| Trees | Indices | Help |
|
|---|
|
|
Base session.
This session contains the bare minimum to use rekall.
| Nested Classes | |
|
__metaclass__ Automatic Plugin Registration through metaclasses. |
|
|
top_level_class Base session. |
|
| Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Inherited from |
|||
| Class Methods | |||
|
|||
|
|||
| Class Variables | |
SERIALIZABLE_STATE_PARAMETERS = |
|
session_id = 0
|
|
privileged = False
|
|
classes = |
|
classes_by_name = |
|
plugin_feature = |
|
| Properties | |
| logging | |
| volatile | |
|
repository_managers The IO managers that are used to fetch profiles from the profile repository. |
|
| default_address_space | |
|
address_resolver A convenience accessor for the address resolver implementation. |
|
| physical_address_space | |
| profile | |
|
Inherited from |
|
| Method Details |
x.__init__(...) initializes x; see help(type(x)) for signature
|
Returns if the session has the specified parameter set. If False, a call to GetParameter() might trigger autodetection. |
Retrieves a stored parameter. Parameters are managed by the Rekall session in two layers. The state containers contains those parameters which are deliberately set by the user. Some parameters are calculated by plugins and are used in order to speed up further calculations. These are cached in the state as well. It is important to never override a user selection by the cached results. Since the user must be allowed to override all parameters - for example through the GUI or the command line. Therefore when resolving a parameter, we first check in the state, and only if the parameter does not exist, we check the cache. |
Sets a session parameter. NOTE! This method should only be used for setting user provided data. It must not be used to set cached data - use SetCache() instead. Parameters set with this method are not cleared as part of session.Reset() and are copied to cloned sessions. |
Launch a plugin and its render() method automatically.
We use the pager specified in session.GetParameter("pager").
Args:
plugin_obj: A string naming the plugin, or the plugin instance itself.
*pos_args: Args passed to the plugin if it is not an instance.
**kwargs: kwargs passed to the plugin if it is not an instance.
|
Try to load a profile directly by its name.
Args:
name: A string which represents the canonical name for the profile. We
ask all repositories in the repository_path to resolve this name
into a profile.
Returns:
a Profile() instance or a NoneObject()
|
Get a renderer for this session. If a renderer is currently active we just reuse it, otherwise we instantiate the renderer specified in self.GetParameter("format"). |
Removes the flush hooks set by the owner. Returns the hooks so they can be called if needed. |
Destroy this session. This should be called when the session is destroyed. |
| Class Variable Details |
SERIALIZABLE_STATE_PARAMETERS
|
classes
|
classes_by_name
|
| Property Details |
logging
|
volatile
|
repository_managersThe IO managers that are used to fetch profiles from the profile repository.
|
default_address_space
|
address_resolverA convenience accessor for the address resolver implementation. Note that the correct address resolver implementation depends on the profile. For example, windows has its own address resolver, while Linux and OSX have a different one.
|
physical_address_space
|
profile
|
| Trees | Indices | Help |
|
|---|
| Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:27 2017 | http://epydoc.sourceforge.net |