| Trees | Indices | Help |
|
|---|
|
|
Print system-wide notification routines by scanning for them.
Note this plugin is quite inefficient - consider using the callbacks plugin instead.
| Nested Classes | |
|
__metaclass__ Automatic Plugin Registration through metaclasses. (Inherited from rekall.plugin.Command) |
|
|
top_level_class A command can be run from the rekall command line. (Inherited from rekall.plugin.Command) |
|
| Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Inherited from |
|||
| Class Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
| Class Variables | |
PHYSICAL_AS_REQUIRED = True
(Inherited from rekall.plugin.PhysicalASMixin)
|
|
PROFILE_REQUIRED = True
(Inherited from rekall.plugin.ProfileCommand)
|
|
ROW_OPTIONS = |
|
classes = |
|
classes_by_name = |
|
error_status = Nonehash(x) (Inherited from rekall.plugin.Command) |
|
interactive = False
(Inherited from rekall.plugin.Command)
|
|
mode = hash(x) (Inherited from rekall.plugins.windows.common.AbstractWindowsCommandPlugin) |
|
plugin_args = Nonehash(x) (Inherited from rekall.plugin.ArgsParserMixin) |
|
plugin_feature = |
|
producer = False
(Inherited from rekall.plugin.Command)
|
|
table_header = Nonehash(x) (Inherited from rekall.plugin.TypedProfileCommand) |
|
table_options = |
|
| Properties | |
| name (Inherited from rekall.plugin.Command) | |
|
Inherited from |
|
| Method Details |
A mixin for plugins which require a valid kernel address space. Args: dtb: A potential dtb to be used.
|
Enumerate the Create Process, Create Thread, and Image Load callbacks. On some systems, the byte sequences will be inaccurate or the exported function will not be found. In these cases, the PoolScanGenericCallback scanner will pick up the pool associated with the callbacks. |
Enumerate generic Bugcheck callbacks. Note: These structures don't exist in tagged pools, but you can find them via KDDEBUGGER_DATA64 on all versions of Windows. |
Enumerate registry change callbacks. On XP these are registered using CmRegisterCallback. On Vista and Windows 7, these callbacks are registered using the CmRegisterCallbackEx function. |
Produce results on the renderer given. Each plugin should implement this method to produce output on the renderer. The framework will initialize the plugin and provide it with some kind of renderer to write output on. The plugin should not assume that the renderer is actually TextRenderer, only that the methods defined in the BaseRenderer exist. Args: renderer: A renderer based at rekall.ui.renderer.BaseRenderer.
|
|
|
| Trees | Indices | Help |
|
|---|
| Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:12 2017 | http://epydoc.sourceforge.net |