SYMBOL INDEX (513 symbols across 41 files) FILE: elf_an.py class elf32_an (line 73) | class elf32_an(): method __init__ (line 74) | def __init__(self, filename): method load (line 80) | def load(self): method close (line 87) | def close(self): method getheader (line 90) | def getheader(self): method getmachine (line 94) | def getmachine(self): method getshoff (line 98) | def getshoff(self): method getshsize (line 102) | def getshsize(self): method getshcount (line 106) | def getshcount(self): method getsecheader (line 111) | def getsecheader(self, offset, size, count): method getstrsec (line 114) | def getstrsec(self, offset, size, count): method getsymsec (line 121) | def getsymsec(self, offset, size, count): method getsymbol (line 129) | def getsymbol(self, offset, size, str_offset, str_size): function main (line 144) | def main(): FILE: flatten.py function copy (line 44) | def copy(fin, fin_where, fout, fout_where, size): FILE: overlay_generator.py function usage (line 8) | def usage(): function main (line 13) | def main(): FILE: vol.py function usage (line 29) | def usage(): function main (line 81) | def main(): FILE: volafox/binan/macho_an.py class macho_an (line 54) | class macho_an(): method __init__ (line 55) | def __init__(self, filename): method close (line 64) | def close(self): method load (line 67) | def load(self): method getfilesize (line 76) | def getfilesize(self): method get_header (line 89) | def get_header(self, arch_count, architecture): method macho_getsymbol_x86 (line 98) | def macho_getsymbol_x86(self, offset, size): method macho_getsymbol_x64 (line 155) | def macho_getsymbol_x64(self, offset, size): function main (line 224) | def main(): FILE: volafox/plugins/WKdm.py function WK_pack_2bits (line 83) | def WK_pack_2bits(source_buf): function WK_pack_4bits (line 104) | def WK_pack_4bits(source_buf): function WK_pack_3_tenbits (line 122) | def WK_pack_3_tenbits(source_buf): function WK_unpack_2bits (line 157) | def WK_unpack_2bits(input_buf): function WK_unpack_4bits (line 176) | def WK_unpack_4bits(input_buf): function WK_unpack_3_tenbits (line 195) | def WK_unpack_3_tenbits(input_buf): function WKdm_compress (line 207) | def WKdm_compress(src_buf): function WKdm_decompress_apple (line 280) | def WKdm_decompress_apple(src_buf): function WKdm_decompress (line 285) | def WKdm_decompress(src_buf): function _WKdm_decompress (line 290) | def _WKdm_decompress(src_buf, qpos_start, low_start, low_end, header_size): FILE: volafox/plugins/bash_history.py class bash_history (line 14) | class bash_history: method __init__ (line 15) | def __init__(self, x86_mem_pae, arch, os_version, build, base_address,... method search_for_history_in_task_memory (line 23) | def search_for_history_in_task_memory(self, malloc_tiny_list, pm_cr3, ... method search_malloc_tiny_in_vm (line 80) | def search_malloc_tiny_in_vm(self, vm_map_ptr, user_stack_ptr, full_du... method search_bash_process (line 102) | def search_bash_process(self, sym_addr): function dump_bash_history (line 121) | def dump_bash_history(x86_mem_pae, sym_addr, arch, os_version, build, ba... function print_bash_history (line 144) | def print_bash_history(bash_history_list): FILE: volafox/plugins/bsm_hook.py function find_auto_commit (line 10) | def find_auto_commit(x86_mem_pae, symbol_list, arch, os_version, base_ad... FILE: volafox/plugins/dmesg.py class dmesg (line 7) | class dmesg: method __init__ (line 8) | def __init__(self, x86_mem_pae, arch, os_version, build, base_address): method getdmesg (line 15) | def getdmesg(self, sym_addr): function get_dmesg (line 33) | def get_dmesg(x86_mem_pae, sym_addr, arch, os_version, build, base_addre... FILE: volafox/plugins/dumpcomppage.py function unpacktype (line 19) | def unpacktype(binstr, member, mtype): function callingclass (line 48) | def callingclass(calling_fxn): class Struct (line 56) | class Struct(object): method validaddr (line 68) | def validaddr(self, addr): method __init__ (line 81) | def __init__(self, addr): class C_Slot (line 110) | class C_Slot(Struct): method __init__ (line 121) | def __init__(self, addr): method UnpackCSize (line 126) | def UnpackCSize(self, c_size): method unpack (line 132) | def unpack(self, value): method getpackedptr (line 138) | def getpackedptr(self): method getsize (line 141) | def getsize(self): method getoff (line 144) | def getoff(self): class C_Segment (line 147) | class C_Segment(Struct): method __init__ (line 176) | def __init__(self, addr): method isswapout (line 179) | def isswapout(self): method getbufferptr (line 189) | def getbufferptr(self): method getbuffer (line 192) | def getbuffer(self): method getnextoffset (line 196) | def getnextoffset(self): method getnext (line 199) | def getnext(self): method getnextslot (line 202) | def getnextslot(self): method getcslotlist (line 205) | def getcslotlist(self): class dumpcomppage (line 233) | class dumpcomppage(): method __init__ (line 234) | def __init__(self, x86_mem_pae, arch, os_version, base_address, symbol... method process (line 242) | def process(self): method getsegmentcount (line 321) | def getsegmentcount(self, c_segment_count): function dumpcompressedpage (line 326) | def dumpcompressedpage(x86_mem_pae, symbollist, arch, majorversion, base... FILE: volafox/plugins/efiinfo.py class EFISystemTable (line 75) | class EFISystemTable: method __init__ (line 76) | def __init__(self, x86_mem_pae, arch, os_version, build, base_address): method get_info (line 83) | def get_info(self, sym_addr): function get_efi_system_table (line 140) | def get_efi_system_table(x86_mem_pae, efi_system_ptr, arch, os_version, ... function efi_vendor_guid (line 152) | def efi_vendor_guid(uuid): function print_efi_system_table (line 172) | def print_efi_system_table(system_table, configuration_table, arch, os_v... class EFIRuntimeServices (line 292) | class EFIRuntimeServices: method __init__ (line 293) | def __init__(self, x86_mem_pae, arch, os_version, build, base_address): method get_info (line 300) | def get_info(self, sym_addr): function get_efi_runtime_services (line 325) | def get_efi_runtime_services(x86_mem_pae, efi_runtime_ptr, arch, os_vers... function print_efi_runtime_services (line 331) | def print_efi_runtime_services(efi_runtime, arch, os_version, build): FILE: volafox/plugins/export_table_symbol.py function dump_symbollist (line 7) | def dump_symbollist(x86_mem_pae, arch, os_version, build, base_address, ... FILE: volafox/plugins/fbt_systab.py class FBT (line 25) | class FBT(): method __init__ (line 26) | def __init__(self, x86_mem_pae, arch, base_address): method checkfbt (line 31) | def checkfbt(self, funcaddr): function print_fbt_syscall (line 39) | def print_fbt_syscall(data_list, symbol_list, base_address): function check_fbt_syscall (line 76) | def check_fbt_syscall(x86_mem_pae, sym_addr, arch, os_version, build, ba... FILE: volafox/plugins/filevault2.py class FileVault2 (line 19) | class FileVault2: method __init__ (line 20) | def __init__(self, x86_mem_pae, arch, os_version, build, base_address,... method search_for_keys_in_task_memory (line 30) | def search_for_keys_in_task_memory(self, vmaddr, pm_cr3, mempath): method search_for_keys_in_vm (line 51) | def search_for_keys_in_vm(self, vm_map_ptr, user_stack_ptr, full_dump_... method search_for_keys_in_process (line 69) | def search_for_keys_in_process(self, sym_addr): function dump_filevault_key (line 86) | def dump_filevault_key(x86_mem_pae, sym_addr, arch, os_version, build, b... function print_fvmkey (line 94) | def print_fvmkey(candidate_key_list): FILE: volafox/plugins/hostname.py class hostname (line 7) | class hostname: method __init__ (line 8) | def __init__(self, x86_mem_pae, arch, os_version, build, base_address): method gethostnamelength (line 15) | def gethostnamelength(self, sym_addr): method gethostname (line 24) | def gethostname(self, sym_addr, length): function get_hostname (line 43) | def get_hostname(x86_mem_pae, sym_addr, sym_addr_len, arch, os_version, ... FILE: volafox/plugins/imageinfo.py class imageInfo (line 13) | class imageInfo: method __init__ (line 14) | def __init__(self, f): method read_in_chunks (line 24) | def read_in_chunks(self, file_object): method catfishSearch (line 31) | def catfishSearch(self, f): function get_imageinfo (line 89) | def get_imageinfo(mempath, vflag): FILE: volafox/plugins/inline_hook_finder.py class INLINEHOOK (line 32) | class INLINEHOOK(): method __init__ (line 33) | def __init__(self, x86_mem_pae, arch, os_version, base_address): method check_prologue (line 39) | def check_prologue(self, address): method find_function_in_code (line 71) | def find_function_in_code(self, caller_addr, callee_addr): function inline_quick (line 104) | def inline_quick(x86_mem_pae, sym_addr, arch, os_version, base_address): function find_function_in_code (line 110) | def find_function_in_code(x86_mem_pae, caller_addr, callee_addr, arch, o... FILE: volafox/plugins/kauth_hook.py function kauth_hook (line 9) | def kauth_hook(x86_mem_pae, symbol_list, arch, os_version, base_address): FILE: volafox/plugins/kdebug.py function kdebug_hook (line 9) | def kdebug_hook(x86_mem_pae, symbol_list, arch, os_version, base_address): FILE: volafox/plugins/kextstat.py class kext_manager (line 10) | class kext_manager(): method __init__ (line 11) | def __init__(self, x86_mem_pae, arch, base_address): method kern_kextstat (line 16) | def kern_kextstat(self, sym_addr): # 11.11.23 64bit suppport method get_kextstat (line 31) | def get_kextstat(self, sym_addr): # 11.11.23 64bit suppport method kext_scan (line 75) | def kext_scan(self, start_point, end_point): function get_kext_list (line 158) | def get_kext_list(x86_mem_pae, sym_addr, sym_addr2, arch, os_version, ba... function get_kext_scan (line 166) | def get_kext_scan(x86_mem_pae, sym_addr, arch, os_version, build, base_a... function print_kext_scan (line 178) | def print_kext_scan(kext_list): function print_kext_list (line 191) | def print_kext_list(kext_list): function print_kext (line 204) | def print_kext(headerlist, contentlist, kext_list): function kext_dump (line 221) | def kext_dump(x86_mem_pae, sym_addr, sym_addr2, arch, os_version, build,... FILE: volafox/plugins/keychaindump.py class keychaindump (line 13) | class keychaindump: method __init__ (line 14) | def __init__(self, x86_mem_pae, arch, os_version, build, base_address,... method search_for_keys_in_task_memory (line 22) | def search_for_keys_in_task_memory(self, malloc_tiny_list, pm_cr3, mem... method search_for_keys_in_vm (line 60) | def search_for_keys_in_vm(self, vm_map_ptr, user_stack_ptr, full_dump_... method search_for_keys_in_process (line 81) | def search_for_keys_in_process(self, sym_addr): function dump_master_key (line 98) | def dump_master_key(x86_mem_pae, sym_addr, arch, os_version, build, base... function print_master_key (line 114) | def print_master_key(candidate_key_list): FILE: volafox/plugins/lsof.py function dev_decode (line 53) | def dev_decode(dev_t): function printhex (line 61) | def printhex(binstr): function unpacktype (line 136) | def unpacktype(binstr, member, mtype): function callingclass (line 164) | def callingclass(calling_fxn): class Struct (line 175) | class Struct(object): method validaddr (line 187) | def validaddr(self, addr): method __init__ (line 200) | def __init__(self, addr): class Filefork (line 232) | class Filefork(Struct): method __init__ (line 248) | def __init__(self, addr): method getoff (line 251) | def getoff(self): class Cnode (line 257) | class Cnode(Struct): method __init__ (line 297) | def __init__(self, addr): method getnode (line 300) | def getnode(self): method getentries (line 303) | def getentries(self): # used to calculate size for DIR files method getoff (line 306) | def getoff(self): # returns the size for LINK files class Devnode (line 314) | class Devnode(Struct): method __init__ (line 330) | def __init__(self, addr): method getnode (line 333) | def getnode(self): class Specinfo (line 339) | class Specinfo(Struct): method __init__ (line 355) | def __init__(self, addr): method getdev (line 358) | def getdev(self): class MemoryObjectControl (line 364) | class MemoryObjectControl(Struct): method __init__ (line 382) | def __init__(self, addr): method getvm (line 385) | def getvm(self): class Ubcinfo (line 391) | class Ubcinfo(Struct): method __init__ (line 415) | def __init__(self, addr): method getoff (line 418) | def getoff(self): method getmocoff (line 421) | def getmocoff(self): class Mount (line 426) | class Mount(Struct): method __init__ (line 458) | def __init__(self, addr): method getmount (line 461) | def getmount(self): method getdev (line 465) | def getdev(self): class Vnode (line 476) | class Vnode(Struct): method __init__ (line 525) | def __init__(self, addr): method getnode (line 532) | def getnode(self): method getname (line 556) | def getname(self): method getparent (line 570) | def getparent(self): method getdev (line 577) | def getdev(self): method getpath (line 602) | def getpath(self): method gettype (line 643) | def gettype(self): method getoff (line 653) | def getoff(self, fileglob_offset): method getvmpage (line 705) | def getvmpage(self): class Fileglob (line 733) | class Fileglob(Struct): method __init__ (line 761) | def __init__(self, addr): method getmode (line 765) | def getmode(self, fd): method gettype (line 778) | def gettype(self): method getoff (line 789) | def getoff(self): method getdata (line 792) | def getdata(self): class Fileproc (line 801) | class Fileproc(Struct): method __init__ (line 817) | def __init__(self, addr): method getfglob (line 820) | def getfglob(self): class Filedesc (line 829) | class Filedesc(Struct): method __init__ (line 853) | def __init__(self, addr): method getcwd (line 856) | def getcwd(self): method getfglobs (line 862) | def getfglobs(self): class Vnode_pager (line 894) | class Vnode_pager(Struct): method __init__ (line 910) | def __init__(self, addr): method gettxt (line 913) | def gettxt(self): class Vm_page (line 931) | class Vm_page(Struct): method __init__ (line 1011) | def __init__(self, addr): method getoff (line 1015) | def getoff(self, offsetlist): class Vm_object (line 1038) | class Vm_object(Struct): method __init__ (line 1078) | def __init__(self, addr): method gettxt (line 1092) | def gettxt(self): method getvmpage (line 1117) | def getvmpage(self): class Vm_map_entry (line 1126) | class Vm_map_entry(Struct): method __init__ (line 1158) | def __init__(self, addr): method getnext (line 1161) | def getnext(self): method gettxt (line 1164) | def gettxt(self): class Vm_map (line 1177) | class Vm_map(Struct): method __init__ (line 1223) | def __init__(self, addr): method gettxt (line 1226) | def gettxt(self): class Task (line 1254) | class Task(Struct): method __init__ (line 1270) | def __init__(self, addr): method gettxt (line 1273) | def gettxt(self): class Session (line 1284) | class Session(Struct): method __init__ (line 1300) | def __init__(self, addr): method getuser (line 1303) | def getuser(self): class Pgrp (line 1308) | class Pgrp(Struct): method __init__ (line 1324) | def __init__(self, addr): method getuser (line 1328) | def getuser(self): class Proc (line 1339) | class Proc(Struct): method __init__ (line 1389) | def __init__(self, addr): method next (line 1401) | def next(self): method valid (line 1415) | def valid(self): method setpid (line 1437) | def setpid(self, pid): method getfd (line 1466) | def getfd(self): method getpid (line 1469) | def getpid(self): method getcmd (line 1474) | def getcmd(self): method getuser (line 1478) | def getuser(self): method gettxt (line 1482) | def gettxt(self): function getfilelistbyproc (line 1496) | def getfilelistbyproc(proc): function getfilelist (line 1556) | def getfilelist(mem, arch, kvers, proc_head, pid, vflag): function filedump (line 1592) | def filedump(mem, arch, kvers, proc_head, offset, pid, vflag): function printfilelist (line 1651) | def printfilelist(filelist): FILE: volafox/plugins/mach_trap.py class Mach_Trap_Table (line 12) | class Mach_Trap_Table(): method __init__ (line 13) | def __init__(self, x86_mem_pae, arch, os_version, base_address): method get_mach_trap_table_count (line 19) | def get_mach_trap_table_count(self, table_count): method get_mach_trap_table (line 26) | def get_mach_trap_table(self, table_ptr, table_count): function print_mach_trap_table (line 51) | def print_mach_trap_table(data_list, symbol_list, os_version, base_addre... function get_mach_trap_table_list (line 118) | def get_mach_trap_table_list(x86_mem_pae, mtt_ptr, mtt_count, arch, os_v... FILE: volafox/plugins/machdump.py class _MACH_HEADER (line 9) | class _MACH_HEADER(LittleEndianStructure): class _MACH_HEADER_64 (line 22) | class _MACH_HEADER_64(LittleEndianStructure): class _LOAD_COMMAND (line 34) | class _LOAD_COMMAND(LittleEndianStructure): class _SEGMENT_COMMAND (line 40) | class _SEGMENT_COMMAND(LittleEndianStructure): class _SEGMENT_COMMAND_64 (line 55) | class _SEGMENT_COMMAND_64(LittleEndianStructure): class _SECTION (line 70) | class _SECTION(LittleEndianStructure): class _SECTION_64 (line 85) | class _SECTION_64(LittleEndianStructure): function _procmemcpy (line 106) | def _procmemcpy(mem, offset, fmt): function _memcpy (line 111) | def _memcpy(buf, fmt): function unsigned8 (line 114) | def unsigned8(n): class machdump (line 117) | class machdump: method __init__ (line 118) | def __init__(self, x86_mem_pae, arch, os_version, build, base_address): method get_mach_dump (line 128) | def get_mach_dump(self, vm_list, vm_struct, pid_process_name, mempath,... method reloc (line 236) | def reloc(self, dumpfilename): function get_macho_dump (line 312) | def get_macho_dump(x86_mem_pae, sym_addr, arch, os_version, build, pid, ... FILE: volafox/plugins/mount.py class mount_manager (line 8) | class mount_manager(): method __init__ (line 9) | def __init__(self, x86_mem_pae, arch, base_address): method mount_list (line 15) | def mount_list(self, sym_addr): # 11.11.23 64bit suppport(Lion) function get_mount_list (line 46) | def get_mount_list(x86_mem_pae, sym_addr, arch, os_version, build, base_... function print_mount_list (line 52) | def print_mount_list(mount_list): FILE: volafox/plugins/netstat.py class network_manager (line 32) | class network_manager(): method __init__ (line 33) | def __init__(self, net_pae, arch, os_version, base_address): method IntToDottedIP (line 40) | def IntToDottedIP(self, intip): method network_status_hash (line 47) | def network_status_hash(self, sym_addr): method network_status_list (line 139) | def network_status_list(self, sym_addr): function get_network_hash (line 189) | def get_network_hash(net_pae, tcb_symbol_addr, udb_symbol_addr, arch, os... function get_network_list (line 195) | def get_network_list(net_pae, tcb_symbol_addr, udb_symbol_addr, arch, os... function print_network_list (line 201) | def print_network_list(tcp_network_list, udp_network_list): FILE: volafox/plugins/notifier.py class notifier (line 10) | class notifier(): method __init__ (line 11) | def __init__(self, x86_mem_pae, arch, build, base_address): method get_notifier_table (line 17) | def get_notifier_table(self, sym_addr): # 11.11.23 64bit suppport function print_notifier_list (line 42) | def print_notifier_list(data_list, symbol_list, base_address, NotifierNa... function get_notifier_table (line 76) | def get_notifier_table(x86_mem_pae, sym_addr, arch, os_version, build, b... FILE: volafox/plugins/pe_state.py class PE_State (line 55) | class PE_State: method __init__ (line 56) | def __init__(self, x86_mem_pae, arch, os_version, build, base_address): method get_info (line 63) | def get_info(self, sym_addr): class boot_args (line 146) | class boot_args: method __init__ (line 147) | def __init__(self, x86_mem_pae, arch, os_version, build): method get_info (line 153) | def get_info(self, sym_addr): function get_pe_state (line 167) | def get_pe_state(x86_mem_pae, sym_addr, arch, os_version, build, base_ad... function print_pe_state (line 172) | def print_pe_state(pe_state, arch, os_version, build): function get_boot_args (line 196) | def get_boot_args(x86_mem_pae, boot_args_ptr, arch, os_version, build): function print_boot_args (line 201) | def print_boot_args(bootargs, arch, os_version, build): FILE: volafox/plugins/ps.py function unsigned8 (line 54) | def unsigned8(n): class process_manager (line 57) | class process_manager: method __init__ (line 58) | def __init__(self, x86_mem_pae, arch, os_version, build, base_address,... method get_proc (line 66) | def get_proc(self, proc_sym_addr, PROC_STRUCTURE): method get_proc_struct (line 111) | def get_proc_struct(self): method get_kernel_task_addr (line 137) | def get_kernel_task_addr(self, sym_addr): method pass_kernel_task_proc (line 147) | def pass_kernel_task_proc(self, sym_addr): method get_proc_list (line 157) | def get_proc_list(self, sym_addr, proc_list, pid): method get_queue (line 197) | def get_queue(self, ptr): method get_task_queue (line 209) | def get_task_queue(self, sym_addr, count, task_list): method get_task (line 245) | def get_task(self, proc, task_ptr): method get_proc_region (line 264) | def get_proc_region(self, task_ptr, user_stack, fflag): method get_proc_cr3 (line 385) | def get_proc_cr3(self, vm_list, vm_struct): method get_proc_dump (line 407) | def get_proc_dump(self, vm_list, vm_struct, process_name, mempath): function proc_print (line 454) | def proc_print(data_list, os_version): function get_proc_list (line 482) | def get_proc_list(x86_mem_pae, sym_addr, arch, os_version, build, base_a... function print_proc_list (line 489) | def print_proc_list(proc_list, os_version): function get_proc_dump (line 493) | def get_proc_dump(x86_mem_pae, sym_addr, arch, os_version, build, pid, b... function get_task_dump (line 515) | def get_task_dump(x86_mem_pae, sym_addr, count, arch, os_version, build,... function get_task_list (line 549) | def get_task_list(x86_mem_pae, sym_addr, count, arch, os_version, build,... function proc_lookup (line 557) | def proc_lookup(proc_list, task_list, x86_mem_pae, arch, os_version, bui... function task_print (line 603) | def task_print(data_list): FILE: volafox/plugins/sysctl.py class _sysctl_oid_list (line 14) | class _sysctl_oid_list(LittleEndianStructure): class _slist_entry (line 19) | class _slist_entry(LittleEndianStructure): class _sysctl_oid (line 24) | class _sysctl_oid(LittleEndianStructure): method get_perms (line 40) | def get_perms(self): method get_ctltype (line 53) | def get_ctltype(self): function _memcpy (line 64) | def _memcpy(buf, fmt): class _sysctl (line 68) | class _sysctl(): method __init__ (line 69) | def __init__(self, x86_mem_pae, symbol_list, arch, os_version, base_ad... method _parse_global_variable_sysctls (line 76) | def _parse_global_variable_sysctls(self, name): method _process (line 90) | def _process(self, prefix, number, offset, r=0): method calc (line 158) | def calc(self): function getsysctl (line 180) | def getsysctl(x86_mem_pae, symbol_list, arch, os_version, base_address): function print_sysctl (line 189) | def print_sysctl(symbol_list, sysctllist, kextlist): FILE: volafox/plugins/systab.py class systab_manager (line 24) | class systab_manager(): method __init__ (line 25) | def __init__(self, x86_mem_pae, arch, os_version, build, base_address): method get_syscall_table (line 32) | def get_syscall_table(self, sym_addr): # 11.11.23 64bit suppport function print_syscall_table (line 139) | def print_syscall_table(data_list, symbol_list, base_address): function get_system_call_table_list (line 178) | def get_system_call_table_list(x86_mem_pae, sym_addr, arch, os_version, ... FILE: volafox/plugins/system_profiler.py class system_profiler (line 4) | class system_profiler: method __init__ (line 5) | def __init__(self, x86_mem_pae, base_address): method machine_info (line 9) | def machine_info(self, sym_addr): method sw_vers (line 14) | def sw_vers(self, sym_addr): # 11.11.23 64bit suppport method get_gmtime (line 19) | def get_gmtime(self, sym_addr): function get_system_profile (line 27) | def get_system_profile(x86_mem_pae, sw_vers, machine_info, boottime, sle... FILE: volafox/plugins/tableprint.py function columnprint (line 6) | def columnprint(headerlist, contentlist, mszlist=[]): FILE: volafox/plugins/trustedbsd.py class trustedbsd (line 19) | class trustedbsd(): method __init__ (line 20) | def __init__(self, x86_mem_pae, arch, build, base_address, os_version): method get_mac_policy_list (line 30) | def get_mac_policy_list(self, sym_addr): # 11.11.23 64bit suppport method mac_ops_sort (line 187) | def mac_ops_sort(self, mac_ops_list): method get_loadtime_flag (line 203) | def get_loadtime_flag(self, num): method get_runtime_flag (line 217) | def get_runtime_flag(self, num): function print_mac_policy_list (line 225) | def print_mac_policy_list(data_list, mac_policy, kext_list): function get_mac_policy_table (line 264) | def get_mac_policy_table(x86_mem_pae, sym_addr, arch, os_version, build,... FILE: volafox/plugins/uname.py class uname (line 7) | class uname: method __init__ (line 8) | def __init__(self, x86_mem_pae, arch, os_version, build, base_address): method getuname (line 15) | def getuname(self, sym_addr): function get_uname (line 33) | def get_uname(x86_mem_pae, sym_addr, arch, os_version, build, base_addre... FILE: volafox/vatopa/addrspace.py class FileAddressSpace (line 35) | class FileAddressSpace: method __init__ (line 36) | def __init__(self, fname, mode='rb', fast=False): method fread (line 44) | def fread(self,len): method read (line 47) | def read(self, addr, len): method zread (line 51) | def zread(self, addr, len): method read_long (line 54) | def read_long(self, addr): method get_address_range (line 59) | def get_address_range(self): method get_available_addresses (line 62) | def get_available_addresses(self): method is_valid_address (line 65) | def is_valid_address(self, addr): method close (line 70) | def close(self): FILE: volafox/vatopa/ia32_pml4.py class IA32PML4MemoryPae (line 61) | class IA32PML4MemoryPae: method __init__ (line 62) | def __init__(self, baseAddressSpace, pml4): method entry_present (line 67) | def entry_present(self, entry): method page_size_flag (line 72) | def page_size_flag(self, entry): method pgd_index (line 80) | def pgd_index(self, pgd): method get_pdpib (line 84) | def get_pdpib(self, pml4): method pml4_index (line 87) | def pml4_index(self, pml4): method get_pml4 (line 91) | def get_pml4(self, vaddr): method pdpa_base (line 96) | def pdpa_base(self, pdpi): method pdpi_index (line 99) | def pdpi_index(self, pdpi): method get_pdpi (line 102) | def get_pdpi(self, vaddr, pdpi): method pde_index (line 106) | def pde_index(self, vaddr): method pdba_base (line 109) | def pdba_base(self, pdpe): method get_pgd (line 112) | def get_pgd(self, vaddr, pdpe): method pte_pfn (line 116) | def pte_pfn(self, pte): method pte_index (line 119) | def pte_index(self, vaddr): method pml4_base (line 123) | def pml4_base(self, pml4): method ptba_base (line 126) | def ptba_base(self, pde): method get_pte (line 129) | def get_pte(self, vaddr, pgd): method get_paddr (line 133) | def get_paddr(self, vaddr, pte): method get_large_paddr (line 136) | def get_large_paddr(self, vaddr, pgd_entry): method get_1GB_paddr (line 139) | def get_1GB_paddr(self, vaddr, pdpe): method vtop (line 142) | def vtop(self, vaddr): method read (line 166) | def read(self, vaddr, length): method zread (line 206) | def zread(self, vaddr, length): method read_long_phys (line 240) | def read_long_phys(self, addr): method read_long_long_phys (line 247) | def read_long_long_phys(self, addr): method is_valid_address (line 254) | def is_valid_address(self, addr): FILE: volafox/vatopa/machaddrspace.py function getuint (line 10) | def getuint(fhandle, offset): function getuint64 (line 22) | def getuint64(fhandle, offset): function getmagic (line 31) | def getmagic(fhandle): function _getcputype (line 34) | def _getcputype(fhandle): function getcputype (line 37) | def getcputype(fhandle): function getcpusubtype (line 68) | def getcpusubtype(fhandle): function _getfiletype (line 71) | def _getfiletype(fhandle): function getfiletype (line 74) | def getfiletype(fhandle): function getncmds (line 97) | def getncmds(fhandle): function getsizeofcmds (line 100) | def getsizeofcmds(fhandle): function getflags (line 103) | def getflags(fhandle): function _loadcommandlookup (line 110) | def _loadcommandlookup(type): function _readloadcommand (line 176) | def _readloadcommand(fhandle, offset): function loadcommand (line 182) | def loadcommand(fhandle, index): class Segment64 (line 212) | class Segment64: method __init__ (line 214) | def __init__(self, fhandle, offset): method __str__ (line 228) | def __str__(self): class Segment (line 232) | class Segment: method __init__ (line 234) | def __init__(self, fhandle, offset): method __str__ (line 248) | def __str__(self): function find_lcmd (line 252) | def find_lcmd(lcmds, addr): function getoffset (line 259) | def getoffset(lcmds, addr): class MachoAddressSpace (line 269) | class MachoAddressSpace: method __init__ (line 271) | def __init__(self, fname, mode='rb'): method read (line 279) | def read(self, addr, length): method zread (line 303) | def zread(self, addr, length): method read_long (line 306) | def read_long(self, addr): method get_address_range (line 312) | def get_address_range(self): method get_available_addresses (line 316) | def get_available_addresses(self): method is_valid_address (line 319) | def is_valid_address(self, addr): method close (line 328) | def close(): function is_universal_binary (line 335) | def is_universal_binary(filename): function ismacho (line 344) | def ismacho(fin): function is32 (line 364) | def is32(fin): function is64 (line 371) | def is64(fin): function isMachoVolafoxCompatible (line 379) | def isMachoVolafoxCompatible(fname): FILE: volafox/vatopa/x86.py class IA32PagedMemory (line 65) | class IA32PagedMemory: method __init__ (line 66) | def __init__(self, baseAddressSpace, pdbr): method entry_present (line 71) | def entry_present(self, entry): method page_size_flag (line 76) | def page_size_flag(self, entry): method pgd_index (line 81) | def pgd_index(self, pgd): method get_pgd (line 84) | def get_pgd(self, vaddr): method pte_pfn (line 88) | def pte_pfn(self, pte): method pte_index (line 91) | def pte_index(self, pte): method get_pte (line 94) | def get_pte(self, vaddr, pgd): method get_paddr (line 99) | def get_paddr(self, vaddr, pte): method get_four_meg_paddr (line 102) | def get_four_meg_paddr(self, vaddr, pgd_entry): method vtop (line 105) | def vtop(self, vaddr): method read (line 119) | def read(self, vaddr, length): method zread (line 159) | def zread(self, vaddr, length): method read_long_phys (line 193) | def read_long_phys(self, addr): method is_valid_address (line 200) | def is_valid_address(self, addr): method get_available_pages (line 213) | def get_available_pages(self): class IA32PagedMemoryPae (line 232) | class IA32PagedMemoryPae: method __init__ (line 233) | def __init__(self, baseAddressSpace, pdbr): method entry_present (line 238) | def entry_present(self, entry): method page_size_flag (line 243) | def page_size_flag(self, entry): method get_pdptb (line 248) | def get_pdptb(self, pdpr): method pgd_index (line 251) | def pgd_index(self, pgd): method pdpi_index (line 254) | def pdpi_index(self, pdpi): method get_pdpi (line 257) | def get_pdpi(self, vaddr): method pde_index (line 261) | def pde_index(self, vaddr): method pdba_base (line 264) | def pdba_base(self, pdpe): method get_pgd (line 267) | def get_pgd(self, vaddr, pdpe): method pte_pfn (line 271) | def pte_pfn(self, pte): method pte_index (line 274) | def pte_index(self, vaddr): method ptba_base (line 277) | def ptba_base(self, pde): method get_pte (line 280) | def get_pte(self, vaddr, pgd): method get_paddr (line 284) | def get_paddr(self, vaddr, pte): method get_large_paddr (line 287) | def get_large_paddr(self, vaddr, pgd_entry): method vtop (line 290) | def vtop(self, vaddr): method read (line 308) | def read(self, vaddr, length): method zread (line 348) | def zread(self, vaddr, length): method read_long_phys (line 382) | def read_long_phys(self, addr): method read_long_long_phys (line 389) | def read_long_long_phys(self, addr): method is_valid_address (line 396) | def is_valid_address(self, addr): method get_available_pages (line 409) | def get_available_pages(self): FILE: volafox/volafox.py class volafox (line 79) | class volafox(): method __init__ (line 80) | def __init__(self, mempath): method get_vtop (line 90) | def get_vtop(self, address): # Get non-shifted address method get_shift_vtop (line 94) | def get_shift_vtop(self, address): # Get shifted kernel symbol address method overlay_loader (line 98) | def overlay_loader(self, overlay_path, vflag): method get_kernel_version (line 111) | def get_kernel_version(self, vflag): method init_vatopa_x86_pae (line 121) | def init_vatopa_x86_pae(self, vflag): method get_system_profiler (line 160) | def get_system_profiler(self): # 11.11.23 64bit suppport method kextstat (line 172) | def kextstat(self): # 11.11.23 64bit suppport method kextscan (line 178) | def kextscan(self): method kextdump (line 183) | def kextdump(self, KID): method mount (line 188) | def mount(self): method get_ps (line 193) | def get_ps(self): method machdump (line 199) | def machdump(self, pid): method task_dump (line 205) | def task_dump(self, task_id): method get_tasks (line 213) | def get_tasks(self): # comparing proc with task method lsof (line 239) | def lsof(self, pid, vflag): method systab (line 254) | def systab(self): # 11.11.23 64bit suppport method mtt (line 261) | def mtt(self): method proc_dump (line 267) | def proc_dump(self, pid): method netstat (line 276) | def netstat(self): method netstat_test (line 289) | def netstat_test(self): method pe_state (line 303) | def pe_state(self): method efi_system_table (line 316) | def efi_system_table(self): method keychaindump (line 326) | def keychaindump(self): method dumpfilevaultkey (line 334) | def dumpfilevaultkey(self): method findphysaddr_owner (line 342) | def findphysaddr_owner(self, physaddr): method bash_history (line 347) | def bash_history(self): method dmesg (line 356) | def dmesg(self): method uname (line 361) | def uname(self): method hostname (line 366) | def hostname(self): method trustedbsd (line 372) | def trustedbsd(self): method notifier (line 384) | def notifier(self): method fbt_syscall (line 401) | def fbt_syscall(self): method inline_quick (line 407) | def inline_quick(self, func_name): method find_function (line 412) | def find_function(self, caller_func, callie_func): method find_bsm_hook (line 417) | def find_bsm_hook(self): method find_kauth_hook (line 420) | def find_kauth_hook(self): method find_kdebug_hook (line 423) | def find_kdebug_hook(self): method export_symbol_table (line 426) | def export_symbol_table(self, filename): method dumpfile (line 429) | def dumpfile(self, offset, pid, vflag): method dumpcompsegment (line 444) | def dumpcompsegment(self): method checksysctl (line 447) | def checksysctl(self): FILE: volafunx.py class volafunx_bsd (line 50) | class volafunx_bsd(): method __init__ (line 51) | def __init__(self, ptd, mempath): method init_vatopa_x86 (line 56) | def init_vatopa_x86(self): method dump_kld (line 63) | def dump_kld(self, offset, size, kld_name): method dump_process (line 79) | def dump_process(self, sym_addr, pid): method process_info (line 202) | def process_info(self, sym_addr): method process_info_hash (line 238) | def process_info_hash(self, sym_addr): method thread_info (line 290) | def thread_info(self, sym_addr): method kld_info (line 353) | def kld_info(self, sym_addr): method IntToDottedIP (line 458) | def IntToDottedIP(self, intip): method net_info (line 473) | def net_info(self, sym_addr): method net_info_hash (line 556) | def net_info_hash(self, sym_addr): method sysent_info (line 644) | def sysent_info(self, sym_addr): method hooking_detect (line 665) | def hooking_detect(self, sysent, sym_addr_list): function usage (line 673) | def usage(): function main (line 694) | def main():