| Trees | Indices | Help |
|
|---|
|
|
A scanner for certificate ASN.1 objects.
Yara rules for the two ASN.1 encoded objects we are looking for:
'x509' : 'rule x509 {
strings: $a = {30 82 ?? ?? 30 82 ?? ??} condition: $a
}',
'pkcs' : 'rule pkcs {
strings: $a = {30 82 ?? ?? 02 01 00} condition: $a
}',
These rules are very simple, and so we don't really use Yara for this - its
faster to just scan directly.
| Nested Classes | |
|
__metaclass__ Automatic Plugin Registration through metaclasses. (Inherited from rekall.scan.BaseScanner) |
|
|
top_level_class Base class for all scanners. (Inherited from rekall.scan.BaseScanner) |
|
| Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Inherited from |
|||
| Class Methods | |||
|
|||
|
|||
| Class Variables | |
checks = |
|
classes = |
|
classes_by_name = |
|
overlap = 1024
(Inherited from rekall.scan.BaseScanner)
|
|
plugin_feature = |
|
progress_message = |
|
| Properties | |
|
Inherited from |
| Method Details |
Scan the region from offset for maxlen.
Args:
offset: The starting offset in our current address space to scan.
maxlen: The maximum length to scan. If not provided we just scan until
there is no data.
Yields:
offsets where all the constrainst are satisfied.
|
|
|
| Trees | Indices | Help |
|
|---|
| Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:06 2017 | http://epydoc.sourceforge.net |