Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package windows :: Package malware :: Module cmdhistory :: Class ConsoleScanner
[frames] | no frames]

Class ConsoleScanner

source code

A scanner for _CONSOLE_INFORMATION.

Nested Classes
  __metaclass__
Automatic Plugin Registration through metaclasses. (Inherited from rekall.scan.BaseScanner)
  top_level_class
Base class for all scanners. (Inherited from rekall.scan.BaseScanner)
Instance Methods
 
__init__(self, max_history=50, history_buffers=4, **kwargs)
Scan the process address space through the Vads.		 source code
 
scan(self, **kwargs)
Scan the region from offset for maxlen.		 source code
 
build_constraints(self) (Inherited from rekall.scan.BaseScanner) source code
 
check_addr(self, offset, buffer_as=None)
Check an address. (Inherited from rekall.scan.BaseScanner)		 source code
 
skip(self, buffer_as, offset)
Skip uninteresting regions. (Inherited from rekall.scan.BaseScanner)		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Methods
 
ImplementationByClass(self, name) source code
 
ImplementationByName(self, name) source code
Class Variables
  checks = () (Inherited from rekall.scan.BaseScanner)
  classes = {'BaseScanner': <class 'rekall.scan.BaseScanner'>, '... (Inherited from rekall.scan.BaseScanner)
  classes_by_name = {None: [<class 'rekall.scan.BaseScanner'>, <... (Inherited from rekall.scan.BaseScanner)
  overlap = 1024 (Inherited from rekall.scan.BaseScanner)
  plugin_feature = 'BaseScanner' (Inherited from rekall.scan.BaseScanner)
  progress_message = 'Scanning 0x%(offset)08X with %(name)s' (Inherited from rekall.scan.BaseScanner)
Properties

Inherited from object: __class__

Method Details

__init__(self, max_history=50, history_buffers=4, **kwargs)
(Constructor)

source code  
Scan the process address space through the Vads.

Args:
  task: The _EPROCESS object for this task.

  process_profile: The specialized profile for this process. In practice
    this is always different from task.obj_profile (which belongs to the
    kernel). If not provided we default to the kernel profile.
Overrides: object.__init__
(inherited documentation)

scan(self, **kwargs)

source code  
Scan the region from offset for maxlen.

Args:
  offset: The starting offset in our current address space to scan.

  maxlen: The maximum length to scan. If not provided we just scan until
    there is no data.

Yields:
  offsets where all the constrainst are satisfied.
Overrides: scan.BaseScanner.scan
(inherited documentation)

ImplementationByClass(self, name)
Class Method

source code 
Overrides: scan.BaseScanner.ImplementationByClass

ImplementationByName(self, name)
Class Method

source code 
Overrides: scan.BaseScanner.ImplementationByName

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:13 2017 http://epydoc.sourceforge.net