Package rekall :: Package plugins :: Package tools :: Module dynamic_profiles :: Class DisassembleMatcher

Class DisassembleMatcher

A matching engine for disassembler rules.

This matcher searcher for a sequence of rules in a disassmbly and tries to match a certain rule pattern to the assembly. Ultimately if the rules match, the rules may extract certain parameters from the patter.

Instance Methods

__init__(self, name='', mode='AMD64', rules=None, session=None, max_separation=10)
x.__init__(...) initializes x; see help(type(x)) for signature source code

GenerateVector(self, hits, vector, level)
Generate possible hit vectors which match the rules.

source code

MatchFunction(self, func, length=1000)

source code

Match(self, offset=0, data='') source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Properties
Inherited from `object`: `__class__`

Method Details

init(self, name=`''`, mode=`'AMD64'`, rules=None, session=None, max_separation=10)
(Constructor)

source code

x.__init__(...) initializes x; see help(type(x)) for signature

Overrides: object.__init__: (inherited documentation)

Class DisassembleMatcher

__init__(self, name='', mode='AMD64', rules=None, session=None, max_separation=10) (Constructor)

init(self, name=`''`, mode=`'AMD64'`, rules=None, session=None, max_separation=10)
(Constructor)