Package rekall :: Package plugins :: Package windows :: Module address_resolver :: Class PEAddressResolver

Class PEAddressResolver

A simple address resolver for PE files.

Nested Classes
	__metaclass__ Automatic Plugin Registration through metaclasses. (Inherited from rekall.plugin.Command)
	top_level_class A command can be run from the rekall command line. (Inherited from rekall.plugin.Command)

Instance Methods

__init__(self, *args, **kwargs)
x.__init__(...) initializes x; see help(type(x)) for signature

source code

search_symbol(self, pattern)
Searches symbols for the pattern.

source code

__str__(self)
Render into a string using the text renderer.

source code

AddModule(self, module) (Inherited from rekall.plugins.common.address_resolver.AddressResolverMixin)

source code

GetAllModules(self) (Inherited from rekall.plugins.common.address_resolver.AddressResolverMixin)

source code

GetContainingModule(self, address)
Finds the module containing the specified address. (Inherited from rekall.plugins.common.address_resolver.AddressResolverMixin)

source code

GetModuleByName(self, name) (Inherited from rekall.plugins.common.address_resolver.AddressResolverMixin)

source code

__iter__(self)
Make plugins that define collect iterable, as convenience. (Inherited from rekall.plugin.Command)

source code

__repr__(self)
repr(x) (Inherited from rekall.plugin.Command)

source code

collect(self) (Inherited from rekall.plugins.common.address_resolver.AddressResolverMixin)

source code

collect_as_dicts(self) (Inherited from rekall.plugin.TypedProfileCommand)

source code

column_types(self)
Returns instances for each column definition. (Inherited from rekall.plugin.TypedProfileCommand)

source code

format_address(self, address, max_distance=16777216)
Format the address as a symbol name. (Inherited from rekall.plugins.common.address_resolver.AddressResolverMixin)

source code

get_address_by_name(self, name)
Convert the symbol annotated by name to an address. (Inherited from rekall.plugins.common.address_resolver.AddressResolverMixin)

source code

get_column(self, name) (Inherited from rekall.plugin.TypedProfileCommand)

source code

get_column_type(self, name) (Inherited from rekall.plugin.TypedProfileCommand)

source code

get_constant_object(self, name, target=None, **kwargs)
Instantiate the named constant with these args. (Inherited from rekall.plugins.common.address_resolver.AddressResolverMixin)

source code

get_nearest_constant_by_address(self, address, max_distance=16777216)
Searches for a known symbol at an address lower than this. (Inherited from rekall.plugins.common.address_resolver.AddressResolverMixin)

source code

get_plugin(self, name, **kwargs)
Returns an instance of the named plugin. (Inherited from rekall.plugin.Command)

source code

getkeys(self) (Inherited from rekall.plugin.TypedProfileCommand)

source code

modules(self) (Inherited from rekall.plugins.common.address_resolver.AddressResolverMixin)

source code

reflect(self, member) (Inherited from rekall.plugin.TypedProfileCommand)

source code

render(self, renderer, **options) (Inherited from rekall.plugin.TypedProfileCommand)

source code

reset(self) (Inherited from rekall.plugins.common.address_resolver.AddressResolverMixin)

source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __subclasshook__

Class Methods

GetActiveClasses(cls, session)
Return only the active commands based on config. (Inherited from rekall.plugin.Command)

source code

GetPrototype(cls, session)
Return an instance of this plugin with suitable default arguments. (Inherited from rekall.plugin.Command)

source code

ImplementationByClass(self, name)

source code

ImplementationByName(self, name)

source code

args(cls, metadata) (Inherited from rekall.plugin.PhysicalASMixin)

source code

is_active(cls, session)
We are only active if the profile is windows. (Inherited from rekall.plugins.windows.address_resolver.PECommandPlugin)

source code

Static Methods

NormalizeModuleName(module_name)

source code

Class Variables
	ADDRESS_NAME_REGEX = `re.compile(r'(?P<deref>\)?((?P<address>0...` (Inherited from rekall.plugins.common.address_resolver.AddressResolverMixin)*
	PHYSICAL_AS_REQUIRED = `True` (Inherited from rekall.plugin.PhysicalASMixin)
	PROFILE_REQUIRED = `True` (Inherited from rekall.plugin.ProfileCommand)
	ROW_OPTIONS = `set(['annotation', 'depth', 'hex_width', 'highli...` (Inherited from rekall.plugin.TypedProfileCommand)
	classes = `{'AFF4Acquire': <class 'rekall.plugins.tools.aff4acq...` (Inherited from rekall.plugin.Command)
	classes_by_name = `{None: [<class 'rekall.plugins.tools.ipython...` (Inherited from rekall.plugin.Command)
	error_status = `None` hash(x) (Inherited from rekall.plugin.Command)
	interactive = `False` (Inherited from rekall.plugin.Command)
	mode = `None` hash(x) (Inherited from rekall.plugin.Command)
	name = `'address_resolver'` hash(x) (Inherited from rekall.plugins.common.address_resolver.AddressResolverMixin)
	plugin_args = `None` hash(x) (Inherited from rekall.plugin.ArgsParserMixin)
	plugin_feature = `'Command'` (Inherited from rekall.plugin.Command)
	producer = `False` (Inherited from rekall.plugin.Command)
	table_header = `[{'name': 'Symbol', 'width': 20}, {'name': 'Off...` (Inherited from rekall.plugins.common.address_resolver.AddressResolverMixin)
	table_options = `{}` (Inherited from rekall.plugin.TypedProfileCommand)