Package rekall :: Package plugins :: Package windows :: Package gui :: Module win32k_core

Module win32k_core

Classes
	tagWINDOWSTATION A class for Windowstation objects
	tagDESKTOP A class for Desktop objects
	tagWND A class for window structures
	tagRECT A class for window rects
	tagCLIPDATA A class for clipboard objects
	tagTHREADINFO A class for thread information objects
	tagEVENTHOOK A class for event hooks
	Win32kPluginMixin A mixin which loads the relevant win32k profile.
	Win32k A profile for the Win32 GUI system.
	Win32kHook Guess the version of win32k.sys from the index.

Variables
	win32k_overlay = `{'_HANDLEENTRY': [None, {'bFlags': [None, ['F...`
	win32k_undocumented_AMD64 = `{'_RTL_ATOM_TABLE': [None, {'Bucke...`
	win32k_undocumented_I386 = `{'_RTL_ATOM_TABLE': [None, {'Bucket...`
	__package__ = `'rekall.plugins.windows.gui'`

Variables Details

win32k_overlay

Value:

{'_HANDLEENTRY': [None,
                  {'bFlags': [None,
                              ['Flags',
                               {'bitmap': {'HANDLEF_DESTROY': 1,
                                           'HANDLEF_FINALDESTROY': 8,
                                           'HANDLEF_GRANTED': 32,
                                           'HANDLEF_INDESTROY': 2,
                                           'HANDLEF_INWAITFORDEATH': 4
...

win32k_undocumented_AMD64

Value:

{'_RTL_ATOM_TABLE': [None,
                     {'Buckets': [32,
                                  ['Array',
                                   {'count': <function <lambda> at 0x7
fafd238fde8>,
                                    'max_count': 100,
                                    'target': 'Pointer',
                                    'target_args': {'target': '_RTL_AT
...

win32k_undocumented_I386

Value:

{'_RTL_ATOM_TABLE': [None,
                     {'Buckets': [16,
                                  ['Array',
                                   {'count': <function <lambda> at 0x7
fafd238fed8>,
                                    'max_count': 100,
                                    'target': 'Pointer',
                                    'target_args': {'target': '_RTL_AT
...