Trees | Indices | Help |
|
---|
|
Print information about a PE binary.
Nested Classes | |
__metaclass__ Automatic Plugin Registration through metaclasses. (Inherited from rekall.plugin.Command) |
|
top_level_class A command can be run from the rekall command line. (Inherited from rekall.plugin.Command) |
Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
Inherited from |
Class Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Class Variables | |
ROW_OPTIONS =
(Inherited from rekall.plugin.TypedProfileCommand)
|
|
classes =
(Inherited from rekall.plugin.Command)
|
|
classes_by_name =
(Inherited from rekall.plugin.Command)
|
|
error_status = None hash(x) (Inherited from rekall.plugin.Command) |
|
interactive = False
(Inherited from rekall.plugin.Command)
|
|
mode = None hash(x) (Inherited from rekall.plugin.Command) |
|
plugin_args = None hash(x) (Inherited from rekall.plugin.ArgsParserMixin) |
|
plugin_feature =
(Inherited from rekall.plugin.Command)
|
|
producer = False
(Inherited from rekall.plugin.Command)
|
|
table_header = None hash(x) (Inherited from rekall.plugin.TypedProfileCommand) |
|
table_options =
(Inherited from rekall.plugin.TypedProfileCommand)
|
Properties | |
name (Inherited from rekall.plugin.Command) | |
Inherited from |
Method Details |
Dump a PE binary from memory. Status is shown for each exported function: - M: The function is mapped into memory. Args: image_base: The address of the image base (dos header). Can be a module name. address_space: The address space which contains the PE image. Can be specified as "K" or "P". filename: If provided we create an address space from this file.
|
Print information about a PE file from memory.
|
|
|
Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:21 2017 | http://epydoc.sourceforge.net |