Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package windows :: Module connscan :: Class PoolScanConnFast
[frames] | no frames]

Class PoolScanConnFast

source code

Nested Classes
  __metaclass__
Automatic Plugin Registration through metaclasses. (Inherited from rekall.scan.BaseScanner)
  top_level_class
Base class for all scanners. (Inherited from rekall.scan.BaseScanner)
Instance Methods
 
__init__(self, profile=None, address_space=None, window_size=8, session=None, checks=None)
The base scanner. (Inherited from rekall.scan.BaseScanner)		 source code
 
build_constraints(self) (Inherited from rekall.scan.BaseScanner) source code
 
check_addr(self, offset, buffer_as=None)
Check an address. (Inherited from rekall.scan.BaseScanner)		 source code
 
scan(self, offset=0, maxlen=None)
Yields instances of _POOL_HEADER which potentially match. (Inherited from rekall.plugins.windows.common.PoolScanner)		 source code
 
skip(self, buffer_as, offset)
Skip uninteresting regions. (Inherited from rekall.scan.BaseScanner)		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Methods
 
ImplementationByClass(self, name) source code
 
ImplementationByName(self, name) source code
Class Variables
  checks = [('PoolTagCheck', {'tag': 'TCPT'}), ('CheckPoolSize',...
  classes = {'BaseScanner': <class 'rekall.scan.BaseScanner'>, '... (Inherited from rekall.scan.BaseScanner)
  classes_by_name = {None: [<class 'rekall.scan.BaseScanner'>, <... (Inherited from rekall.scan.BaseScanner)
  overlap = 1024 (Inherited from rekall.scan.BaseScanner)
  plugin_feature = 'BaseScanner' (Inherited from rekall.scan.BaseScanner)
  progress_message = 'Scanning 0x%(offset)08X with %(name)s' (Inherited from rekall.scan.BaseScanner)
Properties

Inherited from object: __class__

Method Details

ImplementationByClass(self, name)
Class Method

source code 
Overrides: scan.BaseScanner.ImplementationByClass

ImplementationByName(self, name)
Class Method

source code 
Overrides: scan.BaseScanner.ImplementationByName

Class Variable Details

checks

Value:
[('PoolTagCheck', {'tag': 'TCPT'}),
 ('CheckPoolSize',
  {'condition': <function <lambda> at 0x7fafd236a2a8>}),
 ('CheckPoolType', {'free': True, 'non_paged': True, 'paged': True}),
 ('CheckPoolIndex', {'value': 0})]

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:04 2017 http://epydoc.sourceforge.net