Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package overlays :: Package windows :: Module win10
[frames] | no frames]

Module win10

source code

Functions
 
InitializeWindows10Profile(profile)
Initialize windows 10 profiles.		 source code
Variables
  win10_undocumented_amd64 = {'_IMAGE_ENTRY_IN_SESSION': [None, ...
  win10_undocumented_i386 = {'_IMAGE_ENTRY_IN_SESSION': [None, {...
  win10_overlays = {'_MI_HARDWARE_STATE': [None, {'SystemNodeInf...
  __package__ = 'rekall.plugins.overlays.windows'
Variables Details

win10_undocumented_amd64

Value:
{'_IMAGE_ENTRY_IN_SESSION': [None,
                             {'Address': [40, ['_EX_FAST_REF']]}]}

win10_undocumented_i386

Value:
{'_IMAGE_ENTRY_IN_SESSION': [None, {'Address': [20, ['Pointer']]}]}

win10_overlays

Value:
{'_MI_HARDWARE_STATE': [None,
                        {'SystemNodeInformation': [None,
                                                   ['Pointer',
                                                    {'target': 'Array'\
,
                                                     'target_args': {'\
count': <function <lambda> at 0x7fafd6c8d2a8>,
                                                                     '\
...

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:47 2017 http://epydoc.sourceforge.net