An interface into a scanner that can find multiple pool tags in a single pass through an address space.
More...
|
| def | __init__ |
| | An interface into the multiple concurrent pool scanner. More...
|
| |
|
def | scan (self) |
| |
|
|
| scanners |
| |
|
| scan_virtual |
| |
|
| show_unalloc |
| |
|
| use_top_down |
| |
|
| start_offset |
| |
|
| max_length |
| |
|
| address_space |
| |
|
| pool_alignment |
| |
An interface into a scanner that can find multiple pool tags in a single pass through an address space.
| def volatility.poolscan.MultiScanInterface.__init__ |
( |
|
self, |
|
|
|
addr_space, |
|
|
|
scanners = [], |
|
|
|
scan_virtual = False, |
|
|
|
show_unalloc = False, |
|
|
|
use_top_down = False, |
|
|
|
start_offset = None, |
|
|
|
max_length = None |
|
) |
| |
An interface into the multiple concurrent pool scanner.
- Parameters
-
| addr_space | a Volatility address space |
| scanners | a list of PoolScanner classes to scan for. |
| scan_virtual | True to scan in virtual/kernel space or False to scan at the physical layer. |
| show_unalloc | True to skip unallocated objects whose _OBJECT_TYPE structure are 0xbad0b0b0. |
| use_topdown | True to carve objects out of the pool using the top-down approach or False to use the bottom-up trick. |
| start_offset | the starting offset to begin scanning. |
| max_length | the size in bytes to scan from the start. |
The documentation for this class was generated from the following file:
1.8.9.1