 |
The Volatility Framework
|
|
|
The Volatility Framework
|
|
A class for _HANDLE_TABLE. More...
Public Member Functions | |
| def | get_item |
| Returns the OBJECT_HEADER of the associated handle. More... | |
| def | handles (self) |
| A generator which yields this process's handles. More... | |
 Public Member Functions inherited from volatility.obj.CType | |
| def | __init__ (self, theType, offset, vm, name=None, members=None, struct_size=0, kwargs) |
| This must be instantiated with a dict of members. More... | |
| def | size (self) |
| def | __repr__ (self) |
| def | d (self) |
| def | v (self) |
| When a struct is evaluated we just return our offset. | |
| def | m (self, attr) |
| def | __getattr__ (self, attr) |
| def | __setattr__ (self, attr, value) |
| Change underlying members. | |
| Public Member Functions inherited from volatility.obj.BaseObject | |
| def | __init__ (self, theType, offset, vm, native_vm=None, parent=None, name=None, kwargs) |
| def | obj_type (self) |
| def | obj_vm (self) |
| def | obj_offset (self) |
| def | obj_parent (self) |
| def | obj_name (self) |
| def | obj_native_vm (self) |
| def | set_native_vm (self, native_vm) |
| Sets the native_vm. | |
| def | rebase (self, offset) |
| def | proxied (self, attr) |
| def | newattr (self, attr, value) |
| Sets a new attribute after the object has been created. | |
| def | write (self, value) |
| Function for writing the object back to disk. | |
| def | __getattr__ (self, attr) |
| This is only useful for proper methods (not ones that start with __ ) | |
| def | __setattr__ (self, attr, value) |
| def | __nonzero__ (self) |
| This method is called when we test the truth value of an Object. More... | |
| def | __eq__ (self, other) |
| def | __ne__ (self, other) |
| def | __hash__ (self) |
| def | m (self, memname) |
| def | is_valid (self) |
| def | dereference (self) |
| def | dereference_as (self, derefType, kwargs) |
| def | cast (self, castString) |
| def | v (self) |
| Do the actual reading and decoding of this member. | |
| def | __format__ (self, formatspec) |
| def | __str__ (self) |
| def | __repr__ (self) |
| def | d (self) |
| Display diagnostic information. | |
| def | __getstate__ (self) |
| This controls how we pickle and unpickle the objects. | |
| def | __setstate__ (self, state) |
Additional Inherited Members | |
| Public Attributes inherited from volatility.obj.CType | |
| members | |
| struct_size | |
| Public Attributes inherited from volatility.obj.BaseObject | |
| obj_offset | |
| obj_vm | |
A class for _HANDLE_TABLE.
This used to be a member of _EPROCESS but it was isolated per issue 91 so that it could be subclassed and used to service other handle tables, such as the _KDDEBUGGER_DATA64.PspCidTable.
| def volatility.plugins.overlays.windows.windows._HANDLE_TABLE.get_item | ( | self, | |
| entry, | |||
handle_value = 0 |
|||
| ) |
Returns the OBJECT_HEADER of the associated handle.
The parent is the _HANDLE_TABLE_ENTRY so that an object can be linked to its GrantedAccess.
| def volatility.plugins.overlays.windows.windows._HANDLE_TABLE.handles | ( | self | ) |
A generator which yields this process's handles.
_HANDLE_TABLE tables are multi-level tables at the first level they are pointers to second level table, which might be pointers to third level tables etc, until the final table contains the real _OBJECT_HEADER table.
This generator iterates over all the handles recursively yielding all handles. We take care of recursing into the nested tables automatically.
1.8.9.1