 |
The Volatility Framework
|
|
|
The Volatility Framework
|
|
A class for thread information objects. More...
Public Member Functions | |
| def | get_params (self) |
| Parameters for the _hooks() function. | |
 Public Member Functions inherited from volatility.plugins.gui.win32k_core.tagDESKTOP | |
| def | is_valid (self) |
| def | WindowStation (self) |
| Returns this desktop's parent window station. | |
| def | DeskInfo (self) |
| Returns the desktop info object. | |
| def | threads (self) |
| Generator for _EPROCESS objects attached to this desktop. | |
| def | hook_params (self) |
| Parameters for the hooks() method. More... | |
| def | hooks (self) |
| Generator for tagHOOK info. More... | |
| def | windows |
| Traverses windows in their Z order, bottom to top. More... | |
| def | heaps (self) |
| Generator for the desktop heaps. | |
| def | traverse (self) |
| Generator for next desktops in the list. | |
| Public Member Functions inherited from volatility.plugins.gui.win32k_core.tagWINDOWSTATION | |
| def | is_valid (self) |
| def | PhysicalAddress (self) |
| This is a simple wrapper to always return the object's physical offset regardless of what AS its instantiated in. | |
| def | LastRegisteredViewer (self) |
| The EPROCESS of the last registered clipboard viewer. | |
| def | AtomTable (self) |
| This atom table belonging to this window station object. | |
| def | Interactive (self) |
| Check if a window station is interactive. | |
| def | Name (self) |
| Get the window station name. More... | |
| def | traverse (self) |
| A generator that yields window station objects. | |
| def | desktops (self) |
| A generator that yields the window station's desktops. | |
| Public Member Functions inherited from volatility.obj.CType | |
| def | __init__ (self, theType, offset, vm, name=None, members=None, struct_size=0, kwargs) |
| This must be instantiated with a dict of members. More... | |
| def | size (self) |
| def | __repr__ (self) |
| def | d (self) |
| def | v (self) |
| When a struct is evaluated we just return our offset. | |
| def | m (self, attr) |
| def | __getattr__ (self, attr) |
| def | __setattr__ (self, attr, value) |
| Change underlying members. | |
| Public Member Functions inherited from volatility.obj.BaseObject | |
| def | __init__ (self, theType, offset, vm, native_vm=None, parent=None, name=None, kwargs) |
| def | obj_type (self) |
| def | obj_vm (self) |
| def | obj_offset (self) |
| def | obj_parent (self) |
| def | obj_name (self) |
| def | obj_native_vm (self) |
| def | set_native_vm (self, native_vm) |
| Sets the native_vm. | |
| def | rebase (self, offset) |
| def | proxied (self, attr) |
| def | newattr (self, attr, value) |
| Sets a new attribute after the object has been created. | |
| def | write (self, value) |
| Function for writing the object back to disk. | |
| def | __getattr__ (self, attr) |
| This is only useful for proper methods (not ones that start with __ ) | |
| def | __setattr__ (self, attr, value) |
| def | __nonzero__ (self) |
| This method is called when we test the truth value of an Object. More... | |
| def | __eq__ (self, other) |
| def | __ne__ (self, other) |
| def | __hash__ (self) |
| def | m (self, memname) |
| def | is_valid (self) |
| def | dereference (self) |
| def | dereference_as (self, derefType, kwargs) |
| def | cast (self, castString) |
| def | v (self) |
| Do the actual reading and decoding of this member. | |
| def | __format__ (self, formatspec) |
| def | __str__ (self) |
| def | __repr__ (self) |
| def | d (self) |
| Display diagnostic information. | |
| def | __getstate__ (self) |
| This controls how we pickle and unpickle the objects. | |
| def | __setstate__ (self, state) |
Additional Inherited Members | |
| Public Attributes inherited from volatility.obj.CType | |
| members | |
| struct_size | |
| Public Attributes inherited from volatility.obj.BaseObject | |
| obj_offset | |
| obj_vm | |
A class for thread information objects.
1.8.9.1