SYMBOL INDEX (4417 symbols across 339 files) FILE: contrib/library_example/libapi.py function get_json (line 28) | def get_json(config, plugin_class): function get_config (line 34) | def get_config(profile, target_path): FILE: contrib/library_example/pslist_json.py function main (line 24) | def main(): FILE: contrib/plugins/disablewarnings.py function disable_warnings (line 27) | def disable_warnings(_option, _opt_str, _value, _parser): FILE: contrib/plugins/example.py class DateTime (line 29) | class DateTime(commands.Command): method calculate (line 31) | def calculate(self): method get_image_time (line 39) | def get_image_time(self, addr_space): method render_text (line 59) | def render_text(self, outfd, data): FILE: setup.py function find_files (line 39) | def find_files(topdirs, py = False): FILE: tools/doxygen/d3/createtree.py function path_to_dict (line 19) | def path_to_dict(path): FILE: tools/linux/kcore/elf.h type Elf32_Half (line 33) | typedef uint16_t Elf32_Half; type Elf64_Half (line 34) | typedef uint16_t Elf64_Half; type Elf32_Word (line 37) | typedef uint32_t Elf32_Word; type Elf32_Sword (line 38) | typedef int32_t Elf32_Sword; type Elf64_Word (line 39) | typedef uint32_t Elf64_Word; type Elf64_Sword (line 40) | typedef int32_t Elf64_Sword; type Elf32_Xword (line 43) | typedef uint64_t Elf32_Xword; type Elf32_Sxword (line 44) | typedef int64_t Elf32_Sxword; type Elf64_Xword (line 45) | typedef uint64_t Elf64_Xword; type Elf64_Sxword (line 46) | typedef int64_t Elf64_Sxword; type Elf32_Addr (line 49) | typedef uint32_t Elf32_Addr; type Elf64_Addr (line 50) | typedef uint64_t Elf64_Addr; type Elf32_Off (line 53) | typedef uint32_t Elf32_Off; type Elf64_Off (line 54) | typedef uint64_t Elf64_Off; type Elf32_Section (line 57) | typedef uint16_t Elf32_Section; type Elf64_Section (line 58) | typedef uint16_t Elf64_Section; type Elf32_Half (line 61) | typedef Elf32_Half Elf32_Versym; type Elf64_Half (line 62) | typedef Elf64_Half Elf64_Versym; type Elf32_Ehdr (line 69) | typedef struct type Elf64_Ehdr (line 87) | typedef struct type Elf32_Shdr (line 270) | typedef struct type Elf64_Shdr (line 284) | typedef struct type Elf32_Sym (line 379) | typedef struct type Elf64_Sym (line 389) | typedef struct type Elf32_Syminfo (line 402) | typedef struct type Elf64_Syminfo (line 408) | typedef struct type Elf32_Rel (line 494) | typedef struct type Elf64_Rel (line 505) | typedef struct type Elf32_Rela (line 513) | typedef struct type Elf64_Rela (line 520) | typedef struct type Elf32_Phdr (line 539) | typedef struct type Elf64_Phdr (line 551) | typedef struct type Elf32_Dyn (line 633) | typedef struct type Elf64_Dyn (line 643) | typedef struct type Elf32_Verdef (line 800) | typedef struct type Elf64_Verdef (line 812) | typedef struct type Elf32_Verdaux (line 842) | typedef struct type Elf64_Verdaux (line 849) | typedef struct type Elf32_Verneed (line 859) | typedef struct type Elf64_Verneed (line 870) | typedef struct type Elf32_Vernaux (line 889) | typedef struct type Elf64_Vernaux (line 899) | typedef struct type Elf32_auxv_t (line 923) | typedef struct type Elf64_auxv_t (line 935) | typedef struct type Elf32_Nhdr (line 1007) | typedef struct type Elf64_Nhdr (line 1014) | typedef struct type Elf32_Move (line 1071) | typedef struct type Elf64_Move (line 1080) | typedef struct type Elf32_gptab (line 1464) | typedef union type Elf32_RegInfo (line 1480) | typedef struct type Elf_Options (line 1489) | typedef struct type Elf_Options_Hw (line 1540) | typedef struct type Elf32_Lib (line 1701) | typedef struct type Elf64_Lib (line 1710) | typedef struct type Elf32_Addr (line 1732) | typedef Elf32_Addr Elf32_Conflict; FILE: tools/linux/kcore/getkcore.c function _debug_msg (line 49) | void _debug_msg(const char *format,...) function _die (line 61) | void _die(const char* format,...) function _do_startup_checks (line 72) | void _do_startup_checks(void) function _write_lime_header (line 81) | void _write_lime_header(int out_fd, unsigned long long phys_off, unsigne... function _read_write_region (line 97) | void _read_write_region(int kcore_fd, int out_fd, Elf64_Phdr *p, unsigne... function _process_header (line 139) | void _process_header(int kcore_fd, int out_fd, unsigned long long phdr_a... function _write_region (line 156) | void _write_region(int kcore_fd, int out_fd, unsigned long long phys_sta... function _dump_ranges (line 201) | void _dump_ranges(int kcore_fd, int out_fd, unsigned char *read_buf) function create_memory_dump (line 258) | int create_memory_dump(char *outfile) function main (line 285) | int main(int argc, char **argv) FILE: tools/linux/kcore/getkcore.h type lime_range (line 4) | typedef struct { FILE: tools/linux/module.c type xa_node (line 21) | struct xa_node type lockref (line 26) | struct lockref type pid_namespace (line 42) | struct pid_namespace type nf_hook_ops (line 49) | struct nf_hook_ops type nf_sockopt_ops (line 50) | struct nf_sockopt_ops type xt_table (line 54) | struct xt_table type atomic_notifier_head (line 68) | struct atomic_notifier_head type tty_driver (line 72) | struct tty_driver type tty_struct (line 75) | struct tty_struct type udp_seq_afinfo (line 77) | struct udp_seq_afinfo type tcp_seq_afinfo (line 78) | struct tcp_seq_afinfo type files_struct (line 80) | struct files_struct type uts_namespace (line 83) | struct uts_namespace type sock (line 86) | struct sock type inet_sock (line 87) | struct inet_sock type vfsmount (line 88) | struct vfsmount type in_device (line 89) | struct in_device type fib_table (line 90) | struct fib_table type unix_sock (line 91) | struct unix_sock type pid (line 92) | struct pid type radix_tree_root (line 93) | struct radix_tree_root type Qdisc (line 98) | struct Qdisc type inet_protosw (line 102) | struct inet_protosw type kthread_create_info (line 109) | struct kthread_create_info type kthread_create_info (line 123) | struct kthread_create_info type fn_zone (line 138) | struct fn_zone { type fn_hash (line 153) | struct fn_hash { type fib_alias (line 158) | struct fib_alias type fib_node (line 171) | struct fib_node type fib_node (line 180) | struct fib_node type fib_alias (line 181) | struct fib_alias type rt_hash_bucket (line 183) | struct rt_hash_bucket { type radix_tree_node (line 199) | struct radix_tree_node { type module_sect_attr (line 217) | struct module_sect_attr type module_sect_attrs (line 224) | struct module_sect_attrs type module_sect_attrs (line 231) | struct module_sect_attrs type module_sections (line 235) | struct module_sections type module_kobject (line 239) | struct module_kobject type latch_tree_root (line 249) | struct latch_tree_root type kmem_cache (line 264) | struct kmem_cache { type kmem_cache (line 340) | struct kmem_cache { type kmem_cache (line 409) | struct kmem_cache type kmem_list3 (line 412) | struct kmem_list3 { type kmem_list3 (line 426) | struct kmem_list3 type slab (line 428) | struct slab { type slab (line 437) | struct slab type u64 (line 447) | typedef u64 cycle_t; type timekeeper (line 449) | struct timekeeper { type timekeeper (line 509) | struct timekeeper type log (line 511) | struct log { type log (line 521) | struct log type mnt_namespace (line 527) | struct mnt_namespace { type mnt_pcp (line 535) | struct mnt_pcp { type mount (line 540) | struct mount { type proc_dir_entry (line 583) | struct proc_dir_entry { type proc_dir_entry (line 604) | struct proc_dir_entry { type resource (line 629) | struct resource FILE: tools/mac/convert.py class DWARFParser (line 5) | class DWARFParser(object): method __init__ (line 38) | def __init__(self): method resolve (line 52) | def resolve(self, memb): method fix_typedefs (line 72) | def fix_typedefs(self): method resolve_refs (line 88) | def resolve_refs(self): method deep_replace (line 96) | def deep_replace(self, t, search, repl): method get_deepest (line 105) | def get_deepest(self, t): method base_type_name (line 119) | def base_type_name(self, data): method feed_line (line 130) | def feed_line(self, line): method get_offset (line 154) | def get_offset(self, data): method process_statement (line 167) | def process_statement(self, kind, level, data, statement_id): method process_variable (line 376) | def process_variable(self, data): method finalize (line 385) | def finalize(self): method print_output (line 430) | def print_output(self): function parse_dwarf (line 446) | def parse_dwarf(): function write_line (line 459) | def write_line(outfile, level, id, name): function convert_file (line 463) | def convert_file(mac_file, outfile): function main (line 603) | def main(): FILE: tools/mac/generate_profile_list.py function parse_dsymutil (line 29) | def parse_dsymutil(data, module): FILE: tools/mac/mac_create_all_profiles.py function run_cmd (line 22) | def run_cmd(args, output_file = None): function generate_profile (line 40) | def generate_profile(temp_dir, volatility_dir, profile_dir, profile): function main (line 102) | def main(): FILE: tools/mac/parse_pbzx2.py function seekread (line 21) | def seekread(f, offset=None, length=0, relative=True): function parse_pbzx (line 28) | def parse_pbzx(pbzx_path): function main (line 82) | def main(): FILE: tools/vtype_diff.py class VtypeHolder (line 35) | class VtypeHolder(object): method __init__ (line 39) | def __init__(self): method _rename_types (line 47) | def _rename_types(self, vtypes, namemap): method _deep_replace (line 64) | def _deep_replace(self, t, search, repl): method _get_deepest (line 72) | def _get_deepest(self, t): method _tuplify (line 84) | def _tuplify(self, types, t): method as_string (line 94) | def as_string(self, msizes = True): method load (line 127) | def load(self, filename): method canonicalize (line 136) | def canonicalize(self): method decanonicalize (line 154) | def decanonicalize(self, namemap = None): method diff (line 172) | def diff(self, base): FILE: tools/windows/parsesummary.py function usage (line 18) | def usage(name): function main (line 21) | def main(): FILE: vol.py function list_plugins (line 64) | def list_plugins(): function command_help (line 94) | def command_help(command): function print_info (line 109) | def print_info(): function main (line 135) | def main(): FILE: volatility/addrspace.py class ASAssertionError (line 46) | class ASAssertionError(AssertionError): method __init__ (line 48) | def __init__(self, *args, **kwargs): function check_valid_profile (line 51) | def check_valid_profile(option, _opt_str, value, parser): class BaseAddressSpace (line 64) | class BaseAddressSpace(object): method __init__ (line 66) | def __init__(self, base, config, *_args, **_kwargs): method register_options (line 76) | def register_options(config): method get_config (line 85) | def get_config(self): method _set_profile (line 89) | def _set_profile(self, profile_name): method is_valid_profile (line 106) | def is_valid_profile(self, profile): #pylint: disable-msg=W0613 method as_assert (line 110) | def as_assert(self, assertion, error = None): method __eq__ (line 120) | def __eq__(self, other): method __ne__ (line 124) | def __ne__(self, other): method read (line 127) | def read(self, addr, length): method zread (line 130) | def zread(self, addr, length): method get_available_addresses (line 133) | def get_available_addresses(self): method is_valid_address (line 141) | def is_valid_address(self, _addr): method write (line 145) | def write(self, _addr, _buf): method __getstate__ (line 150) | def __getstate__(self): method __setstate__ (line 156) | def __setstate__(self, state): method address_mask (line 160) | def address_mask(cls, addr): method address_compare (line 165) | def address_compare(cls, a, b): method address_equality (line 170) | def address_equality(cls, a, b): method physical_space (line 174) | def physical_space(self): class AbstractDiscreteAllocMemory (line 189) | class AbstractDiscreteAllocMemory(BaseAddressSpace): method __init__ (line 195) | def __init__(self, base, config, *args, **kwargs): method translate (line 198) | def translate(self, vaddr): method get_available_allocs (line 201) | def get_available_allocs(self): method calculate_alloc_stats (line 205) | def calculate_alloc_stats(self): method _read (line 223) | def _read(self, addr, length, pad = False): method read (line 271) | def read(self, addr, length): method zread (line 278) | def zread(self, addr, length): class AbstractRunBasedMemory (line 285) | class AbstractRunBasedMemory(AbstractDiscreteAllocMemory): method __init__ (line 292) | def __init__(self, base, config, *args, **kwargs): method get_runs (line 297) | def get_runs(self): method get_header (line 301) | def get_header(self): method translate (line 305) | def translate(self, addr): method get_available_allocs (line 320) | def get_available_allocs(self): method get_available_addresses (line 325) | def get_available_addresses(self): method is_valid_address (line 331) | def is_valid_address(self, phys_addr): method get_address_range (line 338) | def get_address_range(self): method write (line 346) | def write(self, phys_addr, buf): class AbstractVirtualAddressSpace (line 361) | class AbstractVirtualAddressSpace(AbstractDiscreteAllocMemory): method __init__ (line 363) | def __init__(self, base, config, astype = 'virtual', *args, **kwargs): method vtop (line 367) | def vtop(self, vaddr): method translate (line 370) | def translate(self, vaddr): class BufferAddressSpace (line 376) | class BufferAddressSpace(BaseAddressSpace): method __init__ (line 377) | def __init__(self, config, base_offset = 0, data = '', **kwargs): method assign_buffer (line 383) | def assign_buffer(self, data, base_offset = 0): method is_valid_address (line 387) | def is_valid_address(self, addr): method read (line 392) | def read(self, addr, length): method zread (line 396) | def zread(self, addr, length): method write (line 399) | def write(self, addr, data): method get_available_addresses (line 405) | def get_available_addresses(self): FILE: volatility/cache.py class CacheContainsGenerator (line 229) | class CacheContainsGenerator(exceptions.VolatilityException): class InvalidCache (line 233) | class InvalidCache(Exception): class CacheNode (line 237) | class CacheNode(object): method __init__ (line 239) | def __init__(self, name, stem, storage = None, payload = None, invalid... method __getitem__ (line 255) | def __getitem__(self, item = ''): method __str__ (line 269) | def __str__(self): method _find_generators (line 273) | def _find_generators(self, item): method set_payload (line 298) | def set_payload(self, payload): method dump (line 306) | def dump(self): method get_payload (line 312) | def get_payload(self): class BlockingNode (line 316) | class BlockingNode(CacheNode): method __init__ (line 318) | def __init__(self, name, stem, **kwargs): method __getitem__ (line 321) | def __getitem__(self, item = ''): method dump (line 324) | def dump(self): method get_payload (line 328) | def get_payload(self): class Invalidator (line 332) | class Invalidator(object): method __init__ (line 350) | def __init__(self): method add_condition (line 353) | def add_condition(self, key, callback): method __setstate__ (line 358) | def __setstate__(self, state): method __getstate__ (line 372) | def __getstate__(self): class CacheTree (line 387) | class CacheTree(object): method __init__ (line 389) | def __init__(self, storage = None, cls = CacheNode, invalidator = None): method __getitem__ (line 395) | def __getitem__(self, path): method invalidate_on (line 399) | def invalidate_on(self, key, callback): method check (line 402) | def check(self, path, callback = None, cls = CacheNode): class CacheStorage (line 434) | class CacheStorage(object): method encode (line 439) | def encode(self, string): method filename (line 449) | def filename(self, url): method load (line 463) | def load(self, url): method dump (line 472) | def dump(self, url, payload): function enable_caching (line 499) | def enable_caching(_option, _opt_str, _value, _parser): class CacheDecorator (line 514) | class CacheDecorator(object): method __init__ (line 516) | def __init__(self, path): method generate (line 543) | def generate(self, path, g): method dump (line 555) | def dump(self, path, payload): method _cachewrapper (line 560) | def _cachewrapper(self, f, s, *args, **kwargs): method __call__ (line 587) | def __call__(self, f): class TestDecorator (line 596) | class TestDecorator(CacheDecorator): method __call__ (line 599) | def __call__(self, f): class Testable (line 604) | class Testable(object): method calculate (line 610) | def calculate(self): method _flatten (line 613) | def _flatten(self, item): method test (line 632) | def test(self): FILE: volatility/commands.py class Command (line 38) | class Command(object): method __init__ (line 51) | def __init__(self, config, *_args, **_kwargs): method register_options (line 60) | def register_options(config): method help (line 75) | def help(cls): method is_valid_profile (line 85) | def is_valid_profile(profile): method calculate (line 88) | def calculate(self): method execute (line 99) | def execute(self): method _formatlookup (line 149) | def _formatlookup(self, profile, code): method _elide (line 174) | def _elide(self, string, length): method format_value (line 193) | def format_value(self, value, fmt): method table_header (line 198) | def table_header(self, outfd, title_format_list = None): method table_row (line 230) | def table_row(self, outfd, *args): method text_cell_renderers (line 250) | def text_cell_renderers(self, columns): method unified_output (line 269) | def unified_output(self, data): method _render (line 272) | def _render(self, outfd, renderer, data): method render_text (line 280) | def render_text(self, outfd, data): method render_greptext (line 284) | def render_greptext(self, outfd, data): method render_json (line 292) | def render_json(self, outfd, data): method render_sqlite (line 300) | def render_sqlite(self, outfd, data): method render_dot (line 308) | def render_dot(self, outfd, data): method render_html (line 316) | def render_html(self, outfd, data): method render_xlsx (line 324) | def render_xlsx(self, outfd, data): FILE: volatility/conf.py class PyFlagOptionParser (line 77) | class PyFlagOptionParser(optparse.OptionParser): method _process_args (line 81) | def _process_args(self, largs, rargs, values): method error (line 88) | def error(self, msg): method print_help (line 96) | def print_help(self, file = sys.stdout): class ConfObject (line 102) | class ConfObject(object): method __init__ (line 157) | def __init__(self): method set_usage (line 165) | def set_usage(self, usage = None, version = None): method add_file (line 172) | def add_file(self, filename, _type = 'init'): method print_help (line 202) | def print_help(self): method add_help_hook (line 205) | def add_help_hook(self, cb): method set_help_hook (line 209) | def set_help_hook(self, cb): method parse_options (line 212) | def parse_options(self, final = True): method remove_option (line 272) | def remove_option(self, option): method add_option (line 309) | def add_option(self, option, short_option = None, method update (line 376) | def update(self, key, value): method get_value (line 380) | def get_value(self, key): method __getattr__ (line 383) | def __getattr__(self, attr): class DummyConfig (line 443) | class DummyConfig(ConfObject): FILE: volatility/debug.py function setup (line 37) | def setup(level = 0): function debug (line 46) | def debug(msg, level = 1): function info (line 50) | def info(msg): function warning (line 54) | def warning(msg): function error (line 58) | def error(msg): function critical (line 62) | def critical(msg): function log (line 66) | def log(msg, level): function _log (line 81) | def _log(msg, facility, loglevel): function b (line 86) | def b(level = 1): function post_mortem (line 93) | def post_mortem(level = 1): FILE: volatility/dwarf.py class DWARFParser (line 23) | class DWARFParser(object): method __init__ (line 56) | def __init__(self, data = None): method resolve (line 74) | def resolve(self, memb): method resolve_refs (line 91) | def resolve_refs(self): method deep_replace (line 99) | def deep_replace(self, t, search, repl): method get_deepest (line 109) | def get_deepest(self, t): method base_type_name (line 123) | def base_type_name(self, data): method feed_line (line 134) | def feed_line(self, line): method process_statement (line 165) | def process_statement(self, kind, level, data, statement_id): method process_variable (line 324) | def process_variable(self, data): method finalize (line 332) | def finalize(self): method print_output (line 376) | def print_output(self): FILE: volatility/exceptions.py class VolatilityException (line 19) | class VolatilityException(Exception): method __init__ (line 21) | def __init__(self, *args, **kwargs): class AddrSpaceError (line 24) | class AddrSpaceError(VolatilityException): method __init__ (line 26) | def __init__(self): method append_reason (line 30) | def append_reason(self, driver, reason): method __str__ (line 33) | def __str__(self): class CacheRelativeURLException (line 40) | class CacheRelativeURLException(VolatilityException): class SanityCheckException (line 43) | class SanityCheckException(VolatilityException): FILE: volatility/fmtspec.py class FormatSpec (line 21) | class FormatSpec(object): method __init__ (line 22) | def __init__(self, string = '', **kwargs): method from_specs (line 37) | def from_specs(self, fill = None, align = None, sign = None, altform =... method from_string (line 54) | def from_string(self, formatspec): method to_string (line 87) | def to_string(self): method __str__ (line 104) | def __str__(self): method __repr__ (line 107) | def __repr__(self): FILE: volatility/obj.py class classproperty (line 50) | class classproperty(property): method __get__ (line 51) | def __get__(self, cls, owner): function get_bt_string (line 55) | def get_bt_string(_e = None): class NoneObject (line 58) | class NoneObject(object): method __init__ (line 64) | def __init__(self, reason = '', strict = False): method __str__ (line 72) | def __str__(self): method write (line 82) | def write(self, data): method __repr__ (line 86) | def __repr__(self): method __iter__ (line 90) | def __iter__(self): method __len__ (line 93) | def __len__(self): method __format__ (line 96) | def __format__(self, formatspec): method next (line 100) | def next(self): method __getattr__ (line 103) | def __getattr__(self, attr): method __bool__ (line 109) | def __bool__(self): method __nonzero__ (line 112) | def __nonzero__(self): method __eq__ (line 115) | def __eq__(self, other): method __ne__ (line 118) | def __ne__(self, other): method __getitem__ (line 122) | def __getitem__(self, item): method __call__ (line 125) | def __call__(self, *arg, **kwargs): method __int__ (line 128) | def __int__(self): class InvalidOffsetError (line 161) | class InvalidOffsetError(exceptions.VolatilityException): function Object (line 165) | def Object(theType, offset, vm, name = None, **kwargs): class BaseObject (line 186) | class BaseObject(object): method __init__ (line 191) | def __init__(self, theType, offset, vm, native_vm = None, parent = Non... method obj_type (line 203) | def obj_type(self): method obj_vm (line 207) | def obj_vm(self): method obj_offset (line 211) | def obj_offset(self): method obj_parent (line 215) | def obj_parent(self): method obj_name (line 219) | def obj_name(self): method obj_native_vm (line 223) | def obj_native_vm(self): method set_native_vm (line 226) | def set_native_vm(self, native_vm): method rebase (line 230) | def rebase(self, offset): method proxied (line 234) | def proxied(self, attr): method newattr (line 237) | def newattr(self, attr, value): method write (line 241) | def write(self, value): method __getattr__ (line 245) | def __getattr__(self, attr): method __setattr__ (line 257) | def __setattr__(self, attr, value): method __nonzero__ (line 263) | def __nonzero__(self): method __eq__ (line 285) | def __eq__(self, other): method __ne__ (line 289) | def __ne__(self, other): method __hash__ (line 292) | def __hash__(self): method m (line 296) | def m(self, memname): method is_valid (line 299) | def is_valid(self): method dereference (line 302) | def dereference(self): method dereference_as (line 305) | def dereference_as(self, derefType, **kwargs): method cast (line 313) | def cast(self, castString): method v (line 316) | def v(self): method __format__ (line 321) | def __format__(self, formatspec): method __str__ (line 324) | def __str__(self): method __repr__ (line 327) | def __repr__(self): method d (line 331) | def d(self): method __getstate__ (line 335) | def __getstate__(self): method __setstate__ (line 361) | def __setstate__(self, state): function CreateMixIn (line 375) | def CreateMixIn(mixin): class NumericProxyMixIn (line 400) | class NumericProxyMixIn(object): class NativeType (line 422) | class NativeType(BaseObject, NumericProxyMixIn): method __init__ (line 423) | def __init__(self, theType, offset, vm, format_string = None, **kwargs): method write (line 428) | def write(self, data): method proxied (line 433) | def proxied(self, attr): method size (line 436) | def size(self): method v (line 439) | def v(self): method cdecl (line 457) | def cdecl(self): method __repr__ (line 460) | def __repr__(self): method d (line 463) | def d(self): class BitField (line 467) | class BitField(NativeType): method __init__ (line 469) | def __init__(self, theType, offset, vm, start_bit = 0, end_bit = 32, n... method v (line 477) | def v(self): method write (line 481) | def write(self, data): class Pointer (line 486) | class Pointer(NativeType): method __init__ (line 487) | def __init__(self, theType, offset, vm, target = None, **kwargs): method __getstate__ (line 500) | def __getstate__(self): method is_valid (line 504) | def is_valid(self): method dereference (line 508) | def dereference(self): method cdecl (line 521) | def cdecl(self): method __nonzero__ (line 524) | def __nonzero__(self): method __repr__ (line 527) | def __repr__(self): method d (line 531) | def d(self): method __getattr__ (line 535) | def __getattr__(self, attr): method m (line 543) | def m(self, memname): class Pointer32 (line 548) | class Pointer32(Pointer): method __init__ (line 549) | def __init__(self, theType, offset, vm, target = None, **kwargs): class Void (line 559) | class Void(NativeType): method __init__ (line 560) | def __init__(self, theType, offset, vm, **kwargs): method cdecl (line 566) | def cdecl(self): method __repr__ (line 569) | def __repr__(self): method d (line 572) | def d(self): method __nonzero__ (line 575) | def __nonzero__(self): class Array (line 578) | class Array(BaseObject): method __init__ (line 580) | def __init__(self, theType, offset, vm, parent = None, method __getstate__ (line 603) | def __getstate__(self): method size (line 607) | def size(self): method __iter__ (line 610) | def __iter__(self): method __repr__ (line 626) | def __repr__(self): method d (line 630) | def d(self): method __eq__ (line 634) | def __eq__(self, other): method __getitem__ (line 648) | def __getitem__(self, pos): method __setitem__ (line 675) | def __setitem__(self, pos, value): class CType (line 681) | class CType(BaseObject): method __init__ (line 683) | def __init__(self, theType, offset, vm, name = None, members = None, s... method size (line 698) | def size(self): method __repr__ (line 701) | def __repr__(self): method d (line 704) | def d(self): method v (line 711) | def v(self): method m (line 719) | def m(self, attr): method __getattr__ (line 750) | def __getattr__(self, attr): method __setattr__ (line 753) | def __setattr__(self, attr, value): class VolatilityMagic (line 769) | class VolatilityMagic(BaseObject): method __init__ (line 775) | def __init__(self, theType, offset, vm, value = None, configname = Non... method v (line 790) | def v(self): method __str__ (line 799) | def __str__(self): method get_suggestions (line 802) | def get_suggestions(self): method generate_suggestions (line 816) | def generate_suggestions(self): method get_best_suggestion (line 819) | def get_best_suggestion(self): function VolMagic (line 826) | def VolMagic(vm): class Profile (line 841) | class Profile(object): method __init__ (line 846) | def __init__(self, strict = False): method applied_modifications (line 865) | def applied_modifications(self): method clear (line 868) | def clear(self): method reset (line 883) | def reset(self): method load_vtypes (line 894) | def load_vtypes(self): method load_modifications (line 914) | def load_modifications(self): method compile (line 946) | def compile(self): method metadata (line 971) | def metadata(self): method _get_subclasses (line 980) | def _get_subclasses(self, cls): method _get_dummy_obj (line 987) | def _get_dummy_obj(self, name): method has_type (line 1008) | def has_type(self, theType): method get_obj_offset (line 1012) | def get_obj_offset(self, name, member): method get_obj_size (line 1019) | def get_obj_size(self, name): method obj_has_member (line 1024) | def obj_has_member(self, name, member): method merge_overlay (line 1029) | def merge_overlay(self, overlay): method add_types (line 1037) | def add_types(self, vtypes, overlay = None): method apply_overlay (line 1045) | def apply_overlay(self, *args, **kwargs): method _apply_overlay (line 1050) | def _apply_overlay(self, type_member, overlay): method _resolve_mod_dependencies (line 1091) | def _resolve_mod_dependencies(self, mods): method _list_to_type (line 1137) | def _list_to_type(self, name, typeList, typeDict = None): method _convert_members (line 1208) | def _convert_members(self, cname): class ProfileModification (line 1247) | class ProfileModification(object): method check (line 1253) | def check(self, profile): method dependencies (line 1260) | def dependencies(self, profile): method modification (line 1266) | def modification(self, profile): FILE: volatility/plugins/addrspaces/amd64.py class AMD64PagedMemory (line 36) | class AMD64PagedMemory(paged.AbstractWritablePagedMemory): method entry_present (line 70) | def entry_present(self, entry): method page_size_flag (line 73) | def page_size_flag(self, entry): method is_user_page (line 78) | def is_user_page(self, entry): method is_supervisor_page (line 81) | def is_supervisor_page(self, entry): method is_writeable (line 84) | def is_writeable(self, entry): method is_dirty (line 87) | def is_dirty(self, entry): method is_nx (line 90) | def is_nx(self, entry): method is_accessed (line 93) | def is_accessed(self, entry): method is_copyonwrite (line 96) | def is_copyonwrite(self, entry): method is_prototype (line 99) | def is_prototype(self, entry): method get_2MB_paddr (line 102) | def get_2MB_paddr(self, vaddr, pgd_entry): method is_valid_profile (line 106) | def is_valid_profile(self, profile): method pml4e_index (line 113) | def pml4e_index(self, vaddr): method get_pml4e (line 121) | def get_pml4e(self, vaddr): method get_pdpi (line 134) | def get_pdpi(self, vaddr, pml4e): method get_1GB_paddr (line 147) | def get_1GB_paddr(self, vaddr, pdpte): method pde_index (line 157) | def pde_index(self, vaddr): method pdba_base (line 160) | def pdba_base(self, pdpe): method get_pgd (line 163) | def get_pgd(self, vaddr, pdpe): method pte_index (line 167) | def pte_index(self, vaddr): method ptba_base (line 170) | def ptba_base(self, pde): method get_pte (line 173) | def get_pte(self, vaddr, pgd): method pte_pfn (line 177) | def pte_pfn(self, pte): method get_paddr (line 180) | def get_paddr(self, vaddr, pte): method vtop (line 183) | def vtop(self, vaddr): method read_long_long_phys (line 213) | def read_long_long_phys(self, addr): method get_available_pages (line 231) | def get_available_pages(self, with_pte = False): method address_mask (line 315) | def address_mask(cls, addr): class WindowsAMD64PagedMemory (line 318) | class WindowsAMD64PagedMemory(AMD64PagedMemory): method is_valid_profile (line 326) | def is_valid_profile(self, profile): method entry_present (line 335) | def entry_present(self, entry): class SkipDuplicatesAMD64PagedMemory (line 342) | class SkipDuplicatesAMD64PagedMemory(WindowsAMD64PagedMemory): method is_valid_profile (line 351) | def is_valid_profile(self, profile): class LinuxAMD64PagedMemory (line 362) | class LinuxAMD64PagedMemory(AMD64PagedMemory): method is_valid_profile (line 370) | def is_valid_profile(self, profile): method entry_present (line 379) | def entry_present(self, entry): FILE: volatility/plugins/addrspaces/arm.py class ArmAddressSpace (line 28) | class ArmAddressSpace(paged.AbstractWritablePagedMemory): method read_long_phys (line 39) | def read_long_phys(self, addr): method page_table_present (line 53) | def page_table_present(self, entry): method pde_index (line 59) | def pde_index(self, vaddr): method pde_value (line 63) | def pde_value(self, vaddr): method pde2_index (line 67) | def pde2_index(self, vaddr): method pde2_value (line 71) | def pde2_value(self, vaddr, pde): method pde2_index_fine (line 75) | def pde2_index_fine(self, vaddr): method pde2_value_fine (line 79) | def pde2_value_fine(self, vaddr, pde): method get_pte (line 83) | def get_pte(self, vaddr, pde_value): method vtop (line 147) | def vtop(self, vaddr): method get_available_pages (line 165) | def get_available_pages(self): FILE: volatility/plugins/addrspaces/crash.py class WindowsCrashDumpSpace32 (line 33) | class WindowsCrashDumpSpace32(addrspace.AbstractRunBasedMemory): method __init__ (line 41) | def __init__(self, base, config, **kwargs): method get_header (line 64) | def get_header(self): method get_base (line 67) | def get_base(self): method read_long (line 70) | def read_long(self, addr): method get_available_addresses (line 78) | def get_available_addresses(self): method close (line 83) | def close(self): class WindowsCrashDumpSpace64 (line 86) | class WindowsCrashDumpSpace64(WindowsCrashDumpSpace32): FILE: volatility/plugins/addrspaces/crashbmp.py class BitmapDmpVTypes (line 29) | class BitmapDmpVTypes(obj.ProfileModification): method modification (line 34) | def modification(self, profile): class WindowsCrashDumpSpace64BitMap (line 49) | class WindowsCrashDumpSpace64BitMap(crash.WindowsCrashDumpSpace32): method __init__ (line 57) | def __init__(self, base, config, **kwargs): FILE: volatility/plugins/addrspaces/elfcoredump.py class DBGFCOREDESCRIPTOR (line 42) | class DBGFCOREDESCRIPTOR(obj.CType): method Major (line 46) | def Major(self): method Minor (line 50) | def Minor(self): method Build (line 54) | def Build(self): class VirtualBoxModification (line 57) | class VirtualBoxModification(obj.ProfileModification): method modification (line 58) | def modification(self, profile): class VirtualBoxCoreDumpElf64 (line 70) | class VirtualBoxCoreDumpElf64(addrspace.AbstractRunBasedMemory): method __init__ (line 75) | def __init__(self, base, config, **kwargs): method check_note (line 120) | def check_note(self, note): method validate (line 126) | def validate(self): class QemuCoreDumpElf (line 132) | class QemuCoreDumpElf(VirtualBoxCoreDumpElf64): method check_note (line 135) | def check_note(self, note): method validate (line 143) | def validate(self): FILE: volatility/plugins/addrspaces/hibernate.py class Store (line 38) | class Store(object): method __init__ (line 39) | def __init__(self, limit = 50): method put (line 45) | def put(self, key, item): method get (line 55) | def get(self, key): class WindowsHiberFileSpace32 (line 58) | class WindowsHiberFileSpace32(addrspace.BaseAddressSpace): method __init__ (line 68) | def __init__(self, base, config, **kwargs): method _get_first_table_page (line 111) | def _get_first_table_page(self): method build_page_cache (line 119) | def build_page_cache(self): method next_xpress (line 183) | def next_xpress(self, XpressHeader, XpressBlockSize): method get_xpress_block_size (line 208) | def get_xpress_block_size(self, xpress_header): method get_header (line 221) | def get_header(self): method get_base (line 224) | def get_base(self): method is_paging (line 227) | def is_paging(self): method is_pse (line 230) | def is_pse(self): method is_pae (line 233) | def is_pae(self): method get_addr (line 236) | def get_addr(self, addr): method get_block_offset (line 243) | def get_block_offset(self, _xb, addr): method is_valid_address (line 250) | def is_valid_address(self, addr): method read_xpress (line 254) | def read_xpress(self, baddr, BlockSize): method _partial_read (line 268) | def _partial_read(self, addr, len): method read (line 293) | def read(self, addr, length, zread = False): method zread (line 311) | def zread(self, addr, length): method read_long (line 315) | def read_long(self, addr): method get_available_pages (line 323) | def get_available_pages(self): method get_address_range (line 330) | def get_address_range(self): method check_address_range (line 335) | def check_address_range(self, addr): method get_available_addresses (line 340) | def get_available_addresses(self): method close (line 345) | def close(self): FILE: volatility/plugins/addrspaces/hpak.py class HPAKVTypes (line 24) | class HPAKVTypes(obj.ProfileModification): method modification (line 25) | def modification(self, profile): class HPAK_HEADER (line 42) | class HPAK_HEADER(obj.CType): method Sections (line 45) | def Sections(self): class HPAKAddressSpace (line 57) | class HPAKAddressSpace(standard.FileAddressSpace): method __init__ (line 62) | def __init__(self, base, config, **kwargs): method read (line 82) | def read(self, addr, length): method zread (line 85) | def zread(self, addr, length): method is_valid_address (line 88) | def is_valid_address(self, addr): method get_header (line 91) | def get_header(self): method convert_to_raw (line 94) | def convert_to_raw(self, outfd): FILE: volatility/plugins/addrspaces/ieee1394.py function FirewireRW (line 33) | def FirewireRW(netloc, location): class FWRaw1394 (line 38) | class FWRaw1394(object): method __init__ (line 39) | def __init__(self, location): method is_valid (line 45) | def is_valid(self): method read (line 58) | def read(self, addr, length): method write (line 62) | def write(self, addr, buf): class FWForensic1394 (line 66) | class FWForensic1394(object): method __init__ (line 67) | def __init__(self, location): method is_valid (line 76) | def is_valid(self): method read (line 93) | def read(self, addr, length): method write (line 97) | def write(self, addr, buf): class FirewireAddressSpace (line 101) | class FirewireAddressSpace(addrspace.BaseAddressSpace): method __init__ (line 106) | def __init__(self, base, config, **kargs): method intervals (line 135) | def intervals(self, start, size): method _intervals (line 139) | def _intervals(self, exclusions, start, end, accumulator): method read (line 172) | def read(self, offset, length): method zread (line 194) | def zread(self, offset, length): method write (line 200) | def write(self, offset, data): method get_address_range (line 215) | def get_address_range(self): method get_available_addresses (line 219) | def get_available_addresses(self): FILE: volatility/plugins/addrspaces/intel.py class IA32PagedMemory (line 45) | class IA32PagedMemory(paged.AbstractWritablePagedMemory): method __init__ (line 79) | def __init__(self, base, config, dtb = 0, skip_as_check = False, *args... method is_valid_profile (line 85) | def is_valid_profile(self, profile): method entry_present (line 88) | def entry_present(self, entry): method page_size_flag (line 107) | def page_size_flag(self, entry): method is_user_page (line 112) | def is_user_page(self, entry): method is_supervisor_page (line 115) | def is_supervisor_page(self, entry): method is_writeable (line 118) | def is_writeable(self, entry): method is_dirty (line 121) | def is_dirty(self, entry): method is_nx (line 124) | def is_nx(self, entry): method is_accessed (line 127) | def is_accessed(self, entry): method is_copyonwrite (line 130) | def is_copyonwrite(self, entry): method is_prototype (line 133) | def is_prototype(self, entry): method pgd_index (line 136) | def pgd_index(self, pgd): method get_pgd (line 139) | def get_pgd(self, vaddr): method pte_pfn (line 143) | def pte_pfn(self, pte): method pte_index (line 146) | def pte_index(self, pte): method get_pte (line 149) | def get_pte(self, vaddr, pgd): method get_paddr (line 154) | def get_paddr(self, vaddr, pte): method get_four_meg_paddr (line 157) | def get_four_meg_paddr(self, vaddr, pgd_entry): method vtop (line 160) | def vtop(self, vaddr): method read_long_phys (line 174) | def read_long_phys(self, addr): method get_available_pages (line 184) | def get_available_pages(self, with_pte = False): class IA32PagedMemoryPae (line 206) | class IA32PagedMemoryPae(IA32PagedMemory): method get_pdptb (line 231) | def get_pdptb(self, pdpr): method pdpi_index (line 234) | def pdpi_index(self, pdpi): method get_pdpi (line 237) | def get_pdpi(self, vaddr): method pde_index (line 241) | def pde_index(self, vaddr): method pdba_base (line 244) | def pdba_base(self, pdpe): method get_pgd (line 247) | def get_pgd(self, vaddr, pdpe): method pte_pfn (line 251) | def pte_pfn(self, pte): method pte_index (line 254) | def pte_index(self, vaddr): method ptba_base (line 257) | def ptba_base(self, pde): method get_pte (line 260) | def get_pte(self, vaddr, pgd): method get_paddr (line 264) | def get_paddr(self, vaddr, pte): method get_large_paddr (line 267) | def get_large_paddr(self, vaddr, pgd_entry): method vtop (line 270) | def vtop(self, vaddr): method _read_long_long_phys (line 288) | def _read_long_long_phys(self, addr): method get_available_pages (line 301) | def get_available_pages(self, with_pte = False): FILE: volatility/plugins/addrspaces/lime.py class LimeTypes (line 27) | class LimeTypes(obj.ProfileModification): method modification (line 29) | def modification(self, profile): class LimeAddressSpace (line 41) | class LimeAddressSpace(addrspace.AbstractRunBasedMemory): method __init__ (line 47) | def __init__(self, base, config, *args, **kwargs): method parse_lime (line 64) | def parse_lime(self): FILE: volatility/plugins/addrspaces/macho.py class MachOAddressSpace (line 27) | class MachOAddressSpace(addrspace.AbstractRunBasedMemory): method __init__ (line 38) | def __init__(self, base, config, *args, **kwargs): method get_object_name (line 59) | def get_object_name(self, object): method get_available_addresses (line 65) | def get_available_addresses(self): method get_header (line 69) | def get_header(self): method parse_macho (line 72) | def parse_macho(self): FILE: volatility/plugins/addrspaces/osxpmemelf.py class OSXPmemELF (line 36) | class OSXPmemELF(addrspace.AbstractRunBasedMemory): method __init__ (line 41) | def __init__(self, base, config, **kwargs): FILE: volatility/plugins/addrspaces/paged.py class AbstractPagedMemory (line 24) | class AbstractPagedMemory(addrspace.AbstractVirtualAddressSpace): method __init__ (line 31) | def __init__(self, base, config, dtb = 0, skip_as_check = False, *args... method is_user_page (line 56) | def is_user_page(self, entry): method is_supervisor_page (line 60) | def is_supervisor_page(self, entry): method is_writeable (line 64) | def is_writeable(self, entry): method is_dirty (line 68) | def is_dirty(self, entry): method is_nx (line 72) | def is_nx(self, entry): method is_accessed (line 76) | def is_accessed(self, entry): method is_copyonwrite (line 80) | def is_copyonwrite(self, entry): method is_prototype (line 84) | def is_prototype(self, entry): method load_dtb (line 88) | def load_dtb(self): method __getstate__ (line 107) | def __getstate__(self): method register_options (line 114) | def register_options(config): method vtop (line 118) | def vtop(self, addr): method get_available_pages (line 122) | def get_available_pages(self): method get_available_allocs (line 126) | def get_available_allocs(self): method get_available_addresses (line 129) | def get_available_addresses(self): method is_valid_address (line 148) | def is_valid_address(self, vaddr): class AbstractWritablePagedMemory (line 160) | class AbstractWritablePagedMemory(AbstractPagedMemory): method write (line 166) | def write(self, vaddr, buf): FILE: volatility/plugins/addrspaces/standard.py function write_callback (line 35) | def write_callback(option, _opt_str, _value, parser, *_args, **_kwargs): class FileAddressSpace (line 57) | class FileAddressSpace(addrspace.BaseAddressSpace): method __init__ (line 71) | def __init__(self, base, config, layered = False, **kwargs): method register_options (line 90) | def register_options(config): method fread (line 94) | def fread(self, length): method read (line 98) | def read(self, addr, length): method zread (line 109) | def zread(self, addr, length): method read_long (line 117) | def read_long(self, addr): method get_available_addresses (line 122) | def get_available_addresses(self): method is_valid_address (line 127) | def is_valid_address(self, addr): method close (line 132) | def close(self): method write (line 135) | def write(self, addr, data): method __eq__ (line 145) | def __eq__(self, other): FILE: volatility/plugins/addrspaces/vmem.py class VMWareMetaAddressSpace (line 32) | class VMWareMetaAddressSpace(addrspace.AbstractRunBasedMemory): method __init__ (line 39) | def __init__(self, base, config, **kwargs): FILE: volatility/plugins/addrspaces/vmware.py class _VMWARE_HEADER (line 32) | class _VMWARE_HEADER(obj.CType): method Version (line 36) | def Version(self): class _VMWARE_GROUP (line 40) | class _VMWARE_GROUP(obj.CType): method _get_header (line 43) | def _get_header(self): method Tags (line 53) | def Tags(self): class _VMWARE_TAG (line 66) | class _VMWARE_TAG(obj.CType): method _size_type (line 69) | def _size_type(self): method OriginalDataOffset (line 81) | def OriginalDataOffset(self): method RealDataOffset (line 87) | def RealDataOffset(self): method OriginalDataSize (line 102) | def OriginalDataSize(self): method DataDiskSize (line 106) | def DataDiskSize(self): method DataMemSize (line 117) | def DataMemSize(self): method cast_as (line 128) | def cast_as(self, cast_type): class VMwareVTypesModification (line 134) | class VMwareVTypesModification(obj.ProfileModification): method modification (line 137) | def modification(self, profile): class VMWareAddressSpace (line 161) | class VMWareAddressSpace(addrspace.AbstractRunBasedMemory): method __init__ (line 167) | def __init__(self, base, config, **kwargs): method get_tag (line 227) | def get_tag(header, grp_name, tag_name, indices = None, data_type = No... FILE: volatility/plugins/bigpagepools.py class PoolTrackTypeOverlay (line 30) | class PoolTrackTypeOverlay(obj.ProfileModification): method modification (line 42) | def modification(self, profile): class BigPageTableMagic (line 63) | class BigPageTableMagic(obj.ProfileModification): method modification (line 68) | def modification(self, profile): class BigPageTable (line 104) | class BigPageTable(obj.VolatilityMagic): method __init__ (line 107) | def __init__(self, *args, **kwargs): method generate_suggestions (line 116) | def generate_suggestions(self): class BigPagePoolScanner (line 148) | class BigPagePoolScanner(object): method __init__ (line 151) | def __init__(self, kernel_space): method scan (line 154) | def scan(self, tags = []): class BigPools (line 179) | class BigPools(common.AbstractWindowsCommand): method __init__ (line 182) | def __init__(self, config, *args, **kwargs): method calculate (line 186) | def calculate(self): method unified_output (line 198) | def unified_output(self, data): method generator (line 205) | def generator(self, data): method render_text (line 220) | def render_text(self, outfd, data): FILE: volatility/plugins/bioskbd.py class BiosKbd (line 31) | class BiosKbd(common.AbstractWindowsCommand): method unified_output (line 39) | def unified_output(self, data): method generator (line 45) | def generator(self, data): method render_text (line 50) | def render_text(self, outfd, data): method format_char (line 56) | def format_char(self, c): method calculate (line 62) | def calculate(self): FILE: volatility/plugins/cmdline.py class Cmdline (line 23) | class Cmdline(taskmods.DllList): method __init__ (line 25) | def __init__(self, config, *args, **kwargs): method unified_output (line 32) | def unified_output(self, data): method generator (line 39) | def generator(self, data): method render_text (line 52) | def render_text(self, outfd, data): FILE: volatility/plugins/common.py class AbstractWindowsCommand (line 30) | class AbstractWindowsCommand(commands.Command): method is_valid_profile (line 32) | def is_valid_profile(profile): class AbstractScanCommand (line 35) | class AbstractScanCommand(AbstractWindowsCommand): method __init__ (line 43) | def __init__(self, config, *args, **kwargs): method calculate (line 58) | def calculate(self): method offset_column (line 64) | def offset_column(self): method scan_results (line 67) | def scan_results(self, addr_space): function pool_align (line 81) | def pool_align(vm, object_name, align): FILE: volatility/plugins/connections.py class Connections (line 32) | class Connections(common.AbstractWindowsCommand): method __init__ (line 44) | def __init__(self, config, *args, **kwargs): method is_valid_profile (line 51) | def is_valid_profile(profile): method unified_output (line 55) | def unified_output(self, data): method generator (line 63) | def generator(self, data): method render_text (line 73) | def render_text(self, outfd, data): method calculate (line 92) | def calculate(self): FILE: volatility/plugins/connscan.py class PoolScanConn (line 37) | class PoolScanConn(poolscan.PoolScanner): method __init__ (line 40) | def __init__(self, address_space): class ConnScan (line 51) | class ConnScan(common.AbstractScanCommand): method is_valid_profile (line 67) | def is_valid_profile(profile): method render_text (line 71) | def render_text(self, outfd, data): method unified_output (line 87) | def unified_output(self, data): method generator (line 94) | def generator(self, data): FILE: volatility/plugins/crashinfo.py class _DMP_HEADER (line 29) | class _DMP_HEADER(obj.CType): method SystemUpTime (line 33) | def SystemUpTime(self): class CrashInfoModification (line 46) | class CrashInfoModification(obj.ProfileModification): method modification (line 53) | def modification(self, profile): class CrashInfo (line 71) | class CrashInfo(common.AbstractWindowsCommand): method calculate (line 77) | def calculate(self): method unified_output (line 93) | def unified_output(self, data): method generator (line 117) | def generator(self, data): method render_text (line 145) | def render_text(self, outfd, data): FILE: volatility/plugins/dlldump.py class DLLDump (line 34) | class DLLDump(procdump.ProcDump): method __init__ (line 37) | def __init__(self, config, *args, **kwargs): method calculate (line 54) | def calculate(self): method generator (line 96) | def generator(self, data): method unified_output (line 111) | def unified_output(self, data): method render_text (line 120) | def render_text(self, outfd, data): FILE: volatility/plugins/drivermodule.py class drivermodule (line 30) | class drivermodule(common.AbstractWindowsCommand): method __init__ (line 33) | def __init__(self, config, *args, **kwargs): method calculate (line 39) | def calculate(self): method generator (line 83) | def generator(self, data): method unified_output (line 88) | def unified_output(self, data): method render_text (line 95) | def render_text(self, outfd, data): FILE: volatility/plugins/dumpcerts.py class _X509_PUBLIC_CERT (line 46) | class _X509_PUBLIC_CERT(obj.CType): method Size (line 50) | def Size(self): method object_as_string (line 57) | def object_as_string(self): method is_valid (line 64) | def is_valid(self): method as_openssl (line 75) | def as_openssl(self, file_name): class _PKCS_PRIVATE_CERT (line 92) | class _PKCS_PRIVATE_CERT(_X509_PUBLIC_CERT): method as_openssl (line 95) | def as_openssl(self, file_name): class SSLKeyModification (line 102) | class SSLKeyModification(obj.ProfileModification): method modification (line 107) | def modification(self, profile): class DumpCerts (line 126) | class DumpCerts(procdump.ProcDump): method __init__ (line 143) | def __init__(self, config, *args, **kwargs): method calculate (line 155) | def calculate(self): method get_parsed_fields (line 188) | def get_parsed_fields(self, openssl, fields = ["O", "OU"]): method unified_output (line 214) | def unified_output(self, data): method generator (line 225) | def generator(self, data): method render_text (line 258) | def render_text(self, outfd, data): FILE: volatility/plugins/dumpfiles.py class _CONTROL_AREA (line 53) | class _CONTROL_AREA(obj.CType): method extract_ca_file (line 55) | def extract_ca_file(self, unsafe = False): class _SHARED_CACHE_MAP (line 297) | class _SHARED_CACHE_MAP(obj.CType): method is_valid (line 299) | def is_valid(self): method process_index_array (line 320) | def process_index_array(self, array_pointer, level, limit, vacbary = N... method extract_vacb (line 366) | def extract_vacb(self, vacbs, size): method extract_scm_file (line 419) | def extract_scm_file(self): class ControlAreaModification (line 569) | class ControlAreaModification(obj.ProfileModification): method modification (line 572) | def modification(self, profile): class DumpFilesVTypesx86 (line 650) | class DumpFilesVTypesx86(obj.ProfileModification): method modification (line 656) | def modification(self, profile): class DumpFiles (line 659) | class DumpFiles(common.AbstractWindowsCommand): method __init__ (line 662) | def __init__(self, config, *args, **kwargs): method filter_tasks (line 701) | def filter_tasks(self, tasks): method audited_read_bytes (line 717) | def audited_read_bytes(self, vm, vaddr, length, pad): method calculate (line 766) | def calculate(self): method unified_output (line 1026) | def unified_output(self, data): method generator (line 1035) | def generator(self, data): method render_text (line 1157) | def render_text(self, outfd, data): FILE: volatility/plugins/envars.py class Envars (line 26) | class Envars(taskmods.DllList): method __init__ (line 29) | def __init__(self, config, *args, **kwargs): method _get_silent_vars (line 36) | def _get_silent_vars(self): method unified_output (line 87) | def unified_output(self, data): method generator (line 95) | def generator(self, data): method render_text (line 110) | def render_text(self, outfd, data): FILE: volatility/plugins/evtlogs.py class EVTObjectTypes (line 75) | class EVTObjectTypes(obj.ProfileModification): method modification (line 80) | def modification(self, profile): class EvtLogs (line 83) | class EvtLogs(common.AbstractWindowsCommand): method __init__ (line 85) | def __init__(self, config, *args, **kwargs): method is_valid_profile (line 98) | def is_valid_profile(profile): method load_user_sids (line 103) | def load_user_sids(self): method get_sid_string (line 114) | def get_sid_string(self, data): method calculate (line 141) | def calculate(self): method parse_evt_info (line 173) | def parse_evt_info(self, name, buf, rawtime = False): method unified_output (line 248) | def unified_output(self, data): method generator (line 258) | def generator(self, data): method render_text (line 277) | def render_text(self, outfd, data): FILE: volatility/plugins/fileparam.py function set_location (line 32) | def set_location(_option, _opt_str, value, parser): FILE: volatility/plugins/filescan.py class PoolScanFile (line 35) | class PoolScanFile(poolscan.PoolScanner): method __init__ (line 38) | def __init__(self, address_space): class FileScan (line 52) | class FileScan(common.AbstractScanCommand): method render_text (line 67) | def render_text(self, outfd, data): method unified_output (line 84) | def unified_output(self, data): method generator (line 92) | def generator(self, data): class PoolScanDriver (line 102) | class PoolScanDriver(poolscan.PoolScanner): method __init__ (line 105) | def __init__(self, address_space): class DriverScan (line 122) | class DriverScan(common.AbstractScanCommand): method unified_output (line 127) | def unified_output(self, data): method generator (line 138) | def generator(self, data): method render_text (line 150) | def render_text(self, outfd, data): class PoolScanSymlink (line 174) | class PoolScanSymlink(poolscan.PoolScanner): method __init__ (line 177) | def __init__(self, address_space): class SymLinkScan (line 190) | class SymLinkScan(common.AbstractScanCommand): method unified_output (line 195) | def unified_output(self, data): method generator (line 204) | def generator(self, data): method render_text (line 215) | def render_text(self, outfd, data): class PoolScanMutant (line 235) | class PoolScanMutant(poolscan.PoolScanner): method __init__ (line 238) | def __init__(self, address_space, **kwargs): class MutantScan (line 252) | class MutantScan(common.AbstractScanCommand): method __init__ (line 257) | def __init__(self, config, *args, **kwargs): method unified_output (line 263) | def unified_output(self, data): method generator (line 273) | def generator(self, data): method render_text (line 293) | def render_text(self, outfd, data): class PoolScanProcess (line 323) | class PoolScanProcess(poolscan.PoolScanner): method __init__ (line 326) | def __init__(self, address_space, **kwargs): class PSScan (line 342) | class PSScan(common.AbstractScanCommand): method calculate (line 357) | def calculate(self): method render_dot (line 370) | def render_dot(self, outfd, data): method unified_output (line 398) | def unified_output(self, data): method generator (line 408) | def generator(self, data): method render_text (line 418) | def render_text(self, outfd, data): FILE: volatility/plugins/getservicesids.py function createservicesid (line 502) | def createservicesid(svc): class GetServiceSids (line 513) | class GetServiceSids(common.AbstractWindowsCommand): method calculate (line 516) | def calculate(self): method unified_output (line 540) | def unified_output(self, data): method generator (line 545) | def generator(self, data): method render_text (line 551) | def render_text(self, outfd, data): FILE: volatility/plugins/getsids.py function find_sid_re (line 40) | def find_sid_re(sid_string, sid_re_list): class GetSIDs (line 158) | class GetSIDs(taskmods.DllList): method lookup_user_sids (line 172) | def lookup_user_sids(self): method unified_output (line 192) | def unified_output(self, data): method render_text (line 233) | def render_text(self, outfd, data): FILE: volatility/plugins/gui/atoms.py class PoolScanAtom (line 29) | class PoolScanAtom(poolscan.PoolScanner): method __init__ (line 32) | def __init__(self, address_space): class AtomScan (line 61) | class AtomScan(common.AbstractScanCommand): method __init__ (line 66) | def __init__(self, config, *args, **kwargs): method render_text (line 74) | def render_text(self, outfd, data): method unified_output (line 109) | def unified_output(self, data): method generator (line 120) | def generator(self, data): class Atoms (line 146) | class Atoms(common.AbstractWindowsCommand): method calculate (line 149) | def calculate(self): method unified_output (line 175) | def unified_output(self, data): method generator (line 188) | def generator(self, data): method render_text (line 207) | def render_text(self, outfd, data): FILE: volatility/plugins/gui/clipboard.py class Clipboard (line 31) | class Clipboard(common.AbstractWindowsCommand, sessions.SessionsMixin): method calculate (line 34) | def calculate(self): method unified_output (line 98) | def unified_output(self, data): method generator (line 107) | def generator(self, data): method render_text (line 144) | def render_text(self, outfd, data): FILE: volatility/plugins/gui/constants.py class FakeAtom (line 30) | class FakeAtom(object): method __init__ (line 31) | def __init__(self, name): FILE: volatility/plugins/gui/desktops.py class DeskScan (line 25) | class DeskScan(windowstations.WndScan): method unified_output (line 28) | def unified_output(self, data): method generator (line 48) | def generator(self, data): method render_text (line 78) | def render_text(self, outfd, data): FILE: volatility/plugins/gui/editbox.py class COMCTL_EDIT (line 156) | class COMCTL_EDIT(obj.CType): method __str__ (line 159) | def __str__(self): method get_text (line 173) | def get_text(self, no_crlf=False): method get_undo (line 191) | def get_undo(self, no_crlf=False): method is_pwd (line 205) | def is_pwd(self): method dump_meta (line 213) | def dump_meta(self, outfd): method dump_data (line 227) | def dump_data(self, outfd): method rtl_run_decode_unicode_string (line 235) | def rtl_run_decode_unicode_string(key, data): class COMCTL_LISTBOX (line 241) | class COMCTL_LISTBOX(obj.CType): method __str__ (line 244) | def __str__(self): method get_text (line 255) | def get_text(self, joiner='\n'): method dump_meta (line 267) | def dump_meta(self, outfd): method dump_data (line 280) | def dump_data(self, outfd): function split_null_strings (line 289) | def split_null_strings(data): function dump_to_file (line 303) | def dump_to_file(ctrl, pid, proc_name, folder): class Editbox (line 317) | class Editbox(common.AbstractWindowsCommand): method __init__ (line 326) | def __init__(self, config, *args, **kwargs): method apply_types (line 340) | def apply_types(addr_space, meta=None): method calculate (line 372) | def calculate(self): method render_table (line 431) | def render_table(self, outfd, data): method unified_output (line 448) | def unified_output(self, data): method generator (line 467) | def generator(self, data): method render_text (line 487) | def render_text(self, outfd, data): FILE: volatility/plugins/gui/eventhooks.py class EventHooks (line 23) | class EventHooks(sessions.Sessions): method render_text (line 26) | def render_text(self, outfd, data): FILE: volatility/plugins/gui/gahti.py class Gahti (line 29) | class Gahti(sessions.Sessions): method unified_output (line 32) | def unified_output(self, data): method generator (line 42) | def generator(self, data): method render_text (line 66) | def render_text(self, outfd, data): FILE: volatility/plugins/gui/gditimers.py class GDITimers (line 25) | class GDITimers(common.AbstractWindowsCommand, sessions.SessionsMixin): method is_valid_profile (line 29) | def is_valid_profile(profile): method calculate (line 36) | def calculate(self): method render_text (line 51) | def render_text(self, outfd, data): FILE: volatility/plugins/gui/messagehooks.py class MessageHooks (line 61) | class MessageHooks(atoms.Atoms, sessions.SessionsMixin): method calculate (line 64) | def calculate(self): method translate_atom (line 78) | def translate_atom(self, winsta, atom_tables, atom_id): method translate_hmod (line 116) | def translate_hmod(self, winsta, atom_tables, index): method render_text (line 193) | def render_text(self, outfd, data): method render_block (line 239) | def render_block(self, outfd, data): FILE: volatility/plugins/gui/screenshot.py class Screenshot (line 32) | class Screenshot(windowstations.WndScan): method __init__ (line 35) | def __init__(self, config, *args, **kwargs): method draw_text (line 41) | def draw_text(self, draw, text, left, top, fill = "Black"): method render_text (line 49) | def render_text(self, outfd, data): FILE: volatility/plugins/gui/sessions.py class SessionsMixin (line 27) | class SessionsMixin(object): method session_spaces (line 31) | def session_spaces(self, kernel_space): method find_session_space (line 49) | def find_session_space(self, kernel_space, session_id): class Sessions (line 66) | class Sessions(common.AbstractWindowsCommand, SessionsMixin): method calculate (line 69) | def calculate(self): method render_text (line 76) | def render_text(self, outfd, data): FILE: volatility/plugins/gui/userhandles.py class UserHandles (line 24) | class UserHandles(sessions.Sessions): method __init__ (line 27) | def __init__(self, config, *args, **kwargs): method render_text (line 43) | def render_text(self, outfd, data): FILE: volatility/plugins/gui/vtypes/vista.py class Vista2008x64GuiVTypes (line 25) | class Vista2008x64GuiVTypes(obj.ProfileModification): method modification (line 34) | def modification(self, profile): class Vista2008x86GuiVTypes (line 76) | class Vista2008x86GuiVTypes(obj.ProfileModification): method modification (line 85) | def modification(self, profile): FILE: volatility/plugins/gui/vtypes/win10.py class Win10x86_Gui (line 23) | class Win10x86_Gui(obj.ProfileModification): method modification (line 32) | def modification(self, profile): class Win10x64_Gui (line 58) | class Win10x64_Gui(obj.ProfileModification): method modification (line 67) | def modification(self, profile): FILE: volatility/plugins/gui/vtypes/win2003.py class Win2003x86GuiVTypes (line 23) | class Win2003x86GuiVTypes(obj.ProfileModification): method modification (line 33) | def modification(self, profile): FILE: volatility/plugins/gui/vtypes/win7.py class Win7SP0x64GuiVTypes (line 29) | class Win7SP0x64GuiVTypes(obj.ProfileModification): method modification (line 38) | def modification(self, profile): class Win7SP1x64GuiVTypes (line 41) | class Win7SP1x64GuiVTypes(obj.ProfileModification): method modification (line 50) | def modification(self, profile): class Win7SP0x86GuiVTypes (line 53) | class Win7SP0x86GuiVTypes(obj.ProfileModification): method modification (line 62) | def modification(self, profile): class Win7SP1x86GuiVTypes (line 65) | class Win7SP1x86GuiVTypes(obj.ProfileModification): method modification (line 74) | def modification(self, profile): class Win7GuiOverlay (line 77) | class Win7GuiOverlay(obj.ProfileModification): method modification (line 87) | def modification(self, profile): class Win7Vista2008x64Timers (line 102) | class Win7Vista2008x64Timers(obj.ProfileModification): method modification (line 109) | def modification(self, profile): class Win7Vista2008x86Timers (line 124) | class Win7Vista2008x86Timers(obj.ProfileModification): method modification (line 131) | def modification(self, profile): class _MM_SESSION_SPACE (line 144) | class _MM_SESSION_SPACE(win32k_core._MM_SESSION_SPACE): #pylint: disable... method find_shared_info (line 147) | def find_shared_info(self): class tagSHAREDINFO (line 178) | class tagSHAREDINFO(win32k_core.tagSHAREDINFO): method is_valid (line 181) | def is_valid(self): class Win7Win32KCoreClasses (line 195) | class Win7Win32KCoreClasses(obj.ProfileModification): method modification (line 204) | def modification(self, profile): FILE: volatility/plugins/gui/vtypes/win8.py class _RTL_ATOM_TABLE_ENTRY (line 27) | class _RTL_ATOM_TABLE_ENTRY(win32k_core._RTL_ATOM_TABLE_ENTRY): method Flags (line 31) | def Flags(self): method ReferenceCount (line 35) | def ReferenceCount(self): class Win8x86Gui (line 38) | class Win8x86Gui(obj.ProfileModification): method modification (line 47) | def modification(self, profile): class Win8x64Gui (line 133) | class Win8x64Gui(obj.ProfileModification): method modification (line 142) | def modification(self, profile): FILE: volatility/plugins/gui/vtypes/xp.py class XP2003x86BaseVTypes (line 24) | class XP2003x86BaseVTypes(obj.ProfileModification): method check (line 27) | def check(self, profile): method modification (line 35) | def modification(self, profile): class XP2003x64BaseVTypes (line 187) | class XP2003x64BaseVTypes(obj.ProfileModification): method modification (line 194) | def modification(self, profile): FILE: volatility/plugins/gui/win32k_core.py class _MM_SESSION_SPACE (line 33) | class _MM_SESSION_SPACE(obj.CType): method processes (line 36) | def processes(self): method Win32KBase (line 48) | def Win32KBase(self): method images (line 63) | def images(self): method _section_chunks (line 76) | def _section_chunks(self, sec_name): method find_gahti (line 131) | def find_gahti(self): method find_shared_info (line 160) | def find_shared_info(self): class tagSHAREDINFO (line 185) | class tagSHAREDINFO(obj.CType): method is_valid (line 188) | def is_valid(self): method handles (line 220) | def handles(self, filters = None): class _HANDLEENTRY (line 255) | class _HANDLEENTRY(obj.CType): method reference_object (line 258) | def reference_object(self): method Free (line 282) | def Free(self): method ThreadOwned (line 287) | def ThreadOwned(self): method ProcessOwned (line 295) | def ProcessOwned(self): method Thread (line 301) | def Thread(self): method Process (line 310) | def Process(self): class tagWINDOWSTATION (line 322) | class tagWINDOWSTATION(obj.CType, windows.ExecutiveObjectMixin): method is_valid (line 325) | def is_valid(self): method PhysicalAddress (line 329) | def PhysicalAddress(self): method LastRegisteredViewer (line 338) | def LastRegisteredViewer(self): method AtomTable (line 344) | def AtomTable(self): method Interactive (line 350) | def Interactive(self): method Name (line 355) | def Name(self): method traverse (line 371) | def traverse(self): method desktops (line 382) | def desktops(self): class tagDESKTOP (line 389) | class tagDESKTOP(tagWINDOWSTATION): method is_valid (line 392) | def is_valid(self): method WindowStation (line 396) | def WindowStation(self): method DeskInfo (line 401) | def DeskInfo(self): method threads (line 405) | def threads(self): method hook_params (line 411) | def hook_params(self): method hooks (line 419) | def hooks(self): method windows (line 441) | def windows(self, win, filter = lambda x: True, level = 0): #pylint: d... method heaps (line 486) | def heaps(self): method traverse (line 492) | def traverse(self): class tagWND (line 503) | class tagWND(obj.CType): method IsClipListener (line 507) | def IsClipListener(self): method ClassAtom (line 512) | def ClassAtom(self): method SuperClassAtom (line 517) | def SuperClassAtom(self): method Process (line 522) | def Process(self): method Thread (line 527) | def Thread(self): method Visible (line 532) | def Visible(self): method _get_flags (line 536) | def _get_flags(self, member, flags): method style (line 544) | def style(self): method ExStyle (line 549) | def ExStyle(self): class tagRECT (line 553) | class tagRECT(obj.CType): method get_tup (line 556) | def get_tup(self): class tagCLIPDATA (line 560) | class tagCLIPDATA(obj.CType): method as_string (line 563) | def as_string(self, fmt): method as_hex (line 584) | def as_hex(self): class tagTHREADINFO (line 590) | class tagTHREADINFO(tagDESKTOP): method get_params (line 593) | def get_params(self): class tagHOOK (line 597) | class tagHOOK(obj.CType): method traverse (line 600) | def traverse(self): class tagEVENTHOOK (line 607) | class tagEVENTHOOK(obj.CType): method dwFlags (line 611) | def dwFlags(self): class _RTL_ATOM_TABLE (line 621) | class _RTL_ATOM_TABLE(tagWINDOWSTATION): method __init__ (line 624) | def __init__(self, *args, **kwargs): method is_valid (line 629) | def is_valid(self): method NumBuckets (line 637) | def NumBuckets(self): method atoms (line 666) | def atoms(self): method find_atom (line 679) | def find_atom(self, atom_to_find): class _RTL_ATOM_TABLE_ENTRY (line 697) | class _RTL_ATOM_TABLE_ENTRY(obj.CType): method Pinned (line 701) | def Pinned(self): method is_string_atom (line 705) | def is_string_atom(self): method is_valid (line 713) | def is_valid(self): class Win32KCoreClasses (line 727) | class Win32KCoreClasses(obj.ProfileModification): method modification (line 734) | def modification(self, profile): class Win32KGahtiVType (line 753) | class Win32KGahtiVType(obj.ProfileModification): method modification (line 759) | def modification(self, profile): class AtomTablex86Overlay (line 774) | class AtomTablex86Overlay(obj.ProfileModification): method modification (line 782) | def modification(self, profile): class AtomTablex64Overlay (line 797) | class AtomTablex64Overlay(obj.ProfileModification): method modification (line 803) | def modification(self, profile): class XP2003x86TimerVType (line 818) | class XP2003x86TimerVType(obj.ProfileModification): method modification (line 825) | def modification(self, profile): class XP2003x64TimerVType (line 840) | class XP2003x64TimerVType(obj.ProfileModification): method modification (line 847) | def modification(self, profile): class Win32Kx86VTypes (line 862) | class Win32Kx86VTypes(obj.ProfileModification): method modification (line 871) | def modification(self, profile): class Win32Kx64VTypes (line 904) | class Win32Kx64VTypes(obj.ProfileModification): method modification (line 913) | def modification(self, profile): class XPx86SessionOverlay (line 947) | class XPx86SessionOverlay(obj.ProfileModification): method modification (line 958) | def modification(self, profile): FILE: volatility/plugins/gui/windows.py class WinTree (line 24) | class WinTree(messagehooks.MessageHooks): method render_text (line 27) | def render_text(self, outfd, data): class Windows (line 44) | class Windows(messagehooks.MessageHooks): method __init__ (line 47) | def __init__(self, config, *args, **kwargs): method render_text (line 55) | def render_text(self, outfd, data): FILE: volatility/plugins/gui/windowstations.py class PoolScanWind (line 28) | class PoolScanWind(poolscan.PoolScanner): method __init__ (line 31) | def __init__(self, address_space): class WndScan (line 47) | class WndScan(common.AbstractScanCommand, sessions.SessionsMixin): method calculate (line 52) | def calculate(self): method render_text (line 80) | def render_text(self, outfd, data): FILE: volatility/plugins/handles.py class Handles (line 28) | class Handles(taskmods.DllList): method __init__ (line 31) | def __init__(self, config, *args, **kwargs): method generator (line 41) | def generator(self, data): method unified_output (line 64) | def unified_output(self, data): method render_text (line 76) | def render_text(self, outfd, data): method calculate (line 106) | def calculate(self): FILE: volatility/plugins/heaps.py class HeapModification (line 23) | class HeapModification(obj.ProfileModification): method modification (line 28) | def modification(self, profile): FILE: volatility/plugins/hibinfo.py class HibInfo (line 29) | class HibInfo(common.AbstractWindowsCommand): method calculate (line 33) | def calculate(self): method render_text (line 63) | def render_text(self, outfd, data): FILE: volatility/plugins/hpakinfo.py class HPAKInfo (line 23) | class HPAKInfo(crashinfo.CrashInfo): method render_text (line 28) | def render_text(self, outfd, data): class HPAKExtract (line 42) | class HPAKExtract(HPAKInfo): method render_text (line 45) | def render_text(self, outfd, data): FILE: volatility/plugins/iehistory.py class _URL_RECORD (line 31) | class _URL_RECORD(obj.CType): method is_valid (line 34) | def is_valid(self): method Length (line 45) | def Length(self): method has_data (line 48) | def has_data(self): class _DEST_RECORD (line 55) | class _DEST_RECORD(obj.CType): method is_valid (line 57) | def is_valid(self): method url_and_title (line 67) | def url_and_title(self): method Url (line 92) | def Url(self): class IEHistoryVTypes (line 95) | class IEHistoryVTypes(obj.ProfileModification): method modification (line 100) | def modification(self, profile): class IEHistory (line 135) | class IEHistory(taskmods.DllList): method __init__ (line 138) | def __init__(self, config, *args, **kwargs): method is_valid_profile (line 148) | def is_valid_profile(profile): method calculate (line 151) | def calculate(self): method unified_output (line 184) | def unified_output(self, data): method generator (line 201) | def generator(self, data): method render_text (line 239) | def render_text(self, outfd, data): method render_csv (line 269) | def render_csv(self, outfd, data): FILE: volatility/plugins/imagecopy.py class ImageCopy (line 27) | class ImageCopy(commands.Command): method __init__ (line 30) | def __init__(self, *args, **kwargs): method calculate (line 42) | def calculate(self): method human_readable (line 56) | def human_readable(self, value): method render_text (line 63) | def render_text(self, outfd, data): FILE: volatility/plugins/imageinfo.py class ImageInfo (line 33) | class ImageInfo(kdbgscan.KDBGScan): method unified_output (line 35) | def unified_output(self, data): method render_text (line 43) | def render_text(self, outfd, data): method calculate (line 49) | def calculate(self): method get_image_time (line 129) | def get_image_time(self, addr_space): FILE: volatility/plugins/joblinks.py class JobLinks (line 31) | class JobLinks(taskmods.DllList): method __init__ (line 33) | def __init__(self, config, *args, **kwargs): method unified_output (line 40) | def unified_output(self, data): method generator (line 56) | def generator(self, data): method render_text (line 101) | def render_text(self, outfd, data): FILE: volatility/plugins/kdbgscan.py class MultiStringFinderCheck (line 31) | class MultiStringFinderCheck(scan.ScannerCheck): method __init__ (line 34) | def __init__(self, address_space, needles = None): method check (line 45) | def check(self, offset): method skip (line 52) | def skip(self, data, offset): class MultiPrefixFinderCheck (line 60) | class MultiPrefixFinderCheck(MultiStringFinderCheck): method check (line 62) | def check(self, offset): class KDBGScanner (line 69) | class KDBGScanner(scan.BaseScanner): method __init__ (line 72) | def __init__(self, window_size = 8, needles = None): method scan (line 84) | def scan(self, address_space, offset = 0, maxlen = None): class KDBGScan (line 94) | class KDBGScan(common.AbstractWindowsCommand): method register_options (line 98) | def register_options(config): method calculate (line 106) | def calculate(self): method render_text (line 167) | def render_text(self, outfd, data): FILE: volatility/plugins/kpcrscan.py class KPCRScan (line 35) | class KPCRScan(common.AbstractWindowsCommand): method register_options (line 49) | def register_options(config): method calculate (line 54) | def calculate(self): method render_text (line 63) | def render_text(self, outfd, data): class KPCRScannerCheck (line 116) | class KPCRScannerCheck(scan.ScannerCheck): method __init__ (line 118) | def __init__(self, address_space): method check (line 138) | def check(self, offset): method skip (line 156) | def skip(self, data, offset): class KPCRScanner (line 175) | class KPCRScanner(scan.BaseScanner): method scan (line 178) | def scan(self, address_space, offset = 0, maxlen = None): FILE: volatility/plugins/linux/apihooks.py class linux_apihooks (line 36) | class linux_apihooks(linux_pslist.linux_pslist): method unified_output (line 39) | def unified_output(self, data): method generator (line 50) | def generator(self, data): method render_text (line 64) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/arp.py class a_ent (line 31) | class a_ent(object): method __init__ (line 33) | def __init__(self, ip, mac, devname): class linux_arp (line 40) | class linux_arp(linux_common.AbstractLinuxCommand): method calculate (line 43) | def calculate(self): method handle_table (line 65) | def handle_table(self, ntable): method walk_neighbor (line 101) | def walk_neighbor(self, neighbor): method render_text (line 133) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/aslr_shift.py class linux_aslr_shift (line 29) | class linux_aslr_shift(common.AbstractLinuxCommand): method calculate (line 32) | def calculate(self): method render_text (line 37) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/banner.py class linux_banner (line 33) | class linux_banner(linux_common.AbstractLinuxCommand): method calculate (line 36) | def calculate(self): method render_text (line 48) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/bash.py class _hist_entry (line 51) | class _hist_entry(obj.CType): method is_valid (line 54) | def is_valid(self): method time_as_integer (line 82) | def time_as_integer(self): method time_object (line 88) | def time_object(self): class BashTypes (line 96) | class BashTypes(obj.ProfileModification): method modification (line 99) | def modification(self, profile): class linux_bash (line 108) | class linux_bash(linux_pslist.linux_pslist): method __init__ (line 111) | def __init__(self, config, *args, **kwargs): method calculate (line 117) | def calculate(self): method unified_output (line 157) | def unified_output(self, data): method generator (line 164) | def generator(self, data): method render_text (line 170) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/bash_hash.py class _bash_hash_table (line 87) | class _bash_hash_table(obj.CType): method is_valid (line 89) | def is_valid(self): method __iter__ (line 98) | def __iter__(self): class BashHashTypes (line 119) | class BashHashTypes(obj.ProfileModification): method modification (line 122) | def modification(self, profile): class linux_bash_hash (line 130) | class linux_bash_hash(linux_pslist.linux_pslist): method __init__ (line 133) | def __init__(self, config, *args, **kwargs): method calculate (line 137) | def calculate(self): method unified_output (line 156) | def unified_output(self, data): method generator (line 164) | def generator(self, data): method render_text (line 171) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/check_afinfo.py class linux_check_afinfo (line 32) | class linux_check_afinfo(linux_common.AbstractLinuxCommand): method check_members (line 35) | def check_members(self, var_ops, members, modules): method check_afinfo (line 39) | def check_afinfo(self, var_name, var, op_members, seq_members, modules): method _pre_4_18 (line 51) | def _pre_4_18(self, modules, seq_members): method _4_18_plus (line 72) | def _4_18_plus(self, modules, seq_members): method calculate (line 86) | def calculate(self): method render_text (line 100) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/check_creds.py class linux_check_creds (line 33) | class linux_check_creds(linux_pslist.linux_pslist): method calculate (line 36) | def calculate(self): method unified_output (line 57) | def unified_output(self, data): method generator (line 61) | def generator(self, data): method render_text (line 73) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/check_evt_arm.py class linux_check_evt_arm (line 30) | class linux_check_evt_arm(linux_common.AbstractLinuxARMCommand): method calculate (line 36) | def calculate(self): method render_text (line 78) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/check_fops.py class linux_check_fop (line 40) | class linux_check_fop(linux_common.AbstractLinuxCommand): method __init__ (line 43) | def __init__(self, config, *args, **kwargs): method check_file_cache (line 49) | def check_file_cache(self, f_op_members, modules): method check_open_files_fop (line 54) | def check_open_files_fop(self, f_op_members, modules): method check_proc_fop (line 64) | def check_proc_fop(self, f_op_members, modules): method _get_name (line 108) | def _get_name(self, pde, parent): method _walk_proc_old (line 116) | def _walk_proc_old(self, cur, f_op_members, modules, parent): method _walk_rb (line 151) | def _walk_rb(self, rb): method _do_walk_proc_current (line 170) | def _do_walk_proc_current(self, cur, f_op_members, modules, parent): method _walk_proc_current (line 182) | def _walk_proc_current(self, cur, f_op_members, modules, parent): method _walk_proc_dir (line 189) | def _walk_proc_dir(self, proc_root, f_op_members, modules, parent): method check_proc_root_fops (line 198) | def check_proc_root_fops(self, f_op_members, modules): method check_proc_net_fops (line 210) | def check_proc_net_fops(self, f_op_members, modules): method calculate (line 222) | def calculate(self): method unified_output (line 248) | def unified_output(self, data): method generator (line 254) | def generator(self, data): method render_text (line 258) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/check_idt.py class LinuxIDTTypes (line 44) | class LinuxIDTTypes(obj.ProfileModification): method modification (line 47) | def modification(self, profile): class linux_check_idt (line 52) | class linux_check_idt(linux_common.AbstractLinuxCommand): method calculate (line 55) | def calculate(self): method unified_output (line 121) | def unified_output(self, data): method generator (line 127) | def generator(self, data): method render_text (line 131) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/check_inline_kernel.py class linux_check_inline_kernel (line 47) | class linux_check_inline_kernel(linux_common.AbstractLinuxCommand): method __init__ (line 50) | def __init__(self, config, *args, **kwargs): method _is_hooked (line 53) | def _is_hooked(self, sym_addr, modules): method _is_inline_hooked (line 122) | def _is_inline_hooked(self, ops, op_members, modules): method check_file_cache (line 133) | def check_file_cache(self, f_op_members, modules): method check_open_files_fop (line 138) | def check_open_files_fop(self, f_op_members, modules): method check_proc_fop (line 148) | def check_proc_fop(self, f_op_members, modules): method walk_proc (line 170) | def walk_proc(self, cur, f_op_members, modules, parent = ""): method check_proc_root_fops (line 201) | def check_proc_root_fops(self, f_op_members, modules): method _check_file_op_pointers (line 215) | def _check_file_op_pointers(self, modules): method check_afinfo (line 225) | def check_afinfo(self, var_name, var, op_members, seq_members, modules): method _check_afinfo (line 234) | def _check_afinfo(self, modules): method _check_inetsw (line 256) | def _check_inetsw(self, modules): method _check_known_functions (line 280) | def _check_known_functions(self, modules): method calculate (line 292) | def calculate(self): method unified_output (line 306) | def unified_output(self, data): method generator (line 313) | def generator(self, data): method render_text (line 317) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/check_modules.py class linux_check_modules (line 35) | class linux_check_modules(linux_common.AbstractLinuxCommand): method get_kset_modules (line 38) | def get_kset_modules(self): method calculate (line 58) | def calculate(self): method unified_output (line 68) | def unified_output(self, data): method generator (line 73) | def generator(self, data): method render_text (line 77) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/check_syscall.py class linux_check_syscall (line 45) | class linux_check_syscall(linux_common.AbstractLinuxCommand): method _get_table_size (line 48) | def _get_table_size(self, table_addr, table_name): method _get_table_size_meta (line 60) | def _get_table_size_meta(self): method _get_table_info_other (line 68) | def _get_table_info_other(self, table_addr, table_name): method _get_table_info_distorm (line 78) | def _get_table_info_distorm(self): method _get_table_info (line 115) | def _get_table_info(self, table_name): method _compute_hook_sym_name (line 129) | def _compute_hook_sym_name(self, visible_mods, hidden_mods, call_addr): method _index_name (line 150) | def _index_name(self, table_name, index_info, i): method _find_index (line 162) | def _find_index(self, index_names, line_index): method get_syscalls (line 179) | def get_syscalls(self, index_info = None, get_hidden = False, compute_... method get_unistd_paths (line 226) | def get_unistd_paths(self): method parse_index_file (line 240) | def parse_index_file(self, index_lines): method _find_and_parse_index_file (line 262) | def _find_and_parse_index_file(self): method calculate (line 297) | def calculate(self): method unified_output (line 310) | def unified_output(self, data): method generator (line 318) | def generator(self, data): method render_text (line 322) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/check_syscall_arm.py class linux_check_syscall_arm (line 32) | class linux_check_syscall_arm(linux_common.AbstractLinuxARMCommand): method _get_syscall_table_size (line 35) | def _get_syscall_table_size(self): method _get_syscall_table_address (line 53) | def _get_syscall_table_address(self): method calculate (line 63) | def calculate(self): method unified_output (line 90) | def unified_output(self, data): method generator (line 96) | def generator(self, data): method render_text (line 106) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/common.py class vol_timespec (line 38) | class vol_timespec: method __init__ (line 40) | def __init__(self, secs, nsecs): function set_plugin_members (line 44) | def set_plugin_members(obj_ref): class AbstractLinuxCommand (line 53) | class AbstractLinuxCommand(commands.Command): method __init__ (line 54) | def __init__(self, *args, **kwargs): method profile (line 61) | def profile(self): method execute (line 66) | def execute(self, *args, **kwargs): method is_valid_profile (line 70) | def is_valid_profile(profile): method register_options (line 74) | def register_options(config): method is_known_address (line 78) | def is_known_address(self, addr, modules): method address_in_module (line 86) | def address_in_module(self, addr, modules): method verify_ops (line 94) | def verify_ops(self, ops, op_members, modules): class AbstractLinuxIntelCommand (line 124) | class AbstractLinuxIntelCommand(AbstractLinuxCommand): method is_valid_profile (line 126) | def is_valid_profile(profile): class AbstractLinuxARMCommand (line 131) | class AbstractLinuxARMCommand(AbstractLinuxCommand): method is_valid_profile (line 133) | def is_valid_profile(profile): function walk_internal_list (line 137) | def walk_internal_list(struct_name, list_member, list_start, addr_space ... function do_get_path (line 147) | def do_get_path(rdentry, rmnt, dentry, vfsmnt): function _get_path_file (line 188) | def _get_path_file(task, filp): function get_new_sock_pipe_path (line 201) | def get_new_sock_pipe_path(task, filp): function get_path (line 230) | def get_path(task, filp): function write_elf_file (line 240) | def write_elf_file(dump_dir, task, elf_addr): function get_time_vars (line 253) | def get_time_vars(obj_vm): FILE: volatility/plugins/linux/cpuinfo.py class linux_cpuinfo (line 31) | class linux_cpuinfo(linux_common.AbstractLinuxIntelCommand): method calculate (line 34) | def calculate(self): method get_info_single (line 51) | def get_info_single(self): method get_info_smp (line 57) | def get_info_smp(self): method get_per_cpu_symbol (line 66) | def get_per_cpu_symbol(self, sym_name, module = "kernel"): method online_cpus (line 79) | def online_cpus(self): method walk_per_cpu_var (line 105) | def walk_per_cpu_var(self, per_var, var_type): method unified_output (line 126) | def unified_output(self, data): method generator (line 132) | def generator(self, data): method render_text (line 136) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/dentry_cache.py class linux_dentry_cache (line 30) | class linux_dentry_cache(linux_common.AbstractLinuxCommand): method __init__ (line 33) | def __init__(self, config, *args, **kwargs): method make_body (line 40) | def make_body(self, dentry): method calculate (line 57) | def calculate(self): method render_text (line 69) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/dmesg.py class linux_dmesg (line 30) | class linux_dmesg(linux_common.AbstractLinuxCommand): method _get_log_info (line 33) | def _get_log_info(self): method _pre_3 (line 42) | def _pre_3(self, buf_addr, buf_len): method _ver_3 (line 46) | def _ver_3(self, buf_addr, buf_len): method calculate (line 85) | def calculate(self): method render_text (line 95) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/dump_map.py class linux_dump_map (line 32) | class linux_dump_map(linux_proc_maps.linux_proc_maps): method __init__ (line 35) | def __init__(self, config, *args, **kwargs): method read_addr_range (line 40) | def read_addr_range(self, task, start, end): method render_text (line 52) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/elfs.py class linux_elfs (line 36) | class linux_elfs(linux_pslist.linux_pslist): method calculate (line 39) | def calculate(self): method unified_output (line 47) | def unified_output(self, data): method generator (line 56) | def generator(self, data): method render_text (line 61) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/enumerate_files.py class linux_enumerate_files (line 33) | class linux_enumerate_files(linux_common.AbstractLinuxCommand): method calculate (line 36) | def calculate(self): method unified_output (line 44) | def unified_output(self, data): method generator (line 48) | def generator(self, data): method render_text (line 52) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/find_file.py class linux_find_file (line 36) | class linux_find_file(linux_common.AbstractLinuxCommand): method __init__ (line 39) | def __init__(self, config, *args, **kwargs): method _walk_sb (line 51) | def _walk_sb(self, dentry_param, parent): method _get_sbs (line 93) | def _get_sbs(self): method walk_sbs (line 101) | def walk_sbs(self, sbs = []): method calculate (line 119) | def calculate(self): method render_text (line 153) | def render_text(self, outfd, data): method radix_tree_is_internal_node (line 166) | def radix_tree_is_internal_node(self, ptr): method radix_tree_is_indirect_ptr (line 172) | def radix_tree_is_indirect_ptr(self, ptr): method radix_tree_indirect_to_ptr (line 175) | def radix_tree_indirect_to_ptr(self, ptr): method index_is_valid (line 178) | def index_is_valid(self, root, index): method is_sibling_entry (line 190) | def is_sibling_entry(self, parent, node): method get_slot_offset (line 197) | def get_slot_offset(self, parent, slot): method radix_tree_descend (line 200) | def radix_tree_descend(self, parent, node, index): method find_slot_post_4_11 (line 218) | def find_slot_post_4_11(self, root, index): method radix_tree_lookup_slot (line 237) | def radix_tree_lookup_slot(self, root, index): method SHMEM_I (line 306) | def SHMEM_I(self, inode): method xa_is_internal (line 310) | def xa_is_internal(self, entry): method xa_is_node (line 313) | def xa_is_node(self, entry): method xa_get_offset (line 316) | def xa_get_offset(self, index, node): method xa_get_entry_from_offset (line 319) | def xa_get_entry_from_offset(self, offset, node): method xas_descend (line 323) | def xas_descend(self, offset, node): method walk_xarray (line 339) | def walk_xarray(self, inode, offset): method find_get_page (line 352) | def find_get_page(self, inode, offset): method get_page_contents (line 362) | def get_page_contents(self, inode, idx): method get_file_contents (line 381) | def get_file_contents(self, inode): FILE: volatility/plugins/linux/getcwd.py class linux_getcwd (line 31) | class linux_getcwd(linux_pslist.linux_pslist): method render_text (line 34) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/hidden_modules.py class linux_hidden_modules (line 36) | class linux_hidden_modules(linux_common.AbstractLinuxCommand): method walk_modules_address_space (line 39) | def walk_modules_address_space(self, addr_space): method calculate (line 108) | def calculate(self): method unified_output (line 114) | def unified_output(self, data): method generator (line 119) | def generator(self, data): method render_text (line 123) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/ifconfig.py class linux_ifconfig (line 32) | class linux_ifconfig(linux_common.AbstractLinuxCommand): method _get_devs_base (line 35) | def _get_devs_base(self): method _get_devs_namespace (line 42) | def _get_devs_namespace(self): method _gather_net_dev_info (line 54) | def _gather_net_dev_info(self, net_dev): method calculate (line 65) | def calculate(self): method unified_output (line 82) | def unified_output(self, data): method generator (line 89) | def generator(self, data): method render_text (line 93) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/info_regs.py class linux_info_regs (line 86) | class linux_info_regs(linux_pslist.linux_pslist): method __init__ (line 89) | def __init__(self, config, *args, **kwargs): method calculate (line 97) | def calculate(self): method render_text (line 117) | def render_text(self, outfd, data): method parse_kernel_stack (line 133) | def parse_kernel_stack(self, task): FILE: volatility/plugins/linux/iomem.py class linux_iomem (line 31) | class linux_iomem(linux_common.AbstractLinuxCommand): method yield_resource (line 34) | def yield_resource(self, io_res, depth = 0): method calculate (line 50) | def calculate(self): method render_text (line 59) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/kernel_opened_files.py class linux_kernel_opened_files (line 33) | class linux_kernel_opened_files(linux_common.AbstractLinuxCommand): method _walk_node_hash (line 36) | def _walk_node_hash(self, node): method _walk_node_node (line 50) | def _walk_node_node(self, node): method _walk_node (line 62) | def _walk_node(self, node): method _gather_dcache (line 73) | def _gather_dcache(self): method _compare_filps (line 97) | def _compare_filps(self): method calculate (line 115) | def calculate(self): method generator (line 123) | def generator(self,data): method unified_output (line 127) | def unified_output(self, data): method render_text (line 132) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/keyboard_notifiers.py class linux_keyboard_notifiers (line 31) | class linux_keyboard_notifiers(linux_common.AbstractLinuxCommand): method calculate (line 34) | def calculate(self): method render_text (line 64) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/ld_env.py class linux_dynamic_env (line 30) | class linux_dynamic_env(linux_pslist.linux_pslist): method render_text (line 33) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/ldrmodules.py class linux_ldrmodules (line 34) | class linux_ldrmodules(linux_pslist.linux_pslist): method unified_output (line 37) | def unified_output(self, data): method generator (line 46) | def generator(self, data): method render_text (line 56) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/libc_env.py class linux_bash_env (line 36) | class linux_bash_env(linux_pslist.linux_pslist): method render_text (line 39) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/library_list.py class linux_library_list (line 31) | class linux_library_list(linux_pslist.linux_pslist): method calculate (line 34) | def calculate(self): method unified_output (line 46) | def unified_output(self, data): method generator (line 53) | def generator(self, data): method render_text (line 57) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/librarydump.py class linux_librarydump (line 35) | class linux_librarydump(linux_pslist.linux_pslist): method __init__ (line 38) | def __init__(self, config, *args, **kwargs): method render_text (line 43) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/lime.py class LiMEInfo (line 24) | class LiMEInfo(linux_common.AbstractLinuxCommand): method calculate (line 29) | def calculate(self): method render_text (line 45) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/linux_strings.py class linux_strings (line 25) | class linux_strings(strings.Strings, linux_common.AbstractLinuxCommand): method is_valid_profile (line 29) | def is_valid_profile(profile): method get_processes (line 32) | def get_processes(self, addr_space): method get_modules (line 52) | def get_modules(cls, addr_space): method find_module (line 69) | def find_module(cls, modlist, mod_addrs, addr_space, vpage): method get_module_name (line 93) | def get_module_name(cls, module): method get_task_pid (line 104) | def get_task_pid(cls, task): FILE: volatility/plugins/linux/linux_truecrypt.py class PassphraseScanner (line 32) | class PassphraseScanner(malfind.BaseYaraScanner): method __init__ (line 35) | def __init__(self, task = None, **kwargs): method scan (line 46) | def scan(self, offset = 0, maxlen = None): class LinuxTruecryptModification (line 79) | class LinuxTruecryptModification(obj.ProfileModification): method modification (line 84) | def modification(self, profile): class linux_truecrypt_passphrase (line 108) | class linux_truecrypt_passphrase(linux_pslist.linux_pslist): method calculate (line 111) | def calculate(self): method render_text (line 136) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/linux_volshell.py class linux_volshell (line 25) | class linux_volshell(volshell.volshell): method is_valid_profile (line 29) | def is_valid_profile(profile): method modules (line 32) | def modules(self): method getpidlist (line 38) | def getpidlist(self): method ps (line 41) | def ps(self, procs = None): method context_display (line 46) | def context_display(self): method set_context (line 51) | def set_context(self, offset = None, pid = None, name = None, physical... FILE: volatility/plugins/linux/linux_yarascan.py class VmaYaraScanner (line 33) | class VmaYaraScanner(malfind.BaseYaraScanner): method __init__ (line 36) | def __init__(self, task = None, **kwargs): method scan (line 45) | def scan(self, offset = 0, maxlen = None): class linux_yarascan (line 50) | class linux_yarascan(malfind.YaraScan): method is_valid_profile (line 54) | def is_valid_profile(profile): method filter_tasks (line 57) | def filter_tasks(self): method calculate (line 83) | def calculate(self): method render_text (line 116) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/list_raw.py class linux_list_raw (line 34) | class linux_list_raw(linux_common.AbstractLinuxCommand): method __init__ (line 37) | def __init__(self, config, *args, **kwargs): method _SOCK_INODE (line 41) | def _SOCK_INODE(self, sk): method _walk_net_spaces (line 47) | def _walk_net_spaces(self): method _fill_cache (line 67) | def _fill_cache(self): method _find_proc_for_inode (line 75) | def _find_proc_for_inode(self, inode): method __walk_hlist_node (line 88) | def __walk_hlist_node(self, node): method _walk_packet_sklist (line 105) | def _walk_packet_sklist(self): method calculate (line 113) | def calculate(self): method render_text (line 126) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/lsmod.py class linux_lsmod (line 33) | class linux_lsmod(linux_common.AbstractLinuxCommand): method __init__ (line 36) | def __init__(self, config, *args, **kwargs): method _get_modules (line 46) | def _get_modules(self): method calculate (line 59) | def calculate(self): method render_text (line 78) | def render_text(self, outfd, data): method get_module (line 102) | def get_module(self, name): method get_modules (line 114) | def get_modules(self, include_list = None): class linux_moddump (line 129) | class linux_moddump(linux_common.AbstractLinuxCommand): method __init__ (line 132) | def __init__(self, config, *args, **kwargs): method calculate (line 151) | def calculate(self): method _get_header_64 (line 177) | def _get_header_64(self, load_addr, sect_hdr_offset, num_sects): method _get_header_32 (line 202) | def _get_header_32(self, load_addr, sect_hdr_offset, num_sects): method _build_sections_list (line 228) | def _build_sections_list(self, module): method _parse_sections (line 251) | def _parse_sections(self, module): method _calc_sect_name_idx (line 312) | def _calc_sect_name_idx(self, name): method _calc_sect_type (line 317) | def _calc_sect_type(self, name): method _calc_sect_flags (line 364) | def _calc_sect_flags(self, name): method _calc_link (line 375) | def _calc_link(self, name, strtab_idx, symtab_idx, sect_type): method _calc_entsize (line 388) | def _calc_entsize(self, name, sect_type, bits): method _make_sect_header_64 (line 403) | def _make_sect_header_64(self, name, address, size, file_off, strtab_i... method _make_sect_header_32 (line 425) | def _make_sect_header_32(self, name, address, size, file_off, strtab_i... method _null_sect_hdr (line 447) | def _null_sect_hdr(self, sz): method _calc_string_data (line 451) | def _calc_string_data(self, module): method _find_sec (line 462) | def _find_sec(self, sections_info, sym_addr): method _fix_sym_table (line 471) | def _fix_sym_table(self, module, sections_info): method _get_module_data (line 581) | def _get_module_data(self, module): method get_module_data (line 624) | def get_module_data(self, module): method render_text (line 627) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/lsof.py class linux_lsof (line 33) | class linux_lsof(linux_pslist.linux_pslist): method unified_output (line 36) | def unified_output(self, data): method generator (line 44) | def generator(self, data): method render_text (line 50) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/malfind.py class linux_malfind (line 34) | class linux_malfind(linux_pslist.linux_pslist): method render_text (line 37) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/mount.py class linux_mount (line 32) | class linux_mount(linux_common.AbstractLinuxCommand): method _parse_mnt (line 35) | def _parse_mnt(self, mnt, ns, fs_types): method calculate (line 93) | def calculate(self): method _calc_mnt_string (line 224) | def _calc_mnt_string(self, mnt): method _get_filesystem_types (line 233) | def _get_filesystem_types(self): method render_text (line 248) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/mount_cache.py class linux_mount_cache (line 32) | class linux_mount_cache(linux_mount.linux_mount): method __init__ (line 35) | def __init__(self, config, *args, **kwargs): method _get_filesystem_types (line 42) | def _get_filesystem_types(self): method calculate (line 57) | def calculate(self): FILE: volatility/plugins/linux/netfilter.py class linux_netfilter (line 35) | class linux_netfilter(linux_common.AbstractLinuxCommand): method calculate (line 38) | def calculate(self): method unified_output (line 71) | def unified_output(self, data): method generator (line 78) | def generator(self, data): method render_text (line 82) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/netscan.py class linux_netscan (line 40) | class linux_netscan(linux_common.AbstractLinuxCommand): method check_socket_back_pointer (line 43) | def check_socket_back_pointer(self, i): method check_pointers (line 49) | def check_pointers(self, i): method check_proto (line 57) | def check_proto(self, i): method check_family (line 60) | def check_family(self, i): method calculate (line 63) | def calculate(self): method render_text (line 118) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/netstat.py class linux_netstat (line 34) | class linux_netstat(linux_pslist.linux_pslist): method __init__ (line 37) | def __init__(self, config, *args, **kwargs): method unified_output (line 41) | def unified_output(self,data): method generator (line 54) | def generator(self, data): method render_text (line 86) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/pidhashtable.py class linux_pidhashtable (line 37) | class linux_pidhashtable(linux_pslist.linux_pslist): method __init__ (line 40) | def __init__(self, *args, **kwargs): method get_obj (line 44) | def get_obj(self, ptr, sname, member): method _task_for_pid (line 49) | def _task_for_pid(self, upid, pid): method _walk_upid (line 68) | def _walk_upid(self, upid): method _get_pidhash_array (line 88) | def _get_pidhash_array(self): method calculate_v3 (line 100) | def calculate_v3(self): method profile_unsupported (line 129) | def profile_unsupported(self, func_name): method calculate_v2 (line 132) | def calculate_v2(self): method calculate_v1 (line 170) | def calculate_v1(self): method refresh_pid_hash_task_table (line 173) | def refresh_pid_hash_task_table(self): method get_both (line 176) | def get_both(self): method radix_tree_is_internal_node (line 202) | def radix_tree_is_internal_node(self, ptr): method radix_tree_is_indirect_ptr (line 208) | def radix_tree_is_indirect_ptr(self, ptr): method radix_tree_indirect_to_ptr (line 211) | def radix_tree_indirect_to_ptr(self, ptr): method _walk_idr_node (line 215) | def _walk_idr_node(self, node, height, idx): method _walk_pid_ns_idr (line 234) | def _walk_pid_ns_idr(self): method _task_for_radix_pid_node (line 268) | def _task_for_radix_pid_node(self, node): method _do_walk_xarray (line 287) | def _do_walk_xarray(self, ff, node, height, index): method _walk_xarray_pids (line 305) | def _walk_xarray_pids(self): method pid_namespace_idr (line 341) | def pid_namespace_idr(self): method determine_func (line 354) | def determine_func(self): method calculate (line 377) | def calculate(self): FILE: volatility/plugins/linux/pkt_queues.py class linux_pkt_queues (line 31) | class linux_pkt_queues(linux_netstat.linux_netstat): method __init__ (line 34) | def __init__(self, config, *args, **kwargs): method process_queue (line 38) | def process_queue(self, name, pid, fd_num, queue): method render_text (line 75) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/plthook.py class linux_plthook (line 32) | class linux_plthook(linux_pslist.linux_pslist): method __init__ (line 35) | def __init__(self, config, *args, **kwargs): method render_text (line 46) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/proc_maps.py class linux_proc_maps (line 32) | class linux_proc_maps(linux_pslist.linux_pslist): method calculate (line 35) | def calculate(self): method unified_output (line 44) | def unified_output(self, data): method generator (line 58) | def generator(self, data): method render_text (line 74) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/proc_maps_rb.py class linux_proc_maps_rb (line 33) | class linux_proc_maps_rb(linux_proc_maps.linux_proc_maps): method calculate (line 36) | def calculate(self): FILE: volatility/plugins/linux/procdump.py class linux_procdump (line 34) | class linux_procdump(linux_pslist.linux_pslist): method __init__ (line 37) | def __init__(self, config, *args, **kwargs): method render_text (line 41) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/process_hollow.py class linux_process_hollow (line 34) | class linux_process_hollow(linux_pslist.linux_pslist): method __init__ (line 37) | def __init__(self, config, *args, **kwargs): method calculate (line 45) | def calculate(self): method render_text (line 107) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/process_info.py function null_list (line 57) | def null_list(pages, size): function int_list (line 77) | def int_list(pages, size): function _neg_fix (line 97) | def _neg_fix(addr): function print_hex (line 103) | def print_hex(value): function read_addr_range (line 108) | def read_addr_range(start, end, addr_space): function read_null_list (line 125) | def read_null_list( start, end, addr_space): function read_int_list (line 136) | def read_int_list( start, end, addr_space): function read_registers (line 147) | def read_registers(task, addr_space): class linux_process_info (line 164) | class linux_process_info: method __init__ (line 167) | def __init__(self, config, *args, **kwargs): method read_addr_range (line 176) | def read_addr_range(self, start, end, addr_space=None): method calculate (line 188) | def calculate(self): method read_null_list (line 198) | def read_null_list(self, start, end, addr_space=None): method read_int_list (line 209) | def read_int_list(self, start, end, addr_space=None): method analyze (line 220) | def analyze(self, task): method get_map (line 261) | def get_map(self, task, address): method render_text (line 273) | def render_text(self, outfd, data): method render_stack_frames (line 326) | def render_stack_frames(self, stack_frames): method render_registers (line 338) | def render_registers(self, reg): method render_list (line 348) | def render_list(self, l): method render_annotated_list (line 358) | def render_annotated_list(self, ann_list): class process_info (line 369) | class process_info(object): method __init__ (line 374) | def __init__(self, task): method maps (line 415) | def maps(self): method maps (line 422) | def maps(self, value): method reg (line 437) | def reg(self): method reg (line 444) | def reg(self, value): method stack (line 454) | def stack(self): method stack (line 462) | def stack(self, value): method threads (line 474) | def threads(self): method threads (line 482) | def threads(self, value): method _find_thread_registers (line 492) | def _find_thread_registers(self): method get_stack_value (line 503) | def get_stack_value(self, address): method get_stack_index (line 511) | def get_stack_index(self, address): method _generate_thread_stack_list (line 519) | def _generate_thread_stack_list(self): method _calculate_stack_offset (line 539) | def _calculate_stack_offset(self): method annotate_addr_list (line 552) | def annotate_addr_list(self, l, offset=None, skip_zero=True): method is_stack_pointer (line 577) | def is_stack_pointer(self, addr): method is_thread_stack_pointer (line 585) | def is_thread_stack_pointer(self, addr): method is_heap_pointer (line 597) | def is_heap_pointer(self, addr): method is_constant_pointer (line 605) | def is_constant_pointer(self, addr): method is_program_code_pointer (line 613) | def is_program_code_pointer(self, addr): method is_library_code_pointer (line 621) | def is_library_code_pointer(self, addr): method is_code_pointer (line 629) | def is_code_pointer(self, addr): method is_data_pointer (line 640) | def is_data_pointer(self, addr): method is_pointer (line 648) | def is_pointer(self, addr, space=None): method get_map_by_name (line 663) | def get_map_by_name(self, name, permissions='r-x'): method get_unique_data_pointers (line 678) | def get_unique_data_pointers(self): method get_unique_pointers (line 685) | def get_unique_pointers(self, pointer_iter=None): method get_data_pointers (line 701) | def get_data_pointers(self): method get_pointers (line 708) | def get_pointers(self, cond=None, space=None): method get_data_pointers_from_heap (line 725) | def get_data_pointers_from_heap(self): method get_data_pointers_from_map (line 735) | def get_data_pointers_from_map(self, m): method get_data_pointers_from_threads (line 747) | def get_data_pointers_from_threads(self): method get_pointers_from_stack (line 755) | def get_pointers_from_stack(self): method get_pointer_type (line 762) | def get_pointer_type(self, addr): method annotated_stack (line 773) | def annotated_stack(self): FILE: volatility/plugins/linux/process_stack.py function yield_address (line 63) | def yield_address(space, start, length = None, reverse = False): function read_address (line 88) | def read_address(space, start, length = None): class linux_process_stack (line 100) | class linux_process_stack(linux_process_info.linux_process_info): method __init__ (line 105) | def __init__(self, config, *args, **kwargs): method load_symbols (line 126) | def load_symbols(self, dir): method calculate (line 163) | def calculate(self): method analyze_stack (line 193) | def analyze_stack(self, process_info, task, thread_number): method find_oldschool_frames (line 355) | def find_oldschool_frames(self, p, proc_as, registers): method find_scanned_frames (line 399) | def find_scanned_frames(self, p, address, end): method find_entry_point (line 419) | def find_entry_point(self, proc_as, start_code): method validate_stack_frames (line 440) | def validate_stack_frames(self, frames): method is_return_address (line 459) | def is_return_address(self, address, process_info): method find_return_libc_start (line 479) | def find_return_libc_start(self, proc_as, start_stack, return_start): method find_return_main (line 496) | def find_return_main(self, proc_as, libc_start, libc_end, start_address): method find_locals_size (line 605) | def find_locals_size(self, proc_as, frames): method has_frame_pointer (line 624) | def has_frame_pointer(self, function_address, proc_as): method is_function_header (line 633) | def is_function_header(self, instructions): method find_function_symbol (line 641) | def find_function_symbol(self, task, address): method find_function_address (line 673) | def find_function_address(self, proc_as, ret_addr): method calculate_annotations (line 729) | def calculate_annotations(self, frames): method render_text (line 757) | def render_text(self, outfd, data): method write_annotated_stack (line 768) | def write_annotated_stack(self, f, stack_ann): class stack_frame (line 781) | class stack_frame(object): method __init__ (line 785) | def __init__(self, address, proc_as, frame_number): method function (line 795) | def function(self): method function (line 799) | def function(self, value): method ret (line 803) | def ret(self): method ret_address (line 809) | def ret_address(self): method ebp (line 813) | def ebp(self): method ebp_address (line 819) | def ebp_address(self): method arg_address (line 823) | def arg_address(self): method locals_end (line 827) | def locals_end(self): method get_locals (line 830) | def get_locals(self): method __repr__ (line 835) | def __repr__(self): FILE: volatility/plugins/linux/psaux.py class linux_psaux (line 31) | class linux_psaux(linux_pslist.linux_pslist): method unified_output (line 34) | def unified_output(self, data): method generator (line 41) | def generator(self, data): method render_text (line 45) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/psenv.py class linux_psenv (line 31) | class linux_psenv(linux_pslist.linux_pslist): method unified_output (line 33) | def unified_output(self, data): method generator (line 39) | def generator(self, data): method render_text (line 43) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/pslist.py class linux_pslist (line 33) | class linux_pslist(linux_common.AbstractLinuxCommand): method __init__ (line 36) | def __init__(self, config, *args, **kwargs): method virtual_process_from_physical_offset (line 43) | def virtual_process_from_physical_offset(addr_space, offset): method allprocs (line 54) | def allprocs(self): method calculate (line 64) | def calculate(self): method unified_output (line 75) | def unified_output(self, data): method _get_task_vals (line 85) | def _get_task_vals(self, task): method generator (line 117) | def generator(self, data): method render_text (line 129) | def render_text(self, outfd, data): class linux_memmap (line 150) | class linux_memmap(linux_pslist): method unified_output (line 153) | def unified_output(self, data): method generator (line 161) | def generator(self, data): method render_text (line 175) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/pslist_cache.py class linux_pslist_cache (line 30) | class linux_pslist_cache(linux_pslist.linux_pslist): method __init__ (line 33) | def __init__(self, config, *args, **kwargs): method calculate (line 40) | def calculate(self): FILE: volatility/plugins/linux/psscan.py class linux_psscan (line 39) | class linux_psscan(pslist.linux_pslist): method __init__ (line 42) | def __init__(self, config, *args, **kwargs): method calculate (line 46) | def calculate(self): FILE: volatility/plugins/linux/pstree.py class linux_pstree (line 29) | class linux_pstree(linux_pslist.linux_pslist): method __init__ (line 32) | def __init__(self, *args, **kwargs): method unified_output (line 36) | def unified_output(self, data): method generator (line 47) | def generator(self, data): method recurse_task (line 63) | def recurse_task(self,task,ppid,level,procs): method render_text (line 80) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/psxview.py class linux_psxview (line 42) | class linux_psxview(linux_common.AbstractLinuxCommand): method _get_pslist (line 45) | def _get_pslist(self): method _get_pid_hash (line 48) | def _get_pid_hash(self): method _get_kmem_cache (line 51) | def _get_kmem_cache(self): method _get_task_parents (line 54) | def _get_task_parents(self): method _get_thread_leaders (line 62) | def _get_thread_leaders(self): method _get_psscan (line 65) | def _get_psscan(self): method calculate (line 68) | def calculate(self): method unified_output (line 96) | def unified_output(self, data): method generator (line 108) | def generator(self, data): method render_text (line 120) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/recover_filesystem.py class linux_recover_filesystem (line 35) | class linux_recover_filesystem(linux_common.AbstractLinuxCommand): method __init__ (line 38) | def __init__(self, config, *args, **kwargs): method _fix_metadata (line 42) | def _fix_metadata(self, file_path, file_dentry): method _write_file (line 53) | def _write_file(self, ff, file_path, file_dentry): method _make_path (line 71) | def _make_path(self, file_path, file_dentry): method calculate (line 86) | def calculate(self): method render_text (line 105) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/route_cache.py class linux_route_cache (line 33) | class linux_route_cache(linux_common.AbstractLinuxCommand): method __init__ (line 36) | def __init__(self, config, *args, **kwargs): method calculate (line 41) | def calculate(self): method render_text (line 83) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/sk_buff_cache.py class linux_sk_buff_cache (line 32) | class linux_sk_buff_cache(linux_common.AbstractLinuxCommand): method __init__ (line 35) | def __init__(self, config, *args, **kwargs): method write_sk_buff (line 41) | def write_sk_buff(self, s): method walk_cache (line 58) | def walk_cache(self, cache_name): method calculate (line 68) | def calculate(self): method render_text (line 82) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/slab_info.py class kmem_cache (line 30) | class kmem_cache(obj.CType): method get_type (line 31) | def get_type(self): method get_name (line 34) | def get_name(self): class kmem_cache_slab (line 37) | class kmem_cache_slab(kmem_cache): method get_type (line 38) | def get_type(self): method _get_nodelist (line 43) | def _get_nodelist(self): method _get_free_list (line 56) | def _get_free_list(self): method _get_partial_list (line 63) | def _get_partial_list(self): method _get_full_list (line 69) | def _get_full_list(self): method _get_object (line 75) | def _get_object(self, offset): method __iter__ (line 81) | def __iter__(self): class LinuxKmemCacheOverlay (line 117) | class LinuxKmemCacheOverlay(obj.ProfileModification): method modification (line 121) | def modification(self, profile): class linux_slabinfo (line 126) | class linux_slabinfo(linux_common.AbstractLinuxCommand): method get_all_kmem_caches (line 129) | def get_all_kmem_caches(self): method get_kmem_cache (line 146) | def get_kmem_cache(self, cache_name, unalloc, struct_name = ""): method calculate (line 160) | def calculate(self): method render_text (line 193) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/threads.py class linux_threads (line 27) | class linux_threads(linux_pslist.linux_pslist): method unified_output (line 30) | def unified_output(self, data): method generator (line 44) | def generator(self, data): method get_addr_limit (line 64) | def get_addr_limit(self,thread, addrvar_offset = 8 ): method render_text (line 79) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/tmpfs.py class linux_tmpfs (line 33) | class linux_tmpfs(linux_common.AbstractLinuxCommand): method __init__ (line 36) | def __init__(self, config, *args, **kwargs): method fix_md (line 47) | def fix_md(self, new_file, perms, atime, mtime, isdir = 0): method process_directory (line 60) | def process_directory(self, dentry, _recursive = 0, parent = ""): method walk_sb (line 98) | def walk_sb(self, root_dentry): method get_tmpfs_sbs (line 108) | def get_tmpfs_sbs(self): method calculate (line 124) | def calculate(self): method render_text (line 154) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/tty_check.py class linux_check_tty (line 33) | class linux_check_tty(linux_common.AbstractLinuxCommand): method calculate (line 36) | def calculate(self): method unified_output (line 75) | def unified_output(self, data): method generator (line 81) | def generator(self, data): method render_text (line 85) | def render_text(self, outfd, data): FILE: volatility/plugins/linux/vma_cache.py class linux_vma_cache (line 31) | class linux_vma_cache(linux_common.AbstractLinuxCommand): method __init__ (line 34) | def __init__(self, config, *args, **kwargs): method calculate (line 41) | def calculate(self): method render_text (line 65) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/WKdm.py class WKdm (line 28) | class WKdm: method WK_pack_2bits (line 92) | def WK_pack_2bits(self, method WK_pack_4bits (line 127) | def WK_pack_4bits(self, method WK_pack_3_tenbits (line 155) | def WK_pack_3_tenbits(self, method WK_unpack_2bits (line 186) | def WK_unpack_2bits(self, method WK_unpack_4bits (line 218) | def WK_unpack_4bits(self, method WK_unpack_3_tenbits (line 245) | def WK_unpack_3_tenbits(self, method WKdm_compress (line 273) | def WKdm_compress(self, method WKdm_decompress (line 424) | def WKdm_decompress (self, function main (line 517) | def main(): FILE: volatility/plugins/mac/adiummsgs.py class mac_adium (line 35) | class mac_adium(pstasks.mac_tasks): method __init__ (line 38) | def __init__(self, config, *args, **kwargs): method _make_uni (line 43) | def _make_uni(self, msg): method calculate (line 49) | def calculate(self): method unified_output (line 116) | def unified_output(self, data): method generator (line 125) | def generator(self, data): method render_text (line 142) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/apihooks.py class mac_apihooks (line 35) | class mac_apihooks(pstasks.mac_tasks): method __init__ (line 38) | def __init__(self, config, *args, **kwargs): method _is_api_hooked (line 43) | def _is_api_hooked(self, sym_addr, proc_as): method _fill_mapping_cache (line 109) | def _fill_mapping_cache(self, proc): method _find_mapping (line 124) | def _find_mapping(self, proc, addr): method _find_mapping_proc_maps (line 139) | def _find_mapping_proc_maps(self, proc, addr): method calculate (line 148) | def calculate(self): method unified_output (line 205) | def unified_output(self, data): method generator (line 218) | def generator(self, data): method render_text (line 248) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/apihooks_kernel.py class mac_apihooks_kernel (line 33) | class mac_apihooks_kernel(common.AbstractMacCommand): method __init__ (line 36) | def __init__(self, config, *args, **kwargs): method getKextSymbols (line 45) | def getKextSymbols(self, kext_obj = None, kext_name = None, kext_addr ... method findKextWithAddress (line 134) | def findKextWithAddress(self, addr): method isCallReferenceModified (line 156) | def isCallReferenceModified(self, model, distorm_mode, func_addr, kern... method isPrologInlined (line 215) | def isPrologInlined(self, model, distorm_mode, func_addr): method outside_module (line 251) | def outside_module(self, addr, kernel_syms, kmods): method isInlined (line 256) | def isInlined(self, model, distorm_mode, func_addr, kernel_syms, kmods): method calculate (line 360) | def calculate(self): method unified_output (line 493) | def unified_output(self, data): method generator (line 504) | def generator(self, data): method render_text (line 540) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/arp.py class mac_arp (line 31) | class mac_arp(route.mac_route): method calculate (line 34) | def calculate(self): FILE: volatility/plugins/mac/bash.py class _mac_hist_entry (line 49) | class _mac_hist_entry(obj.CType): method is_valid (line 52) | def is_valid(self): method line (line 84) | def line(self): method time_as_integer (line 99) | def time_as_integer(self): method time_object (line 111) | def time_object(self): method line_ptr (line 119) | def line_ptr(self): method time_ptr (line 123) | def time_ptr(self): class bash64_hist_entry (line 127) | class bash64_hist_entry(_mac_hist_entry): method read_ptr (line 128) | def read_ptr(self, addr): class bash32_hist_entry (line 133) | class bash32_hist_entry(_mac_hist_entry): method read_ptr (line 134) | def read_ptr(self, addr): class MacBashTypes (line 139) | class MacBashTypes(obj.ProfileModification): method modification (line 142) | def modification(self, profile): class mac_bash (line 146) | class mac_bash(mac_tasks.mac_tasks): method __init__ (line 149) | def __init__(self, config, *args, **kwargs): method unified_output (line 153) | def unified_output(self, data): method generator (line 161) | def generator(self, data): method render_text (line 174) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/bash_env.py class mac_bash_env (line 37) | class mac_bash_env(mac_tasks.mac_tasks): method unified_output (line 40) | def unified_output(self, data): method generator (line 43) | def generator(self, data): method render_text (line 46) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/bash_hash.py class bash_funcs (line 83) | class bash_funcs(obj.CType): method __init__ (line 84) | def __init__(self, ptr_size, theType, offset, vm, name = None, **kwargs): method path (line 89) | def path(self): method next_bucket (line 104) | def next_bucket(self): method key (line 116) | def key(self): method data (line 134) | def data(self): method bucket_array (line 146) | def bucket_array(self): method read_ptr_32 (line 150) | def read_ptr_32(self, addr): method read_ptr_64 (line 155) | def read_ptr_64(self, addr): method read_ptr (line 160) | def read_ptr(self, addr): class mac64_bash_hash_table (line 168) | class mac64_bash_hash_table(bash_funcs): method __init__ (line 169) | def __init__(self, theType, offset, vm, name = None, **kwargs): method is_valid (line 172) | def is_valid(self): method __iter__ (line 181) | def __iter__(self): class mac32_bash_hash_table (line 195) | class mac32_bash_hash_table(bash_funcs): method __init__ (line 196) | def __init__(self, theType, offset, vm, name = None, **kwargs): method is_valid (line 199) | def is_valid(self): method __iter__ (line 208) | def __iter__(self): class mac64_pathdata (line 221) | class mac64_pathdata(bash_funcs): method __init__ (line 222) | def __init__(self, theType, offset, vm, name = None, **kwargs): class mac32_pathdata (line 225) | class mac32_pathdata(bash_funcs): method __init__ (line 226) | def __init__(self, theType, offset, vm, name = None, **kwargs): class mac64_bucket_contents (line 229) | class mac64_bucket_contents(bash_funcs): method __init__ (line 230) | def __init__(self, theType, offset, vm, name = None, **kwargs): class mac32_bucket_contents (line 233) | class mac32_bucket_contents(bash_funcs): method __init__ (line 234) | def __init__(self, theType, offset, vm, name = None, **kwargs): class MacBashHashTypes (line 237) | class MacBashHashTypes(obj.ProfileModification): method modification (line 240) | def modification(self, profile): class mac_bash_hash (line 252) | class mac_bash_hash(mac_pslist.mac_pslist): method __init__ (line 255) | def __init__(self, config, *args, **kwargs): method unified_output (line 259) | def unified_output(self, data): method generator (line 267) | def generator(self, data): method render_text (line 282) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/calendar.py class mac_calendar (line 27) | class mac_calendar(pstasks.mac_tasks): method calculate (line 30) | def calculate(self): method unified_output (line 102) | def unified_output(self, data): method generator (line 110) | def generator(self, data): method render_text (line 128) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/check_fop.py class mac_check_fop (line 32) | class mac_check_fop(common.AbstractMacCommand): method _walk_vfstbllist (line 35) | def _walk_vfstbllist(self, kaddr_info): method _walk_opv_desc (line 77) | def _walk_opv_desc(self, kaddr_info): method calculate (line 113) | def calculate(self): method render_text (line 124) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/check_mig_table.py class mac_check_mig_table (line 32) | class mac_check_mig_table(common.AbstractMacCommand): method calculate (line 35) | def calculate(self): method unified_output (line 68) | def unified_output(self, data): method generator (line 74) | def generator(self, data): method render_text (line 82) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/check_syscall_shadow.py class mac_check_syscall_shadow (line 38) | class mac_check_syscall_shadow(common.AbstractMacCommand): method shadowedSyscalls (line 42) | def shadowedSyscalls(self, model, distorm_mode, sysents_addr): method calculate (line 90) | def calculate(self): method unified_output (line 103) | def unified_output(self, data): method generator (line 109) | def generator(self, data): method render_text (line 117) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/check_syscall_table.py class mac_check_syscalls (line 32) | class mac_check_syscalls(common.AbstractMacCommand): method __init__ (line 35) | def __init__(self, config, *args, **kwargs): method _parse_handler_names (line 39) | def _parse_handler_names(self): method calculate (line 62) | def calculate(self): method unified_output (line 95) | def unified_output(self, data): method generator (line 103) | def generator(self, data): method render_text (line 117) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/check_sysctl.py class mac_check_sysctl (line 33) | class mac_check_sysctl(common.AbstractMacCommand): method _parse_global_variable_sysctls (line 37) | def _parse_global_variable_sysctls(self, name): method _process_sysctl_list (line 55) | def _process_sysctl_list(self, sysctl_list, r = 0): method calculate (line 95) | def calculate(self): method unified_output (line 117) | def unified_output(self, data): method generator (line 128) | def generator(self, data): method render_text (line 140) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/check_trap_table.py class mac_check_trap_table (line 32) | class mac_check_trap_table(common.AbstractMacCommand): method _set_vtypes (line 35) | def _set_vtypes(self): method calculate (line 79) | def calculate(self): method unified_output (line 106) | def unified_output(self, data): method generator (line 113) | def generator(self, data): method render_text (line 122) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/classes.py class mac_kernel_classes (line 32) | class mac_kernel_classes(common.AbstractMacCommand): method _struct_or_class (line 35) | def _struct_or_class(self, type_name): method calculate (line 47) | def calculate(self): method render_text (line 89) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/common.py function set_plugin_members (line 33) | def set_plugin_members(obj_ref): class AbstractMacCommand (line 36) | class AbstractMacCommand(commands.Command): method __init__ (line 37) | def __init__(self, *args, **kwargs): method profile (line 42) | def profile(self): method execute (line 47) | def execute(self, *args, **kwargs): method register_options (line 51) | def register_options(config): method is_valid_profile (line 55) | def is_valid_profile(profile): function is_in_kernel_or_module (line 58) | def is_in_kernel_or_module(handler, ktext_start, ktext_end, kmods): function get_handler_name (line 76) | def get_handler_name(kaddr_info, handler): function is_known_address_name (line 98) | def is_known_address_name(handler, kernel_symbol_addresses, kmods): function is_64bit_capable (line 116) | def is_64bit_capable(addr_space): function get_kernel_function_addrs (line 133) | def get_kernel_function_addrs(obj_ref): function get_kernel_addrs_start_end (line 143) | def get_kernel_addrs_start_end(obj_ref): function get_handler_name_addrs (line 164) | def get_handler_name_addrs(obj_ref): function get_kernel_addrs (line 187) | def get_kernel_addrs(obj_ref): function get_string (line 200) | def get_string(addr, addr_space, maxlen = 256): function get_cpp_sym (line 213) | def get_cpp_sym(name, profile): function write_vnode_to_file (line 220) | def write_vnode_to_file(vnode, file_path): function write_macho_file (line 233) | def write_macho_file(out_dir, proc, exe_address): FILE: volatility/plugins/mac/compressed_swap.py class mac_compressed_swap (line 34) | class mac_compressed_swap(common.AbstractMacCommand): method __init__ (line 37) | def __init__(self, config, *args, **kwargs): method calculate (line 62) | def calculate(self): method render_text (line 204) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/contacts.py class mac_contacts (line 26) | class mac_contacts(pstasks.mac_tasks): method calculate (line 29) | def calculate(self): method unified_output (line 58) | def unified_output(self, data): method generator (line 63) | def generator(self, data): method render_text (line 73) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/dead_procs.py class mac_dead_procs (line 32) | class mac_dead_procs(pslist.mac_pslist): method calculate (line 35) | def calculate(self): FILE: volatility/plugins/mac/dead_sockets.py class mac_dead_sockets (line 32) | class mac_dead_sockets(netstat.mac_netstat): method calculate (line 35) | def calculate(self): method render_text (line 47) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/dead_vnodes.py class mac_dead_vnodes (line 32) | class mac_dead_vnodes(pslist.mac_pslist): method calculate (line 35) | def calculate(self): method render_text (line 47) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/devfs.py class mac_devfs (line 31) | class mac_devfs(common.AbstractMacCommand): method calculate (line 34) | def calculate(self): method render_text (line 76) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/dlyd_maps.py class mac_dyld_maps (line 33) | class mac_dyld_maps(pstasks.mac_tasks): method unified_output (line 36) | def unified_output(self, data): method generator (line 45) | def generator(self, data): method render_text (line 55) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/dmesg.py class mac_dmesg (line 30) | class mac_dmesg(common.AbstractMacCommand): method calculate (line 33) | def calculate(self): method render_text (line 60) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/dump_files.py class mac_dump_file (line 32) | class mac_dump_file(common.AbstractMacCommand): method __init__ (line 35) | def __init__(self, config, *args, **kwargs): method calculate (line 40) | def calculate(self): method render_text (line 58) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/dump_map.py class mac_dump_maps (line 34) | class mac_dump_maps(pstasks.mac_tasks): method __init__ (line 37) | def __init__(self, config, *args, **kwargs): method render_text (line 47) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/find_aslr_shift.py class mac_find_aslr_shift (line 30) | class mac_find_aslr_shift(common.AbstractMacCommand): method calculate (line 33) | def calculate(self): method render_text (line 38) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/get_profile.py class catfishScan (line 189) | class catfishScan(scan.BaseScanner): method __init__ (line 193) | def __init__(self, needles = None): method scan (line 198) | def scan(self, address_space, offset = 0, maxlen = None): class mac_get_profile (line 203) | class mac_get_profile(common.AbstractMacCommand): method check_address (line 207) | def check_address(profile, ver_addr, aspace): method guess_profile (line 236) | def guess_profile(aspace): method calculate (line 270) | def calculate(self): method unified_output (line 280) | def unified_output(self, data): method generator (line 285) | def generator(self, data): method render_text (line 292) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/gkextmap.py class mac_lsmod_kext_map (line 31) | class mac_lsmod_kext_map(lsmod.mac_lsmod): method calculate (line 34) | def calculate(self): FILE: volatility/plugins/mac/ifconfig.py class mac_ifconfig (line 30) | class mac_ifconfig(common.AbstractMacCommand): method calculate (line 33) | def calculate(self): method render_text (line 68) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/interest_handlers.py class mac_interest_handlers (line 34) | class mac_interest_handlers(common.AbstractMacCommand): method _struct_or_class (line 37) | def _struct_or_class(self, type_name): method parse_properties (line 49) | def parse_properties(self, fdict): method walk_reg_entry (line 69) | def walk_reg_entry(self, reg_addr): method walk_child_links (line 156) | def walk_child_links(self, addr): method calculate (line 168) | def calculate(self): method render_text (line 180) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/ip_filters.py class mac_ip_filters (line 34) | class mac_ip_filters(lsmod.mac_lsmod): method check_filter (line 37) | def check_filter(self, context, fname, ptr, kernel_symbol_addresses, k... method calculate (line 46) | def calculate(self): method unified_output (line 70) | def unified_output(self, data): method generator (line 77) | def generator(self, data): method render_text (line 89) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/kevents.py class mac_kevents (line 30) | class mac_kevents(common.AbstractMacCommand): method _walk_karray (line 33) | def _walk_karray(self, address, count): method calculate (line 44) | def calculate(self): method _get_flags (line 71) | def _get_flags(self, fflags, filters): method render_text (line 84) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/keychaindump.py class mac_keychaindump (line 34) | class mac_keychaindump(pstasks.mac_tasks): method calculate (line 37) | def calculate(self): method unified_output (line 68) | def unified_output(self, data): method generator (line 72) | def generator(self, data): method render_text (line 81) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/ldrmodules.py class mac_ldrmodules (line 34) | class mac_ldrmodules(mac_pslist.mac_pslist): method calculate (line 37) | def calculate(self): method unified_output (line 81) | def unified_output(self, data): method generator (line 90) | def generator(self, data): method render_text (line 111) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/librarydump.py class mac_librarydump (line 36) | class mac_librarydump(mac_tasks.mac_tasks): method __init__ (line 39) | def __init__(self, config, *args, **kwargs): method unified_output (line 44) | def unified_output(self, data): method generator (line 54) | def generator(self, data): method render_text (line 74) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/list_files.py class mac_list_files (line 32) | class mac_list_files(common.AbstractMacCommand): method __init__ (line 35) | def __init__(self, config, *args, **kwargs): method walk_vnodelist (line 45) | def walk_vnodelist(listhead, loop_vnodes): method list_files (line 62) | def list_files(config): method calculate (line 213) | def calculate(self): method render_text (line 220) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/list_kauth_listeners.py class mac_list_kauth_listeners (line 35) | class mac_list_kauth_listeners(kauth_scopes.mac_list_kauth_scopes): method unified_output (line 38) | def unified_output(self, data): method generator (line 49) | def generator(self, data): method render_text (line 68) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/list_kauth_scopes.py class mac_list_kauth_scopes (line 33) | class mac_list_kauth_scopes(common.AbstractMacCommand): method calculate (line 36) | def calculate(self): method unified_output (line 47) | def unified_output(self, data): method generator (line 59) | def generator(self, data): method render_text (line 76) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/list_raw.py class mac_list_raw (line 36) | class mac_list_raw(mac_common.AbstractMacCommand): method __init__ (line 39) | def __init__(self, config, *args, **kwargs): method _fill_cache (line 43) | def _fill_cache(self): method calculate (line 51) | def calculate(self): method unified_output (line 71) | def unified_output(self, data): method generator (line 78) | def generator(self, data): method render_text (line 87) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/list_zones.py class mac_list_zones (line 31) | class mac_list_zones(common.AbstractMacCommand): method calculate (line 34) | def calculate(self): method unified_output (line 53) | def unified_output(self, data): method generator (line 60) | def generator(self, data): method render_text (line 76) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/lsmod.py class mac_lsmod (line 32) | class mac_lsmod(common.AbstractMacCommand): method __init__ (line 35) | def __init__(self, config, *args, **kwargs): method calculate (line 40) | def calculate(self): method unified_output (line 68) | def unified_output(self, data): method generator (line 76) | def generator(self, data): method render_text (line 87) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/lsmod_iokit.py class mac_lsmod_iokit (line 33) | class mac_lsmod_iokit(common.AbstractMacCommand): method _struct_or_class (line 36) | def _struct_or_class(self, type_name): method calculate (line 49) | def calculate(self): method unified_output (line 68) | def unified_output(self, data): method generator (line 78) | def generator(self, data): method render_text (line 95) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/lsof.py class mac_lsof (line 32) | class mac_lsof(pstasks.mac_tasks): method unified_output (line 35) | def unified_output(self, data): method generator (line 41) | def generator(self, data): method render_text (line 51) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/mac_strings.py class mac_strings (line 25) | class mac_strings(strings.Strings, mac_common.AbstractMacCommand): method is_valid_profile (line 29) | def is_valid_profile(profile): method get_processes (line 32) | def get_processes(self, addr_space): method get_modules (line 52) | def get_modules(cls, addr_space): method find_module (line 69) | def find_module(cls, modlist, mod_addrs, addr_space, vpage): method get_module_name (line 93) | def get_module_name(cls, module): method get_task_pid (line 104) | def get_task_pid(cls, task): FILE: volatility/plugins/mac/mac_volshell.py class mac_volshell (line 25) | class mac_volshell(volshell.volshell): method is_valid_profile (line 29) | def is_valid_profile(profile): method modules (line 32) | def modules(self): method getpidlist (line 38) | def getpidlist(self): method ps (line 41) | def ps(self, procs = None): method context_display (line 46) | def context_display(self): method set_context (line 51) | def set_context(self, offset = None, pid = None, name = None, physical... FILE: volatility/plugins/mac/mac_yarascan.py class MapYaraScanner (line 34) | class MapYaraScanner(malfind.BaseYaraScanner): method __init__ (line 37) | def __init__(self, task = None, **kwargs): method scan (line 46) | def scan(self, offset = 0, maxlen = None, max_size = None): class mac_yarascan (line 55) | class mac_yarascan(malfind.YaraScan): method __init__ (line 58) | def __init__(self, config, *args, **kwargs): method is_valid_profile (line 63) | def is_valid_profile(profile): method filter_tasks (line 66) | def filter_tasks(self): method calculate (line 93) | def calculate(self): method render_text (line 134) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/machine_info.py class mac_machine_info (line 30) | class mac_machine_info(common.AbstractMacCommand): method calculate (line 33) | def calculate(self): method render_text (line 40) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/malfind.py class mac_malfind (line 34) | class mac_malfind(mac_pstasks.mac_tasks): method render_text (line 37) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/memdump.py class mac_memdump (line 24) | class mac_memdump(pstasks.mac_tasks): method __init__ (line 27) | def __init__(self, config, *args, **kwargs): method render_text (line 31) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/moddump.py class mac_moddump (line 34) | class mac_moddump(common.AbstractMacCommand): method __init__ (line 37) | def __init__(self, config, *args, **kwargs): method calculate (line 44) | def calculate(self): method unified_output (line 73) | def unified_output(self, data): method generator (line 82) | def generator(self, data): method render_text (line 98) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/mount.py class mac_mount (line 31) | class mac_mount(common.AbstractMacCommand): method calculate (line 34) | def calculate(self): method unified_output (line 45) | def unified_output(self, data): method generator (line 53) | def generator(self, data): method render_text (line 61) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/netconns.py class mac_network_conns (line 32) | class mac_network_conns(common.AbstractMacCommand): method _walk_pcb_hash (line 36) | def _walk_pcb_hash(self, proto_pcbinfo): method _walk_pcb_list (line 52) | def _walk_pcb_list(self, proto_pcbinfo): method _walk_pcb_entries (line 59) | def _walk_pcb_entries(self, inpcbinfo_addr): method calculate (line 74) | def calculate(self): method unified_output (line 93) | def unified_output(self, data): method generator (line 103) | def generator(self, data): method render_text (line 115) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/netstat.py class mac_netstat (line 31) | class mac_netstat(mac_tasks.mac_tasks): method unified_output (line 34) | def unified_output(self, data): method generator (line 46) | def generator(self, data): method render_text (line 76) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/notesapp.py class mac_notesapp (line 36) | class mac_notesapp(pstasks.mac_tasks): method __init__ (line 39) | def __init__(self, config, *args, **kwargs): method calculate (line 43) | def calculate(self): method unified_output (line 83) | def unified_output(self, data): method generator (line 96) | def generator(self, data): method render_text (line 113) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/notifiers.py class mac_notifiers (line 33) | class mac_notifiers(lsmod.mac_lsmod): method _struct_or_class (line 36) | def _struct_or_class(self, type_name): method calculate (line 48) | def calculate(self): method get_matching (line 108) | def get_matching(self, notifier): method unified_output (line 129) | def unified_output(self, data): method generator (line 137) | def generator(self, data): method render_text (line 153) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/orphan_threads.py class mac_orphan_threads (line 33) | class mac_orphan_threads(pstasks.mac_tasks): method unified_output (line 36) | def unified_output(self, data): method generator (line 47) | def generator(self, data): method render_text (line 94) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/pgrp_hash_table.py class mac_pgrp_hash_table (line 31) | class mac_pgrp_hash_table(pslist.mac_pslist): method calculate (line 34) | def calculate(self): FILE: volatility/plugins/mac/pid_hash_table.py class mac_pid_hash_table (line 31) | class mac_pid_hash_table(pslist.mac_pslist): method calculate (line 34) | def calculate(self): FILE: volatility/plugins/mac/print_boot_cmdline.py class mac_print_boot_cmdline (line 32) | class mac_print_boot_cmdline(common.AbstractMacCommand): method calculate (line 35) | def calculate(self): method unified_output (line 44) | def unified_output(self, data): method generator (line 48) | def generator(self, data): method render_text (line 52) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/proc_maps.py class mac_proc_maps (line 33) | class mac_proc_maps(pstasks.mac_tasks): method calculate (line 36) | def calculate(self): method unified_output (line 45) | def unified_output(self, data): method generator (line 54) | def generator(self, data): method render_text (line 70) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/procdump.py class mac_procdump (line 35) | class mac_procdump(mac_tasks.mac_tasks): method __init__ (line 38) | def __init__(self, config, *args, **kwargs): method unified_output (line 42) | def unified_output(self, data): method generator (line 52) | def generator(self, data): method render_text (line 65) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/psaux.py class mac_psaux (line 31) | class mac_psaux(pstasks.mac_tasks): method unified_output (line 34) | def unified_output(self, data): method generator (line 44) | def generator(self, data): method render_text (line 56) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/psenv.py class mac_psenv (line 30) | class mac_psenv(pstasks.mac_tasks): method unified_output (line 33) | def unified_output(self, data): method generator (line 40) | def generator(self, data): method render_text (line 49) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/pslist.py class mac_pslist (line 33) | class mac_pslist(common.AbstractMacCommand): method __init__ (line 36) | def __init__(self, config, *args, **kwargs): method virtual_process_from_physical_offset (line 42) | def virtual_process_from_physical_offset(addr_space, offset): method allprocs (line 49) | def allprocs(self): method calculate (line 68) | def calculate(self): method unified_output (line 92) | def unified_output(self, data): method generator (line 104) | def generator(self, data): method render_text (line 125) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/pstasks.py class mac_tasks (line 30) | class mac_tasks(pslist.mac_pslist): method __init__ (line 32) | def __init__(self, config, *args, **kwargs): method allprocs (line 35) | def allprocs(self): FILE: volatility/plugins/mac/pstree.py class mac_pstree (line 29) | class mac_pstree(pstasks.mac_tasks): method render_text (line 32) | def render_text(self, outfd, data): method _recurse_task (line 45) | def _recurse_task(self, outfd, proc, level): FILE: volatility/plugins/mac/psxview.py class mac_psxview (line 32) | class mac_psxview(common.AbstractMacCommand): method _get_pslist (line 35) | def _get_pslist(self): method _get_parent_pointers (line 38) | def _get_parent_pointers(self): method _get_pid_hash_table (line 41) | def _get_pid_hash_table(self): method _get_pgrp_hash_table (line 44) | def _get_pgrp_hash_table(self): method _get_session_hash_table (line 47) | def _get_session_hash_table(self): method _get_procs_from_tasks (line 50) | def _get_procs_from_tasks(self): method calculate (line 53) | def calculate(self): method unified_output (line 75) | def unified_output(self, data): method generator (line 87) | def generator(self, data): method render_text (line 103) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/recover_filesystem.py class mac_recover_filesystem (line 36) | class mac_recover_filesystem(mac_common.AbstractMacCommand): method __init__ (line 39) | def __init__(self, config, *args, **kwargs): method _fix_metadata (line 43) | def _fix_metadata(self, vnode, path): method _write_file (line 58) | def _write_file(self, vnode, out_path): method _make_path (line 80) | def _make_path(self, vnode, file_path): method calculate (line 97) | def calculate(self): method render_text (line 115) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/route.py class mac_route (line 31) | class mac_route(common.AbstractMacCommand): method _get_table (line 34) | def _get_table(self, tbl): method calculate (line 91) | def calculate(self): method unified_output (line 107) | def unified_output(self, data): method generator (line 118) | def generator(self, data): method render_text (line 131) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/session_hash_table.py class mac_list_sessions (line 32) | class mac_list_sessions(pslist.mac_pslist): method calculate (line 35) | def calculate(self): method unified_output (line 52) | def unified_output(self, data): method generator (line 58) | def generator(self, data): method render_text (line 72) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/socket_filters.py class mac_socket_filters (line 33) | class mac_socket_filters(lsmod.mac_lsmod): method calculate (line 36) | def calculate(self): method unified_output (line 73) | def unified_output(self, data): method generator (line 83) | def generator(self, data): method render_text (line 99) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/threads.py class queue_entry (line 85) | class queue_entry(obj.CType): method thread_walk_list (line 87) | def thread_walk_list(self, list_head): method walk_list (line 97) | def walk_list(self, list_head): class MacObjectClasses2 (line 107) | class MacObjectClasses2(obj.ProfileModification): method modification (line 112) | def modification(self, profile): class MacObjectClasses4 (line 117) | class MacObjectClasses4(obj.ProfileModification): method modification (line 122) | def modification(self, profile): class mac_threads (line 191) | class mac_threads(mac_tasks.mac_tasks): method get_active_threads (line 194) | def get_active_threads(self): method is_thread_active (line 204) | def is_thread_active(self, thread, active_threads): method get_stack_map (line 210) | def get_stack_map(self, proc, proc_threads, bit_string): method get_thread_registers (line 262) | def get_thread_registers(self, thread, bit_string): method calculate (line 300) | def calculate(self): method unified_output (line 370) | def unified_output(self, data): method generator (line 387) | def generator(self, data): method render_text (line 409) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/threads_simple.py class mac_threads_simple (line 33) | class mac_threads_simple(pstasks.mac_tasks): method unified_output (line 36) | def unified_output(self, data): method generator (line 47) | def generator(self, data): method render_text (line 71) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/timers.py class mac_timers (line 29) | class mac_timers(common.AbstractMacCommand): method calculate (line 32) | def calculate(self): method render_text (line 77) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/trustedbsd.py class mac_trustedbsd (line 35) | class mac_trustedbsd(mac_lsmod): method get_members (line 38) | def get_members(self): method calculate (line 42) | def calculate(self): method unified_output (line 75) | def unified_output(self, data): method generator (line 83) | def generator(self, data): method render_text (line 97) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/version.py class mac_version (line 30) | class mac_version(common.AbstractMacCommand): method calculate (line 33) | def calculate(self): method render_text (line 37) | def render_text(self, outfd, data): FILE: volatility/plugins/mac/vfsevents.py class mac_vfsevents (line 30) | class mac_vfsevents(common.AbstractMacCommand): method calculate (line 33) | def calculate(self): method render_text (line 69) | def render_text(self, outfd, data): FILE: volatility/plugins/machoinfo.py class MachOInfo (line 22) | class MachOInfo(crashinfo.CrashInfo): method render_text (line 27) | def render_text(self, outfd, data): FILE: volatility/plugins/malware/apihooks.py class MalwareWSPVTypes (line 107) | class MalwareWSPVTypes(obj.ProfileModification): method modification (line 111) | def modification(self, profile): class ModuleGroup (line 121) | class ModuleGroup(object): method __init__ (line 124) | def __init__(self, mod_list): method find_module (line 142) | def find_module(self, address): class Hook (line 162) | class Hook(object): method __init__ (line 166) | def __init__(self, hook_type, hook_mode, function_name, method add_hop_chunk (line 204) | def add_hop_chunk(self, address, data): method _module_name (line 208) | def _module_name(self, module): method Type (line 223) | def Type(self): method Mode (line 228) | def Mode(self): method Function (line 236) | def Function(self): method Detail (line 241) | def Detail(self): method HookModule (line 253) | def HookModule(self): method VictimModule (line 258) | def VictimModule(self): class ApiHooks (line 332) | class ApiHooks(procdump.ProcDump): method __init__ (line 335) | def __init__(self, config, *args, **kwargs): method compile (line 379) | def compile(self): method whitelist (line 399) | def whitelist(self, rule_key, process, src_mod, dst_mod, function): method check_syscall (line 432) | def check_syscall(addr_space, module, module_group): method check_ucpcall (line 528) | def check_ucpcall(self, addr_space, module, module_group): method check_wsp (line 605) | def check_wsp(self, addr_space, module, module_group): method check_inline (line 703) | def check_inline(va, addr_space, mem_start, mem_end, mode = distorm3.D... method gather_stuff (line 846) | def gather_stuff(self, _addr_space, module): method get_hooks (line 865) | def get_hooks(self, hook_mode, addr_space, module, module_group): method calculate (line 1018) | def calculate(self): method unified_output (line 1088) | def unified_output(self, data): method generator (line 1103) | def generator(self, data): method render_text (line 1137) | def render_text(self, outfd, data): FILE: volatility/plugins/malware/callbacks.py class _SHUTDOWN_PACKET (line 147) | class _SHUTDOWN_PACKET(obj.CType): method is_valid (line 150) | def is_valid(self): class CallbackMods (line 180) | class CallbackMods(obj.ProfileModification): method modification (line 183) | def modification(self, profile): class AbstractCallbackScanner (line 196) | class AbstractCallbackScanner(poolscan.PoolScanner): class PoolScanFSCallback (line 199) | class PoolScanFSCallback(AbstractCallbackScanner): method __init__ (line 202) | def __init__(self, address_space): class PoolScanShutdownCallback (line 218) | class PoolScanShutdownCallback(AbstractCallbackScanner): method __init__ (line 221) | def __init__(self, address_space): class PoolScanGenericCallback (line 237) | class PoolScanGenericCallback(AbstractCallbackScanner): method __init__ (line 240) | def __init__(self, address_space): class PoolScanDbgPrintCallback (line 257) | class PoolScanDbgPrintCallback(AbstractCallbackScanner): method __init__ (line 260) | def __init__(self, address_space): class PoolScanRegistryCallback (line 271) | class PoolScanRegistryCallback(AbstractCallbackScanner): method __init__ (line 274) | def __init__(self, address_space): class PoolScanPnp9 (line 285) | class PoolScanPnp9(AbstractCallbackScanner): method __init__ (line 288) | def __init__(self, address_space): class PoolScanPnpD (line 300) | class PoolScanPnpD(AbstractCallbackScanner): method __init__ (line 303) | def __init__(self, address_space): class PoolScanPnpC (line 314) | class PoolScanPnpC(AbstractCallbackScanner): method __init__ (line 317) | def __init__(self, address_space): class Callbacks (line 332) | class Callbacks(common.AbstractScanCommand): method get_kernel_callbacks (line 338) | def get_kernel_callbacks(nt_mod): method get_bugcheck_callbacks (line 414) | def get_bugcheck_callbacks(addr_space): method get_registry_callbacks_legacy (line 429) | def get_registry_callbacks_legacy(nt_mod): method get_bugcheck_reason_callbacks (line 486) | def get_bugcheck_reason_callbacks(nt_mod): method calculate (line 536) | def calculate(self): method unified_output (line 607) | def unified_output(self, data): method generator (line 614) | def generator(self, data): method render_text (line 630) | def render_text(self, outfd, data): FILE: volatility/plugins/malware/cmdhistory.py class _CONSOLE_INFORMATION (line 341) | class _CONSOLE_INFORMATION(obj.CType): method get_histories (line 344) | def get_histories(self): method get_exe_aliases (line 348) | def get_exe_aliases(self): method get_processes (line 362) | def get_processes(self): method get_screens (line 376) | def get_screens(self): class _CONSOLE_PROCESS (line 398) | class _CONSOLE_PROCESS(obj.CType): method reference_object_by_handle (line 401) | def reference_object_by_handle(self): class _SCREEN_INFORMATION (line 415) | class _SCREEN_INFORMATION(obj.CType): method get_buffer (line 418) | def get_buffer(self, truncate = True): class _EXE_ALIAS_LIST (line 459) | class _EXE_ALIAS_LIST(obj.CType): method get_aliases (line 462) | def get_aliases(self): class _COMMAND_HISTORY (line 468) | class _COMMAND_HISTORY(obj.CType): method is_valid (line 471) | def is_valid(self, max_history = MAX_HISTORY_DEFAULT): #pylint: disabl... method get_commands (line 511) | def get_commands(self): class CmdHistoryVTypesx86 (line 527) | class CmdHistoryVTypesx86(obj.ProfileModification): method check (line 533) | def check(self, profile): method modification (line 539) | def modification(self, profile): class CmdHistoryVTypesx64 (line 542) | class CmdHistoryVTypesx64(obj.ProfileModification): method check (line 548) | def check(self, profile): method modification (line 554) | def modification(self, profile): class CmdHistoryVTypesWin7x86 (line 557) | class CmdHistoryVTypesWin7x86(obj.ProfileModification): method modification (line 566) | def modification(self, profile): class CmdHistoryVTypesWin7x64 (line 569) | class CmdHistoryVTypesWin7x64(obj.ProfileModification): method modification (line 578) | def modification(self, profile): class CmdHistoryObjectClasses (line 581) | class CmdHistoryObjectClasses(obj.ProfileModification): method modification (line 588) | def modification(self, profile): class CmdScan (line 601) | class CmdScan(common.AbstractWindowsCommand): method __init__ (line 604) | def __init__(self, config, *args, **kwargs): method cmdhistory_process_filter (line 611) | def cmdhistory_process_filter(self, addr_space): method calculate (line 632) | def calculate(self): method unified_output (line 658) | def unified_output(self, data): method generator (line 675) | def generator(self, data): method render_text (line 711) | def render_text(self, outfd, data): class Consoles (line 747) | class Consoles(CmdScan): method __init__ (line 750) | def __init__(self, config, *args, **kwargs): method calculate (line 757) | def calculate(self): method unified_output (line 786) | def unified_output(self, data): method _get_values (line 819) | def _get_values(self, task, console, process=None, console_proc=None, method generator (line 921) | def generator(self, data): method render_text (line 963) | def render_text(self, outfd, data): FILE: volatility/plugins/malware/devicetree.py class _DRIVER_OBJECT (line 130) | class _DRIVER_OBJECT(obj.CType, windows.ExecutiveObjectMixin): method devices (line 133) | def devices(self): method is_valid (line 141) | def is_valid(self): class _DEVICE_OBJECT (line 145) | class _DEVICE_OBJECT(obj.CType, windows.ExecutiveObjectMixin): method attached_devices (line 148) | def attached_devices(self): class MalwareDrivers (line 160) | class MalwareDrivers(obj.ProfileModification): method modification (line 163) | def modification(self, profile): class DeviceTree (line 173) | class DeviceTree(filescan.DriverScan): method render_text (line 176) | def render_text(self, outfd, data): class DriverIrp (line 224) | class DriverIrp(filescan.DriverScan): method __init__ (line 227) | def __init__(self, config, *args, **kwargs): method render_text (line 233) | def render_text(self, outfd, data): FILE: volatility/plugins/malware/idt.py class _KIDTENTRY (line 75) | class _KIDTENTRY(obj.CType): method Address (line 79) | def Address(self): class _KGDTENTRY (line 87) | class _KGDTENTRY(obj.CType): method Type (line 91) | def Type(self): method Base (line 103) | def Base(self): method Limit (line 109) | def Limit(self): method CallGate (line 120) | def CallGate(self): method Present (line 125) | def Present(self): method Granularity (line 130) | def Granularity(self): method Dpl (line 136) | def Dpl(self): class MalwareIDTGDTx86 (line 144) | class MalwareIDTGDTx86(obj.ProfileModification): method modification (line 148) | def modification(self, profile): class GDT (line 168) | class GDT(common.AbstractWindowsCommand): method is_valid_profile (line 172) | def is_valid_profile(profile): method calculate (line 176) | def calculate(self): method unified_output (line 189) | def unified_output(self, data): method generator (line 201) | def generator(self, data): method render_text (line 237) | def render_text(self, outfd, data): class IDT (line 289) | class IDT(common.AbstractWindowsCommand): method is_valid_profile (line 293) | def is_valid_profile(profile): method get_section_name (line 298) | def get_section_name(mod, addr): method calculate (line 322) | def calculate(self): method unified_output (line 351) | def unified_output(self, data): method generator (line 361) | def generator(self, data): method render_text (line 383) | def render_text(self, outfd, data): FILE: volatility/plugins/malware/impscan.py class ImpScan (line 37) | class ImpScan(common.AbstractWindowsCommand): method __init__ (line 40) | def __init__(self, config, *args, **kwargs): method enum_apis (line 82) | def enum_apis(all_mods): method _call_or_unc_jmp (line 105) | def _call_or_unc_jmp(self, op): method _vicinity_scan (line 116) | def _vicinity_scan(self, addr_space, calls_imported, method _original_import (line 183) | def _original_import(self, mod_name, func_name): method call_scan (line 196) | def call_scan(self, addr_space, base_address, data, is_wow64 = False): method calculate (line 262) | def calculate(self): method unified_output (line 382) | def unified_output(self, data): method generator (line 389) | def generator(self, data): method render_text (line 400) | def render_text(self, outfd, data): method render_idc (line 420) | def render_idc(self, outfd, data): FILE: volatility/plugins/malware/malfind.py function Disassemble (line 53) | def Disassemble(data, start, bits = '32bit', stoponret = False): class BaseYaraScanner (line 87) | class BaseYaraScanner(object): method __init__ (line 91) | def __init__(self, address_space = None, rules = None): method scan (line 95) | def scan(self, offset, maxlen): class VadYaraScanner (line 120) | class VadYaraScanner(BaseYaraScanner): method __init__ (line 123) | def __init__(self, task = None, **kwargs): method scan (line 132) | def scan(self, offset = 0, maxlen = None): class DiscontigYaraScanner (line 145) | class DiscontigYaraScanner(BaseYaraScanner): method scan (line 148) | def scan(self, start_offset = 0, maxlen = None): class YaraScan (line 182) | class YaraScan(taskmods.DllList): method __init__ (line 185) | def __init__(self, config, *args, **kwargs): method _compile_rules (line 211) | def _compile_rules(self): method _scan_process_memory (line 243) | def _scan_process_memory(self, addr_space, rules): method _scan_kernel_memory (line 249) | def _scan_kernel_memory(self, addr_space, rules): method calculate (line 287) | def calculate(self): method unified_output (line 308) | def unified_output(self, data): method generator (line 315) | def generator(self, data): method render_text (line 338) | def render_text(self, outfd, data): class Malfind (line 373) | class Malfind(vadinfo.VADDump): method __init__ (line 376) | def __init__(self, config, *args, **kwargs): method _is_vad_empty (line 390) | def _is_vad_empty(self, vad, address_space): method unified_output (line 415) | def unified_output(self, data): method generator (line 425) | def generator(self, data): method render_text (line 454) | def render_text(self, outfd, data): class LdrModules (line 523) | class LdrModules(taskmods.DllList): method unified_output (line 526) | def unified_output(self, data): method generator (line 549) | def generator(self, data): method render_text (line 605) | def render_text(self, outfd, data): FILE: volatility/plugins/malware/psxview.py class _PSP_CID_TABLE (line 51) | class _PSP_CID_TABLE(windows._HANDLE_TABLE): #pylint: disable-msg=W0212 method get_item (line 54) | def get_item(self, entry, handle_value = 0): class MalwarePspCid (line 69) | class MalwarePspCid(obj.ProfileModification): method modification (line 73) | def modification(self, profile): class PsXview (line 87) | class PsXview(common.AbstractWindowsCommand, sessions.SessionsMixin): method __init__ (line 90) | def __init__(self, config, *args): method get_file_offset (line 98) | def get_file_offset(process): method check_pslist (line 121) | def check_pslist(self, all_tasks): method check_psscan (line 125) | def check_psscan(self): method check_thrdproc (line 130) | def check_thrdproc(self, _addr_space): method check_sessions (line 151) | def check_sessions(self, addr_space): method check_desktop_thread (line 161) | def check_desktop_thread(self, addr_space): method check_pspcid (line 175) | def check_pspcid(self, addr_space): method check_csrss_handles (line 191) | def check_csrss_handles(self, all_tasks): method calculate (line 205) | def calculate(self): method render_xlsx (line 235) | def render_xlsx(self, outfd, data): method unified_output (line 362) | def unified_output(self, data): method generator (line 376) | def generator(self, data): method render_text (line 426) | def render_text(self, outfd, data): FILE: volatility/plugins/malware/servicediff.py class ServiceDiff (line 30) | class ServiceDiff(svcscan.SvcScan): method is_valid_profile (line 34) | def is_valid_profile(profile): method services_from_registry (line 39) | def services_from_registry(addr_space): method services_from_memory_list (line 73) | def services_from_memory_list(addr_space): method compare (line 150) | def compare(reg_list, mem_list): method calculate (line 168) | def calculate(self): method render_text (line 181) | def render_text(self, outfd, data): FILE: volatility/plugins/malware/svcscan.py class _SERVICE_RECORD_LEGACY (line 113) | class _SERVICE_RECORD_LEGACY(obj.CType): method Binary (line 117) | def Binary(self): method Pid (line 133) | def Pid(self): method is_valid (line 142) | def is_valid(self): method traverse (line 151) | def traverse(self): class _SERVICE_RECORD_RECENT (line 158) | class _SERVICE_RECORD_RECENT(_SERVICE_RECORD_LEGACY): method traverse (line 161) | def traverse(self): class _SERVICE_HEADER (line 175) | class _SERVICE_HEADER(obj.CType): method is_valid (line 178) | def is_valid(self): class ServiceBase (line 188) | class ServiceBase(obj.ProfileModification): method modification (line 194) | def modification(self, profile): class ServiceBasex64 (line 204) | class ServiceBasex64(obj.ProfileModification): method modification (line 211) | def modification(self, profile): class ServiceVista (line 214) | class ServiceVista(obj.ProfileModification): method modification (line 221) | def modification(self, profile): class ServiceVistax86 (line 229) | class ServiceVistax86(obj.ProfileModification): method modification (line 238) | def modification(self, profile): class ServiceVistax64 (line 252) | class ServiceVistax64(obj.ProfileModification): method modification (line 261) | def modification(self, profile): class Service8x64 (line 275) | class Service8x64(obj.ProfileModification): method modification (line 284) | def modification(self, profile): class Service10_15063x64 (line 304) | class Service10_15063x64(obj.ProfileModification): method modification (line 314) | def modification(self, profile): class Service10_16299x64 (line 329) | class Service10_16299x64(obj.ProfileModification): method modification (line 340) | def modification(self, profile): class Service10_18362x64 (line 347) | class Service10_18362x64(obj.ProfileModification): method modification (line 358) | def modification(self, profile): class Service10_19041x64 (line 373) | class Service10_19041x64(obj.ProfileModification): method modification (line 384) | def modification(self, profile): class Service8x86 (line 392) | class Service8x86(obj.ProfileModification): method modification (line 401) | def modification(self, profile): class Service10_15063x86 (line 421) | class Service10_15063x86(obj.ProfileModification): method modification (line 431) | def modification(self, profile): class Service10_16299x86 (line 447) | class Service10_16299x86(obj.ProfileModification): method modification (line 458) | def modification(self, profile): class Service10_17763x86 (line 465) | class Service10_17763x86(obj.ProfileModification): method modification (line 476) | def modification(self, profile): class Service10_18362x86 (line 491) | class Service10_18362x86(obj.ProfileModification): method modification (line 502) | def modification(self, profile): class Service10_19041x86 (line 517) | class Service10_19041x86(obj.ProfileModification): method modification (line 528) | def modification(self, profile): class SvcScan (line 543) | class SvcScan(common.AbstractWindowsCommand): method calculate (line 546) | def calculate(self): method render_dot (line 595) | def render_dot(self, outfd, data): method get_service_info (line 642) | def get_service_info(regapi): method unified_output (line 675) | def unified_output(self, data): method generator (line 702) | def generator(self, data): method render_text (line 733) | def render_text(self, outfd, data): FILE: volatility/plugins/malware/threads.py class MalwareKthread (line 81) | class MalwareKthread(obj.ProfileModification): method modification (line 84) | def modification(self, profile): class AbstractThreadCheck (line 91) | class AbstractThreadCheck(object): method __init__ (line 94) | def __init__(self, thread, mods, mod_addrs, \ method check (line 119) | def check(self): class OrphanThread (line 122) | class OrphanThread(AbstractThreadCheck): method check (line 125) | def check(self): class DkomExit (line 138) | class DkomExit(AbstractThreadCheck): method check (line 141) | def check(self): class HideFromDebug (line 150) | class HideFromDebug(AbstractThreadCheck): method check (line 153) | def check(self): class SystemThread (line 159) | class SystemThread(AbstractThreadCheck): method check (line 162) | def check(self): class Impersonation (line 168) | class Impersonation(AbstractThreadCheck): method check (line 171) | def check(self): class HwBreakpoint (line 177) | class HwBreakpoint(AbstractThreadCheck): method check (line 180) | def check(self): class AttachedProcess (line 204) | class AttachedProcess(AbstractThreadCheck): method check (line 207) | def check(self): class HookedSSDT (line 215) | class HookedSSDT(AbstractThreadCheck): method check (line 218) | def check(self): class ScannerOnly (line 236) | class ScannerOnly(AbstractThreadCheck): method check (line 239) | def check(self): class Threads (line 249) | class Threads(taskmods.DllList): method __init__ (line 252) | def __init__(self, config, *args, **kwargs): method get_hooked_tables (line 261) | def get_hooked_tables(self, addr_space): method calculate (line 319) | def calculate(self): method unified_output (line 421) | def unified_output(self, data): method generator (line 474) | def generator(self, data): method render_text (line 605) | def render_text(self, outfd, data): FILE: volatility/plugins/malware/timers.py class _KTIMER (line 46) | class _KTIMER(obj.CType): method Dpc (line 49) | def Dpc(self): class TimerVTypes (line 92) | class TimerVTypes(obj.ProfileModification): method modification (line 95) | def modification(self, profile): class Timers (line 104) | class Timers(common.AbstractWindowsCommand): method __init__ (line 107) | def __init__(self, config, *args, **kwargs): method find_list_head (line 114) | def find_list_head(self, nt_mod, func, sig): method calculate (line 141) | def calculate(self): method unified_output (line 242) | def unified_output(self, data): method generator (line 251) | def generator(self, data): method render_text (line 268) | def render_text(self, outfd, data): FILE: volatility/plugins/mbrparser.py class PARTITION_ENTRY (line 126) | class PARTITION_ENTRY(obj.CType): method get_value (line 127) | def get_value(self, char): method get_type (line 132) | def get_type(self): method is_bootable (line 135) | def is_bootable(self): method is_bootable_and_used (line 138) | def is_bootable_and_used(self): method is_valid (line 141) | def is_valid(self): method is_used (line 144) | def is_used(self): method StartingSector (line 147) | def StartingSector(self): method StartingCylinder (line 150) | def StartingCylinder(self): method EndingSector (line 153) | def EndingSector(self): method EndingCylinder (line 156) | def EndingCylinder(self): method __str__ (line 159) | def __str__(self): class MbrObjectTypes (line 174) | class MbrObjectTypes(obj.ProfileModification): method modification (line 175) | def modification(self, profile): class MBRScanner (line 181) | class MBRScanner(scan.BaseScanner): method __init__ (line 184) | def __init__(self, window_size = 512, needles = None): method scan (line 189) | def scan(self, address_space, offset = 0, maxlen = None): class MBRParser (line 193) | class MBRParser(commands.Command): method __init__ (line 195) | def __init__(self, config, *args, **kwargs): method levenshtein (line 232) | def levenshtein(self, s1, s2): method calculate (line 252) | def calculate(self): method Hexdump (line 293) | def Hexdump(self, data, given_offset = 0, width = 16): method _get_instructions (line 301) | def _get_instructions(self, boot_code): method get_disasm_text (line 314) | def get_disasm_text(self, boot_code, start): method unified_output (line 327) | def unified_output(self, data): method generator (line 360) | def generator(self, data): method render_text (line 431) | def render_text(self, outfd, data): FILE: volatility/plugins/mftparser.py class UnicodeString (line 47) | class UnicodeString(basic.String): method __str__ (line 48) | def __str__(self): method v (line 54) | def v(self): class MFT_FILE_RECORD (line 138) | class MFT_FILE_RECORD(obj.CType): method remove_unprintable (line 139) | def remove_unprintable(self, str): method add_path (line 142) | def add_path(self, fileinfo): method get_full_path (line 156) | def get_full_path(self, fileinfo): method is_directory (line 179) | def is_directory(self): method is_file (line 182) | def is_file(self): method is_inuse (line 185) | def is_inuse(self): method get_mft_type (line 188) | def get_mft_type(self): method parse_attributes (line 192) | def parse_attributes(self, mft_buff, check = True, entrysize = 1024): method advance_one (line 298) | def advance_one(self, next_off, mft_buff, end): class RESIDENT_ATTRIBUTE (line 317) | class RESIDENT_ATTRIBUTE(obj.CType): method process_attr_list (line 318) | def process_attr_list(self, bufferas, mft_entry, attributes = [], chec... class STANDARD_INFORMATION (line 343) | class STANDARD_INFORMATION(obj.CType): method is_valid (line 346) | def is_valid(self): method get_type_short (line 366) | def get_type_short(self): method get_type (line 381) | def get_type(self): method get_header (line 399) | def get_header(self): method __str__ (line 407) | def __str__(self): method body (line 429) | def body(self, path, record_num, size, offset): class FILE_NAME (line 471) | class FILE_NAME(STANDARD_INFORMATION): method remove_unprintable (line 472) | def remove_unprintable(self, str): method is_valid (line 478) | def is_valid(self): method get_name (line 499) | def get_name(self): method get_header (line 504) | def get_header(self): method __str__ (line 512) | def __str__(self): method get_full (line 535) | def get_full(self, full): method body (line 563) | def body(self, path, record_num, size, offset): class OBJECT_ID (line 592) | class OBJECT_ID(obj.CType): method FmtObjectID (line 594) | def FmtObjectID(self, item): method __str__ (line 601) | def __str__(self): class MFTTYPES (line 782) | class MFTTYPES(obj.ProfileModification): method modification (line 785) | def modification(self, profile): class MFTScanner (line 797) | class MFTScanner(scan.BaseScanner): method __init__ (line 800) | def __init__(self, needles = None): method scan (line 805) | def scan(self, address_space, offset = 0, maxlen = None): class MFTParser (line 810) | class MFTParser(common.AbstractWindowsCommand): method __init__ (line 812) | def __init__(self, config, *args, **kwargs): method calculate (line 831) | def calculate(self): method render_body (line 876) | def render_body(self, outfd, data): method unified_output (line 927) | def unified_output(self, data): method generator (line 939) | def generator(self, data): method render_text (line 1002) | def render_text(self, outfd, data): FILE: volatility/plugins/moddump.py class ModDump (line 35) | class ModDump(procdump.ProcDump): method __init__ (line 38) | def __init__(self, config, *args, **kwargs): method calculate (line 54) | def calculate(self): method generator (line 84) | def generator(self, data): method unified_output (line 96) | def unified_output(self, data): method render_text (line 108) | def render_text(self, outfd, data): FILE: volatility/plugins/modscan.py class PoolScanModule (line 41) | class PoolScanModule(poolscan.PoolScanner): method __init__ (line 44) | def __init__(self, address_space): class ModScan (line 55) | class ModScan(common.AbstractScanCommand): method unified_output (line 71) | def unified_output(self, data): method render_text (line 89) | def render_text(self, outfd, data): class PoolScanThread (line 105) | class PoolScanThread(poolscan.PoolScanner): method __init__ (line 108) | def __init__(self, address_space): class ThrdScan (line 124) | class ThrdScan(common.AbstractScanCommand): method unified_output (line 129) | def unified_output(self, data): method render_text (line 148) | def render_text(self, outfd, data): FILE: volatility/plugins/modules.py class Modules (line 30) | class Modules(common.AbstractWindowsCommand): method __init__ (line 32) | def __init__(self, config, *args, **kwargs): method generator (line 37) | def generator(self, data): method unified_output (line 50) | def unified_output(self, data): method render_text (line 61) | def render_text(self, outfd, data): method calculate (line 85) | def calculate(self): class UnloadedModules (line 92) | class UnloadedModules(common.AbstractWindowsCommand): method unified_output (line 95) | def unified_output(self, data): method render_text (line 110) | def render_text(self, outfd, data): method calculate (line 121) | def calculate(self): FILE: volatility/plugins/multiscan.py class MultiScan (line 12) | class MultiScan(common.AbstractScanCommand): method __init__ (line 15) | def __init__(self, config, *args, **kwargs): method calculate (line 30) | def calculate(self): method render_text (line 57) | def render_text(self, outfd, data): FILE: volatility/plugins/netscan.py class PoolScanUdpEndpoint (line 47) | class PoolScanUdpEndpoint(poolscan.PoolScanner): method __init__ (line 50) | def __init__(self, address_space): class PoolScanTcpListener (line 61) | class PoolScanTcpListener(poolscan.PoolScanner): method __init__ (line 64) | def __init__(self, address_space): class PoolScanTcpEndpoint (line 75) | class PoolScanTcpEndpoint(poolscan.PoolScanner): method __init__ (line 78) | def __init__(self, address_space): class _TCP_LISTENER (line 93) | class _TCP_LISTENER(obj.CType): method AddressFamily (line 97) | def AddressFamily(self): method Owner (line 101) | def Owner(self): method dual_stack_sockets (line 104) | def dual_stack_sockets(self): method is_valid (line 127) | def is_valid(self): class _TCP_ENDPOINT (line 130) | class _TCP_ENDPOINT(_TCP_LISTENER): method _ipv4_or_ipv6 (line 133) | def _ipv4_or_ipv6(self, in_addr): method LocalAddress (line 141) | def LocalAddress(self): method RemoteAddress (line 148) | def RemoteAddress(self): method is_valid (line 154) | def is_valid(self): class _UDP_ENDPOINT (line 169) | class _UDP_ENDPOINT(_TCP_LISTENER): class _LOCAL_ADDRESS (line 172) | class _LOCAL_ADDRESS(obj.CType): method inaddr (line 175) | def inaddr(self): class _LOCAL_ADDRESS_WIN10_UDP (line 178) | class _LOCAL_ADDRESS_WIN10_UDP(obj.CType): method inaddr (line 181) | def inaddr(self): class NetscanObjectClasses (line 188) | class NetscanObjectClasses(obj.ProfileModification): method modification (line 197) | def modification(self, profile): class Netscan (line 210) | class Netscan(common.AbstractScanCommand): method is_valid_profile (line 216) | def is_valid_profile(profile): method calculate (line 220) | def calculate(self): method unified_output (line 246) | def unified_output(self, data): method generator (line 257) | def generator(self, data): method render_text (line 278) | def render_text(self, outfd, data): FILE: volatility/plugins/notepad.py class _HEAP (line 32) | class _HEAP(obj.CType): method is_valid (line 35) | def is_valid(self): method segments (line 38) | def segments(self): class _HEAP_SEGMENT (line 47) | class _HEAP_SEGMENT(obj.CType): method is_valid (line 50) | def is_valid(self): method heap_entries (line 53) | def heap_entries(self): class _HEAP_ENTRY (line 75) | class _HEAP_ENTRY(obj.CType): method get_data (line 78) | def get_data(self): method get_extra (line 87) | def get_extra(self): class XPHeapModification (line 99) | class XPHeapModification(obj.ProfileModification): method modification (line 107) | def modification(self, profile): class Notepad (line 172) | class Notepad(taskmods.DllList): method __init__ (line 175) | def __init__(self, config, *args, **kwargs): method is_valid_profile (line 181) | def is_valid_profile(profile): method unified_output (line 185) | def unified_output(self, data): method generator (line 191) | def generator(self, data): method render_text (line 221) | def render_text(self, outfd, data): FILE: volatility/plugins/objtypescan.py class ObjectTypeScanner (line 26) | class ObjectTypeScanner(poolscan.PoolScanner): method __init__ (line 29) | def __init__(self, address_space, **kwargs): class ObjectTypeKeyModification (line 43) | class ObjectTypeKeyModification(obj.ProfileModification): method modification (line 47) | def modification(self, profile): class ObjTypeScan (line 52) | class ObjTypeScan(common.AbstractScanCommand): method unified_output (line 57) | def unified_output(self, data): method render_text (line 78) | def render_text(self, outfd, data): FILE: volatility/plugins/overlays/basic.py class String (line 36) | class String(obj.BaseObject): method __init__ (line 38) | def __init__(self, theType, offset, vm = None, encoding = 'ascii', method proxied (line 51) | def proxied(self, name): #pylint: disable-msg=W0613 method v (line 55) | def v(self): method __len__ (line 75) | def __len__(self): method __str__ (line 79) | def __str__(self): method __unicode__ (line 88) | def __unicode__(self): method __format__ (line 94) | def __format__(self, formatspec): method __cmp__ (line 97) | def __cmp__(self, other): method __add__ (line 102) | def __add__(self, other): method __radd__ (line 106) | def __radd__(self, other): class Flags (line 110) | class Flags(obj.NativeType): method __init__ (line 119) | def __init__(self, theType = None, offset = 0, vm = None, parent = None, method v (line 129) | def v(self): method __str__ (line 132) | def __str__(self): method __format__ (line 143) | def __format__(self, formatspec): method __getattr__ (line 146) | def __getattr__(self, attr): class IpAddress (line 156) | class IpAddress(obj.NativeType): method __init__ (line 159) | def __init__(self, theType, offset, vm, **kwargs): method v (line 162) | def v(self): class Ipv6Address (line 165) | class Ipv6Address(obj.NativeType): method __init__ (line 167) | def __init__(self, theType, offset, vm, **kwargs): method v (line 170) | def v(self): class Enumeration (line 173) | class Enumeration(obj.NativeType): method __init__ (line 176) | def __init__(self, theType = None, offset = 0, vm = None, parent = None, method v (line 183) | def v(self): method __str__ (line 186) | def __str__(self): method __format__ (line 192) | def __format__(self, formatspec): class VOLATILITY_MAGIC (line 196) | class VOLATILITY_MAGIC(obj.CType): method __init__ (line 201) | def __init__(self, theType, offset, vm, **kwargs): class VolatilityDTB (line 210) | class VolatilityDTB(obj.VolatilityMagic): method generate_suggestions (line 212) | def generate_suggestions(self): class UnixTimeStamp (line 235) | class UnixTimeStamp(obj.NativeType): method __init__ (line 238) | def __init__(self, theType, offset, vm, is_utc = False, **kwargs): method v (line 242) | def v(self): method __nonzero__ (line 245) | def __nonzero__(self): method __str__ (line 248) | def __str__(self): method as_datetime (line 251) | def as_datetime(self): method __format__ (line 261) | def __format__(self, formatspec): class VolatilityMaxAddress (line 268) | class VolatilityMaxAddress(obj.VolatilityMagic): method generate_suggestions (line 281) | def generate_suggestions(self): class BasicObjectClasses (line 284) | class BasicObjectClasses(obj.ProfileModification): method modification (line 286) | def modification(self, profile): FILE: volatility/plugins/overlays/linux/elf.py class elf (line 231) | class elf(obj.CType): method __init__ (line 232) | def __init__(self, is_header, name32, name64, theType, offset, vm, nam... method is_valid (line 244) | def is_valid(self): method _init_cache_from_parent (line 247) | def _init_cache_from_parent(self): method _make_elf_obj (line 252) | def _make_elf_obj(self, offset, vm): method _set_size_cache (line 260) | def _set_size_cache(self, offset, vm): method _init_cache (line 269) | def _init_cache(self, offset, vm): method _get_typename (line 273) | def _get_typename(self, typename): method __getattr__ (line 284) | def __getattr__(self, attr): class elf_hdr (line 290) | class elf_hdr(elf): method __init__ (line 293) | def __init__(self, theType, offset, vm, name = None, **kwargs): method is_valid (line 301) | def is_valid(self): method program_headers (line 304) | def program_headers(self): method _section_headers (line 329) | def _section_headers(self): method section_headers (line 343) | def section_headers(self): method _find_symbols_program_headers (line 357) | def _find_symbols_program_headers(self): method _find_symbols (line 389) | def _find_symbols(self): method symbols (line 392) | def symbols(self): method symbol_at (line 405) | def symbol_at(self, sym_idx): method symbol_name (line 415) | def symbol_name(self, sym): method relocation_symbol (line 426) | def relocation_symbol(self, reloc): method relocations (line 431) | def relocations(self): class elf_shdr (line 482) | class elf_shdr(elf): method __init__ (line 485) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf32_shdr (line 488) | class elf32_shdr(obj.CType): method __init__ (line 489) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf64_shdr (line 492) | class elf64_shdr(obj.CType): method __init__ (line 493) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf_rel (line 496) | class elf_rel(elf): method __init__ (line 499) | def __init__(self, theType, offset, vm, name = None, **kwargs): method relocation_type (line 502) | def relocation_type(self): method relocation_symbol_index (line 511) | def relocation_symbol_index(self): class elf32_rel (line 520) | class elf32_rel(obj.CType): method __init__ (line 521) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf64_rel (line 524) | class elf64_rel(obj.CType): method __init__ (line 525) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf_rela (line 528) | class elf_rela(elf): method __init__ (line 531) | def __init__(self, theType, offset, vm, name = None, **kwargs): method relocation_type (line 534) | def relocation_type(self): method relocation_symbol_index (line 543) | def relocation_symbol_index(self): class elf32_rela (line 553) | class elf32_rela(obj.CType): method __init__ (line 554) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf64_rela (line 557) | class elf64_rela(obj.CType): method __init__ (line 558) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf_phdr (line 561) | class elf_phdr(elf): method __init__ (line 564) | def __init__(self, theType, offset, vm, name = None, **kwargs): method is_valid (line 567) | def is_valid(self): method p_vaddr (line 571) | def p_vaddr(self): method dynamic_sections (line 579) | def dynamic_sections(self): class elf32_phdr (line 604) | class elf32_phdr(obj.CType): method __init__ (line 605) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf64_phdr (line 608) | class elf64_phdr(obj.CType): method __init__ (line 609) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf_sym (line 612) | class elf_sym(elf): method __init__ (line 614) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf32_sym (line 617) | class elf32_sym(obj.CType): method __init__ (line 618) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf64_sym (line 621) | class elf64_sym(obj.CType): method __init__ (line 622) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf_dyn (line 625) | class elf_dyn(elf): method __init__ (line 628) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf32_dyn (line 631) | class elf32_dyn(obj.CType): method __init__ (line 632) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf64_dyn (line 635) | class elf64_dyn(obj.CType): method __init__ (line 636) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf_note (line 639) | class elf_note(elf): method __init__ (line 641) | def __init__(self, theType, offset, vm, name = None, **kwargs): method cast_descsz (line 644) | def cast_descsz(self, obj_type): class elf32_note (line 660) | class elf32_note(obj.CType): method __init__ (line 661) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf64_note (line 664) | class elf64_note(obj.CType): method __init__ (line 665) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf_link_map (line 668) | class elf_link_map(elf): method __init__ (line 670) | def __init__(self, theType, offset, vm, name = None, **kwargs): method l_name (line 674) | def l_name(self): method l_next (line 683) | def l_next(self): method l_prev (line 689) | def l_prev(self): method _walk_map_list (line 694) | def _walk_map_list(self, access_func): method __iter__ (line 711) | def __iter__(self): class elf32_link_map (line 716) | class elf32_link_map(obj.CType): method __init__ (line 717) | def __init__(self, theType, offset, vm, name = None, **kwargs): class elf64_link_map (line 720) | class elf64_link_map(obj.CType): method __init__ (line 721) | def __init__(self, theType, offset, vm, name = None, **kwargs): class ELFModification (line 724) | class ELFModification(obj.ProfileModification): method modification (line 725) | def modification(self, profile): class ELF64Modification (line 756) | class ELF64Modification(obj.ProfileModification): method modification (line 757) | def modification(self, profile): class ELF32Modification (line 760) | class ELF32Modification(obj.ProfileModification): method modification (line 761) | def modification(self, profile): FILE: volatility/plugins/overlays/linux/linux.py class LinuxPermissionFlags (line 61) | class LinuxPermissionFlags(basic.Flags): method __str__ (line 65) | def __str__(self): method is_flag (line 78) | def is_flag(self, flag): method is_executable (line 81) | def is_executable(self): method is_readable (line 84) | def is_readable(self): method is_writable (line 87) | def is_writable(self): function parse_system_map (line 138) | def parse_system_map(data, module): function LinuxProfileFactory (line 171) | def LinuxProfileFactory(profpkg): class linux_file (line 489) | class linux_file(obj.CType): method dentry (line 492) | def dentry(self): method vfsmnt (line 501) | def vfsmnt(self): class hlist_node (line 510) | class hlist_node(obj.CType): method list_of_type (line 512) | def list_of_type(self, obj_type, member, offset = -1, forward = True, ... method __nonzero__ (line 546) | def __nonzero__(self): method __iter__ (line 550) | def __iter__(self): class list_head (line 553) | class list_head(obj.CType): method list_of_type (line 555) | def list_of_type(self, obj_type, member, offset = -1, forward = True, ... method __nonzero__ (line 589) | def __nonzero__(self): method __iter__ (line 593) | def __iter__(self): class hlist_bl_node (line 596) | class hlist_bl_node(obj.CType): method list_of_type (line 598) | def list_of_type(self, obj_type, member, offset = -1, forward = True, ... method __nonzero__ (line 631) | def __nonzero__(self): method __iter__ (line 635) | def __iter__(self): class files_struct (line 639) | class files_struct(obj.CType): method get_fds (line 641) | def get_fds(self): method get_max_fds (line 650) | def get_max_fds(self): class kernel_param (line 658) | class kernel_param(obj.CType): method get (line 661) | def get(self): class kparam_array (line 670) | class kparam_array(obj.CType): method get (line 673) | def get(self): class gate_struct64 (line 682) | class gate_struct64(obj.CType): method Address (line 685) | def Address(self): class desc_struct (line 694) | class desc_struct(obj.CType): method Address (line 697) | def Address(self): class module_sect_attr (line 700) | class module_sect_attr(obj.CType): method sect_name (line 702) | def sect_name(self): class sock (line 710) | class sock(obj.CType): method sk_node (line 712) | def sk_node(self): class inet_sock (line 715) | class inet_sock(obj.CType): method protocol (line 719) | def protocol(self): method state (line 724) | def state(self): method src_port (line 735) | def src_port(self): method dst_port (line 744) | def dst_port(self): method src_addr (line 757) | def src_addr(self): method dst_addr (line 773) | def dst_addr(self): class tty_ldisc (line 790) | class tty_ldisc(obj.CType): method ops (line 793) | def ops(self): class in_device (line 802) | class in_device(obj.CType): method devices (line 804) | def devices(self): class net_device (line 810) | class net_device(obj.CType): method mac_addr (line 813) | def mac_addr(self): method promisc (line 832) | def promisc(self): class module_struct (line 835) | class module_struct(obj.CType): method module_core (line 837) | def module_core(self): method module_init (line 846) | def module_init(self): method init_size (line 855) | def init_size(self): method init_text_size (line 864) | def init_text_size(self): method core_text_size (line 873) | def core_text_size(self): method core_size (line 882) | def core_size(self): method _get_sect_count (line 891) | def _get_sect_count(self, grp): method get_sections (line 900) | def get_sections(self): method get_param_val (line 911) | def get_param_val(self, param, _over = 0): method get_params (line 981) | def get_params(self): method get_symbols (line 994) | def get_symbols(self): method get_symbol_for_address (line 1020) | def get_symbol_for_address(self, wanted_address): method get_symbol (line 1030) | def get_symbol(self, wanted_sym_name): method symtab (line 1041) | def symtab(self): method num_symtab (line 1050) | def num_symtab(self): method is_valid (line 1058) | def is_valid(self): class vm_area_struct (line 1082) | class vm_area_struct(obj.CType): method is_valid (line 1083) | def is_valid(self): method vm_name (line 1100) | def vm_name(self, task): method _parse_perms (line 1152) | def _parse_perms(self, flags): method protection (line 1164) | def protection(self): method flags (line 1167) | def flags(self): method is_suspicious (line 1171) | def is_suspicious(self): method info (line 1184) | def info(self, task): class kobject (line 1204) | class kobject(obj.CType): method reference_count (line 1205) | def reference_count(self): class task_struct (line 1214) | class task_struct(obj.CType): method is_valid_task (line 1215) | def is_valid_task(self): method comm (line 1225) | def comm(self): method getcwd (line 1229) | def getcwd(self): method get_elf (line 1242) | def get_elf(self, elf_addr): method uid (line 1292) | def uid(self): method gid (line 1311) | def gid(self): method euid (line 1333) | def euid(self): method bash_hash_entries (line 1345) | def bash_hash_entries(self): method ldrmodules (line 1359) | def ldrmodules(self): method plt_hook_info (line 1418) | def plt_hook_info(self): method _is_api_hooked (line 1498) | def _is_api_hooked(self, sym_addr, proc_as): method _get_hooked_name (line 1564) | def _get_hooked_name(self, addr): method apihook_info (line 1581) | def apihook_info(self): method bash_history_entries (line 1597) | def bash_history_entries(self): method _dynamic_env (line 1634) | def _dynamic_env(self, proc_as, pack_format, addr_sz): method _shell_variables (line 1713) | def _shell_variables(self, proc_as, pack_format, addr_sz): method bash_environment (line 1771) | def bash_environment(self): method lsof (line 1794) | def lsof(self): method SOCKET_I (line 1810) | def SOCKET_I(self, inode): method netstat (line 1817) | def netstat(self): method get_process_address_space (line 1850) | def get_process_address_space(self): method get_libdl_maps (line 1871) | def get_libdl_maps(self): method threads (line 1907) | def threads(self): method get_proc_maps (line 1916) | def get_proc_maps(self): method _walk_rb (line 1932) | def _walk_rb(self, rb): method get_proc_maps_rb (line 1949) | def get_proc_maps_rb(self): method search_process_memory (line 1959) | def search_process_memory(self, s, heap_only = False): method elfs (line 1995) | def elfs(self): method ACTHZ (line 2068) | def ACTHZ(self, CLOCK_TICK_RATE, HZ): method SH_DIV (line 2072) | def SH_DIV(self, NOM, DEN, LSH): method TICK_NSEC (line 2075) | def TICK_NSEC(self): method get_boot_time (line 2082) | def get_boot_time(self): method get_task_start_time (line 2106) | def get_task_start_time(self): method psenv (line 2136) | def psenv(self): method get_environment (line 2156) | def get_environment(self): method get_commandline (line 2167) | def get_commandline(self): class linux_fs_struct (line 2198) | class linux_fs_struct(obj.CType): method get_root_dentry (line 2200) | def get_root_dentry(self): method get_root_mnt (line 2209) | def get_root_mnt(self): method get_pwd_dentry (line 2218) | def get_pwd_dentry(self): method get_pwd_mnt (line 2227) | def get_pwd_mnt(self): class super_block (line 2236) | class super_block(obj.CType): method major (line 2239) | def major(self): method minor (line 2243) | def minor(self): class inode (line 2246) | class inode(obj.CType): method uid (line 2248) | def uid(self): method gid (line 2258) | def gid(self): method is_dir (line 2266) | def is_dir(self): method is_reg (line 2270) | def is_reg(self): class timespec (line 2274) | class timespec(obj.CType): method as_timestamp (line 2276) | def as_timestamp(self): class dentry (line 2283) | class dentry(obj.CType): method get_partial_path (line 2284) | def get_partial_path(self): method d_count (line 2303) | def d_count(self): class swapperScan (line 2311) | class swapperScan(scan.BaseScanner): method __init__ (line 2315) | def __init__(self, needles = None): method scan (line 2320) | def scan(self, address_space, offset = 0, maxlen = None): class VolatilityDTB (line 2324) | class VolatilityDTB(obj.VolatilityMagic): method generate_suggestions (line 2327) | def generate_suggestions(self): class VolatilityLinuxIntelValidAS (line 2441) | class VolatilityLinuxIntelValidAS(obj.VolatilityMagic): method generate_suggestions (line 2444) | def generate_suggestions(self): class VolatilityLinuxARMValidAS (line 2467) | class VolatilityLinuxARMValidAS(obj.VolatilityMagic): method generate_suggestions (line 2469) | def generate_suggestions(self): class LinuxObjectClasses (line 2496) | class LinuxObjectClasses(obj.ProfileModification): method modification (line 2500) | def modification(self, profile): class LinuxOverlay (line 2534) | class LinuxOverlay(obj.ProfileModification): method modification (line 2538) | def modification(self, profile): class LinuxIntelOverlay (line 2541) | class LinuxIntelOverlay(obj.ProfileModification): method modification (line 2546) | def modification(self, profile): class page (line 2549) | class page(obj.CType): method to_vaddr (line 2551) | def to_vaddr(self): method to_paddr (line 2555) | def to_paddr(self): class mount (line 2580) | class mount(obj.CType): method mnt_sb (line 2582) | def mnt_sb(self): method mnt_root (line 2592) | def mnt_root(self): method mnt_flags (line 2602) | def mnt_flags(self): class vfsmount (line 2611) | class vfsmount(obj.CType): method is_valid (line 2612) | def is_valid(self): method _get_real_mnt (line 2617) | def _get_real_mnt(self): method mnt_parent (line 2624) | def mnt_parent(self): method mnt_mountpoint (line 2634) | def mnt_mountpoint(self): class LinuxMountOverlay (line 2643) | class LinuxMountOverlay(obj.ProfileModification): method modification (line 2647) | def modification(self, profile): class LinuxGate64Overlay (line 2654) | class LinuxGate64Overlay(obj.ProfileModification): method modification (line 2658) | def modification(self, profile): FILE: volatility/plugins/overlays/mac/mac.py class BashEnvYaraScanner (line 84) | class BashEnvYaraScanner(malfind.BaseYaraScanner): method __init__ (line 87) | def __init__(self, task = None, **kwargs): method scan (line 96) | def scan(self, offset = 0, maxlen = None, max_size = None): class DyldTypes (line 118) | class DyldTypes(obj.ProfileModification): method modification (line 121) | def modification(self, profile): class MigTypes (line 143) | class MigTypes(obj.ProfileModification): method modification (line 146) | def modification(self, profile): class CNodeTypes (line 187) | class CNodeTypes(obj.ProfileModification): method modification (line 190) | def modification(self, profile): class catfishScan (line 194) | class catfishScan(scan.BaseScanner): method __init__ (line 198) | def __init__(self, needles = None): method scan (line 203) | def scan(self, address_space, offset = 0, maxlen = None): class VolatilityDTB (line 207) | class VolatilityDTB(obj.VolatilityMagic): method _get_dtb_pre_m_lion (line 210) | def _get_dtb_pre_m_lion(self): method _get_dtb_m_lion (line 229) | def _get_dtb_m_lion(self): method generate_suggestions (line 258) | def generate_suggestions(self): class VolatilityMacIntelValidAS (line 269) | class VolatilityMacIntelValidAS(obj.VolatilityMagic): method _set_profile_metadata (line 272) | def _set_profile_metadata(self, version): method generate_suggestions (line 281) | def generate_suggestions(self): class ifnet (line 292) | class ifnet(obj.CType): method sockaddr_dl (line 293) | def sockaddr_dl(self): class vnode (line 301) | class vnode(obj.CType): method is_dir (line 302) | def is_dir(self): method is_reg (line 305) | def is_reg(self): method _do_calc_path (line 308) | def _do_calc_path(self, ret, vnodeobj, vname, vnode_offsets): method full_path (line 326) | def full_path(self): method _get_next_page (line 356) | def _get_next_page(self, memq): method get_contents (line 378) | def get_contents(self): class vm_page (line 408) | class vm_page(obj.CType): method _get_vmp_member (line 409) | def _get_vmp_member(self, memb): method get_offset (line 421) | def get_offset(self): method get_phys_page (line 424) | def get_phys_page(self): method get_listq (line 427) | def get_listq(self): class fileglob (line 430) | class fileglob(obj.CType): method fg_type (line 433) | def fg_type(self): class kauth_scope (line 446) | class kauth_scope(obj.CType): method ks_identifier (line 448) | def ks_identifier(self): method listeners (line 458) | def listeners(self): class thread (line 464) | class thread(obj.CType): method start_time (line 465) | def start_time(self): class proc (line 481) | class proc(obj.CType): method __init__ (line 482) | def __init__(self, theType, offset, vm, name = None, **kwargs): method bash_hash_entries (line 499) | def bash_hash_entries(self): method bash_history_entries (line 590) | def bash_history_entries(self): method _get_libc_range (line 626) | def _get_libc_range(self, proc_as): method _get_env_mappings (line 646) | def _get_env_mappings(self, proc_as): method _carve_mappings_for_env (line 662) | def _carve_mappings_for_env(self, proc_as, mappings): method _get_env_vars (line 731) | def _get_env_vars(self, proc_as, env_start): method _dynamic_env (line 768) | def _dynamic_env(self, proc_as, pack_format, addr_sz): method _valid_string (line 790) | def _valid_string(self, test_string): method _shell_variables (line 801) | def _shell_variables(self, proc_as, pack_format, addr_sz, htable_type): method _load_time_env (line 843) | def _load_time_env(self, proc_as): method psenv (line 864) | def psenv(self): method netstat (line 904) | def netstat(self): method p_gid (line 926) | def p_gid(self): method p_uid (line 943) | def p_uid(self): method threads (line 956) | def threads(self): method get_process_address_space (line 968) | def get_process_address_space(self): method start_time (line 1015) | def start_time(self): method text_start (line 1035) | def text_start(self): method get_macho (line 1060) | def get_macho(self, exe_address): method procdump (line 1089) | def procdump(self): method get_dyld_maps (line 1099) | def get_dyld_maps(self): method get_proc_maps (line 1135) | def get_proc_maps(self): method find_heap_map (line 1155) | def find_heap_map(self): method find_map (line 1165) | def find_map(self, addr): method find_map_path (line 1175) | def find_map_path(self, addr): method search_process_memory (line 1186) | def search_process_memory(self, s): method search_process_memory_rw_nofile (line 1214) | def search_process_memory_rw_nofile(self, s): method get_environment (line 1245) | def get_environment(self): method get_arguments (line 1253) | def get_arguments(self): method lsof (line 1298) | def lsof(self): class rtentry (line 1321) | class rtentry(obj.CType): method is_valid (line 1322) | def is_valid(self): method get_time (line 1328) | def get_time(self): method sent (line 1339) | def sent(self): method rx (line 1348) | def rx(self): method delta (line 1357) | def delta(self): method expire (line 1365) | def expire(self): method name (line 1374) | def name(self): method source_ip (line 1378) | def source_ip(self): method dest_ip (line 1387) | def dest_ip(self): class queue_entry (line 1390) | class queue_entry(obj.CType): method walk_list (line 1392) | def walk_list(self, list_head): class zone (line 1402) | class zone(obj.CType): method is_valid (line 1403) | def is_valid(self): method _get_from_active_zones (line 1406) | def _get_from_active_zones(self): method get_active_elements (line 1430) | def get_active_elements(self, elem_type, zone_idx=-1): method get_free_elements (line 1444) | def get_free_elements(self, elem_type): class sysctl_oid (line 1459) | class sysctl_oid(obj.CType): method get_perms (line 1461) | def get_perms(self): method get_ctltype (line 1480) | def get_ctltype(self): class OSString (line 1498) | class OSString(obj.CType): method __str__ (line 1499) | def __str__(self): class vm_map_object (line 1509) | class vm_map_object(obj.CType): method object (line 1510) | def object(self): class vm_map_entry (line 1518) | class vm_map_entry(obj.CType): method start (line 1520) | def start(self): method end (line 1524) | def end(self): method get_perms (line 1527) | def get_perms(self): method range_alias (line 1539) | def range_alias(self): method get_special_path (line 1548) | def get_special_path(self): method get_path (line 1560) | def get_path(self): method object (line 1581) | def object(self): method offset (line 1590) | def offset(self): method get_vnode (line 1598) | def get_vnode(self): method resident_count (line 1623) | def resident_count(self): method is_suspicious (line 1643) | def is_suspicious(self): class inpcb (line 1657) | class inpcb(obj.CType): method get_tcp_state (line 1659) | def get_tcp_state(self): method ipv4_info (line 1683) | def ipv4_info(self): method ipv6_info (line 1692) | def ipv6_info(self): class inpcbinfo (line 1701) | class inpcbinfo(obj.CType): method hashbase (line 1703) | def hashbase(self): method hashmask (line 1713) | def hashmask(self): method listhead (line 1723) | def listhead(self): class socket (line 1733) | class socket(obj.CType): method family (line 1735) | def family(self): method protocol (line 1739) | def protocol(self): method _get_tcp_state (line 1751) | def _get_tcp_state(self): method state (line 1778) | def state(self): method get_connection_info (line 1786) | def get_connection_info(self): class sockaddr_dl (line 1799) | class sockaddr_dl(obj.CType): method v (line 1800) | def v(self): class sockaddr (line 1817) | class sockaddr(obj.CType): method get_address (line 1818) | def get_address(self): class dyld32_image_info (line 1837) | class dyld32_image_info(obj.CType): method is_valid (line 1838) | def is_valid(self): method _read_ptr (line 1841) | def _read_ptr(self, addr): method imageFilePath (line 1850) | def imageFilePath(self): method imageLoadAddress (line 1866) | def imageLoadAddress(self): class dyld64_image_info (line 1872) | class dyld64_image_info(obj.CType): method is_valid (line 1873) | def is_valid(self): method _read_ptr (line 1876) | def _read_ptr(self, addr): method imageFilePath (line 1885) | def imageFilePath(self): method imageLoadAddress (line 1901) | def imageLoadAddress(self): function exec_vtypes (line 1907) | def exec_vtypes(filename): function parse_dsymutil (line 1912) | def parse_dsymutil(data, module): function MacProfileFactory (line 1964) | def MacProfileFactory(profpkg): class KextOverlay (line 2270) | class KextOverlay(obj.ProfileModification): method modification (line 2274) | def modification(self, profile): class MacOverlay (line 2278) | class MacOverlay(obj.ProfileModification): method modification (line 2282) | def modification(self, profile): class MacObjectClasses (line 2285) | class MacObjectClasses(obj.ProfileModification): method modification (line 2290) | def modification(self, profile): FILE: volatility/plugins/overlays/mac/macho.py class macho (line 214) | class macho(obj.CType): method __init__ (line 215) | def __init__(self, is_header, name32, name64, theType, offset, vm, nam... method is_valid (line 227) | def is_valid(self): method _init_cache (line 230) | def _init_cache(self, offset, vm): method _init_cache_from_parent (line 234) | def _init_cache_from_parent(self): method _make_macho_obj (line 238) | def _make_macho_obj(self, offset, vm): method _set_size_cache (line 246) | def _set_size_cache(self, offset, vm): method _get_typename (line 255) | def _get_typename(self, typename): method get_bits (line 266) | def get_bits(self): method __getattr__ (line 269) | def __getattr__(self, attr): class macho_header (line 275) | class macho_header(macho): method __init__ (line 278) | def __init__(self, theType, offset, vm, name = None, **kwargs): method is_valid (line 293) | def is_valid(self): method _calc_linkedit_bias (line 296) | def _calc_linkedit_bias(self): method calc_load_diff (line 302) | def calc_load_diff(self): method load_commands (line 314) | def load_commands(self): method load_commands_of_type (line 342) | def load_commands_of_type(self, cmd_type): method load_command_of_type (line 351) | def load_command_of_type(self, cmd_type): method get_indirect_syms (line 363) | def get_indirect_syms(self): method _get_symtab_syms (line 389) | def _get_symtab_syms(self, sym_command, symtab_addr): method _build_symbol_caches (line 409) | def _build_symbol_caches(self): method symbols (line 435) | def symbols(self): method symbol_name (line 443) | def symbol_name(self, sym): method address_for_symbol (line 457) | def address_for_symbol(self, sym_name): method needed_libraries (line 467) | def needed_libraries(self): method imports (line 483) | def imports(self): method segments (line 518) | def segments(self): method get_segment (line 534) | def get_segment(self, segment_name): method sections_for_segment (line 544) | def sections_for_segment(self, segment): class macho32_header (line 562) | class macho32_header(obj.CType): method __init__ (line 563) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho64_header (line 566) | class macho64_header(obj.CType): method __init__ (line 567) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho_section (line 570) | class macho_section(macho): method __init__ (line 572) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho32_section (line 575) | class macho32_section(obj.CType): method __init__ (line 576) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho64_section (line 579) | class macho64_section(obj.CType): method __init__ (line 580) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho_segment_command (line 583) | class macho_segment_command(macho): method __init__ (line 585) | def __init__(self, theType, offset, vm, name = None, **kwargs): method vmaddr (line 589) | def vmaddr(self): class macho32_segment_command (line 600) | class macho32_segment_command(obj.CType): method __init__ (line 601) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho64_segment_command (line 604) | class macho64_segment_command(obj.CType): method __init__ (line 605) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho_load_command (line 608) | class macho_load_command(macho): method __init__ (line 610) | def __init__(self, theType, offset, vm, name = None, **kwargs): method cmd_type (line 614) | def cmd_type(self): class macho32_load_command (line 630) | class macho32_load_command(obj.CType): method __init__ (line 631) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho64_load_command (line 634) | class macho64_load_command(obj.CType): method __init__ (line 635) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho_symtab_command (line 638) | class macho_symtab_command(macho): method __init__ (line 640) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho32_symtab_command (line 643) | class macho32_symtab_command(obj.CType): method __init__ (line 644) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho64_symtab_command (line 647) | class macho64_symtab_command(obj.CType): method __init__ (line 648) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho_dysymtab_command (line 651) | class macho_dysymtab_command(macho): method __init__ (line 653) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho32_dysymtab_command (line 656) | class macho32_dysymtab_command(obj.CType): method __init__ (line 657) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho64_dysymtab_command (line 660) | class macho64_dysymtab_command(obj.CType): method __init__ (line 661) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho_nlist (line 664) | class macho_nlist(macho): method __init__ (line 666) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho32_nlist (line 669) | class macho32_nlist(obj.CType): method __init__ (line 670) | def __init__(self, theType, offset, vm, name = None, **kwargs): class macho64_nlist (line 673) | class macho64_nlist(obj.CType): method __init__ (line 674) | def __init__(self, theType, offset, vm, name = None, **kwargs): class MachoTypes (line 677) | class MachoTypes(obj.ProfileModification): method modification (line 678) | def modification(self, profile): class MachoModification (line 681) | class MachoModification(obj.ProfileModification): method modification (line 682) | def modification(self, profile): class MachoOverlay (line 726) | class MachoOverlay(obj.ProfileModification): method modification (line 730) | def modification(self, profile): FILE: volatility/plugins/overlays/windows/hibernate_vtypes.py class HiberVistaSP01x86 (line 56) | class HiberVistaSP01x86(obj.ProfileModification): method modification (line 63) | def modification(self, profile): class HiberVistaSP2x86 (line 83) | class HiberVistaSP2x86(obj.ProfileModification): method modification (line 90) | def modification(self, profile): class HiberWin7SP01x86 (line 109) | class HiberWin7SP01x86(obj.ProfileModification): method modification (line 116) | def modification(self, profile): class HiberWin7SP01x64 (line 136) | class HiberWin7SP01x64(obj.ProfileModification): method modification (line 143) | def modification(self, profile): class HiberWin2003x64 (line 162) | class HiberWin2003x64(obj.ProfileModification): method modification (line 169) | def modification(self, profile): class HiberVistaSP01x64 (line 172) | class HiberVistaSP01x64(obj.ProfileModification): method modification (line 179) | def modification(self, profile): class HiberVistaSP2x64 (line 198) | class HiberVistaSP2x64(obj.ProfileModification): method modification (line 205) | def modification(self, profile): FILE: volatility/plugins/overlays/windows/kdbg_vtypes.py class _KDDEBUGGER_DATA64 (line 21) | class _KDDEBUGGER_DATA64(obj.CType): method is_valid (line 24) | def is_valid(self): method ServicePack (line 30) | def ServicePack(self): method processes (line 37) | def processes(self): method modules (line 47) | def modules(self): method dbgkd_version64 (line 58) | def dbgkd_version64(self): method dbgkd_find_version64 (line 68) | def dbgkd_find_version64(self, pages_to_scan): method kpcrs (line 103) | def kpcrs(self): class KDBGObjectClass (line 135) | class KDBGObjectClass(obj.ProfileModification): method modification (line 141) | def modification(self, profile): class UnloadedDriverVTypes (line 160) | class UnloadedDriverVTypes(obj.ProfileModification): method modification (line 165) | def modification(self, profile): FILE: volatility/plugins/overlays/windows/kpcr_vtypes.py class _KPCROnx86 (line 23) | class _KPCROnx86(obj.CType): method idt_entries (line 26) | def idt_entries(self): method gdt_entries (line 30) | def gdt_entries(self): method get_kdbg (line 34) | def get_kdbg(self): method ProcessorBlock (line 52) | def ProcessorBlock(self): class _KPCROnx64 (line 55) | class _KPCROnx64(_KPCROnx86): method ProcessorBlock (line 59) | def ProcessorBlock(self): method IDT (line 63) | def IDT(self): method GDT (line 67) | def GDT(self): class KPCRProfileModification (line 70) | class KPCRProfileModification(obj.ProfileModification): method modification (line 75) | def modification(self, profile): FILE: volatility/plugins/overlays/windows/pe_vtypes.py class _IMAGE_EXPORT_DIRECTORY (line 203) | class _IMAGE_EXPORT_DIRECTORY(obj.CType): method valid (line 206) | def valid(self, nt_header): method _name (line 222) | def _name(self, name_rva): method _exported_functions (line 236) | def _exported_functions(self): class _IMAGE_IMPORT_DESCRIPTOR (line 343) | class _IMAGE_IMPORT_DESCRIPTOR(obj.CType): method valid (line 346) | def valid(self, nt_header): method _name (line 357) | def _name(self, name_rva): method dll_name (line 364) | def dll_name(self): method _imported_functions (line 368) | def _imported_functions(self): method is_list_end (line 426) | def is_list_end(self): class _LDR_DATA_TABLE_ENTRY (line 434) | class _LDR_DATA_TABLE_ENTRY(obj.CType): method load_time (line 445) | def load_time(self): method LoadCount (line 452) | def LoadCount(self): method _nt_header (line 467) | def _nt_header(self): method _directory (line 480) | def _directory(self, dir_index): method export_dir (line 501) | def export_dir(self): method import_dir (line 505) | def import_dir(self): method debug_dir (line 509) | def debug_dir(self): method security_dir (line 513) | def security_dir(self): method get_debug_directory (line 517) | def get_debug_directory(self): method getprocaddress (line 529) | def getprocaddress(self, func): method imports (line 536) | def imports(self): method exports (line 575) | def exports(self): class _IMAGE_DOS_HEADER (line 594) | class _IMAGE_DOS_HEADER(obj.CType): method get_nt_header (line 597) | def get_nt_header(self): method get_version_info (line 613) | def get_version_info(self): method get_code (line 642) | def get_code(self, data_start, data_size, offset): method round (line 673) | def round(self, addr, align, up = False): method _get_image_exe (line 682) | def _get_image_exe(self, unsafe, fix): method replace_header_field (line 700) | def replace_header_field(self, sect, header, item, value): method _fix_header_image_base (line 709) | def _fix_header_image_base(self, header, nt_header): method _get_image_mem (line 726) | def _get_image_mem(self, unsafe, fix): method get_image (line 764) | def get_image(self, unsafe = False, memory = False, fix = False): class _IMAGE_NT_HEADERS64 (line 771) | class _IMAGE_NT_HEADERS64(obj.CType): method OptionalHeader (line 773) | def OptionalHeader(self): class _IMAGE_NT_HEADERS (line 781) | class _IMAGE_NT_HEADERS(obj.CType): method OptionalHeader (line 785) | def OptionalHeader(self): method get_sections (line 792) | def get_sections(self, unsafe = False): class _IMAGE_SECTION_HEADER (line 810) | class _IMAGE_SECTION_HEADER(obj.CType): method sanity_check_section (line 813) | def sanity_check_section(self): class VerStruct (line 824) | class VerStruct(obj.CType): method _determine_key (line 827) | def _determine_key(self, findend = False): method get_key (line 843) | def get_key(self): method offset_pad (line 847) | def offset_pad(self, offset): method get_children (line 851) | def get_children(self): method _recurse_children (line 861) | def _recurse_children(self, offset): method display_unicode (line 871) | def display_unicode(self, string): method get_file_strings (line 877) | def get_file_strings(self): class _VS_VERSION_INFO (line 889) | class _VS_VERSION_INFO(VerStruct): method get_children (line 892) | def get_children(self): class _VS_FIXEDFILEINFO (line 899) | class _VS_FIXEDFILEINFO(obj.CType): method file_version (line 902) | def file_version(self): method product_version (line 906) | def product_version(self): method get_version (line 910) | def get_version(self, value): method file_type (line 917) | def file_type(self): method flags (line 949) | def flags(self): method v (line 962) | def v(self): class _IMAGE_RESOURCE_DIR_STRING_U (line 973) | class _IMAGE_RESOURCE_DIR_STRING_U(obj.CType): method v (line 976) | def v(self): class _IMAGE_RESOURCE_DIRECTORY (line 987) | class _IMAGE_RESOURCE_DIRECTORY(obj.CType): method __init__ (line 989) | def __init__(self, theType = None, offset = None, vm = None, parent = ... method get_entries (line 993) | def get_entries(self): class WinPEVTypes (line 1015) | class WinPEVTypes(obj.ProfileModification): method modification (line 1018) | def modification(self, profile): class WinPEx64VTypes (line 1021) | class WinPEx64VTypes(obj.ProfileModification): method modification (line 1025) | def modification(self, profile): class WinPEObjectClasses (line 1028) | class WinPEObjectClasses(obj.ProfileModification): method modification (line 1031) | def modification(self, profile): FILE: volatility/plugins/overlays/windows/ssdt_vtypes.py function syscalls_property (line 60) | def syscalls_property(x): class WinSyscallsAttribute (line 64) | class WinSyscallsAttribute(obj.ProfileModification): method modification (line 67) | def modification(self, profile): class AbstractSyscalls (line 73) | class AbstractSyscalls(obj.ProfileModification): method modification (line 75) | def modification(self, profile): class WinXPSyscalls (line 79) | class WinXPSyscalls(AbstractSyscalls): class Win64SyscallVTypes (line 86) | class Win64SyscallVTypes(obj.ProfileModification): method modification (line 90) | def modification(self, profile): class Win2003SyscallVTypes (line 93) | class Win2003SyscallVTypes(obj.ProfileModification): method modification (line 99) | def modification(self, profile): class Win2003SP0Syscalls (line 102) | class Win2003SP0Syscalls(AbstractSyscalls): class Win2003SP12Syscalls (line 112) | class Win2003SP12Syscalls(AbstractSyscalls): class Win2003SP12x64Syscalls (line 119) | class Win2003SP12x64Syscalls(AbstractSyscalls): class VistaSP0Syscalls (line 126) | class VistaSP0Syscalls(AbstractSyscalls): class VistaSP0x64Syscalls (line 134) | class VistaSP0x64Syscalls(AbstractSyscalls): class VistaSP12Syscalls (line 142) | class VistaSP12Syscalls(AbstractSyscalls): class VistaSP12x64Syscalls (line 150) | class VistaSP12x64Syscalls(AbstractSyscalls): class Win7SP01Syscalls (line 158) | class Win7SP01Syscalls(AbstractSyscalls): class Win7SP01x64Syscalls (line 165) | class Win7SP01x64Syscalls(AbstractSyscalls): class Win8SP0x64Syscalls (line 172) | class Win8SP0x64Syscalls(AbstractSyscalls): class Win8SP0x86Syscalls (line 179) | class Win8SP0x86Syscalls(AbstractSyscalls): class Win8SP1x86Syscalls (line 186) | class Win8SP1x86Syscalls(AbstractSyscalls): class Win8SP1x64Syscalls (line 193) | class Win8SP1x64Syscalls(AbstractSyscalls): class Win10x64_10586_Syscalls (line 200) | class Win10x64_10586_Syscalls(AbstractSyscalls): class Win10x86_10586_Syscalls (line 208) | class Win10x86_10586_Syscalls(AbstractSyscalls): class Win10x64_14393_Syscalls (line 216) | class Win10x64_14393_Syscalls(AbstractSyscalls): class Win10x86_14393_Syscalls (line 224) | class Win10x86_14393_Syscalls(AbstractSyscalls): class Win10x64_15063_Syscalls (line 232) | class Win10x64_15063_Syscalls(AbstractSyscalls): class Win10x86_15063_Syscalls (line 240) | class Win10x86_15063_Syscalls(AbstractSyscalls): class Win10x64_16299_Syscalls (line 248) | class Win10x64_16299_Syscalls(AbstractSyscalls): class Win10x86_16299_Syscalls (line 256) | class Win10x86_16299_Syscalls(AbstractSyscalls): FILE: volatility/plugins/overlays/windows/tcpip_vtypes.py class _ADDRESS_OBJECT (line 289) | class _ADDRESS_OBJECT(obj.CType): method is_valid (line 291) | def is_valid(self): class WinXP2003AddressObject (line 294) | class WinXP2003AddressObject(obj.ProfileModification): method modification (line 297) | def modification(self, profile): class WinXP2003Tcpipx64 (line 300) | class WinXP2003Tcpipx64(obj.ProfileModification): method modification (line 306) | def modification(self, profile): class Win2003SP12Tcpip (line 309) | class Win2003SP12Tcpip(obj.ProfileModification): method modification (line 316) | def modification(self, profile): class Vista2008Tcpip (line 319) | class Vista2008Tcpip(obj.ProfileModification): method modification (line 324) | def modification(self, profile): class Win7Tcpip (line 327) | class Win7Tcpip(obj.ProfileModification): method modification (line 333) | def modification(self, profile): class Win7Vista2008x64Tcpip (line 336) | class Win7Vista2008x64Tcpip(obj.ProfileModification): method modification (line 341) | def modification(self, profile): class VistaSP12x64Tcpip (line 344) | class VistaSP12x64Tcpip(obj.ProfileModification): method modification (line 351) | def modification(self, profile): class Win7x64Tcpip (line 358) | class Win7x64Tcpip(obj.ProfileModification): method modification (line 364) | def modification(self, profile): class Win8Tcpip (line 389) | class Win8Tcpip(obj.ProfileModification): method modification (line 395) | def modification(self, profile): class Win81Tcpip (line 410) | class Win81Tcpip(obj.ProfileModification): method modification (line 416) | def modification(self, profile): class Win10Tcpip (line 423) | class Win10Tcpip(obj.ProfileModification): method modification (line 429) | def modification(self, profile): class Win8x64Tcpip (line 460) | class Win8x64Tcpip(obj.ProfileModification): method modification (line 466) | def modification(self, profile): class Win81x64Tcpip (line 481) | class Win81x64Tcpip(obj.ProfileModification): method modification (line 487) | def modification(self, profile): class Win10x64Tcpip (line 494) | class Win10x64Tcpip(obj.ProfileModification): method modification (line 500) | def modification(self, profile): class Win10x64_15063_Tcpip (line 503) | class Win10x64_15063_Tcpip(obj.ProfileModification): method modification (line 512) | def modification(self, profile): FILE: volatility/plugins/overlays/windows/vad_vtypes.py class VadTraverser (line 27) | class VadTraverser(obj.CType): method is_valid (line 37) | def is_valid(self): method traverse (line 42) | def traverse(self, visited = None, depth = 0): class VadFlags (line 77) | class VadFlags(obj.CType): method __str__ (line 78) | def __str__(self): class _MMVAD_FLAGS (line 81) | class _MMVAD_FLAGS(VadFlags): class _MMVAD_FLAGS2 (line 84) | class _MMVAD_FLAGS2(VadFlags): class _MMSECTION_FLAGS (line 87) | class _MMSECTION_FLAGS(VadFlags): class VadFlagsModification (line 90) | class VadFlagsModification(obj.ProfileModification): method modification (line 95) | def modification(self, profile): class VadTagModification (line 102) | class VadTagModification(obj.ProfileModification): method modification (line 107) | def modification(self, profile): class _MMVAD_SHORT_XP (line 155) | class _MMVAD_SHORT_XP(VadTraverser): method Parent (line 158) | def Parent(self): method Start (line 162) | def Start(self): method End (line 166) | def End(self): method Length (line 170) | def Length(self): method VadFlags (line 174) | def VadFlags(self): method CommitCharge (line 178) | def CommitCharge(self): class _MMVAD_XP (line 181) | class _MMVAD_XP(_MMVAD_SHORT_XP): method ControlArea (line 184) | def ControlArea(self): method FileObject (line 188) | def FileObject(self): class _MMVAD_LONG_XP (line 191) | class _MMVAD_LONG_XP(_MMVAD_XP): class WinXPx86Vad (line 194) | class WinXPx86Vad(obj.ProfileModification): method modification (line 202) | def modification(self, profile): class _MMVAD_SHORT_2003 (line 218) | class _MMVAD_SHORT_2003(_MMVAD_SHORT_XP): method Parent (line 221) | def Parent(self): class _MMVAD_2003 (line 227) | class _MMVAD_2003(_MMVAD_SHORT_2003): method ControlArea (line 230) | def ControlArea(self): method FileObject (line 234) | def FileObject(self): class _MMVAD_LONG_2003 (line 237) | class _MMVAD_LONG_2003(_MMVAD_2003): class _MM_AVL_TABLE (line 240) | class _MM_AVL_TABLE(obj.CType): method traverse (line 241) | def traverse(self): class Win2003x86Vad (line 245) | class Win2003x86Vad(obj.ProfileModification): method modification (line 252) | def modification(self, profile): class _MMVAD_VISTA (line 265) | class _MMVAD_VISTA(_MMVAD_SHORT_2003): method ControlArea (line 268) | def ControlArea(self): method FileObject (line 272) | def FileObject(self): class _MMVAD_LONG_VISTA (line 275) | class _MMVAD_LONG_VISTA(_MMVAD_VISTA): class VistaVad (line 278) | class VistaVad(obj.ProfileModification): method modification (line 285) | def modification(self, profile): class _MM_AVL_TABLE_WIN8 (line 298) | class _MM_AVL_TABLE_WIN8(obj.CType): method traverse (line 299) | def traverse(self): class _MM_AVL_NODE (line 303) | class _MM_AVL_NODE(VadTraverser): class _MMVAD_SHORT_WIN8 (line 313) | class _MMVAD_SHORT_WIN8(_MM_AVL_NODE): method Parent (line 316) | def Parent(self): method Start (line 323) | def Start(self): method End (line 327) | def End(self): method VadFlags (line 331) | def VadFlags(self): method CommitCharge (line 335) | def CommitCharge(self): method Length (line 339) | def Length(self): method LeftChild (line 343) | def LeftChild(self): method RightChild (line 347) | def RightChild(self): class _MMVAD_WIN8 (line 350) | class _MMVAD_WIN8(_MM_AVL_NODE): method Parent (line 353) | def Parent(self): method Start (line 357) | def Start(self): method End (line 361) | def End(self): method VadFlags (line 365) | def VadFlags(self): method CommitCharge (line 369) | def CommitCharge(self): method ControlArea (line 373) | def ControlArea(self): method FileObject (line 377) | def FileObject(self): method Length (line 381) | def Length(self): method LeftChild (line 385) | def LeftChild(self): method RightChild (line 389) | def RightChild(self): class Win8Vad (line 392) | class Win8Vad(obj.ProfileModification): method modification (line 399) | def modification(self, profile): class _RTL_AVL_TREE (line 412) | class _RTL_AVL_TREE(obj.CType): method traverse (line 413) | def traverse(self): class _RTL_BALANCED_NODE (line 417) | class _RTL_BALANCED_NODE(VadTraverser): method LeftChild (line 428) | def LeftChild(self): method RightChild (line 432) | def RightChild(self): class _MMVAD_SHORT_WIN81 (line 435) | class _MMVAD_SHORT_WIN81(_RTL_BALANCED_NODE): method Parent (line 438) | def Parent(self): method Start (line 445) | def Start(self): method End (line 449) | def End(self): method VadFlags (line 453) | def VadFlags(self): method CommitCharge (line 457) | def CommitCharge(self): method Length (line 461) | def Length(self): method LeftChild (line 465) | def LeftChild(self): method RightChild (line 469) | def RightChild(self): class _MMVAD_SHORT_WIN81_64 (line 472) | class _MMVAD_SHORT_WIN81_64(_MMVAD_SHORT_WIN81): method Start (line 475) | def Start(self): method End (line 479) | def End(self): class _MMVAD_WIN81 (line 482) | class _MMVAD_WIN81(_MMVAD_SHORT_WIN81): method Parent (line 485) | def Parent(self): method Start (line 489) | def Start(self): method End (line 493) | def End(self): method VadFlags (line 497) | def VadFlags(self): method CommitCharge (line 501) | def CommitCharge(self): method ControlArea (line 505) | def ControlArea(self): method FileObject (line 509) | def FileObject(self): method Length (line 513) | def Length(self): method LeftChild (line 517) | def LeftChild(self): method RightChild (line 521) | def RightChild(self): class Win81Vad (line 524) | class Win81Vad(obj.ProfileModification): method modification (line 531) | def modification(self, profile): FILE: volatility/plugins/overlays/windows/vista.py class _ETHREAD (line 35) | class _ETHREAD(windows._ETHREAD): method owning_process (line 38) | def owning_process(self): class _POOL_HEADER (line 42) | class _POOL_HEADER(windows._POOL_HEADER): method NonPagedPool (line 46) | def NonPagedPool(self): method PagedPool (line 50) | def PagedPool(self): class _TOKEN (line 53) | class _TOKEN(windows._TOKEN): method privileges (line 55) | def privileges(self): class VistaWin7KPCR (line 67) | class VistaWin7KPCR(obj.ProfileModification): method modification (line 72) | def modification(self, profile): class Vistax86DTB (line 78) | class Vistax86DTB(obj.ProfileModification): method modification (line 86) | def modification(self, profile): class Vistax64DTB (line 92) | class Vistax64DTB(obj.ProfileModification): method modification (line 100) | def modification(self, profile): class VistaObjectClasses (line 107) | class VistaObjectClasses(obj.ProfileModification): method modification (line 113) | def modification(self, profile): class VistaKDBG (line 119) | class VistaKDBG(windows.AbstractKDBGMod): class VistaSP1KDBG (line 126) | class VistaSP1KDBG(windows.AbstractKDBGMod): class VistaPolicyKey (line 135) | class VistaPolicyKey(obj.ProfileModification): method modification (line 140) | def modification(self, profile): class VistaSP0x86Hiber (line 146) | class VistaSP0x86Hiber(obj.ProfileModification): method modification (line 153) | def modification(self, profile): class VistaSP1x86Hiber (line 160) | class VistaSP1x86Hiber(obj.ProfileModification): method modification (line 167) | def modification(self, profile): class VistaSP2x86Hiber (line 174) | class VistaSP2x86Hiber(obj.ProfileModification): method modification (line 181) | def modification(self, profile): class VistaSP0x64Hiber (line 189) | class VistaSP0x64Hiber(obj.ProfileModification): method modification (line 196) | def modification(self, profile): class VistaSP1x64Hiber (line 204) | class VistaSP1x64Hiber(obj.ProfileModification): method modification (line 211) | def modification(self, profile): class VistaSP2x64Hiber (line 218) | class VistaSP2x64Hiber(obj.ProfileModification): method modification (line 225) | def modification(self, profile): class VistaSP0x86 (line 232) | class VistaSP0x86(obj.Profile): class VistaSP0x64 (line 242) | class VistaSP0x64(obj.Profile): class VistaSP1x86 (line 252) | class VistaSP1x86(obj.Profile): class VistaSP1x64 (line 262) | class VistaSP1x64(obj.Profile): class VistaSP2x86 (line 272) | class VistaSP2x86(obj.Profile): class VistaSP2x64 (line 282) | class VistaSP2x64(obj.Profile): class Win2008SP1x64 (line 292) | class Win2008SP1x64(VistaSP1x64): class Win2008SP2x64 (line 296) | class Win2008SP2x64(VistaSP2x64): class Win2008SP1x86 (line 300) | class Win2008SP1x86(VistaSP1x86): class Win2008SP2x86 (line 304) | class Win2008SP2x86(VistaSP2x86): FILE: volatility/plugins/overlays/windows/win10.py class _HMAP_ENTRY (line 42) | class _HMAP_ENTRY(obj.CType): method BlockAddress (line 45) | def BlockAddress(self): class Win10Registry (line 48) | class Win10Registry(obj.ProfileModification): method modification (line 55) | def modification(self, profile): class _CM_KEY_BODY (line 58) | class _CM_KEY_BODY(windows._CM_KEY_BODY): method full_key_name (line 61) | def full_key_name(self): class Win10x64DTB (line 78) | class Win10x64DTB(obj.ProfileModification): method modification (line 88) | def modification(self, profile): class Win10x86DTB (line 103) | class Win10x86DTB(obj.ProfileModification): method modification (line 113) | def modification(self, profile): class Win10ObjectClasses (line 128) | class Win10ObjectClasses(obj.ProfileModification): method modification (line 137) | def modification(self, profile): class Win10KDBG (line 140) | class Win10KDBG(windows.AbstractKDBGMod): class Win10_17763KDBG (line 151) | class Win10_17763KDBG(windows.AbstractKDBGMod): class ObHeaderCookieStore (line 162) | class ObHeaderCookieStore(object): method __init__ (line 167) | def __init__(self): method cookie (line 170) | def cookie(self): method findcookie (line 173) | def findcookie(self, kernel_space): method instance (line 280) | def instance(): class VolatilityCookie (line 286) | class VolatilityCookie(obj.VolatilityMagic): method v (line 289) | def v(self): method get_suggestions (line 295) | def get_suggestions(self): method generate_suggestions (line 301) | def generate_suggestions(self): class Win10Cookie (line 306) | class Win10Cookie(obj.ProfileModification): method modification (line 316) | def modification(self, profile): class _OBJECT_HEADER_10 (line 323) | class _OBJECT_HEADER_10(win8._OBJECT_HEADER): method TypeIndex (line 326) | def TypeIndex(self): method is_valid (line 336) | def is_valid(self): class _OBJECT_HEADER_10_1AC738FB (line 406) | class _OBJECT_HEADER_10_1AC738FB(_OBJECT_HEADER_10): class _OBJECT_HEADER_10_DD08DD42 (line 463) | class _OBJECT_HEADER_10_DD08DD42(_OBJECT_HEADER_10): class _OBJECT_HEADER_10_15063 (line 526) | class _OBJECT_HEADER_10_15063(_OBJECT_HEADER_10): class _OBJECT_HEADER_10_16299 (line 591) | class _OBJECT_HEADER_10_16299(_OBJECT_HEADER_10): class _OBJECT_HEADER_10_17134 (line 660) | class _OBJECT_HEADER_10_17134(_OBJECT_HEADER_10): class _OBJECT_HEADER_10_18362 (line 731) | class _OBJECT_HEADER_10_18362(_OBJECT_HEADER_10): class _HANDLE_TABLE_10_DD08DD42 (line 803) | class _HANDLE_TABLE_10_DD08DD42(win8._HANDLE_TABLE_81R264): method decode_pointer (line 805) | def decode_pointer(self, value): class Win10ObjectHeader (line 814) | class Win10ObjectHeader(obj.ProfileModification): method modification (line 820) | def modification(self, profile): class WSLPicoModifcation (line 872) | class WSLPicoModifcation(obj.ProfileModification): method modification (line 882) | def modification(self, profile): class Win10PoolHeader (line 901) | class Win10PoolHeader(obj.ProfileModification): method modification (line 908) | def modification(self, profile): class Win10x64 (line 939) | class Win10x64(obj.Profile): class Win10x64_10240_17770 (line 949) | class Win10x64_10240_17770(obj.Profile): class Win10x64_10586 (line 959) | class Win10x64_10586(obj.Profile): class Win10x64_14393 (line 969) | class Win10x64_14393(obj.Profile): class Win10x86 (line 979) | class Win10x86(obj.Profile): class Win10x86_10240_17770 (line 989) | class Win10x86_10240_17770(obj.Profile): class Win10x86_10586 (line 999) | class Win10x86_10586(obj.Profile): class Win10x86_14393 (line 1009) | class Win10x86_14393(obj.Profile): class Win2016x64_14393 (line 1019) | class Win2016x64_14393(Win10x64_14393): class Win10x86_15063 (line 1029) | class Win10x86_15063(obj.Profile): class Win10x86_16299 (line 1039) | class Win10x86_16299(obj.Profile): class Win10x86_17134 (line 1049) | class Win10x86_17134(obj.Profile): class Win10x86_17763 (line 1059) | class Win10x86_17763(obj.Profile): class Win10x86_18362 (line 1069) | class Win10x86_18362(obj.Profile): class Win10x86_19041 (line 1079) | class Win10x86_19041(obj.Profile): class Win10x64_15063 (line 1089) | class Win10x64_15063(obj.Profile): class Win10x64_16299 (line 1099) | class Win10x64_16299(obj.Profile): class Win10x64_17134 (line 1109) | class Win10x64_17134(obj.Profile): class Win10x64_17763 (line 1119) | class Win10x64_17763(obj.Profile): class Win10x64_18362 (line 1129) | class Win10x64_18362(obj.Profile): class Win10x64_19041 (line 1139) | class Win10x64_19041(obj.Profile): FILE: volatility/plugins/overlays/windows/win2003.py class Win2003x86Hiber (line 34) | class Win2003x86Hiber(obj.ProfileModification): method modification (line 40) | def modification(self, profile): class Win2003x64Hiber (line 47) | class Win2003x64Hiber(obj.ProfileModification): method modification (line 53) | def modification(self, profile): class Win2003KDBG (line 60) | class Win2003KDBG(windows.AbstractKDBGMod): class Win2003SP0x86DTB (line 67) | class Win2003SP0x86DTB(obj.ProfileModification): method modification (line 76) | def modification(self, profile): class Win2003x86DTB (line 82) | class Win2003x86DTB(obj.ProfileModification): method modification (line 89) | def modification(self, profile): class Win2003x64DTB (line 95) | class Win2003x64DTB(obj.ProfileModification): method modification (line 102) | def modification(self, profile): class EThreadCreateTime (line 109) | class EThreadCreateTime(obj.ProfileModification): method check (line 112) | def check(self, profile): method modification (line 119) | def modification(self, profile): class Win2003SP0x86 (line 125) | class Win2003SP0x86(obj.Profile): class Win2003SP1x86 (line 138) | class Win2003SP1x86(obj.Profile): class Win2003SP2x86 (line 148) | class Win2003SP2x86(obj.Profile): class Win2003SP1x64 (line 159) | class Win2003SP1x64(obj.Profile): class Win2003SP2x64 (line 169) | class Win2003SP2x64(obj.Profile): class WinXPSP1x64 (line 180) | class WinXPSP1x64(Win2003SP1x64): class WinXPSP2x64 (line 184) | class WinXPSP2x64(Win2003SP2x64): FILE: volatility/plugins/overlays/windows/win7.py class Win7Pointer64 (line 34) | class Win7Pointer64(obj.ProfileModification): method modification (line 40) | def modification(self, profile): class Win7KDBG (line 43) | class Win7KDBG(windows.AbstractKDBGMod): class Win7x86DTB (line 50) | class Win7x86DTB(obj.ProfileModification): method modification (line 58) | def modification(self, profile): class Win7x64DTB (line 64) | class Win7x64DTB(obj.ProfileModification): method modification (line 72) | def modification(self, profile): class _OBJECT_HEADER (line 78) | class _OBJECT_HEADER(windows._OBJECT_HEADER): method find_optional_headers (line 136) | def find_optional_headers(self): method get_object_type (line 150) | def get_object_type(self): class Win7ObjectClasses (line 157) | class Win7ObjectClasses(obj.ProfileModification): method modification (line 163) | def modification(self, profile): class Win7x86Hiber (line 166) | class Win7x86Hiber(obj.ProfileModification): method modification (line 172) | def modification(self, profile): class Win7x64Hiber (line 179) | class Win7x64Hiber(obj.ProfileModification): method modification (line 185) | def modification(self, profile): class Win7SP0x86 (line 192) | class Win7SP0x86(obj.Profile): class Win7SP1x86 (line 202) | class Win7SP1x86(obj.Profile): class Win7SP1x86_23418 (line 212) | class Win7SP1x86_23418(obj.Profile): class Win7SP1x86_24000 (line 222) | class Win7SP1x86_24000(obj.Profile): class Win7SP0x64 (line 232) | class Win7SP0x64(obj.Profile): class Win7SP1x64 (line 242) | class Win7SP1x64(obj.Profile): class Win7SP1x64_23418 (line 252) | class Win7SP1x64_23418(obj.Profile): class Win7SP1x64_24000 (line 262) | class Win7SP1x64_24000(obj.Profile): class Win2008R2SP0x64 (line 272) | class Win2008R2SP0x64(Win7SP0x64): class Win2008R2SP1x64 (line 276) | class Win2008R2SP1x64(Win7SP1x64): class Win2008R2SP1x64_23418 (line 280) | class Win2008R2SP1x64_23418(Win7SP1x64_23418): class Win2008R2SP1x64_24000 (line 284) | class Win2008R2SP1x64_24000(Win7SP1x64_24000): FILE: volatility/plugins/overlays/windows/win8.py class _HANDLE_TABLE32 (line 48) | class _HANDLE_TABLE32(windows._HANDLE_TABLE): method HandleCount (line 52) | def HandleCount(self): method get_item (line 63) | def get_item(self, entry, handle_value = 0): class _HANDLE_TABLE64 (line 78) | class _HANDLE_TABLE64(_HANDLE_TABLE32): method decode_pointer (line 83) | def decode_pointer(self, value): method get_item (line 96) | def get_item(self, entry, handle_value = 0): class _HANDLE_TABLE_81R264 (line 111) | class _HANDLE_TABLE_81R264(_HANDLE_TABLE64): class _PSP_CID_TABLE32 (line 115) | class _PSP_CID_TABLE32(_HANDLE_TABLE32): class _PSP_CID_TABLE64 (line 118) | class _PSP_CID_TABLE64(_HANDLE_TABLE64): method get_item (line 121) | def get_item(self, entry, handle_value = 0): class _PSP_CID_TABLE_81R264 (line 138) | class _PSP_CID_TABLE_81R264(_PSP_CID_TABLE64): class _OBJECT_HEADER (line 142) | class _OBJECT_HEADER(win7._OBJECT_HEADER): method GrantedAccess (line 204) | def GrantedAccess(self): method is_valid (line 212) | def is_valid(self): class _OBJECT_HEADER_81R2 (line 226) | class _OBJECT_HEADER_81R2(_OBJECT_HEADER): class Win8KDBG (line 276) | class Win8KDBG(windows.AbstractKDBGMod): method modification (line 286) | def modification(self, profile): class Win8x86DTB (line 299) | class Win8x86DTB(obj.ProfileModification): method modification (line 309) | def modification(self, profile): class Win8x64MaxCommit (line 315) | class Win8x64MaxCommit(obj.ProfileModification): method modification (line 325) | def modification(self, profile): class Win8x64DTB (line 331) | class Win8x64DTB(obj.ProfileModification): method modification (line 341) | def modification(self, profile): class Win8x86SyscallVTypes (line 347) | class Win8x86SyscallVTypes(obj.ProfileModification): method modification (line 356) | def modification(self, profile): class Win8ObjectClasses (line 361) | class Win8ObjectClasses(obj.ProfileModification): method modification (line 367) | def modification(self, profile): class Win8SP0x64 (line 395) | class Win8SP0x64(obj.Profile): class Win8SP1x64 (line 405) | class Win8SP1x64(obj.Profile): class Win8SP1x64_18340 (line 415) | class Win8SP1x64_18340(obj.Profile): class Win2012x64 (line 425) | class Win2012x64(Win8SP0x64): class Win2012R2x64 (line 430) | class Win2012R2x64(Win8SP1x64): class Win2012R2x64_18340 (line 435) | class Win2012R2x64_18340(Win8SP1x64_18340): class Win8SP0x86 (line 440) | class Win8SP0x86(obj.Profile): class Win8SP1x86 (line 450) | class Win8SP1x86(obj.Profile): class Win81U1x64 (line 460) | class Win81U1x64(obj.Profile): class Win81U1x86 (line 470) | class Win81U1x86(obj.Profile): FILE: volatility/plugins/overlays/windows/win8_kdbg.py class VolatilityKDBG (line 37) | class VolatilityKDBG(obj.VolatilityMagic): method v (line 46) | def v(self): method get_suggestions (line 57) | def get_suggestions(self): method decode_kdbg (line 63) | def decode_kdbg(self, vals): method unique_sizes (line 88) | def unique_sizes(self): method copy_data_block (line 109) | def copy_data_block(self, full_addr): method generate_suggestions (line 262) | def generate_suggestions(self): class Win8x64VolatilityKDBG (line 296) | class Win8x64VolatilityKDBG(obj.ProfileModification): method modification (line 305) | def modification(self, profile): FILE: volatility/plugins/overlays/windows/windows.py class ExecutiveObjectMixin (line 155) | class ExecutiveObjectMixin(object): method get_object_header (line 160) | def get_object_header(self): class _UNICODE_STRING (line 166) | class _UNICODE_STRING(obj.CType): method v (line 174) | def v(self): method dereference (line 184) | def dereference(self): method proxied (line 192) | def proxied(self, _name): method __nonzero__ (line 195) | def __nonzero__(self): method __format__ (line 199) | def __format__(self, formatspec): method __str__ (line 202) | def __str__(self): method __unicode__ (line 205) | def __unicode__(self): method __len__ (line 208) | def __len__(self): class _LIST_ENTRY (line 211) | class _LIST_ENTRY(obj.CType): method get_next_entry (line 213) | def get_next_entry(self, member): method list_of_type (line 216) | def list_of_type(self, type, member, forward = True, head_sentinel = T... method __nonzero__ (line 251) | def __nonzero__(self): method __iter__ (line 255) | def __iter__(self): class WinTimeStamp (line 258) | class WinTimeStamp(obj.NativeType): method __init__ (line 261) | def __init__(self, theType, offset, vm, is_utc = False, **kwargs): method windows_to_unix_time (line 265) | def windows_to_unix_time(self, windows_time): method as_windows_timestamp (line 286) | def as_windows_timestamp(self): method v (line 289) | def v(self): method __nonzero__ (line 293) | def __nonzero__(self): method __str__ (line 296) | def __str__(self): method as_datetime (line 299) | def as_datetime(self): method __format__ (line 309) | def __format__(self, formatspec): class DosDate (line 316) | class DosDate(obj.NativeType): method __init__ (line 317) | def __init__(self, theType, offset, vm, is_utc = False, **kwargs): method as_dos_timestamp (line 321) | def as_dos_timestamp(self): method v (line 324) | def v(self): method __nonzero__ (line 328) | def __nonzero__(self): method __str__ (line 331) | def __str__(self): method as_datetime (line 334) | def as_datetime(self): method __format__ (line 344) | def __format__(self, formatspec): method dos_to_unix_time (line 351) | def dos_to_unix_time(self, dosdate): class _EPROCESS (line 381) | class _EPROCESS(obj.CType, ExecutiveObjectMixin): method Peb (line 384) | def Peb(self): method Peb32 (line 403) | def Peb32(self): method get_process_address_space (line 433) | def get_process_address_space(self): method _get_modules (line 446) | def _get_modules(self, the_list, entry_type, link_member): method _prep_get_modules (line 453) | def _prep_get_modules(self, list_member, link_member): method get_init_modules (line 462) | def get_init_modules(self): method get_mem_modules (line 465) | def get_mem_modules(self): method get_load_modules (line 468) | def get_load_modules(self): method get_token (line 471) | def get_token(self): method Wow64Process (line 486) | def Wow64Process(self): method IsWow64 (line 500) | def IsWow64(self): method ImageFileName (line 506) | def ImageFileName(self): method SessionId (line 525) | def SessionId(self): method get_vads (line 537) | def get_vads(self, vad_filter = None, skip_max_commit = False): method search_process_memory (line 580) | def search_process_memory(self, s, vad_filter = None): method _injection_filter (line 619) | def _injection_filter(self, vad): method _mapped_file_filter (line 656) | def _mapped_file_filter(self, vad): method environment_variables (line 671) | def environment_variables(self): method is_valid (line 701) | def is_valid(self): class _TOKEN (line 742) | class _TOKEN(obj.CType): method is_valid (line 745) | def is_valid(self): method get_sids (line 750) | def get_sids(self): method privileges (line 767) | def privileges(self): class _OBJECT_TYPE (line 788) | class _OBJECT_TYPE(obj.CType, ExecutiveObjectMixin): class _ETHREAD (line 791) | class _ETHREAD(obj.CType, ExecutiveObjectMixin): method owning_process (line 794) | def owning_process(self): method attached_process (line 798) | def attached_process(self): method is_valid (line 803) | def is_valid(self): class _HANDLE_TABLE (line 823) | class _HANDLE_TABLE(obj.CType): method get_item (line 831) | def get_item(self, entry, handle_value = 0): method _make_handle_array (line 838) | def _make_handle_array(self, offset, level, depth = 0): method handles (line 899) | def handles(self): class _OBJECT_HEADER (line 928) | class _OBJECT_HEADER(obj.CType): method __init__ (line 938) | def __init__(self, *args, **kwargs): method find_optional_headers (line 946) | def find_optional_headers(self): method GrantedAccess (line 961) | def GrantedAccess(self): method dereference_as (line 966) | def dereference_as(self, theType): method get_object_type (line 971) | def get_object_type(self): method is_valid (line 977) | def is_valid(self): class _OBJECT_SYMBOLIC_LINK (line 986) | class _OBJECT_SYMBOLIC_LINK(obj.CType, ExecutiveObjectMixin): method is_valid (line 989) | def is_valid(self): class _KMUTANT (line 992) | class _KMUTANT(obj.CType, ExecutiveObjectMixin): class _FILE_OBJECT (line 995) | class _FILE_OBJECT(obj.CType, ExecutiveObjectMixin): method file_name_with_device (line 998) | def file_name_with_device(self): method access_string (line 1012) | def access_string(self): method is_valid (line 1022) | def is_valid(self): class _EX_FAST_REF (line 1025) | class _EX_FAST_REF(obj.CType): method dereference_as (line 1029) | def dereference_as(self, theType, parent = None, **kwargs): class ThreadCreateTimeStamp (line 1033) | class ThreadCreateTimeStamp(WinTimeStamp): method __init__ (line 1035) | def __init__(self, *args, **kwargs): method as_windows_timestamp (line 1038) | def as_windows_timestamp(self): class VolatilityKPCR (line 1041) | class VolatilityKPCR(obj.VolatilityMagic): method __init__ (line 1044) | def __init__(self, *args, **kwargs): method generate_suggestions (line 1050) | def generate_suggestions(self): class VolatilityKDBG (line 1056) | class VolatilityKDBG(obj.VolatilityMagic): method v (line 1059) | def v(self): method get_suggestions (line 1065) | def get_suggestions(self): method generate_suggestions (line 1071) | def generate_suggestions(self): class VolatilityIA32ValidAS (line 1078) | class VolatilityIA32ValidAS(obj.VolatilityMagic): method generate_suggestions (line 1081) | def generate_suggestions(self): class VolatilityAMD64ValidAS (line 1110) | class VolatilityAMD64ValidAS(obj.VolatilityMagic): method generate_suggestions (line 1111) | def generate_suggestions(self): class _CM_KEY_BODY (line 1121) | class _CM_KEY_BODY(obj.CType): method full_key_name (line 1124) | def full_key_name(self): class _CMHIVE (line 1136) | class _CMHIVE(obj.CType): method get_name (line 1139) | def get_name(self): method address_space (line 1147) | def address_space(self): method is_valid (line 1150) | def is_valid(self): class _POOL_HEADER (line 1153) | class _POOL_HEADER(obj.CType): method FreePool (line 1162) | def FreePool(self): method NonPagedPool (line 1166) | def NonPagedPool(self): method PagedPool (line 1170) | def PagedPool(self): method get_object_bottom_up (line 1173) | def get_object_bottom_up(self, struct_name, object_type, skip_type_che... method get_object_top_down (line 1199) | def get_object_top_down(self, object_name, object_type, _skip_type_che... method get_object (line 1239) | def get_object(self, struct_name, object_type = None, use_top_down = F... class WindowsOverlay (line 1268) | class WindowsOverlay(obj.ProfileModification): method modification (line 1272) | def modification(self, profile): class WindowsVTypes (line 1275) | class WindowsVTypes(obj.ProfileModification): method modification (line 1279) | def modification(self, profile): class WindowsObjectClasses (line 1286) | class WindowsObjectClasses(obj.ProfileModification): method modification (line 1290) | def modification(self, profile): class VolMagicPoolTag (line 1318) | class VolMagicPoolTag(obj.VolatilityMagic): method __init__ (line 1321) | def __init__(self, *args, **kwargs): method generate_suggestions (line 1327) | def generate_suggestions(self): class HandleTableEntryPreWin8 (line 1335) | class HandleTableEntryPreWin8(obj.ProfileModification): method modification (line 1340) | def modification(self, profile): class PoolTagModification (line 1351) | class PoolTagModification(obj.ProfileModification): method modification (line 1356) | def modification(self, profile): class AbstractKDBGMod (line 1378) | class AbstractKDBGMod(obj.ProfileModification): method modification (line 1381) | def modification(self, profile): FILE: volatility/plugins/overlays/windows/windows64.py class Pointer64Decorator (line 31) | class Pointer64Decorator(object): method __init__ (line 32) | def __init__(self, f): method __call__ (line 35) | def __call__(self, name, typeList, typeDict = None): class _EX_FAST_REF (line 41) | class _EX_FAST_REF(windows._EX_FAST_REF): class LIST_ENTRY32 (line 44) | class LIST_ENTRY32(windows._LIST_ENTRY): method get_next_entry (line 46) | def get_next_entry(self, member): class ExFastRefx64 (line 49) | class ExFastRefx64(obj.ProfileModification): method modification (line 53) | def modification(self, profile): class Windows64Overlay (line 57) | class Windows64Overlay(obj.ProfileModification): method modification (line 62) | def modification(self, profile): class WinPeb32 (line 90) | class WinPeb32(obj.ProfileModification): method cast_as_32bit (line 96) | def cast_as_32bit(self, source_vtype): method modification (line 115) | def modification(self, profile): FILE: volatility/plugins/overlays/windows/xp.py class XPOverlay (line 34) | class XPOverlay(obj.ProfileModification): method modification (line 40) | def modification(self, profile): class WinXPSP2x86 (line 50) | class WinXPSP2x86(obj.Profile): class WinXPSP3x86 (line 59) | class WinXPSP3x86(obj.Profile): FILE: volatility/plugins/patcher.py class MultiPageScanner (line 46) | class MultiPageScanner(object): method __init__ (line 51) | def __init__(self, patchers, full = False): method use_fullpage (line 56) | def use_fullpage(self, address_space): method scan (line 66) | def scan(self, address_space, outfd): method scan_page (line 98) | def scan_page(self, address_space, page_offset, fullpage = False): class PatcherObject (line 114) | class PatcherObject(object): method __init__ (line 116) | def __init__(self, name): method add_constraint (line 121) | def add_constraint(self, offset, data): method add_patch (line 126) | def add_patch(self, offset, patch): method patch (line 131) | def patch(self, addr_space, page_offset): method get_patches (line 138) | def get_patches(self): method get_constraints (line 142) | def get_constraints(self): method get_name (line 145) | def get_name(self): class Patcher (line 149) | class Patcher(commands.Command): method __init__ (line 151) | def __init__(self, config, *args, **kwargs): method calculate (line 156) | def calculate(self): method render_text (line 162) | def render_text(self, outfd, data): method get_offset (line 167) | def get_offset(self, tag): method parse_patchfile (line 178) | def parse_patchfile(self): FILE: volatility/plugins/patchguard.py function rol (line 3) | def rol(value, count): function bswap (line 13) | def bswap(value): FILE: volatility/plugins/pooltracker.py class PoolTrackTagOverlay (line 32) | class PoolTrackTagOverlay(obj.ProfileModification): method modification (line 37) | def modification(self, profile): class PoolTracker (line 48) | class PoolTracker(common.AbstractWindowsCommand): method __init__ (line 51) | def __init__(self, config, *args, **kwargs): method is_valid_profile (line 64) | def is_valid_profile(profile): method calculate (line 68) | def calculate(self): method render_whitelist (line 130) | def render_whitelist(self, outfd, data): method render_text (line 137) | def render_text(self, outfd, data): method unified_output (line 158) | def unified_output(self, data): method generator (line 170) | def generator(self, data): class GenericPoolScan (line 189) | class GenericPoolScan(poolscan.SinglePoolScanner): class PoolPeek (line 192) | class PoolPeek(common.AbstractWindowsCommand): method __init__ (line 195) | def __init__(self, config, *args, **kwargs): method calculate (line 211) | def calculate(self): method render_text (line 242) | def render_text(self, outfd, data): FILE: volatility/plugins/privileges.py class TokenXP2003 (line 35) | class TokenXP2003(obj.ProfileModification): method modification (line 38) | def modification(self, profile): class Privs (line 81) | class Privs(taskmods.DllList): method __init__ (line 84) | def __init__(self, config, *args): method generator (line 93) | def generator(self, data): method unified_output (line 133) | def unified_output(self, data): method render_text (line 143) | def render_text(self, outfd, data): FILE: volatility/plugins/procdump.py class ProcDump (line 35) | class ProcDump(taskmods.DllList): method __init__ (line 37) | def __init__(self, config, *args, **kwargs): method dump_pe (line 51) | def dump_pe(self, space, base, dump_file): method calculate (line 82) | def calculate(self): method unified_output (line 90) | def unified_output(self, data): method generator (line 99) | def generator(self, data): method render_text (line 121) | def render_text(self, outfd, data): FILE: volatility/plugins/pstree.py class ProcessAuditVTypes (line 35) | class ProcessAuditVTypes(obj.ProfileModification): method modification (line 38) | def modification(self, profile): class PSTree (line 47) | class PSTree(common.AbstractWindowsCommand): method find_root (line 52) | def find_root(self, pid_dict, pid): method generator (line 62) | def generator(self, data): method unified_output (line 100) | def unified_output(self, data): method render_text (line 118) | def render_text(self, outfd, data): method calculate (line 168) | def calculate(self): FILE: volatility/plugins/raw2dmp.py class Raw2dmp (line 27) | class Raw2dmp(imagecopy.ImageCopy): method calculate (line 30) | def calculate(self): method convert_to_crash (line 38) | def convert_to_crash(config, output): FILE: volatility/plugins/registry/amcache.py class AmCache (line 90) | class AmCache(common.AbstractWindowsCommand): method __init__ (line 93) | def __init__(self, config, *args, **kwargs): method calculate (line 99) | def calculate(self): method unified_output (line 149) | def unified_output(self, data): method generator (line 158) | def generator(self, data): method render_text (line 169) | def render_text(self, outfd, data): FILE: volatility/plugins/registry/auditpol.py class AuditPolDataXP (line 205) | class AuditPolDataXP(obj.CType): method __str__ (line 206) | def __str__(self): class AuditPolDataVista (line 217) | class AuditPolDataVista(obj.CType): method __str__ (line 218) | def __str__(self): class AuditPolData8 (line 260) | class AuditPolData8(obj.CType): method __str__ (line 261) | def __str__(self): class AuditPolData10 (line 267) | class AuditPolData10(obj.CType): method __str__ (line 268) | def __str__(self): class AuditPolData7 (line 274) | class AuditPolData7(obj.CType): method __str__ (line 275) | def __str__(self): class AuditpolTypesXP (line 317) | class AuditpolTypesXP(obj.ProfileModification): method modification (line 322) | def modification(self, profile): class AuditpolTypesVista (line 329) | class AuditpolTypesVista(obj.ProfileModification): method modification (line 334) | def modification(self, profile): class AudipolWin7 (line 340) | class AudipolWin7(obj.ProfileModification): method modification (line 345) | def modification(self, profile): class AudipolWin8 (line 351) | class AudipolWin8(obj.ProfileModification): method modification (line 356) | def modification(self, profile): class AudipolWin10 (line 362) | class AudipolWin10(obj.ProfileModification): method modification (line 367) | def modification(self, profile): class Auditpol (line 374) | class Auditpol(common.AbstractWindowsCommand): method __init__ (line 377) | def __init__(self, config, *args, **kwargs): method is_valid_profile (line 384) | def is_valid_profile(profile): method get_yield (line 387) | def get_yield(self, ap): method calculate (line 392) | def calculate(self): method unified_output (line 418) | def unified_output(self, data): method generator (line 423) | def generator(self, data): method render_text (line 441) | def render_text(self, outfd, data): FILE: volatility/plugins/registry/dumpregistry.py class DumpRegistry (line 36) | class DumpRegistry(common.AbstractWindowsCommand): method __init__ (line 38) | def __init__(self, config, *args, **kwargs): method fixname (line 47) | def fixname(self, name, offset): method calculate (line 58) | def calculate(self): method render_text (line 72) | def render_text(self, outfd, data): FILE: volatility/plugins/registry/hivelist.py class HiveList (line 37) | class HiveList(hs.HiveScan): method unified_output (line 54) | def unified_output(self, data): method generator (line 60) | def generator(self, data): method render_text (line 70) | def render_text(self, outfd, result): method calculate (line 85) | def calculate(self): FILE: volatility/plugins/registry/hivescan.py class PoolScanHive (line 37) | class PoolScanHive(poolscan.PoolScanner): method __init__ (line 40) | def __init__(self, address_space): class HiveScan (line 49) | class HiveScan(common.AbstractScanCommand): method calculate (line 65) | def calculate(self): method unified_output (line 79) | def unified_output(self, data): method generator (line 83) | def generator(self, data): method render_text (line 87) | def render_text(self, outfd, data): FILE: volatility/plugins/registry/lsadump.py class LSADump (line 41) | class LSADump(common.AbstractWindowsCommand): method __init__ (line 54) | def __init__(self, config, *args, **kwargs): method calculate (line 62) | def calculate(self): method render_text (line 80) | def render_text(self, outfd, data): method unified_output (line 87) | def unified_output(self, data): method generator (line 92) | def generator(self, data): class HashDump (line 96) | class HashDump(common.AbstractWindowsCommand): method __init__ (line 99) | def __init__(self, config, *args, **kwargs): method calculate (line 107) | def calculate(self): method render_text (line 124) | def render_text(self, outfd, data): method unified_output (line 135) | def unified_output(self, data): method generator (line 139) | def generator(self, data): class CacheDump (line 143) | class CacheDump(common.AbstractWindowsCommand): method __init__ (line 146) | def __init__(self, config, *args, **kwargs): method calculate (line 154) | def calculate(self): method render_text (line 171) | def render_text(self, outfd, data): method unified_output (line 178) | def unified_output(self, data): method generator (line 182) | def generator(self, data): FILE: volatility/plugins/registry/printkey.py function vol (line 41) | def vol(k): class PrintKey (line 44) | class PrintKey(hivelist.HiveList): method __init__ (line 57) | def __init__(self, config, *args, **kwargs): method calculate (line 64) | def calculate(self): method voltext (line 85) | def voltext(self, key): method render_text (line 88) | def render_text(self, outfd, data): method unified_output (line 120) | def unified_output(self, data): method generator (line 133) | def generator(self, data): class HiveDump (line 196) | class HiveDump(common.AbstractWindowsCommand): method __init__ (line 198) | def __init__(self, config, *args, **kwargs): method calculate (line 203) | def calculate(self): method render_text (line 212) | def render_text(self, outfd, data): method unified_output (line 217) | def unified_output(self, data): method generator (line 222) | def generator(self, data): method print_key (line 233) | def print_key(self, outfd, keypath, key): FILE: volatility/plugins/registry/registryapi.py class RegistryApi (line 37) | class RegistryApi(object): method __init__ (line 40) | def __init__(self, config): method print_offsets (line 48) | def print_offsets(self): method populate_offsets (line 57) | def populate_offsets(self): method reg_get_currentcontrolset (line 69) | def reg_get_currentcontrolset(self, fullname = True): method set_current (line 86) | def set_current(self, hive_name = None, user = None): method reset_current (line 112) | def reset_current(self): method reg_get_key (line 118) | def reg_get_key(self, hive_name, key, user = None, given_root = None): method reg_get_key_path (line 140) | def reg_get_key_path(self, key): method reg_yield_key (line 151) | def reg_yield_key(self, hive_name, key, user = None, given_root = None): method reg_enum_key (line 172) | def reg_enum_key(self, hive_name, key, user = None): method reg_get_all_subkeys (line 183) | def reg_get_all_subkeys(self, hive_name, key, user = None, given_root ... method reg_yield_values (line 194) | def reg_yield_values(self, hive_name, key, thetype = None, given_root ... method reg_get_value (line 209) | def reg_get_value(self, hive_name, key, value, strcmp = None, given_ro... method reg_get_all_keys (line 232) | def reg_get_all_keys(self, hive_name, user = None, start = None, end =... method reg_get_last_modified (line 293) | def reg_get_last_modified(self, hive_name, count = 1, user = None, sta... FILE: volatility/plugins/registry/shellbags.py class _GUID (line 279) | class _GUID(obj.CType): method __str__ (line 280) | def __str__(self): class ITEMPOS (line 284) | class ITEMPOS(obj.CType): method get_file_attrs (line 285) | def get_file_attrs(self): method body (line 294) | def body(self, details): method __str__ (line 304) | def __str__(self): method get_items (line 312) | def get_items(self): method get_header (line 322) | def get_header(self): class FILE_ENTRY (line 331) | class FILE_ENTRY(ITEMPOS): method get_file_attrs (line 332) | def get_file_attrs(self): method body (line 340) | def body(self, details): method __str__ (line 350) | def __str__(self): method get_items (line 357) | def get_items(self): method get_header (line 366) | def get_header(self): class FOLDER_ENTRY (line 375) | class FOLDER_ENTRY(obj.CType): method get_folders (line 376) | def get_folders(self): method __str__ (line 384) | def __str__(self): method get_header (line 390) | def get_header(self): class _VOLUSER_ASSIST_TYPES (line 397) | class _VOLUSER_ASSIST_TYPES(obj.CType): method get_header (line 398) | def get_header(self): method __str__ (line 413) | def __str__(self): method body (line 426) | def body(self, reg, key, subname, lastwrite): class CONTROL_PANEL (line 448) | class CONTROL_PANEL(FOLDER_ENTRY): method __str__ (line 449) | def __str__(self): class UNKNOWN_00 (line 456) | class UNKNOWN_00(FOLDER_ENTRY): method __str__ (line 457) | def __str__(self): class VOLUME_NAME (line 472) | class VOLUME_NAME(obj.CType): method __str__ (line 473) | def __str__(self): method get_header (line 477) | def get_header(self): class NETWORK_VOLUME_NAME (line 482) | class NETWORK_VOLUME_NAME(obj.CType): method get_flags (line 483) | def get_flags(self): method __str__ (line 491) | def __str__(self): method get_header (line 495) | def get_header(self): class NETWORK_SHARE (line 502) | class NETWORK_SHARE(NETWORK_VOLUME_NAME): method __str__ (line 503) | def __str__(self): class NullString (line 510) | class NullString(basic.String): method __str__ (line 511) | def __str__(self): method v (line 517) | def v(self): class ShellBagsTypesXP (line 617) | class ShellBagsTypesXP(obj.ProfileModification): method modification (line 621) | def modification(self, profile): class ShellBagsTypesVista (line 671) | class ShellBagsTypesVista(obj.ProfileModification): method modification (line 676) | def modification(self, profile): class ShellBagsTypesWin7 (line 727) | class ShellBagsTypesWin7(obj.ProfileModification): method modification (line 732) | def modification(self, profile): class ShellBags (line 751) | class ShellBags(common.AbstractWindowsCommand): method __init__ (line 753) | def __init__(self, config, *args, **kwargs): method rreplace (line 760) | def rreplace(self, s, old, new, occurrence): method parse_key (line 764) | def parse_key(self, regapi, reg, thekey, given_root = None): method calculate (line 816) | def calculate(self): method build_path (line 868) | def build_path(self, reg, key, item): method render_body (line 886) | def render_body(self, outfd, data): method unified_output (line 898) | def unified_output(self, data): method generator (line 911) | def generator(self, data): method render_text (line 933) | def render_text(self, outfd, data): FILE: volatility/plugins/registry/shimcache.py class ShimCacheTypesXPx86 (line 143) | class ShimCacheTypesXPx86(obj.ProfileModification): method modification (line 149) | def modification(self, profile): class ShimCacheTypes2003x86 (line 154) | class ShimCacheTypes2003x86(obj.ProfileModification): method modification (line 160) | def modification(self, profile): class ShimCacheTypesVistax86 (line 164) | class ShimCacheTypesVistax86(obj.ProfileModification): method modification (line 170) | def modification(self, profile): class ShimCacheTypesWin7x86 (line 174) | class ShimCacheTypesWin7x86(obj.ProfileModification): method modification (line 180) | def modification(self, profile): class ShimCacheTypes2003x64 (line 184) | class ShimCacheTypes2003x64(obj.ProfileModification): method modification (line 190) | def modification(self, profile): class ShimCacheTypesVistax64 (line 194) | class ShimCacheTypesVistax64(obj.ProfileModification): method modification (line 200) | def modification(self, profile): class ShimCacheTypesWin7x64 (line 204) | class ShimCacheTypesWin7x64(obj.ProfileModification): method modification (line 210) | def modification(self, profile): class ShimCache (line 215) | class ShimCache(common.AbstractWindowsCommand): method __init__ (line 217) | def __init__(self, config, *args, **kwargs): method is_valid_profile (line 222) | def is_valid_profile(profile): method remove_unprintable (line 226) | def remove_unprintable(item): method get_entries (line 230) | def get_entries(addr_space, regapi): method calculate (line 268) | def calculate(self): method unified_output (line 275) | def unified_output(self, data): method generator (line 282) | def generator(self, data): method render_text (line 289) | def render_text(self, outfd, data): FILE: volatility/plugins/registry/shutdown.py class ShutdownTime (line 39) | class ShutdownTime(common.AbstractWindowsCommand): method __init__ (line 42) | def __init__(self, config, *args, **kwargs): method calculate (line 48) | def calculate(self): method unified_output (line 81) | def unified_output(self, data): method generator (line 89) | def generator(self, data): method render_text (line 99) | def render_text(self, outfd, data): FILE: volatility/plugins/registry/userassist.py class UserAssistVTypes (line 58) | class UserAssistVTypes(obj.ProfileModification): method modification (line 61) | def modification(self, profile): class UserAssistWin7VTypes (line 64) | class UserAssistWin7VTypes(obj.ProfileModification): method modification (line 69) | def modification(self, profile): class UserAssist (line 177) | class UserAssist(common.AbstractWindowsCommand): method __init__ (line 180) | def __init__(self, config, *args, **kwargs): method calculate (line 186) | def calculate(self): method parse_data_dict (line 205) | def parse_data_dict(self, dat_raw): method parse_data (line 228) | def parse_data(self, dat_raw): method unified_output (line 249) | def unified_output(self, data): method generator (line 262) | def generator(self, data): method render_text (line 302) | def render_text(self, outfd, data): FILE: volatility/plugins/sockets.py class Sockets (line 32) | class Sockets(common.AbstractWindowsCommand): method __init__ (line 34) | def __init__(self, config, *args, **kwargs): method is_valid_profile (line 41) | def is_valid_profile(profile): method unified_output (line 47) | def unified_output(self, data): method generator (line 59) | def generator(self, data): method render_text (line 74) | def render_text(self, outfd, data): method calculate (line 96) | def calculate(self): FILE: volatility/plugins/sockscan.py class PoolScanSocket (line 39) | class PoolScanSocket(poolscan.PoolScanner): method __init__ (line 42) | def __init__(self, address_space): class SockScan (line 55) | class SockScan(common.AbstractScanCommand): method is_valid_profile (line 72) | def is_valid_profile(profile): method unified_output (line 78) | def unified_output(self, data): method generator (line 89) | def generator(self, data): method render_text (line 100) | def render_text(self, outfd, data): FILE: volatility/plugins/ssdt.py function find_tables (line 42) | def find_tables(nt_base, start_addr, vm): class SSDT (line 119) | class SSDT(common.AbstractWindowsCommand): method calculate (line 132) | def calculate(self): method unified_output (line 185) | def unified_output(self, data): method generator (line 208) | def generator(self, data): method render_text (line 283) | def render_text(self, outfd, data): FILE: volatility/plugins/strings.py class Strings (line 31) | class Strings(common.AbstractWindowsCommand): method __init__ (line 34) | def __init__(self, config, *args, **kwargs): method get_processes (line 51) | def get_processes(self, addr_space): method get_modules (line 80) | def get_modules(cls, addr_space): method find_module (line 96) | def find_module(cls, mods, mod_addrs, addr_space, vpage): method get_module_name (line 111) | def get_module_name(cls, module): method get_task_pid (line 122) | def get_task_pid(cls, task): method calculate (line 132) | def calculate(self): method parse_line (line 178) | def parse_line(cls, line): method get_reverse_map (line 198) | def get_reverse_map(cls, addr_space, tasks): method unified_output (line 265) | def unified_output(self, data): method generator (line 272) | def generator(self, data): method render_text (line 281) | def render_text(self, outfd, data): FILE: volatility/plugins/taskmods.py class DllList (line 36) | class DllList(common.AbstractWindowsCommand, cache.Testable): method __init__ (line 39) | def __init__(self, config, *args, **kwargs): method unified_output (line 54) | def unified_output(self, data): method generator (line 63) | def generator(self, data): method render_text (line 73) | def render_text(self, outfd, data): method filter_tasks (line 97) | def filter_tasks(self, tasks): method virtual_process_from_physical_offset (line 128) | def virtual_process_from_physical_offset(addr_space, offset): method calculate (line 163) | def calculate(self): class PSList (line 174) | class PSList(DllList): method __init__ (line 176) | def __init__(self, config, *args, **kwargs): method render_text (line 183) | def render_text(self, outfd, data): method render_dot (line 219) | def render_dot(self, outfd, data): method unified_output (line 247) | def unified_output(self, data): method generator (line 262) | def generator(self, data): class MemMap (line 282) | class MemMap(DllList): method unified_output (line 285) | def unified_output(self, data): method generator (line 294) | def generator(self, data): method render_text (line 309) | def render_text(self, outfd, data): method calculate (line 339) | def calculate(self): class MemDump (line 349) | class MemDump(MemMap): method __init__ (line 352) | def __init__(self, config, *args, **kwargs): method render_text (line 358) | def render_text(self, outfd, data): FILE: volatility/plugins/tcaudit.py class TrueCryptPassphrase (line 393) | class TrueCryptPassphrase(common.AbstractWindowsCommand): method __init__ (line 396) | def __init__(self, config, *args, **kwargs): method scan_module (line 403) | def scan_module(addr_space, module_base, min_length): method calculate (line 445) | def calculate(self): method render_text (line 457) | def render_text(self, outfd, data): class TrueCryptSummary (line 466) | class TrueCryptSummary(common.AbstractWindowsCommand): method calculate (line 469) | def calculate(self): method render_text (line 575) | def render_text(self, outfd, data): class TrueCryptMaster (line 583) | class TrueCryptMaster(common.AbstractWindowsCommand): method __init__ (line 595) | def __init__(self, config, *args, **kwargs): method apply_types (line 603) | def apply_types(addr_space, ver): method calculate (line 637) | def calculate(self): method render_text (line 650) | def render_text(self, outfd, data): FILE: volatility/plugins/timeliner.py class Win7LdrDataTableEntry (line 57) | class Win7LdrDataTableEntry(obj.ProfileModification): method modification (line 63) | def modification(self, profile): class Win7SP1CMHIVE (line 77) | class Win7SP1CMHIVE(obj.ProfileModification): method modification (line 84) | def modification(self, profile): class WinXPTrim (line 90) | class WinXPTrim(obj.ProfileModification): method modification (line 96) | def modification(self, profile): class WinAllTime (line 104) | class WinAllTime(obj.ProfileModification): method modification (line 108) | def modification(self, profile): class TimeLiner (line 121) | class TimeLiner(common.AbstractWindowsCommand): method __init__ (line 124) | def __init__(self, config, *args, **kwargs): method unified_output (line 150) | def unified_output(self, data): method generator (line 157) | def generator(self, data): method render_text (line 162) | def render_text(self, outfd, data): method render_body (line 167) | def render_body(self, outfd, data): method getoutput (line 172) | def getoutput(self, header, start, end = None, body = False): method calculate (line 190) | def calculate(self): FILE: volatility/plugins/vadinfo.py class VADInfo (line 89) | class VADInfo(taskmods.DllList): method __init__ (line 92) | def __init__(self, config, *args, **kwargs): method unified_output (line 98) | def unified_output(self, data): method generator (line 121) | def generator(self, data): method render_text (line 200) | def render_text(self, outfd, data): method write_vad_short (line 224) | def write_vad_short(self, outfd, vad): method write_vad_control (line 252) | def write_vad_control(self, outfd, vad): method write_vad_ext (line 274) | def write_vad_ext(self, outfd, vad): class VADTree (line 279) | class VADTree(VADInfo): method render_text (line 282) | def render_text(self, outfd, data): method render_dot (line 303) | def render_dot(self, outfd, data): class VADWalk (line 345) | class VADWalk(VADInfo): method render_text (line 348) | def render_text(self, outfd, data): class VADDump (line 373) | class VADDump(VADInfo): method __init__ (line 376) | def __init__(self, config, *args, **kwargs): method dump_vad (line 389) | def dump_vad(self, path, vad, address_space): method render_text (line 425) | def render_text(self, outfd, data): FILE: volatility/plugins/vboxinfo.py class VBoxInfo (line 25) | class VBoxInfo(crashinfo.CrashInfo): method unified_output (line 30) | def unified_output(self, data): method generator (line 36) | def generator(self, data): method render_text (line 42) | def render_text(self, outfd, data): class QemuInfo (line 56) | class QemuInfo(VBoxInfo): method render_text (line 61) | def render_text(self, outfd, data): FILE: volatility/plugins/verinfo.py class VerInfo (line 33) | class VerInfo(procdump.ProcDump): method __init__ (line 36) | def __init__(self, config, *args, **kwargs): method calculate (line 47) | def calculate(self): method unified_output (line 81) | def unified_output(self, data): method generator (line 92) | def generator(self, data): method render_text (line 118) | def render_text(self, outfd, data): FILE: volatility/plugins/vmwareinfo.py class VMwareInfo (line 24) | class VMwareInfo(crashinfo.CrashInfo): method __init__ (line 29) | def __init__(self, config, *args, **kwargs): method is_valid_profile (line 35) | def is_valid_profile(profile): method render_text (line 38) | def render_text(self, outfd, data): FILE: volatility/plugins/volshell.py class volshell (line 41) | class volshell(common.AbstractWindowsCommand): method __init__ (line 55) | def __init__(self, config, *args, **kwargs): method getpidlist (line 71) | def getpidlist(self): method getmodules (line 74) | def getmodules(self): method context_display (line 77) | def context_display(self): method ps (line 84) | def ps(self, procs = None): method modules (line 92) | def modules(self, modules = None): method set_context (line 102) | def set_context(self, offset = None, pid = None, name = None, physical... method render_text (line 143) | def render_text(self, _outfd, _data): FILE: volatility/plugins/win10cookie.py class Win10Cookie (line 24) | class Win10Cookie(common.AbstractWindowsCommand): method __init__ (line 27) | def __init__(self, config, *args, **kwargs): method register_options (line 31) | def register_options(config): method is_valid_profile (line 36) | def is_valid_profile(profile): method calculate (line 44) | def calculate(self): method render_text (line 49) | def render_text(self, outfd, data): FILE: volatility/poolscan.py class MultiPoolScanner (line 31) | class MultiPoolScanner(object): method __init__ (line 34) | def __init__(self, needles = None): method scan (line 38) | def scan(self, address_space, offset = None, maxlen = None): class MultiScanInterface (line 76) | class MultiScanInterface(object): method __init__ (line 80) | def __init__(self, addr_space, scanners = [], scan_virtual = False, sh... method _check_pool_size (line 111) | def _check_pool_size(self, check, pool_header): method _check_pool_type (line 127) | def _check_pool_type(self, check, pool_header): method _check_pool_index (line 157) | def _check_pool_index(self, check, pool_header): method _run_all_checks (line 174) | def _run_all_checks(self, checks, pool_header): method scan (line 201) | def scan(self): class PoolScanner (line 268) | class PoolScanner(object): method __init__ (line 271) | def __init__(self, address_space): class PoolTagCheck (line 299) | class PoolTagCheck(scan.ScannerCheck): method __init__ (line 301) | def __init__(self, address_space, tag = None, **kwargs): method skip (line 305) | def skip(self, data, offset): method check (line 313) | def check(self, offset): class CheckPoolType (line 317) | class CheckPoolType(scan.ScannerCheck): method __init__ (line 319) | def __init__(self, address_space, paged = False, method check (line 326) | def check(self, offset): class CheckPoolSize (line 334) | class CheckPoolSize(scan.ScannerCheck): method __init__ (line 336) | def __init__(self, address_space, condition = (lambda x: x == 8), **kw... method check (line 340) | def check(self, offset): class SinglePoolScanner (line 350) | class SinglePoolScanner(scan.BaseScanner): method object_offset (line 352) | def object_offset(self, found, address_space): method scan (line 394) | def scan(self, address_space, offset = 0, maxlen = None): FILE: volatility/registry.py class PluginImporter (line 50) | class PluginImporter(object): method __init__ (line 54) | def __init__(self): method walkzip (line 80) | def walkzip(self, path): method run_imports (line 113) | def run_imports(self): function _get_subclasses (line 124) | def _get_subclasses(cls): function get_plugin_classes (line 137) | def get_plugin_classes(cls, showall = False, lower = False): function register_global_options (line 155) | def register_global_options(config, cls): FILE: volatility/renderers/__init__.py class TreePopulationError (line 10) | class TreePopulationError(StandardError): class TreeNode (line 14) | class TreeNode(collections.Sequence): method __init__ (line 16) | def __init__(self, path, treegrid, parent, values): method __repr__ (line 25) | def __repr__(self): method __getitem__ (line 28) | def __getitem__(self, item): method __len__ (line 31) | def __len__(self): method _validate_values (line 34) | def _validate_values(self, values): method values (line 49) | def values(self): method path (line 54) | def path(self): method parent (line 63) | def parent(self): method path_depth (line 68) | def path_depth(self): method path_changed (line 72) | def path_changed(self, path, added = False): class TreeGrid (line 84) | class TreeGrid(object): method __init__ (line 100) | def __init__(self, columns, generator): method _sanitize (line 131) | def _sanitize(self, text): method populate (line 138) | def populate(self, func = None, initial_accumulator = None): method populated (line 158) | def populated(self): method columns (line 163) | def columns(self): method children (line 167) | def children(self, node): method _find_children (line 171) | def _find_children(self, node): method values (line 185) | def values(self, node): method _append (line 194) | def _append(self, parent, values): method _insert (line 205) | def _insert(self, parent, position, values): method is_ancestor (line 218) | def is_ancestor(self, node, descendant): method path_depth (line 222) | def path_depth(self, node): method max_depth (line 226) | def max_depth(self): method path_is_valid (line 230) | def path_is_valid(self, node): method visit (line 234) | def visit(self, node, function, initial_accumulator = None, sort_key =... method _visit (line 263) | def _visit(self, list_of_children, function, accumulator, sort_key = N... class ColumnSortKey (line 273) | class ColumnSortKey(object): method __init__ (line 274) | def __init__(self, treegrid, column_name): method key (line 282) | def key(self, values): FILE: volatility/renderers/basic.py class Bytes (line 5) | class Bytes(bytes): method __new__ (line 7) | def __new__(cls, data): class Address (line 12) | class Address(long): method __new__ (line 14) | def __new__(cls, number): class Address64 (line 18) | class Address64(long): method __new__ (line 21) | def __new__(cls, number): class Hex (line 25) | class Hex(long): method __new__ (line 28) | def __new__(cls, number): class Renderer (line 32) | class Renderer(object): method render (line 33) | def render(self, outfd, grid): FILE: volatility/renderers/dot.py class DotRenderer (line 6) | class DotRenderer(Renderer): method __init__ (line 7) | def __init__(self, renderers_func, config): method description (line 13) | def description(self, node): method _add_node (line 20) | def _add_node(self, node, data): method render (line 28) | def render(self, outfd, grid): FILE: volatility/renderers/html.py class HTMLRenderer (line 11) | class HTMLRenderer(Renderer): method __init__ (line 13) | def __init__(self): method render (line 16) | def render(self, outfd, data): class JSONRenderer (line 40) | class JSONRenderer(Renderer): method render_row (line 41) | def render_row(self, node, accumulator): method render (line 44) | def render(self, outfd, data): FILE: volatility/renderers/sqlite.py class SqliteRenderer (line 24) | class SqliteRenderer(Renderer): method __init__ (line 26) | def __init__(self, plugin_name, config): method _column_type (line 37) | def _column_type(self, col_type): method _sanitize_name (line 43) | def _sanitize_name(self, name): method render (line 46) | def render(self, outfd, grid): FILE: volatility/renderers/text.py class CellRenderer (line 10) | class CellRenderer(object): method render (line 15) | def render(self, value): class FormatCellRenderer (line 20) | class FormatCellRenderer(CellRenderer): method __init__ (line 23) | def __init__(self, format_spec): method render (line 30) | def render(self, value): method width (line 35) | def width(self): method width (line 39) | def width(self, value): method __repr__ (line 42) | def __repr__(self): class TextRenderer (line 46) | class TextRenderer(Renderer): method __init__ (line 49) | def __init__(self, cell_renderers_func, max_width = 200, sort_column =... method partition_width (line 63) | def partition_width(self, widths): method _elide (line 73) | def _elide(self, string, length): method _validate_grid (line 89) | def _validate_grid(self, grid): method render (line 99) | def render(self, outfd, grid): class GrepTextRenderer (line 180) | class GrepTextRenderer(TextRenderer): method render (line 181) | def render(self, outfd, grid): FILE: volatility/renderers/xlsx.py class XLSXRenderer (line 17) | class XLSXRenderer(Renderer): method __init__ (line 18) | def __init__(self, renderers_func, config): method description (line 28) | def description(self): method _add_row (line 34) | def _add_row(self, node, data): method render (line 40) | def render(self, outfd, grid): FILE: volatility/scan.py class BaseScanner (line 45) | class BaseScanner(object): method __init__ (line 48) | def __init__(self, window_size = 8): method check_addr (line 55) | def check_addr(self, found): method scan (line 81) | def scan(self, address_space, offset = 0, maxlen = None): class DiscontigScanner (line 144) | class DiscontigScanner(BaseScanner): method scan (line 145) | def scan(self, address_space, offset = 0, maxlen = None): class ScannerCheck (line 150) | class ScannerCheck(object): method __init__ (line 158) | def __init__(self, address_space, **_kwargs): method object_offset (line 161) | def object_offset(self, offset, address_space): method check (line 164) | def check(self, _offset): FILE: volatility/timefmt.py class OffsetTzInfo (line 33) | class OffsetTzInfo(datetime.tzinfo): method __init__ (line 36) | def __init__(self, offset = None, *args, **kwargs): method set_offset (line 41) | def set_offset(self, offset): method utcoffset (line 45) | def utcoffset(self, dt): method dst (line 51) | def dst(self, _dt): method tzname (line 56) | def tzname(self, _dt): class UTC (line 63) | class UTC(datetime.tzinfo): method utcoffset (line 66) | def utcoffset(self, _dt): method dst (line 70) | def dst(self, _dt): method tzname (line 74) | def tzname(self, _dt): function display_datetime (line 78) | def display_datetime(dt, custom_tz = None): function tz_from_string (line 96) | def tz_from_string(_option, _opt_str, value, parser): FILE: volatility/utils.py function load_as (line 31) | def load_as(config, astype = 'virtual', **kwargs): function Hexdump (line 69) | def Hexdump(data, width = 16): function remove_unprintable (line 78) | def remove_unprintable(str): function inet_ntop (line 84) | def inet_ntop(address_family, packed_ip): function iterfind (line 133) | def iterfind(data, string): FILE: volatility/validity.py class ValidityRoutines (line 8) | class ValidityRoutines(object): method type_check (line 11) | def type_check(self, value, valid_type): method class_check (line 23) | def class_check(self, klass, valid_class): method confirm (line 34) | def confirm(self, assertion, error): FILE: volatility/win32/domcachedump.py function get_nlkm (line 38) | def get_nlkm(addr_space, secaddr, lsakey): function decrypt_hash (line 41) | def decrypt_hash(edata, nlkm, ch, xp = True): function parse_cache_entry (line 59) | def parse_cache_entry(cache_data): function parse_decrypted_cache (line 66) | def parse_decrypted_cache(dec_data, uname_len, function dump_hashes (line 84) | def dump_hashes(addr_space, sysaddr, secaddr): function dump_memory_hashes (line 132) | def dump_memory_hashes(addr_space, config, syshive, sechive): FILE: volatility/win32/hashdump.py function str_to_key (line 69) | def str_to_key(s): function sid_to_key (line 84) | def sid_to_key(sid): function hash_lm (line 98) | def hash_lm(pw): function hash_nt (line 105) | def hash_nt(pw): function find_control_set (line 108) | def find_control_set(sysaddr): function get_bootkey (line 123) | def get_bootkey(sysaddr): function get_hbootkey (line 151) | def get_hbootkey(samaddr, bootkey): function get_user_keys (line 181) | def get_user_keys(samaddr): function decrypt_single_hash (line 194) | def decrypt_single_hash(rid, hbootkey, enc_hash, lmntstr): function decrypt_hashes (line 208) | def decrypt_hashes(rid, enc_lm_hash, enc_nt_hash, hbootkey): function encrypt_single_hash (line 223) | def encrypt_single_hash(rid, hbootkey, hash, lmntstr): function encrypt_hashes (line 238) | def encrypt_hashes(rid, lm_hash, nt_hash, hbootkey): function get_user_hashes (line 253) | def get_user_hashes(user_key, hbootkey): function get_user_name (line 280) | def get_user_name(user_key): function get_user_desc (line 298) | def get_user_desc(user_key): function dump_hashes (line 313) | def dump_hashes(sysaddr, samaddr): function dump_memory_hashes (line 344) | def dump_memory_hashes(addr_space, config, syshive, samhive): function dump_file_hashes (line 351) | def dump_file_hashes(syshive_fname, samhive_fname): FILE: volatility/win32/hive.py class HiveAddressSpace (line 48) | class HiveAddressSpace(addrspace.BaseAddressSpace): method __init__ (line 49) | def __init__(self, base, config, hive_addr, **kwargs): method __getstate__ (line 73) | def __getstate__(self): method vtop (line 79) | def vtop(self, vaddr): method read (line 94) | def read(self, vaddr, length, zero = False): method zread (line 153) | def zread(self, addr, length): method read_long_phys (line 156) | def read_long_phys(self, addr): method is_valid_address (line 161) | def is_valid_address(self, addr): method save (line 169) | def save(self, outf, summary = sys.stdout): method stats (line 193) | def stats(self, stable = True): class HiveFileAddressSpace (line 227) | class HiveFileAddressSpace(addrspace.BaseAddressSpace): method __init__ (line 228) | def __init__(self, base, config): method vtop (line 232) | def vtop(self, vaddr): method read (line 235) | def read(self, vaddr, length, zero = False): method zread (line 287) | def zread(self, addr, length): method read_long_phys (line 290) | def read_long_phys(self, addr): method is_valid_address (line 295) | def is_valid_address(self, vaddr): FILE: volatility/win32/lsasecrets.py function decrypt_aes (line 37) | def decrypt_aes(secret, key): function get_lsa_key (line 57) | def get_lsa_key(addr_space, secaddr, bootkey): function decrypt_secret (line 95) | def decrypt_secret(secret, key): function get_secret_by_name (line 118) | def get_secret_by_name(addr_space, secaddr, name, lsakey): function get_secrets (line 142) | def get_secrets(addr_space, sysaddr, secaddr): function get_memory_secrets (line 179) | def get_memory_secrets(addr_space, config, syshive, sechive): FILE: volatility/win32/modules.py function lsmod (line 30) | def lsmod(addr_space): FILE: volatility/win32/network.py function determine_connections (line 139) | def determine_connections(addr_space): function determine_sockets (line 181) | def determine_sockets(addr_space): FILE: volatility/win32/rawreg.py function get_root (line 71) | def get_root(address_space, stable = True): function open_key (line 77) | def open_key(root, key): function read_sklist (line 91) | def read_sklist(sk): function subkeys (line 118) | def subkeys(key): function values (line 133) | def values(key): function key_flags (line 137) | def key_flags(key): function value_data (line 144) | def value_data(val): function walk (line 196) | def walk(root): FILE: volatility/win32/tasks.py function get_kdbg (line 33) | def get_kdbg(addr_space): function pslist (line 85) | def pslist(addr_space): function find_space (line 91) | def find_space(addr_space, procs, mod_base): function find_module (line 102) | def find_module(modlist, mod_addrs, addr): FILE: volatility/win32/xpress.py function recombine (line 37) | def recombine(outbuf): function xpress_decode (line 40) | def xpress_decode(inputBuffer):