Package rekall :: Package plugins :: Package windows

Package windows

Submodules

rekall.plugins.windows.address_resolver: The module implements the windows specific address resolution plugin.
rekall.plugins.windows.cache: This module adds plugins to inspect the windows cache manager.
rekall.plugins.windows.common: This plugin contains CORE classes used by lots of other plugins
rekall.plugins.windows.connections
rekall.plugins.windows.connscan: This module implements the fast connection scanning
rekall.plugins.windows.crashinfo
rekall.plugins.windows.dns: This module implements plugins to inspect Window's DNS resolver cache.
rekall.plugins.windows.dumpcerts
rekall.plugins.windows.filescan
rekall.plugins.windows.gui: These plugins implement analysis of the win32k graphic subsystem.
- rekall.plugins.windows.gui.atoms
- rekall.plugins.windows.gui.autodetect: Autodetect struct layout of various Win32k GUI structs.
- rekall.plugins.windows.gui.clipboard
- rekall.plugins.windows.gui.constants
- rekall.plugins.windows.gui.sessions
- rekall.plugins.windows.gui.tests
- rekall.plugins.windows.gui.userhandles: Analyzes User handles registered with the Win32k Subsystem.
- rekall.plugins.windows.gui.vtypes
  - rekall.plugins.windows.gui.vtypes.win7
  - rekall.plugins.windows.gui.vtypes.win7_sp0_x64_vtypes_gui
  - rekall.plugins.windows.gui.vtypes.win7_sp0_x86_vtypes_gui
  - rekall.plugins.windows.gui.vtypes.win7_sp1_x64_vtypes_gui
  - rekall.plugins.windows.gui.vtypes.win7_sp1_x86_vtypes_gui
  - rekall.plugins.windows.gui.vtypes.xp: Most of the following structures are actually documented in Windows 7 onwards, but are not documented in windows XP.
- rekall.plugins.windows.gui.win32k_core
- rekall.plugins.windows.gui.windowstations: The following is a description of windows stations from MSDN:
rekall.plugins.windows.handles
rekall.plugins.windows.heap_analysis: The module implements user mode heap analysis.
rekall.plugins.windows.index: This module implements profile indexing.
rekall.plugins.windows.interactive
- rekall.plugins.windows.interactive.profiles
- rekall.plugins.windows.interactive.structs: Interactive plugins.
rekall.plugins.windows.kdbgscan
rekall.plugins.windows.kernel: This module discovers the kernel base address.
rekall.plugins.windows.kpcr: This plugin is used for displaying information about the Kernel Processor Control Blocks.
rekall.plugins.windows.lsadecryptxp: Windows NT 5.1 and 5.2 LsaEncryptMemory decryption algorithm.
rekall.plugins.windows.malware: The following modules were written and contributed by Michael Hale (michael.hale@gmail.com).
- rekall.plugins.windows.malware.apihooks
- rekall.plugins.windows.malware.apihooks_test
- rekall.plugins.windows.malware.callbacks
- rekall.plugins.windows.malware.cmdhistory
- rekall.plugins.windows.malware.devicetree
- rekall.plugins.windows.malware.impscan
- rekall.plugins.windows.malware.malfind
- rekall.plugins.windows.malware.psxview
- rekall.plugins.windows.malware.sigscan
- rekall.plugins.windows.malware.svcscan
- rekall.plugins.windows.malware.timers
- rekall.plugins.windows.malware.yarascan
rekall.plugins.windows.mimikatz: Partial emulation of the Mimikatz tool.
rekall.plugins.windows.misc: Miscelaneous information gathering plugins.
rekall.plugins.windows.modscan: This module implements the fast module scanning
rekall.plugins.windows.modules
rekall.plugins.windows.netscan
rekall.plugins.windows.network: This module extracts network information using kernel object inspection.
rekall.plugins.windows.pagefile: This file adds pagefile support.
rekall.plugins.windows.pas2kas
rekall.plugins.windows.pfn
rekall.plugins.windows.pfn_test: Tests for the pfn plugins.
rekall.plugins.windows.pool: Plugins to inspect the windows pools.
rekall.plugins.windows.privileges: Inspect the privileges in each process's tokens.
rekall.plugins.windows.procdump
rekall.plugins.windows.procdump_test: Tests for the procexecdump plugins.
rekall.plugins.windows.procinfo: This module print details information about PE files and processes.
rekall.plugins.windows.pstree: pstree example file
rekall.plugins.windows.registry
- rekall.plugins.windows.registry.evtlogs
- rekall.plugins.windows.registry.getservicesids
- rekall.plugins.windows.registry.getsids
- rekall.plugins.windows.registry.hashdump
- rekall.plugins.windows.registry.lsadump
- rekall.plugins.windows.registry.lsasecrets
- rekall.plugins.windows.registry.printkey
- rekall.plugins.windows.registry.printkey_test: Tests for the printkey plugin.
- rekall.plugins.windows.registry.registry: This is the registry parser.
- rekall.plugins.windows.registry.tests
- rekall.plugins.windows.registry.userassist
rekall.plugins.windows.shimcache: Shimcache plugin.
rekall.plugins.windows.ssdt
rekall.plugins.windows.taskmods
rekall.plugins.windows.tests
rekall.plugins.windows.vadinfo
rekall.plugins.windows.vadinfo_test: Tests for the vadinfo plugins.

Variables
	__package__ = `'rekall.plugins.windows'`