Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package windows :: Module common :: Class CheckPoolType
[frames] | no frames]

Class CheckPoolType

source code

Check the pool type

Nested Classes
  __metaclass__
Automatic Plugin Registration through metaclasses. (Inherited from rekall.scan.ScannerCheck)
  top_level_class
A scanner check is a special class which is invoked on an AS to check for a specific condition. (Inherited from rekall.scan.ScannerCheck)
Instance Methods
 
__init__(self, paged=False, non_paged=False, free=False, **kwargs)
x.__init__(...) initializes x; see help(type(x)) for signature		 source code
 
check(self, buffer_as, offset)
Is the needle found at 'offset'?		 source code
 
object_offset(self, offset) (Inherited from rekall.scan.ScannerCheck) source code
 
skip(self, buffer_as, offset)
Determine how many bytes we can skip. (Inherited from rekall.scan.ScannerCheck)		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Methods
 
ImplementationByClass(self, name) source code
 
ImplementationByName(self, name) source code
Class Variables
  classes = {'CheckPoolIndex': <class 'rekall.plugins.windows.co... (Inherited from rekall.scan.ScannerCheck)
  classes_by_name = {None: [<class 'rekall.scan.MultiStringFinde... (Inherited from rekall.scan.ScannerCheck)
  plugin_feature = 'ScannerCheck' (Inherited from rekall.scan.ScannerCheck)
Properties

Inherited from object: __class__

Method Details

__init__(self, paged=False, non_paged=False, free=False, **kwargs)
(Constructor)

source code 

x.__init__(...) initializes x; see help(type(x)) for signature

Overrides: object.__init__
(inherited documentation)

check(self, buffer_as, offset)

source code  
Is the needle found at 'offset'?

Arguments:
  buffer_as: An address space object with a chunk of data that can be
    checked for the needle.
offset: The offset in the address space to check.
Overrides: scan.ScannerCheck.check
(inherited documentation)

ImplementationByClass(self, name)
Class Method

source code 
Overrides: scan.ScannerCheck.ImplementationByClass

ImplementationByName(self, name)
Class Method

source code 
Overrides: scan.ScannerCheck.ImplementationByName

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:02 2017 http://epydoc.sourceforge.net