A scanner over all memory regions of a process. More...
Public Member Functions | |
def | __init__ (self, task=None, kwargs) |
Scan the process address space through the Vads. More... | |
def | scan |
Public Member Functions inherited from volatility.plugins.malware.malfind.BaseYaraScanner | |
def | __init__ |
def | scan (self, offset, maxlen) |
Public Attributes | |
task | |
Public Attributes inherited from volatility.plugins.malware.malfind.BaseYaraScanner | |
rules | |
address_space | |
Additional Inherited Members | |
Static Public Attributes inherited from volatility.plugins.malware.malfind.BaseYaraScanner | |
int | overlap = 1024 |
A scanner over all memory regions of a process.
def volatility.plugins.malware.malfind.VadYaraScanner.__init__ | ( | self, | |
task = None , |
|||
kwargs | |||
) |
Scan the process address space through the Vads.
Args: task: The _EPROCESS object for this task.