwargs)
Add the kwargs as kernel config options for this profile. (Inherited from rekall.plugins.overlays.linux.linux.Linux)		 source code
 
add_overlay(self, overlay)
Add an overlay to the current overlay stack. (Inherited from rekall.obj.Profile)		 source code
 
add_reverse_enums(self, **kwargs)
Add the kwargs as a reverse enum for this profile. (Inherited from rekall.obj.Profile)		 source code
 
add_types(self, abstract_types) (Inherited from rekall.obj.Profile) source code
 
compile_type(self, type_name)
Compile the specific type and ensure it exists in the type cache. (Inherited from rekall.obj.Profile)		 source code
 
copy(self)
Makes a copy of this profile. (Inherited from rekall.obj.Profile)		 source code
 
flush_cache(self) (Inherited from rekall.obj.Profile) source code
 
get_constant(self, name, is_address=False)
Gets the constant from the profile. (Inherited from rekall.plugins.overlays.basic.RelativeOffsetMixin)		 source code
 
get_constant_by_address(self, address) (Inherited from rekall.obj.Profile) source code
 
get_constant_object(self, constant, target=None, target_args=None, vm=None, **kwargs)
A help function for retrieving pointers from the symbol table. (Inherited from rekall.obj.Profile)		 source code
 
get_enum(self, enum_name, field=None) (Inherited from rekall.obj.Profile) source code
 
get_kernel_config(self, config_option)
Returns the kernel config option config_option for this profile. (Inherited from rekall.plugins.overlays.linux.linux.Linux)		 source code
 
get_nearest_constant_by_address(self, address, below=True) (Inherited from rekall.plugins.overlays.basic.RelativeOffsetMixin) source code
 
get_obj_offset(self, name, member)
Returns a member's offset within the struct. (Inherited from rekall.obj.Profile)		 source code
 
get_obj_size(self, name)
Returns the size of a struct (Inherited from rekall.obj.Profile)		 source code
 
get_reverse_enum(self, enum_name, field=None) (Inherited from rekall.obj.Profile) source code
 
get_total_sleep_time(self, vm=None) (Inherited from rekall.plugins.overlays.linux.linux.Linux) source code
 
get_wall_to_monotonic(self, vm=None) (Inherited from rekall.plugins.overlays.linux.linux.Linux) source code
 
getboottime(self, vm=None)
Returns the real time of system boot. (Inherited from rekall.plugins.overlays.linux.linux.Linux)		 source code
 
has_class(self, class_name) (Inherited from rekall.obj.Profile) source code
 
has_type(self, type_name) (Inherited from rekall.obj.Profile) source code
 
integer_to_address(self, virtual_address) (Inherited from rekall.obj.Profile) source code
 
ktime_sub(self, lhs, rhs)
Substracts two ktime_t instances. (Inherited from rekall.plugins.overlays.linux.linux.Linux)		 source code
 
ktime_to_timespec(self, kt)
Transforms a ktime_t to a timespec. (Inherited from rekall.plugins.overlays.linux.linux.Linux)		 source code
 
legacy_field_descriptor(self, typeList)
Converts the list expression into a target, target_args notation. (Inherited from rekall.obj.Profile)		 source code
 
list_to_type(self, name, typeList)
Parses a specification list and returns a VType object. (Inherited from rekall.obj.Profile)		 source code
 
merge(self, other)
Merges another profile into this one. (Inherited from rekall.obj.Profile)		 source code
 
merge_symbols(self, other, *args) (Inherited from rekall.obj.Profile) source code
 
metadata(self, name, default=None)
Obtain metadata about this profile. (Inherited from rekall.obj.Profile)		 source code
 
metadatas(self, *args)
Obtain metadata about this profile. (Inherited from rekall.obj.Profile)		 source code
 
ns_to_timespec(self, nsec)
Transforms nanoseconds to a timespec. (Inherited from rekall.plugins.overlays.linux.linux.Linux)		 source code
 
nsec_to_clock_t(self, x)
Convers nanoseconds to a clock_t. (Inherited from rekall.plugins.overlays.linux.linux.Linux)		 source code
 
obj_has_member(self, name, member)
Returns whether an object has a certain member (Inherited from rekall.obj.Profile)		 source code
 
phys_addr(self, va)
Returns the physical address of a given virtual address va. (Inherited from rekall.plugins.overlays.linux.linux.Linux)		 source code
 
set_metadata(self, name, value) (Inherited from rekall.obj.Profile) source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Methods
 
Initialize(cls, profile)
Install required types, classes and constants.		 source code
 
ImplementationByClass(self, name) source code
 
ImplementationByName(self, name) source code
 
LoadProfileFromData(cls, data, session=None, name=None, profile=None)
Creates a profile directly from a JSON object. (Inherited from rekall.obj.Profile)		 source code
Class Variables
  COMMON_CLASSES = {'Array': <class 'rekall.obj.Array'>, 'BitFie... (Inherited from rekall.obj.Profile)
  EMPTY_DESCRIPTOR = [0, {}] (Inherited from rekall.obj.Profile)
  METADATA = {'os': 'linux', 'type': 'Kernel'} (Inherited from rekall.plugins.overlays.linux.linux.Linux)
  applied_modifications = None
hash(x) (Inherited from rekall.obj.Profile)
  classes = {'APIBaseProfile': <class 'rekall.plugins.response.c... (Inherited from rekall.obj.Profile)
  classes_by_name = {None: [<class 'rekall.obj.Profile'>, <class... (Inherited from rekall.obj.Profile)
  constants = None
hash(x) (Inherited from rekall.obj.Profile)
  image_base = None
hash(x) (Inherited from rekall.plugins.overlays.linux.linux.Linux)
  overlays = None
hash(x) (Inherited from rekall.obj.Profile)
  plugin_feature = 'Profile' (Inherited from rekall.obj.Profile)
  types = None
hash(x) (Inherited from rekall.obj.Profile)
  vtypes = None
hash(x) (Inherited from rekall.obj.Profile)
Properties

Inherited from object: __class__

Method Details

Initialize(cls, profile)
Class Method

source code 

Install required types, classes and constants.

This method should be extended by derived classes. It is a class method to allow other profiles to call this method and install the various components into their own profiles.

Overrides: obj.Profile.Initialize
(inherited documentation)

ImplementationByClass(self, name)
Class Method

source code 
Overrides: obj.Profile.ImplementationByClass

ImplementationByName(self, name)
Class Method

source code 
Overrides: obj.Profile.ImplementationByName

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:34 2017 http://epydoc.sourceforge.net