Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package overlays :: Package windows :: Module win7
[frames] | no frames]

Module win7

source code

Author: Bradley L Schatz

License: GNU General Public License 2.0 or later

Contact: bradley@schatzforensic.com.au

This file provides support for windows Windows 7 SP 0.

Classes
  ObjectTypeMapHook
Get and cache the object type map.
Functions
 
TagOffset(x) source code
 
InitializeWindows7Profile(profile) source code
Variables
  win7_overlays = {'_CONTROL_AREA': [None, {'FilePointer': [None...
  __package__ = 'rekall.plugins.overlays.windows'
Variables Details

win7_overlays

Value:
{'_CONTROL_AREA': [None,
                   {'FilePointer': [None,
                                    ['_EX_FAST_REF',
                                     {'target': '_FILE_OBJECT'}]]}],
 '_EPROCESS': [None,
               {'RealVadRoot': <function <lambda> at 0x7fafd6c77578>}]\
,
 '_IMAGE_ENTRY_IN_SESSION': [None, {'ImageBase': <function <lambda> at\
...

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:47 2017 http://epydoc.sourceforge.net