Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package tools :: Module profile_tool :: Class OSXConverter
[frames] | no frames]

Class OSXConverter

source code

Automatic conversion from Volatility OSX style profiles.

You can generate one of those using the instructions here: http://code.google.com/p/volatility/wiki/MacMemoryForensics#Building_a_Profile

Nested Classes
  __metaclass__
Automatic Plugin Registration through metaclasses. (Inherited from rekall.plugins.tools.profile_tool.ProfileConverter)
  top_level_class
Base class for converters. (Inherited from rekall.plugins.tools.profile_tool.ProfileConverter)
Instance Methods
 
ParseSystemMap(self, system_map)
Parse the system map and return a list of offset, symbol_name.		 source code
 
Convert(self) source code
 
BuildProfile(self, system_map, vtypes, config=None)
Write all the components needed for the output profile. (Inherited from rekall.plugins.tools.profile_tool.LinuxConverter)		 source code
 
ParseConfigFile(self, config_file)
Parse the kernel .config file returning it as a dictionary. (Inherited from rekall.plugins.tools.profile_tool.LinuxConverter)		 source code
 
SelectFile(self, regex)
Reads the content of the first file which matches regex. (Inherited from rekall.plugins.tools.profile_tool.ProfileConverter)		 source code
 
__init__(self, input, profile_class=None, session=None)
x.__init__(...) initializes x; see help(type(x)) for signature (Inherited from rekall.plugins.tools.profile_tool.ProfileConverter)		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Methods
 
ImplementationByClass(self, name) source code
 
ImplementationByName(self, name) source code
Class Variables
  BASE_PROFILE_CLASS = 'Darwin'
  DLSYM_REGEX = re.compile(r'([^ ]+) \'([^ ]+)\'$')
  classes = {'LinuxConverter': <class 'rekall.plugins.tools.prof... (Inherited from rekall.plugins.tools.profile_tool.ProfileConverter)
  classes_by_name = {None: [<class 'rekall.plugins.tools.profile... (Inherited from rekall.plugins.tools.profile_tool.ProfileConverter)
  plugin_feature = 'ProfileConverter' (Inherited from rekall.plugins.tools.profile_tool.ProfileConverter)
Properties

Inherited from object: __class__

Method Details

ParseSystemMap(self, system_map)

source code 

Parse the system map and return a list of offset, symbol_name.

Overrides: LinuxConverter.ParseSystemMap
(inherited documentation)

Convert(self)

source code 
Overrides: ProfileConverter.Convert

ImplementationByClass(self, name)
Class Method

source code 
Overrides: ProfileConverter.ImplementationByClass

ImplementationByName(self, name)
Class Method

source code 
Overrides: ProfileConverter.ImplementationByName

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:00 2017 http://epydoc.sourceforge.net