 |
The Volatility Framework
|
|
|
The Volatility Framework
|
|
Detect inconsistencies wrt exit times and termination. More...
Public Member Functions | |
| def | check (self) |
| This check is True when a thread's ExitTime is non-zero (indicating it has exited) but the state and flags indicate that it is still active. More... | |
 Public Member Functions inherited from volatility.plugins.malware.threads.AbstractThreadCheck | |
| def | __init__ (self, thread, mods, mod_addrs, hooked_tables, found_by_scanner) |
| def | check (self) |
| Return True or False from this method. | |
Additional Inherited Members | |
| Public Attributes inherited from volatility.plugins.malware.threads.AbstractThreadCheck | |
| thread | |
| mods | |
| mod_addrs | |
| hooked_tables | |
| found_by_scanner | |
| flags | |
Detect inconsistencies wrt exit times and termination.
| def volatility.plugins.malware.threads.DkomExit.check | ( | self | ) |
This check is True when a thread's ExitTime is non-zero (indicating it has exited) but the state and flags indicate that it is still active.
1.8.9.1