Trees | Indices | Help |
|
---|
|
1 # Rekall Memory Forensics 2 # Copyright 2014 Google Inc. All Rights Reserved. 3 # 4 # This program is free software; you can redistribute it and/or modify 5 # it under the terms of the GNU General Public License as published by 6 # the Free Software Foundation; either version 2 of the License, or (at 7 # your option) any later version. 8 # 9 # This program is distributed in the hope that it will be useful, but 10 # WITHOUT ANY WARRANTY; without even the implied warranty of 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 # General Public License for more details. 13 # 14 # You should have received a copy of the GNU General Public License 15 # along with this program; if not, write to the Free Software 16 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 17 # 18 19 """These plugins implement analysis of the win32k graphic subsystem. 20 21 This work stemmed from the seminal work: 22 23 Kernel Attacks through user mode callbacks Tarjei Mandt. 24 25 http://mista.nu/blog/2011/08/11/windows-hooks-of-death-kernel-attacks-through-user-mode-callbacks/ 26 27 Other interesting references: 28 http://volatility-labs.blogspot.de/2012/09/movp-13-desktops-heaps-and-ransomware.html 29 """ 30 # pylint: disable=unused-import 31 32 from rekall.plugins.windows.gui import atoms 33 from rekall.plugins.windows.gui import autodetect 34 from rekall.plugins.windows.gui import clipboard 35 from rekall.plugins.windows.gui import windowstations 36 from rekall.plugins.windows.gui import sessions 37 from rekall.plugins.windows.gui import userhandles 38
Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:51 2017 | http://epydoc.sourceforge.net |