Package rekall :: Package plugins :: Package overlays :: Package windows :: Module undocumented

Module undocumented

This file contains all the undocumented structs that were derived by reversing. We try to also include references to the original reverser.

Variables
	AMD64 = `{'FIRST_LEVEL_DIR': [36, {'Mask': [16, ['unsigned int'...`
	I386 = `{'FIRST_LEVEL_DIR': [36, {'Mask': [16, ['unsigned int']...`
	ENUMS = `{'_KOBJECTS': {'0': 'EventNotificationObject', '1': 'E...`
	__package__ = `None` hash(x)

Variables Details

AMD64

Value:

{'FIRST_LEVEL_DIR': [36,
                     {'Mask': [16, ['unsigned int']],
                      'SecondLevel': [32,
                                      ['Pointer',
                                       {'target': 'Array',
                                        'target_args': {'count': <func
tion <lambda> at 0x7fafd6c13938>,
                                                        'target': '_LI
...

I386

Value:

{'FIRST_LEVEL_DIR': [36,
                     {'Mask': [16, ['unsigned int']],
                      'SecondLevel': [32,
                                      ['Pointer',
                                       {'target': 'Array',
                                        'target_args': {'count': <func
tion <lambda> at 0x7fafd6c137d0>,
                                                        'target': '_LI
...

ENUMS

Value:

{'_KOBJECTS': {'0': 'EventNotificationObject',
               '1': 'EventSynchronizationObject',
               '10': 'Spare2Object',
               '11': 'Spare3Object',
               '12': 'Spare4Object',
               '13': 'Spare5Object',
               '14': 'Spare6Object',
               '15': 'Spare7Object',
...