| Trees | Indices | Help |
|
|---|
|
|
This module adds plugins to inspect the windows cache manager.
The windows cache manager is responsible for maintaining file cache for files read from disk. The manager maintains a large arena of 256kb cached blocks. These blocks are controlled using the VACB (Virtual Address Control Block) arrays.
References: http://www.codemachine.com/article_kernelstruct.html
Author: Michael Cohen <scudette@google.com>
| Classes | |
|
EnumerateVacbs Enumerate all blocks cached in the cache manager. |
|
|
DumpFiles Dump files from memory. |
|
| TestDumpFiles | |
| SparseArray | |
|
MftDump Enumerate MFT entries from the cache manager. |
|
|
TestMftDump The order is someone non-deterministic. |
|
| Variables | |
__package__ = |
|
| Trees | Indices | Help |
|
|---|
| Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:47 2017 | http://epydoc.sourceforge.net |