Package rekall :: Package plugins :: Package windows :: Package malware :: Module callbacks

Module callbacks

Classes
	AbstractCallbackScanner Return the offset of the callback, no object headers
	PoolScanFSCallback PoolScanner for File System Callbacks
	PoolScanShutdownCallback PoolScanner for Shutdown Callbacks
	PoolScanGenericCallback PoolScanner for Generic Callbacks
	PoolScanDbgPrintCallback PoolScanner for DebugPrint Callbacks on Vista and 7
	PoolScanRegistryCallback PoolScanner for DebugPrint Callbacks on Vista and 7
	PoolScanPnp9 PoolScanner for Pnp9 (EventCategoryHardwareProfileChange)
	CallbackScan Print system-wide notification routines by scanning for them.
	Callbacks Enumerate callback routines.

Variables
	callback_types = `{'_DBGPRINT_CALLBACK': [20, {'Function': [8, ...`
	callback_types_x64 = `{'_DBGPRINT_CALLBACK': [20, {'Function': ...`
	__package__ = `'rekall.plugins.windows.malware'`

Variables Details

callback_types

Value:

{'_DBGPRINT_CALLBACK': [20, {'Function': [8, ['pointer', ['void']]]}],
 '_EX_CALLBACK_ROUTINE_BLOCK': [8,
                                {'Context': [8, ['unsigned int']],
                                 'Function': [4, ['unsigned int']],
                                 'RundownProtect': [0,
                                                    ['unsigned int']]}
],
 '_GENERIC_CALLBACK': [12, {'Associated': [8, ['pointer', ['void']]], 
...

callback_types_x64

Value:

{'_DBGPRINT_CALLBACK': [20, {'Function': [16, ['pointer', ['void']]]}]
,
 '_GENERIC_CALLBACK': [24,
                       {'Associated': [16, ['pointer', ['void']]],
                        'Callback': [8, ['pointer', ['void']]]}],
 '_KBUGCHECK_CALLBACK_RECORD': [None,
                                {'CallbackRoutine': [16, ['Pointer']],
                                 'Component': [40, ['Pointer', {'targe
...