The Volatility Framework
Public Member Functions | Public Attributes | List of all members
volatility.obj.VolatilityMagic Class Reference

Class to contain Volatility Magic value. More...

Inheritance diagram for volatility.obj.VolatilityMagic:
volatility.obj.BaseObject volatility.plugins.bigpagepools.BigPageTable volatility.plugins.overlays.basic.VolatilityDTB volatility.plugins.overlays.basic.VolatilityMaxAddress volatility.plugins.overlays.linux.linux.VolatilityDTB volatility.plugins.overlays.linux.linux.VolatilityLinuxARMValidAS volatility.plugins.overlays.linux.linux.VolatilityLinuxIntelValidAS volatility.plugins.overlays.mac.mac.VolatilityDTB volatility.plugins.overlays.mac.mac.VolatilityMacIntelValidAS volatility.plugins.overlays.windows.win10.VolatilityCookie volatility.plugins.overlays.windows.win8_kdbg.VolatilityKDBG volatility.plugins.overlays.windows.windows.VolatilityAMD64ValidAS volatility.plugins.overlays.windows.windows.VolatilityIA32ValidAS volatility.plugins.overlays.windows.windows.VolatilityKDBG volatility.plugins.overlays.windows.windows.VolatilityKPCR volatility.plugins.overlays.windows.windows.VolMagicPoolTag

Public Member Functions

def __init__ (self, theType, offset, vm, value=None, configname=None, kwargs)
 
def v (self)
 
def __str__ (self)
 
def get_suggestions (self)
 Returns a list of possible suggestions for the value. More...
 
def generate_suggestions (self)
 
def get_best_suggestion (self)
 Returns the best suggestion for a list of possible suggestsions.
 
- Public Member Functions inherited from volatility.obj.BaseObject
def __init__ (self, theType, offset, vm, native_vm=None, parent=None, name=None, kwargs)
 
def obj_type (self)
 
def obj_vm (self)
 
def obj_offset (self)
 
def obj_parent (self)
 
def obj_name (self)
 
def obj_native_vm (self)
 
def set_native_vm (self, native_vm)
 Sets the native_vm.
 
def rebase (self, offset)
 
def proxied (self, attr)
 
def newattr (self, attr, value)
 Sets a new attribute after the object has been created.
 
def write (self, value)
 Function for writing the object back to disk.
 
def __getattr__ (self, attr)
 This is only useful for proper methods (not ones that start with __ )
 
def __setattr__ (self, attr, value)
 
def __nonzero__ (self)
 This method is called when we test the truth value of an Object. More...
 
def __eq__ (self, other)
 
def __ne__ (self, other)
 
def __hash__ (self)
 
def m (self, memname)
 
def is_valid (self)
 
def dereference (self)
 
def dereference_as (self, derefType, kwargs)
 
def cast (self, castString)
 
def v (self)
 Do the actual reading and decoding of this member.
 
def __format__ (self, formatspec)
 
def __str__ (self)
 
def __repr__ (self)
 
def d (self)
 Display diagnostic information.
 
def __getstate__ (self)
 This controls how we pickle and unpickle the objects.
 
def __setstate__ (self, state)
 

Public Attributes

 configname
 
 value
 
- Public Attributes inherited from volatility.obj.BaseObject
 obj_offset
 
 obj_vm
 

Detailed Description

Class to contain Volatility Magic value.

Member Function Documentation

def volatility.obj.VolatilityMagic.get_suggestions (   self)

Returns a list of possible suggestions for the value.

These should be returned in order of likelihood, since the first one will be taken as the best suggestion

This is also to avoid a complete scan of the memory address space, since

The documentation for this class was generated from the following file: