Package rekall :: Package plugins :: Package overlays :: Package windows :: Module common

Module common

Common windows overlays and classes.

Classes
	ObjectMixin A mixin to be applied on Object Manager Objects.
	VadTraverser The windows Vad tree is basically the same in all versions of windows, but the exact name of the structs vary with version.

Functions

InitializeWindowsProfile(profile)
Install the basic windows overlays.

source code

Variables
	MM_PROTECTION_ENUM = `{0: 'MM_ZERO_ACCESS', 1: 'MM_READONLY', 2...`
	windows_overlay = `{'PO_MEMORY_IMAGE': [None, {'Signature': [No...`
	__package__ = `'rekall.plugins.overlays.windows'`

Variables Details

MM_PROTECTION_ENUM

Value:

{0: 'MM_ZERO_ACCESS',
 1: 'MM_READONLY',
 2: 'MM_EXECUTE',
 3: 'MM_EXECUTE_READ',
 4: 'MM_READWRITE',
 5: 'MM_WRITECOPY',
 6: 'MM_EXECUTE_READWRITE',
 7: 'MM_PROTECT_ACCESS',
...

windows_overlay

Value:

{'PO_MEMORY_IMAGE': [None,
                     {'Signature': [None, ['String', {'length': 4}]],
                      'SystemTime': [None, ['WinFileTime', {}]]}],
 '_CLIENT_ID': [None,
                {'UniqueProcess': [None, ['unsigned int']],
                 'UniqueThread': [None, ['unsigned int']]}],
 '_CM_NAME_CONTROL_BLOCK': [None,
                            {'Name': [None, ['String', {'length': <fun
...