Plugin to gather info for a task/process.
More...
|
|
def | __init__ (self, config, args, kwargs) |
| |
| def | read_addr_range |
| | Read an address range with the task address space as default. More...
|
| |
|
def | calculate (self) |
| |
| def | read_null_list |
| | Read a number of pages and split it on 0-bytes, with the task address space as default. More...
|
| |
| def | read_int_list |
| | Read a number of pages and split it into integers, with the task addres space as default. More...
|
| |
| def | analyze (self, task) |
| | Analyze a task_struct. More...
|
| |
| def | get_map (self, task, address) |
| | Get the vm_area to which an address points. More...
|
| |
|
def | render_text (self, outfd, data) |
| |
| def | render_stack_frames (self, stack_frames) |
| | Render stackframes (old code) More...
|
| |
| def | render_registers (self, reg) |
| | Render a registers named tuple. More...
|
| |
| def | render_list (self, l) |
| | Render an address list. More...
|
| |
| def | render_annotated_list (self, ann_list) |
| | Render a list including annotations. More...
|
| |
|
|
| get_threads |
| |
|
| task |
| |
|
| proc_as |
| |
|
| outfd |
| |
Plugin to gather info for a task/process.
Extends pslist.
| def volatility.plugins.linux.process_info.linux_process_info.analyze |
( |
|
self, |
|
|
|
task |
|
) |
| |
Analyze a task_struct.
- Parameters
-
- Returns
- : a process_info object
| def volatility.plugins.linux.process_info.linux_process_info.get_map |
( |
|
self, |
|
|
|
task, |
|
|
|
address |
|
) |
| |
Get the vm_area to which an address points.
- Parameters
-
| task | the task_struct |
| address | an address |
- Returns
- : a vm_area_struct corresponding to the address
| def volatility.plugins.linux.process_info.linux_process_info.read_addr_range |
( |
|
self, |
|
|
|
start, |
|
|
|
end, |
|
|
|
addr_space = None |
|
) |
| |
Read an address range with the task address space as default.
- Parameters
-
| start | Start address |
| end | End address |
| addr_space | The address space to read. |
- Returns
- : a list of pages
| def volatility.plugins.linux.process_info.linux_process_info.read_int_list |
( |
|
self, |
|
|
|
start, |
|
|
|
end, |
|
|
|
addr_space = None |
|
) |
| |
Read a number of pages and split it into integers, with the task addres space as default.
- Parameters
-
| start | Start address |
| end | End address |
| addr_space | The virtual address space |
- Returns
- : a list of integers.
| def volatility.plugins.linux.process_info.linux_process_info.read_null_list |
( |
|
self, |
|
|
|
start, |
|
|
|
end, |
|
|
|
addr_space = None |
|
) |
| |
Read a number of pages and split it on 0-bytes, with the task address space as default.
- Parameters
-
| start | Start address |
| end | End address |
| addr_space | The virtual address space |
- Returns
- : a list of strings
| def volatility.plugins.linux.process_info.linux_process_info.render_annotated_list |
( |
|
self, |
|
|
|
ann_list |
|
) |
| |
Render a list including annotations.
- Parameters
-
- Returns
- : None
| def volatility.plugins.linux.process_info.linux_process_info.render_list |
( |
|
self, |
|
|
|
l |
|
) |
| |
Render an address list.
- Parameters
-
- Returns
- : None
| def volatility.plugins.linux.process_info.linux_process_info.render_registers |
( |
|
self, |
|
|
|
reg |
|
) |
| |
Render a registers named tuple.
- Parameters
-
- Returns
- : None
| def volatility.plugins.linux.process_info.linux_process_info.render_stack_frames |
( |
|
self, |
|
|
|
stack_frames |
|
) |
| |
Render stackframes (old code)
- Parameters
-
| stack_frames | a list of stackframes |
- Returns
- : None
The documentation for this class was generated from the following file:
- volatility/plugins/linux/process_info.py
1.8.9.1