Package rekall :: Package plugins :: Package windows :: Package gui :: Module autodetect

Module autodetect

Autodetect struct layout of various Win32k GUI structs.

Many win32k structs are undocumented (i.e. are not present in pdb symbols). These structures do change a lot between versions of windows. This module autodetects the struct layout using various heuristics.

Classes
	Win32kAutodetect Automatically detect win32k struct layout.

Variables
	__package__ = `'rekall.plugins.windows.gui'`