return profile
def DetectFromHit(self, hit, file_offset, address_space):
"""Gets called for each hit.
If a profile matches, return it, otherwise None.
"""
# By default use all detection modules.
config.DeclareOption("autodetect",
group="Autodetection Overrides",
type="ChoiceArray",
required=True,
choices=utils.JITIterator(DetectionMethod),
default=utils.JITIterator(DetectionMethod),
help="Autodetection method.")
config.DeclareOption("autodetect_threshold",
default=1.0,
group="Autodetection Overrides",
help="Worst acceptable match for profile autodetection." +
" (Default 1.0)",
type="Float")
config.DeclareOption("autodetect_build_local",
default="basic",
group="Autodetection Overrides",
choices=["full", "basic", "none"],
help="Attempts to fetch and build profile locally.",
# Import all the renderers.
# pylint: disable=unused-import
from rekall import config
from rekall import utils
from rekall.ui import renderer
from rekall.ui import json_renderer
from rekall.ui import text
config.DeclareOption("-r",
"--renderer",
default="text",
group="Interface",
choices=utils.JITIterator(renderer.BaseRenderer),
help="The renderer to use. Default (text)")
