Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package tools :: Module disassembler :: Class Function
[frames] | no frames]

Class Function

source code

A base object representing code snippets.

Nested Classes
  __metaclass__
Give each object a unique ID. (Inherited from rekall.obj.BaseObject)
Instance Methods
 
__init__(self, mode=None, args=None, **kwargs)
Constructor for Base object.		 source code
 
__int__(self) source code
 
__hash__(self)
hash(x)		 source code
 
__unicode__(self) source code
 
__iter__(self) source code
 
__getitem__(self, item) source code
 
Rewind(self, length=0, align=True)
Returns another function which starts before this function.		 source code
 
disassemble(self, instructions=10)
Generate some instructions.		 source code
 
GetData(self)
Returns the raw data of this object. (Inherited from rekall.obj.BaseObject)		 source code
 
__comparator__(self, other, method) (Inherited from rekall.obj.BaseAddressComparisonMixIn) source code
 
__dir__(self)
Hide any members with _. (Inherited from rekall.obj.BaseObject)		 source code
 
__eq__(self, other) (Inherited from rekall.obj.BaseAddressComparisonMixIn) source code
 
__format__(self, formatspec)
default object formatter (Inherited from rekall.obj.BaseObject)		 source code
 
__ge__(self, other) (Inherited from rekall.obj.BaseAddressComparisonMixIn) source code
 
__gt__(self, other) (Inherited from rekall.obj.BaseAddressComparisonMixIn) source code
 
__le__(self, other) (Inherited from rekall.obj.BaseAddressComparisonMixIn) source code
 
__lt__(self, other) (Inherited from rekall.obj.BaseAddressComparisonMixIn) source code
 
__ne__(self, other) (Inherited from rekall.obj.BaseAddressComparisonMixIn) source code
 
__nonzero__(self)
This method is called when we test the truth value of an Object. (Inherited from rekall.obj.BaseObject)		 source code
 
__repr__(self)
repr(x) (Inherited from rekall.obj.BaseObject)		 source code
 
__str__(self)
str(x) (Inherited from rekall.obj.BaseObject)		 source code
 
cast(self, type_name=None, vm=None, **kwargs) (Inherited from rekall.obj.BaseObject) source code
 
deref(self, vm=None)
An alias for dereference - less to type. (Inherited from rekall.obj.BaseObject)		 source code
 
dereference(self, vm=None) (Inherited from rekall.obj.BaseObject) source code
 
is_valid(self) (Inherited from rekall.obj.BaseObject) source code
 
m(self, memname) (Inherited from rekall.obj.BaseObject) source code
 
proxied(self) (Inherited from rekall.obj.BaseObject) source code
 
reference(self)
Produces a pointer to this object. (Inherited from rekall.obj.BaseObject)		 source code
 
v(self, vm=None)
Do the actual reading and decoding of this member (Inherited from rekall.obj.BaseObject)		 source code
 
write(self, value)
Function for writing the object back to disk (Inherited from rekall.obj.BaseObject)		 source code

Inherited from object: __delattr__, __getattribute__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __subclasshook__

Class Methods
 
getproperties(cls)
Return all members that are intended to represent some data. (Inherited from rekall.obj.BaseObject)		 source code
Class Variables
  obj_name = <No name> (Inherited from rekall.obj.BaseObject)
  obj_parent = <No parent> (Inherited from rekall.obj.BaseObject)
  obj_producers = None
hash(x) (Inherited from rekall.obj.BaseObject)
Properties
  indices
Returns (usually 1) representation(s) of self usable as dict keys. (Inherited from rekall.obj.BaseObject)
  obj_end (Inherited from rekall.obj.BaseObject)
  obj_size (Inherited from rekall.obj.BaseObject)
  parents
Returns all the parents of this object. (Inherited from rekall.obj.BaseObject)

Inherited from object: __class__

Method Details

__init__(self, mode=None, args=None, **kwargs)
(Constructor)

source code  
Constructor for Base object.

Args:
  type_name: The name of the type of this object. This different
     from the class name, since the same class may implement many types
     (e.g. Struct implements every instance in the vtype definition).

  offset: The offset within the address space to this object exists.

  vm: The address space this object uses to read itself from.

  profile: The profile this object may use to dereference other
   types.

  parent: The object which created this object.

  name: The name of this object.

  context: An opaque dict which is passed to all objects created from
    this object. This dict may contain context specific information
    which each derived instance can use.

  kwargs: Arbitrary args this object may accept - these can be passed in
     the vtype language definition.
Overrides: object.__init__
(inherited documentation)

__hash__(self)
(Hashing function)

source code 

hash(x)

Overrides: object.__hash__
(inherited documentation)

__unicode__(self)

source code 
Overrides: obj.BaseObject.__unicode__

Rewind(self, length=0, align=True)

source code 

Returns another function which starts before this function.

If align is specified, we increase the length repeatedly until the new function disassebles exactly to the same offset of this function.


   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:28:55 2017 http://epydoc.sourceforge.net