The Volatility Framework
Public Member Functions | Public Attributes | Static Public Attributes | List of all members
volatility.scan.BaseScanner Class Reference

Following is the new implementation of the scanning framework. More...

Inheritance diagram for volatility.scan.BaseScanner:
volatility.plugins.kdbgscan.KDBGScanner volatility.plugins.kpcrscan.KPCRScanner volatility.plugins.mac.get_profile.catfishScan volatility.plugins.mbrparser.MBRScanner volatility.plugins.mftparser.MFTScanner volatility.plugins.overlays.mac.mac.catfishScan volatility.poolscan.SinglePoolScanner volatility.scan.DiscontigScanner

Public Member Functions

def __init__
 
def check_addr (self, found)
 This calls all our constraints on the offset found and returns the number of contraints that matched. More...
 
def scan
 

Public Attributes

 buffer
 
 window_size
 
 constraints
 Build our constraints from the specified ScannerCheck classes:
 
 error_count
 

Static Public Attributes

list checks = []
 
int overlap = 20
 

Detailed Description

Following is the new implementation of the scanning framework.

The old framework was based on PyFlag's scanning framework which is probably too complex for this. A more thorough scanner which checks every byte

Member Function Documentation

def volatility.scan.BaseScanner.check_addr (   self,
  found 
)

This calls all our constraints on the offset found and returns the number of contraints that matched.

We shortcut the loop as soon as its obvious that there will not be sufficient matches to fit the criteria. This allows for an early exit and a speed boost.

The documentation for this class was generated from the following file: