The Volatility Framework
Public Member Functions | List of all members
volatility.plugins.overlays.windows.kpcr_vtypes._KPCROnx86 Class Reference

KPCR for 32bit windows. More...

Inheritance diagram for volatility.plugins.overlays.windows.kpcr_vtypes._KPCROnx86:
volatility.obj.CType volatility.obj.BaseObject volatility.plugins.overlays.windows.kpcr_vtypes._KPCROnx64

Public Member Functions

def idt_entries (self)
 
def gdt_entries (self)
 
def get_kdbg (self)
 Find this CPUs KDBG. More...
 
def ProcessorBlock (self)
 
- Public Member Functions inherited from volatility.obj.CType
def __init__ (self, theType, offset, vm, name=None, members=None, struct_size=0, kwargs)
 This must be instantiated with a dict of members. More...
 
def size (self)
 
def __repr__ (self)
 
def d (self)
 
def v (self)
 When a struct is evaluated we just return our offset.
 
def m (self, attr)
 
def __getattr__ (self, attr)
 
def __setattr__ (self, attr, value)
 Change underlying members.
 
- Public Member Functions inherited from volatility.obj.BaseObject
def __init__ (self, theType, offset, vm, native_vm=None, parent=None, name=None, kwargs)
 
def obj_type (self)
 
def obj_vm (self)
 
def obj_offset (self)
 
def obj_parent (self)
 
def obj_name (self)
 
def obj_native_vm (self)
 
def set_native_vm (self, native_vm)
 Sets the native_vm.
 
def rebase (self, offset)
 
def proxied (self, attr)
 
def newattr (self, attr, value)
 Sets a new attribute after the object has been created.
 
def write (self, value)
 Function for writing the object back to disk.
 
def __getattr__ (self, attr)
 This is only useful for proper methods (not ones that start with __ )
 
def __setattr__ (self, attr, value)
 
def __nonzero__ (self)
 This method is called when we test the truth value of an Object. More...
 
def __eq__ (self, other)
 
def __ne__ (self, other)
 
def __hash__ (self)
 
def m (self, memname)
 
def is_valid (self)
 
def dereference (self)
 
def dereference_as (self, derefType, kwargs)
 
def cast (self, castString)
 
def v (self)
 Do the actual reading and decoding of this member.
 
def __format__ (self, formatspec)
 
def __str__ (self)
 
def __repr__ (self)
 
def d (self)
 Display diagnostic information.
 
def __getstate__ (self)
 This controls how we pickle and unpickle the objects.
 
def __setstate__ (self, state)
 

Additional Inherited Members

- Public Attributes inherited from volatility.obj.CType
 members
 
 struct_size
 
- Public Attributes inherited from volatility.obj.BaseObject
 obj_offset
 
 obj_vm
 

Detailed Description

KPCR for 32bit windows.

Member Function Documentation

def volatility.plugins.overlays.windows.kpcr_vtypes._KPCROnx86.get_kdbg (   self)

Find this CPUs KDBG.

Please note the KdVersionBlock pointer is NULL on all KPCR structures except the one for the first CPU. In some cases on x64, even the first CPU has a NULL KdVersionBlock, so this is really a hit-or-miss.

The documentation for this class was generated from the following file: