Package rekall :: Package plugins :: Package windows :: Package gui
Source Code for Package rekall.plugins.windows.gui

 1  # Rekall Memory Forensics 
 2  # Copyright 2014 Google Inc. All Rights Reserved. 
 3  # 
 4  # This program is free software; you can redistribute it and/or modify 
 5  # it under the terms of the GNU General Public License as published by 
 6  # the Free Software Foundation; either version 2 of the License, or (at 
 7  # your option) any later version. 
 8  # 
 9  # This program is distributed in the hope that it will be useful, but 
10  # WITHOUT ANY WARRANTY; without even the implied warranty of 
11  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
12  # General Public License for more details. 
13  # 
14  # You should have received a copy of the GNU General Public License 
15  # along with this program; if not, write to the Free Software 
16  # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 
17  # 
18   
19  """These plugins implement analysis of the win32k graphic subsystem. 
20   
21  This work stemmed from the seminal work: 
22   
23  Kernel Attacks through user mode callbacks Tarjei Mandt. 
24   
25  http://mista.nu/blog/2011/08/11/windows-hooks-of-death-kernel-attacks-through-user-mode-callbacks/ 
26   
27  Other interesting references: 
28  http://volatility-labs.blogspot.de/2012/09/movp-13-desktops-heaps-and-ransomware.html 
29  """ 
30  # pylint: disable=unused-import 
31   
32  from rekall.plugins.windows.gui import atoms 
33  from rekall.plugins.windows.gui import autodetect 
34  from rekall.plugins.windows.gui import clipboard 
35  from rekall.plugins.windows.gui import windowstations 
36  from rekall.plugins.windows.gui import sessions 
37  from rekall.plugins.windows.gui import userhandles 
38