Trees | Indices | Help |
|
---|
|
Enumerate callback routines.
This plugin just enumerates installed callback routines from various sources. It does not scan for them.
This plugin is loosely based on the original Volatility plugin of the same name but much expanded using new information.
Reference: <http://www.codemachine.com/notes.html>
Nested Classes | |
__metaclass__ Automatic Plugin Registration through metaclasses. (Inherited from rekall.plugin.Command) |
|
top_level_class A command can be run from the rekall command line. (Inherited from rekall.plugin.Command) |
Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
Inherited from |
Class Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Class Variables | |
name =
|
|
table_header =
hash(x) |
|
PHYSICAL_AS_REQUIRED = True
(Inherited from rekall.plugin.PhysicalASMixin)
|
|
PROFILE_REQUIRED = True
(Inherited from rekall.plugin.ProfileCommand)
|
|
ROW_OPTIONS =
(Inherited from rekall.plugin.TypedProfileCommand)
|
|
classes =
(Inherited from rekall.plugin.Command)
|
|
classes_by_name =
(Inherited from rekall.plugin.Command)
|
|
error_status = None hash(x) (Inherited from rekall.plugin.Command) |
|
interactive = False
(Inherited from rekall.plugin.Command)
|
|
mode =
hash(x) (Inherited from rekall.plugins.windows.common.AbstractWindowsCommandPlugin) |
|
plugin_args = None hash(x) (Inherited from rekall.plugin.ArgsParserMixin) |
|
plugin_feature =
(Inherited from rekall.plugin.Command)
|
|
producer = False
(Inherited from rekall.plugin.Command)
|
|
table_options =
(Inherited from rekall.plugin.TypedProfileCommand)
|
Properties | |
Inherited from |
Method Details |
A mixin for plugins which require a valid kernel address space. Args: dtb: A potential dtb to be used.
|
Collect data that will be passed to renderer.table_row.
|
|
|
Class Variable Details |
table_headerhash(x)
|
Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:12 2017 | http://epydoc.sourceforge.net |