object class for console information structs More...
Public Member Functions | |
def | get_histories (self) |
def | get_exe_aliases (self) |
Generator for exe aliases. More... | |
def | get_processes (self) |
Generator for processes attached to the console. More... | |
def | get_screens (self) |
Generator for screens in the console. More... | |
Public Member Functions inherited from volatility.obj.CType | |
def | __init__ (self, theType, offset, vm, name=None, members=None, struct_size=0, kwargs) |
This must be instantiated with a dict of members. More... | |
def | size (self) |
def | __repr__ (self) |
def | d (self) |
def | v (self) |
When a struct is evaluated we just return our offset. | |
def | m (self, attr) |
def | __getattr__ (self, attr) |
def | __setattr__ (self, attr, value) |
Change underlying members. | |
Public Member Functions inherited from volatility.obj.BaseObject | |
def | __init__ (self, theType, offset, vm, native_vm=None, parent=None, name=None, kwargs) |
def | obj_type (self) |
def | obj_vm (self) |
def | obj_offset (self) |
def | obj_parent (self) |
def | obj_name (self) |
def | obj_native_vm (self) |
def | set_native_vm (self, native_vm) |
Sets the native_vm. | |
def | rebase (self, offset) |
def | proxied (self, attr) |
def | newattr (self, attr, value) |
Sets a new attribute after the object has been created. | |
def | write (self, value) |
Function for writing the object back to disk. | |
def | __getattr__ (self, attr) |
This is only useful for proper methods (not ones that start with __ ) | |
def | __setattr__ (self, attr, value) |
def | __nonzero__ (self) |
This method is called when we test the truth value of an Object. More... | |
def | __eq__ (self, other) |
def | __ne__ (self, other) |
def | __hash__ (self) |
def | m (self, memname) |
def | is_valid (self) |
def | dereference (self) |
def | dereference_as (self, derefType, kwargs) |
def | cast (self, castString) |
def | v (self) |
Do the actual reading and decoding of this member. | |
def | __format__ (self, formatspec) |
def | __str__ (self) |
def | __repr__ (self) |
def | d (self) |
Display diagnostic information. | |
def | __getstate__ (self) |
This controls how we pickle and unpickle the objects. | |
def | __setstate__ (self, state) |
Additional Inherited Members | |
Public Attributes inherited from volatility.obj.CType | |
members | |
struct_size | |
Public Attributes inherited from volatility.obj.BaseObject | |
obj_offset | |
obj_vm | |
object class for console information structs
def volatility.plugins.malware.cmdhistory._CONSOLE_INFORMATION.get_exe_aliases | ( | self | ) |
Generator for exe aliases.
There is one _EXE_ALIAS_LIST for each executable (i.e. C:.exe) with registered aliases. The _EXE_ALIAS_LIST.AliasList contains one _ALIAS structure for each specific mapping.
See GetConsoleAliasExes, GetConsoleAliases, and AddConsoleAlias.
def volatility.plugins.malware.cmdhistory._CONSOLE_INFORMATION.get_processes | ( | self | ) |
Generator for processes attached to the console.
Multiple processes can be attached to the same console (usually as a result of inheritance from a parent process or by duplicating another process's console handle). Internally, they are tracked as _CONSOLE_PROCESS structures in this linked list.
See GetConsoleProcessList and AttachConsole.
def volatility.plugins.malware.cmdhistory._CONSOLE_INFORMATION.get_screens | ( | self | ) |
Generator for screens in the console.
A console can have multiple screen buffers at a time, but only the current/active one is displayed.
Multiple screens are tracked using the singly-linked list _SCREEN_INFORMATION.Next.
See CreateConsoleScreenBuffer