Trees | Indices | Help |
|
---|
|
List overview information about this image.
Nested Classes | |
__metaclass__ Automatic Plugin Registration through metaclasses. (Inherited from rekall.plugin.Command) |
|
top_level_class A command can be run from the rekall command line. (Inherited from rekall.plugin.Command) |
Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
Inherited from |
Class Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Static Methods | |||
|
Class Variables | |
name =
|
|
table_header =
hash(x) |
|
PHYSICAL_AS_REQUIRED = True
(Inherited from rekall.plugin.PhysicalASMixin)
|
|
PROFILE_REQUIRED = True
(Inherited from rekall.plugin.ProfileCommand)
|
|
ROW_OPTIONS =
(Inherited from rekall.plugin.TypedProfileCommand)
|
|
classes =
(Inherited from rekall.plugin.Command)
|
|
classes_by_name =
(Inherited from rekall.plugin.Command)
|
|
error_status = None hash(x) (Inherited from rekall.plugin.Command) |
|
interactive = False
(Inherited from rekall.plugin.Command)
|
|
mode =
hash(x) (Inherited from rekall.plugins.windows.common.AbstractWindowsCommandPlugin) |
|
plugin_args = None hash(x) (Inherited from rekall.plugin.ArgsParserMixin) |
|
plugin_feature =
(Inherited from rekall.plugin.Command)
|
|
producer = False
(Inherited from rekall.plugin.Command)
|
|
table_options =
(Inherited from rekall.plugin.TypedProfileCommand)
|
Properties | |
Inherited from |
Method Details |
Return the time of each tick (float). dis "nt!KeQueryTimeIncrement" ------ nt!KeQueryTimeIncrement ------ MOV EAX, [RIP+0x24af66] 0x26161 nt!KeMaximumIncrement RET |
Returns the number of seconds since boot. Ref: KeQueryTickCount * KeQueryTimeIncrement reactos/include/ddk/wdm.h: #define SharedTickCount (KI_USER_SHARED_DATA + 0x320) #define KeQueryTickCount(CurrentCount) *(ULONG64*)(CurrentCount) = *(volatile ULONG64*)SharedTickCount |
Collect data that will be passed to renderer.table_row.
|
|
|
Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:16 2017 | http://epydoc.sourceforge.net |