 |
The Volatility Framework
|
|
|
The Volatility Framework
|
|
Dumps out the vad sections to a file. More...
Public Member Functions | |
| def | __init__ (self, config, args, kwargs) |
| def | dump_vad (self, path, vad, address_space) |
| Dump an MMVAD to a file. More... | |
| def | render_text (self, outfd, data) |
 Public Member Functions inherited from volatility.plugins.vadinfo.VADInfo | |
| def | __init__ (self, config, args, kwargs) |
| def | unified_output (self, data) |
| def | generator (self, data) |
| def | render_text (self, outfd, data) |
| def | write_vad_short (self, outfd, vad) |
| Renders a text version of a Short Vad. | |
| def | write_vad_control (self, outfd, vad) |
| Renders a text version of a (non-short) Vad's control information. | |
| def | write_vad_ext (self, outfd, vad) |
| Renders a text version of a Long Vad. | |
| Public Member Functions inherited from volatility.plugins.taskmods.DllList | |
| def | __init__ (self, config, args, kwargs) |
| def | unified_output (self, data) |
| def | generator (self, data) |
| def | render_text (self, outfd, data) |
| def | filter_tasks (self, tasks) |
| Reduce the tasks based on the user selectable PIDS parameter. More... | |
| def | calculate (self) |
| Produces a list of processes, or just a single process based on an OFFSET. | |
| Public Member Functions inherited from volatility.commands.Command | |
| def | __init__ (self, config, _args, _kwargs) |
| Constructor uses args as an initializer. More... | |
| def | help (cls) |
| This function returns a string that will be displayed when a user lists available plugins. | |
| def | calculate (self) |
| This function is responsible for performing all calculations. More... | |
| def | execute (self) |
| Executes the plugin command. More... | |
| def | format_value (self, value, fmt) |
| Formats an individual field using the table formatting codes. | |
| def | table_header |
| Table header renders the title row of a table. More... | |
| def | table_row (self, outfd, args) |
| Outputs a single row of a table. | |
| def | text_cell_renderers (self, columns) |
| Returns default renderers for the columns listed. | |
| def | unified_output (self, data) |
| def | render_text (self, outfd, data) |
| def | render_greptext (self, outfd, data) |
| def | render_json (self, outfd, data) |
| def | render_sqlite (self, outfd, data) |
| def | render_dot (self, outfd, data) |
| def | render_html (self, outfd, data) |
| def | render_xlsx (self, outfd, data) |
| Public Member Functions inherited from volatility.cache.Testable | |
| def | calculate (self) |
| Empty function used to allow mixin. | |
| def | test (self) |
| This forces the test to be memoised with a key name derived from the class name. | |
Additional Inherited Members | |
| Static Public Member Functions inherited from volatility.plugins.taskmods.DllList | |
| def | virtual_process_from_physical_offset (addr_space, offset) |
| Returns a virtual process from a physical offset in memory. | |
| Static Public Member Functions inherited from volatility.plugins.common.AbstractWindowsCommand | |
| def | is_valid_profile (profile) |
| Static Public Member Functions inherited from volatility.commands.Command | |
| def | register_options (config) |
| Registers options into a config object provided. | |
| def | is_valid_profile (profile) |
| Static Public Attributes inherited from volatility.commands.Command | |
| string | op = "" |
| string | opts = "" |
| string | args = "" |
| string | cmdname = "" |
| dictionary | meta_info = {} |
| elide_data = True | |
| string | tablesep = " " |
| text_sort_column = None | |
| dictionary | text_stock_renderers |
Dumps out the vad sections to a file.
| def volatility.plugins.vadinfo.VADDump.dump_vad | ( | self, | |
| path, | |||
| vad, | |||
| address_space | |||
| ) |
Dump an MMVAD to a file.
| path | full path to output file |
| vad | an MMVAD object |
| address_space | process AS for the vad |
The purpose of this function is to read medium sized vad chunks and write them immediately to a file, rather than building a large buffer in memory and then flushing it at once. This prevents our own analysis process from consuming massive amounts of memory for large vads.
1.8.9.1