Class KDBGScanner
Class KDBGScanner

source code

Scans for _KDDEBUGGER_DATA64 structures.

Note that this does not rely on signatures, as validity of hits is calculated through list reflection.

Nested Classes
Nested Classes
Base class for all scanners. (Inherited from rekall.scan.BaseScanner)
Instance Methods
scan(self, offset=0, maxlen=None)
Scan the region from offset for maxlen.
source code
__init__(self, profile=None, address_space=None, window_size=8, session=None, checks=None)
The base scanner.
source code
build_constraints(self) (Inherited from rekall.scan.BaseScanner) source code
check_addr(self, offset, buffer_as=None)
Check an address.
source code
skip(self, buffer_as, offset)
Skip uninteresting regions.
source code

Class Methods
ImplementationByClass(self, name)
ImplementationByName(self, name)
Class Variables
  checks = [('StringCheck', {'needle': 'KDBG'})]
  classes = {'BaseScanner': <class 'rekall.scan.BaseScanner'>, '...
  classes_by_name = {None: [<class 'rekall.scan.BaseScanner'>, <...
  overlap = 1024 (Inherited from rekall.scan.BaseScanner)
  plugin_feature = 'BaseScanner' (Inherited from rekall.scan.BaseScanner)
  progress_message = 'Scanning 0x%(offset)08X with %(name)s' (Inherited from rekall.scan.BaseScanner)

Method Details

scan(self, offset=0, maxlen=None)

source code 
Scan the region from offset for maxlen.

  offset: The starting offset in our current address space to scan.

  maxlen: The maximum length to scan. If not provided we just scan until
    there is no data.

  offsets where all the constrainst are satisfied.

Overrides: scan.BaseScanner.scan
(inherited documentation)

ImplementationByClass(self, name)
Class Method
Class Method

source code 
Overrides: scan.BaseScanner.ImplementationByClass

ImplementationByName(self, name)
Class Method
Class Method

source code 
Overrides: scan.BaseScanner.ImplementationByName