Base thread check class.
More...
|
def | __init__ (self, thread, mods, mod_addrs, hooked_tables, found_by_scanner) |
|
def | check (self) |
| Return True or False from this method.
|
|
|
| thread |
|
| mods |
|
| mod_addrs |
|
| hooked_tables |
|
| found_by_scanner |
|
| flags |
|
def volatility.plugins.malware.threads.AbstractThreadCheck.__init__ |
( |
|
self, |
|
|
|
thread, |
|
|
|
mods, |
|
|
|
mod_addrs, |
|
|
|
hooked_tables, |
|
|
|
found_by_scanner |
|
) |
| |
- Parameters
-
thread | the _ETHREAD object |
mods | a dictionary with module bases as keys and _LDR_DATA_TABLE_ENTRY as values. |
mod_addrs | a sorted list of module base addresses |
hooked_tables | a list of SSDTs that have one or more hooked functions. |
found_by_scanner | True/False if the _ETHREAD passed as the thread parameter was found via list walking or pool scanning. |
The documentation for this class was generated from the following file:
- volatility/plugins/malware/threads.py