This modification applies the vtypes for 32bit Windows starting with Windows 7.
More...
|
|
def | modification (self, profile) |
| |
|
def | check (self, profile) |
| | Returns True or False as to whether the Modification should be applied.
|
| |
|
def | dependencies (self, profile) |
| | Returns a list of modifications that should go before this, and modifications that need to be after this.
|
| |
|
def | modification (self, profile) |
| | Abstract function for modifying the profile.
|
| |
|
|
list | before = ['WindowsObjectClasses'] |
| |
| dictionary | conditions |
| |
|
list | before = [] |
| |
|
list | after = [] |
| |
|
dictionary | conditions = {} |
| |
This modification applies the vtypes for 32bit Windows starting with Windows 7.
| dictionary volatility.plugins.malware.cmdhistory.CmdHistoryVTypesWin7x86.conditions |
|
static |
Initial value: 1 = {
'os':
lambda x: x ==
'windows',
2 'major':
lambda x: x == 6,
3 'minor':
lambda x: x >= 1,
4 'memory_model':
lambda x : x ==
'32bit'}
The documentation for this class was generated from the following file:
- volatility/plugins/malware/cmdhistory.py
Public Member Functions inherited from volatility.obj.ProfileModification
1.8.9.1