def GetMemoryInformation(self, _): reply = rdf_rekall_types.MemoryInformation(device=rdf_paths.PathSpec( path=r"\\.\pmem", pathtype=rdf_paths.PathSpec.PathType.MEMORY)) reply.runs.Append(offset=0x1000, length=0x10000) reply.runs.Append(offset=0x20000, length=0x10000) return [reply]
def Start(self): self.SendReply(rdf_rekall_types.MemoryInformation( device=rdf_paths.PathSpec( path=os.path.join(config_lib.CONFIG["Test.data_dir"], "searching/auth.log"), pathtype=rdf_paths.PathSpec.PathType.OS), runs=[rdf_client.BufferReference(length=638976, offset=5), rdf_client.BufferReference(length=145184, offset=643074)]))
def GetMemoryInformation(self): result = rdf_rekall_types.MemoryInformation( cr3=self.session.GetParameter("dtb", 0), device=self.pathspec) for run in self.address_space.get_address_ranges(): result.runs.Append(offset=run.start, length=run.length) return result
def GetMemoryInformation(self, _): """Mock out the driver loading code to pass the memory image.""" reply = rdf_rekall_types.MemoryInformation( device=rdf_paths.PathSpec( path=image_path, pathtype=rdf_paths.PathSpec.PathType.OS)) reply.runs.Append(offset=0, length=1000000000) return [reply]