Module vista

source code

Author: Bradley L Schatz

License: GNU General Public License 2.0 or later

Contact: bradley@schatzforensic.com.au

This file provides support for windows Vista.

Functions

InitializeVistaProfile(profile)

source code

Variables
	vista_overlays = `{'_CONTROL_AREA': [None, {'FilePointer': [Non...`
	__package__ = `'rekall.plugins.overlays.windows'`

Variables Details

vista_overlays

Value:

{'_CONTROL_AREA': [None,
                   {'FilePointer': [None,
                                    ['_EX_FAST_REF',
                                     {'target': '_FILE_OBJECT'}]]}],
 '_EPROCESS': [None,
               {'RealVadRoot': <function <lambda> at 0x7fafd6ce4e60>}]
,
 '_IMAGE_ENTRY_IN_SESSION': [None, {'ImageBase': <function <lambda> at
...