Module xp

source code

Author: Brendan Dolan-Gavitt

License: GNU General Public License 2.0 or later

Contact: bdolangavitt@wesleyan.edu

This file provides support for windows XP SP2. We provide a profile for SP2.

Functions

InitializeXPProfile(profile)

source code

Variables
	win_xp_overlays = `{'_EPROCESS': [None, {'RealVadRoot': <functi...`
	__package__ = `'rekall.plugins.overlays.windows'`

Variables Details

win_xp_overlays

Value:

{'_EPROCESS': [None,
               {'RealVadRoot': <function <lambda> at 0x7fafd6c87a28>,
                'VadRoot': [None, ['pointer', ['_MMVAD']]]}],
 '_IMAGE_ENTRY_IN_SESSION': [None,
                             {'ImageBase': <function <lambda> at 0x7fa
fd6c8d140>}],
 '_MMVAD': [None,
            {'CommitCharge': <function <lambda> at 0x7fafd6c87de8>, 'E
...