|
|
def | __init__ (self, base, config, kwargs) |
| |
|
def | build_page_cache (self) |
| |
|
def | next_xpress (self, XpressHeader, XpressBlockSize) |
| |
|
def | get_xpress_block_size (self, xpress_header) |
| |
|
def | get_header (self) |
| |
|
def | get_base (self) |
| |
|
def | is_paging (self) |
| |
|
def | is_pse (self) |
| |
|
def | is_pae (self) |
| |
|
def | get_addr (self, addr) |
| |
|
def | get_block_offset (self, _xb, addr) |
| |
|
def | is_valid_address (self, addr) |
| |
|
def | read_xpress (self, baddr, BlockSize) |
| |
|
def | read |
| |
|
def | zread (self, addr, length) |
| |
|
def | read_long (self, addr) |
| |
|
def | get_available_pages (self) |
| |
|
def | get_address_range (self) |
| | This relates to the logical address range that is indexable.
|
| |
|
def | check_address_range (self, addr) |
| |
|
def | get_available_addresses (self) |
| | This returns the ranges of valid addresses.
|
| |
|
def | close (self) |
| |
|
def | __init__ (self, base, config, _args, _kwargs) |
| | base is the AS we will be stacking on top of, opts are options which we may use.
|
| |
|
def | get_config (self) |
| | Returns the config object used by the vm for use in other vms.
|
| |
|
def | is_valid_profile (self, profile) |
| | Determines whether a selected profile is compatible with this address space.
|
| |
| def | as_assert |
| | Duplicate for the assert command (so that optimizations don't disable them) More...
|
| |
|
def | __eq__ (self, other) |
| |
|
def | __ne__ (self, other) |
| |
|
def | read (self, addr, length) |
| | Read some data from a certain offset.
|
| |
|
def | zread (self, addr, length) |
| | Read data from a certain offset padded with where data is not available.
|
| |
| def | get_available_addresses (self) |
| | Return a generator of address ranges as (offset, size) covered by this AS sorted by offset. More...
|
| |
|
def | is_valid_address (self, _addr) |
| | Tell us if the address is valid.
|
| |
|
def | write (self, _addr, _buf) |
| |
|
def | __getstate__ (self) |
| | Serialise this address space efficiently.
|
| |
|
def | __setstate__ (self, state) |
| |
|
def | address_mask (cls, addr) |
| | Masks an address value for this address space.
|
| |
|
def | address_compare (cls, a, b) |
| | Compares two addresses, a and b, and return -1 if a is less than b, 0 if they're equal and 1 if a is greater than b.
|
| |
|
def | address_equality (cls, a, b) |
| | Compare two addresses and returns True if they're the same, or False if they're not.
|
| |
| def | physical_space (self) |
| | Return the underlying physical layer, if there is one. More...
|
| |
This is a hibernate address space for windows hibernation files.
In order for us to work we need to: 1) have a valid baseAddressSpace 2) the first 4 bytes must be 'hibr' or 'wake' otherwise we bruteforce to find self.header.FirstTablePage in _get_first_table_page() this occurs with a zeroed PO_MEMORY_IMAGE header
Public Member Functions inherited from volatility.addrspace.BaseAddressSpace
1.8.9.1