| Trees | Indices | Help |
|
|---|
|
|
1 # Rekall Memory Forensics 2 # 3 # Copyright 2013 Google Inc. All Rights Reserved. 4 # 5 # Authors: 6 # Michael Cohen <scudette@gmail.com> 7 # 8 # This program is free software; you can redistribute it and/or modify 9 # it under the terms of the GNU General Public License as published by 10 # the Free Software Foundation; either version 2 of the License, or (at 11 # your option) any later version. 12 # 13 # This program is distributed in the hope that it will be useful, but 14 # WITHOUT ANY WARRANTY; without even the implied warranty of 15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 # General Public License for more details. 17 # 18 # You should have received a copy of the GNU General Public License 19 # along with this program; if not, write to the Free Software 20 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 # 22 23 """Tests for the procexecdump plugins.""" 24 from rekall import testlib 25 2628 """Test the Procdump module.""" 29 30 PARAMETERS = dict( 31 commandline="procdump %(pids)s --dump_dir %(tempdir)s", 32 pid=2536 33 )34 3537 PARAMETERS = dict( 38 commandline="moddump --regex %(driver)s --dump_dir %(tempdir)s", 39 driver="ntoskrnl.exe" 40 )41 4244 """Test the dlldump module.""" 45 46 PARAMETERS = dict( 47 commandline="dlldump %(pids)s --dump_dir %(tempdir)s", 48 )49 5052 PARAMETERS = dict( 53 commandline=("pedump --out_file %(tempdir)s/out_file.exe " 54 " %(image_base)s"), 55 56 # This can be fetched from the output of modules plugin. 57 image_base=0xf5fce000, 58 )59
| Trees | Indices | Help |
|
|---|
| Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:52 2017 | http://epydoc.sourceforge.net |