Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package tools :: Module profile_tool :: Class LinuxConverter
[frames] | no frames]

Class LinuxConverter

source code

Convert an existing Linux profile zip file.

Since building the linux profile often happens on the target system, where
Rekall is not normall running, we just convert the result of running Make in
the tools/linux/ directory. See tools/linux/README for details.

In short:

- Run make in tools/linux/ directory. This will build module_dwarf.ko with
  debugging symbols.

- If you have zip installed, the above step will create the required zip
  file. Otherwise Create a zip file manually with module_dwarf.ko and
  /boot/System.map-`uname -r` (Sometimes when running make not as the root
  user, its not possible to read the System.map file).

Finally use this tool to convert the profile to a Rekall compatible profile.
Nested Classes
  __metaclass__
Automatic Plugin Registration through metaclasses. (Inherited from rekall.plugins.tools.profile_tool.ProfileConverter)
  top_level_class
Base class for converters. (Inherited from rekall.plugins.tools.profile_tool.ProfileConverter)
Instance Methods
 
ParseSystemMap(self, system_map)
Parse the system map and return a list of offset, symbol_name.		 source code
 
ParseConfigFile(self, config_file)
Parse the kernel .config file returning it as a dictionary.		 source code
 
BuildProfile(self, system_map, vtypes, config=None)
Write all the components needed for the output profile.		 source code
 
Convert(self) source code
 
SelectFile(self, regex)
Reads the content of the first file which matches regex. (Inherited from rekall.plugins.tools.profile_tool.ProfileConverter)		 source code
 
__init__(self, input, profile_class=None, session=None)
x.__init__(...) initializes x; see help(type(x)) for signature (Inherited from rekall.plugins.tools.profile_tool.ProfileConverter)		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Methods
 
ImplementationByClass(self, name) source code
 
ImplementationByName(self, name) source code
Class Variables
  BASE_PROFILE_CLASS = 'Linux'
  classes = {'LinuxConverter': <class 'rekall.plugins.tools.prof... (Inherited from rekall.plugins.tools.profile_tool.ProfileConverter)
  classes_by_name = {None: [<class 'rekall.plugins.tools.profile... (Inherited from rekall.plugins.tools.profile_tool.ProfileConverter)
  plugin_feature = 'ProfileConverter' (Inherited from rekall.plugins.tools.profile_tool.ProfileConverter)
Properties

Inherited from object: __class__

Method Details

BuildProfile(self, system_map, vtypes, config=None)

source code 

Write all the components needed for the output profile.

Overrides: ProfileConverter.BuildProfile

Convert(self)

source code 
Overrides: ProfileConverter.Convert

ImplementationByClass(self, name)
Class Method

source code 
Overrides: ProfileConverter.ImplementationByClass

ImplementationByName(self, name)
Class Method

source code 
Overrides: ProfileConverter.ImplementationByName

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:00 2017 http://epydoc.sourceforge.net