A class for KDBG. More...
Public Member Functions | |
def | is_valid (self) |
Returns true if the kdbg_object appears valid. | |
def | ServicePack (self) |
Get the service pack number. More... | |
def | processes (self) |
Enumerate processes. | |
def | modules (self) |
Enumerate modules. | |
def | dbgkd_version64 (self) |
Scan backwards from the base of KDBG to find the _DBGKD_GET_VERSION64. More... | |
def | kpcrs (self) |
Generator for KPCRs referenced by this KDBG. More... | |
Public Member Functions inherited from volatility.obj.CType | |
def | __init__ (self, theType, offset, vm, name=None, members=None, struct_size=0, kwargs) |
This must be instantiated with a dict of members. More... | |
def | size (self) |
def | __repr__ (self) |
def | d (self) |
def | v (self) |
When a struct is evaluated we just return our offset. | |
def | m (self, attr) |
def | __getattr__ (self, attr) |
def | __setattr__ (self, attr, value) |
Change underlying members. | |
Public Member Functions inherited from volatility.obj.BaseObject | |
def | __init__ (self, theType, offset, vm, native_vm=None, parent=None, name=None, kwargs) |
def | obj_type (self) |
def | obj_vm (self) |
def | obj_offset (self) |
def | obj_parent (self) |
def | obj_name (self) |
def | obj_native_vm (self) |
def | set_native_vm (self, native_vm) |
Sets the native_vm. | |
def | rebase (self, offset) |
def | proxied (self, attr) |
def | newattr (self, attr, value) |
Sets a new attribute after the object has been created. | |
def | write (self, value) |
Function for writing the object back to disk. | |
def | __getattr__ (self, attr) |
This is only useful for proper methods (not ones that start with __ ) | |
def | __setattr__ (self, attr, value) |
def | __nonzero__ (self) |
This method is called when we test the truth value of an Object. More... | |
def | __eq__ (self, other) |
def | __ne__ (self, other) |
def | __hash__ (self) |
def | m (self, memname) |
def | is_valid (self) |
def | dereference (self) |
def | dereference_as (self, derefType, kwargs) |
def | cast (self, castString) |
def | v (self) |
Do the actual reading and decoding of this member. | |
def | __format__ (self, formatspec) |
def | __str__ (self) |
def | __repr__ (self) |
def | d (self) |
Display diagnostic information. | |
def | __getstate__ (self) |
This controls how we pickle and unpickle the objects. | |
def | __setstate__ (self, state) |
Additional Inherited Members | |
Public Attributes inherited from volatility.obj.CType | |
members | |
struct_size | |
Public Attributes inherited from volatility.obj.BaseObject | |
obj_offset | |
obj_vm | |
A class for KDBG.
def volatility.plugins.overlays.windows.kdbg_vtypes._KDDEBUGGER_DATA64.dbgkd_version64 | ( | self | ) |
Scan backwards from the base of KDBG to find the _DBGKD_GET_VERSION64.
We have a winner when kernel base addresses and process list head match.
def volatility.plugins.overlays.windows.kdbg_vtypes._KDDEBUGGER_DATA64.kpcrs | ( | self | ) |
Generator for KPCRs referenced by this KDBG.
These are returned in the order in which the processors were registered.
def volatility.plugins.overlays.windows.kdbg_vtypes._KDDEBUGGER_DATA64.ServicePack | ( | self | ) |
Get the service pack number.
This is something like 0x100 for SP1, 0x200 for SP2 etc.