Trees
Indices
Help
Rekall Memory Forensics
Package rekall
::
Package plugins
::
Package overlays
:: Package windows
[
frames
] |
no frames
]
Package windows
source code
Submodules
rekall.plugins.overlays.windows.common
:
Common windows overlays and classes.
rekall.plugins.overlays.windows.crashdump
:
This file adds support for windows debugging related data.
rekall.plugins.overlays.windows.heap
:
The module implements user mode heap overlays.
rekall.plugins.overlays.windows.kdbg_vtypes
rekall.plugins.overlays.windows.pe_vtypes
:
References: http://msdn.microsoft.com/en-us/magazine/ms809762.aspx http://msdn.microsoft.com/en-us/magazine/cc301805.aspx http://code.google.com/p/corkami/downloads/detail?name=pe-20110117.pdf http://code.google.com/p/pefile/
rekall.plugins.overlays.windows.tcpip_vtypes
rekall.plugins.overlays.windows.tokens
:
Classes around handling tokens, privileges etc.
rekall.plugins.overlays.windows.undocumented
:
This file contains all the undocumented structs that were derived by reversing.
rekall.plugins.overlays.windows.vista
rekall.plugins.overlays.windows.win10
rekall.plugins.overlays.windows.win7
rekall.plugins.overlays.windows.win8
rekall.plugins.overlays.windows.windows
rekall.plugins.overlays.windows.xp
Variables
__package__
=
'
rekall.plugins.overlays.windows
'
Trees
Indices
Help
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:46 2017
http://epydoc.sourceforge.net