volatility3.plugins.windows package¶
All Windows OS plugins.
NOTE: This file is important for core plugins to run (which certain components such as the windows registry layers) are dependent upon, please DO NOT alter or remove this file unless you know the consequences of doing so.
The framework is configured this way to allow plugin developers/users to override any plugin functionality whether existing or new.
When overriding the plugins directory, you must include a file like this in any subdirectories that may be necessary.
Subpackages¶
Submodules¶
- volatility3.plugins.windows.bigpools module
- volatility3.plugins.windows.cachedump module
- volatility3.plugins.windows.callbacks module
Callbacks
Callbacks.build_configuration()
Callbacks.config
Callbacks.config_path
Callbacks.context
Callbacks.create_callback_table()
Callbacks.get_requirements()
Callbacks.list_bugcheck_callbacks()
Callbacks.list_bugcheck_reason_callbacks()
Callbacks.list_notify_routines()
Callbacks.list_registry_callbacks()
Callbacks.make_subconfig()
Callbacks.open
Callbacks.run()
Callbacks.set_open_method()
Callbacks.unsatisfied()
Callbacks.version
- volatility3.plugins.windows.cmdline module
- volatility3.plugins.windows.crashinfo module
- volatility3.plugins.windows.devicetree module
- volatility3.plugins.windows.dlllist module
- volatility3.plugins.windows.driverirp module
- volatility3.plugins.windows.driverscan module
- volatility3.plugins.windows.dumpfiles module
DumpFiles
DumpFiles.build_configuration()
DumpFiles.config
DumpFiles.config_path
DumpFiles.context
DumpFiles.dump_file_producer()
DumpFiles.get_requirements()
DumpFiles.make_subconfig()
DumpFiles.open
DumpFiles.process_file_object()
DumpFiles.run()
DumpFiles.set_open_method()
DumpFiles.unsatisfied()
DumpFiles.version
- volatility3.plugins.windows.envars module
- volatility3.plugins.windows.filescan module
- volatility3.plugins.windows.getservicesids module
GetServiceSIDs
GetServiceSIDs.build_configuration()
GetServiceSIDs.config
GetServiceSIDs.config_path
GetServiceSIDs.context
GetServiceSIDs.get_requirements()
GetServiceSIDs.make_subconfig()
GetServiceSIDs.open
GetServiceSIDs.run()
GetServiceSIDs.set_open_method()
GetServiceSIDs.unsatisfied()
GetServiceSIDs.version
createservicesid()
- volatility3.plugins.windows.getsids module
- volatility3.plugins.windows.handles module
Handles
Handles.build_configuration()
Handles.config
Handles.config_path
Handles.context
Handles.find_cookie()
Handles.find_sar_value()
Handles.get_requirements()
Handles.get_type_map()
Handles.handles()
Handles.make_subconfig()
Handles.open
Handles.run()
Handles.set_open_method()
Handles.unsatisfied()
Handles.version
- volatility3.plugins.windows.hashdump module
- volatility3.plugins.windows.info module
Info
Info.build_configuration()
Info.config
Info.config_path
Info.context
Info.get_depends()
Info.get_kdbg_structure()
Info.get_kernel_module()
Info.get_kuser_structure()
Info.get_ntheader_structure()
Info.get_requirements()
Info.get_version_structure()
Info.make_subconfig()
Info.open
Info.run()
Info.set_open_method()
Info.unsatisfied()
Info.version
- volatility3.plugins.windows.joblinks module
- volatility3.plugins.windows.ldrmodules module
- volatility3.plugins.windows.lsadump module
- volatility3.plugins.windows.malfind module
- volatility3.plugins.windows.mbrscan module
- volatility3.plugins.windows.memmap module
- volatility3.plugins.windows.mftscan module
- volatility3.plugins.windows.modscan module
ModScan
ModScan.build_configuration()
ModScan.config
ModScan.config_path
ModScan.context
ModScan.find_session_layer()
ModScan.get_requirements()
ModScan.get_session_layers()
ModScan.make_subconfig()
ModScan.open
ModScan.run()
ModScan.scan_modules()
ModScan.set_open_method()
ModScan.unsatisfied()
ModScan.version
- volatility3.plugins.windows.modules module
Modules
Modules.build_configuration()
Modules.config
Modules.config_path
Modules.context
Modules.find_session_layer()
Modules.get_requirements()
Modules.get_session_layers()
Modules.list_modules()
Modules.make_subconfig()
Modules.open
Modules.run()
Modules.set_open_method()
Modules.unsatisfied()
Modules.version
- volatility3.plugins.windows.mutantscan module
- volatility3.plugins.windows.netscan module
- volatility3.plugins.windows.netstat module
- volatility3.plugins.windows.poolscanner module
PoolConstraint
PoolHeaderScanner
PoolScanner
PoolScanner.build_configuration()
PoolScanner.builtin_constraints()
PoolScanner.config
PoolScanner.config_path
PoolScanner.context
PoolScanner.generate_pool_scan()
PoolScanner.get_pool_header_table()
PoolScanner.get_requirements()
PoolScanner.make_subconfig()
PoolScanner.open
PoolScanner.pool_scan()
PoolScanner.run()
PoolScanner.set_open_method()
PoolScanner.unsatisfied()
PoolScanner.version
PoolType
- volatility3.plugins.windows.privileges module
- volatility3.plugins.windows.pslist module
PsList
PsList.PHYSICAL_DEFAULT
PsList.build_configuration()
PsList.config
PsList.config_path
PsList.context
PsList.create_name_filter()
PsList.create_pid_filter()
PsList.generate_timeline()
PsList.get_requirements()
PsList.list_processes()
PsList.make_subconfig()
PsList.open
PsList.process_dump()
PsList.run()
PsList.set_open_method()
PsList.unsatisfied()
PsList.version
- volatility3.plugins.windows.psscan module
PsScan
PsScan.build_configuration()
PsScan.config
PsScan.config_path
PsScan.context
PsScan.generate_timeline()
PsScan.get_osversion()
PsScan.get_requirements()
PsScan.make_subconfig()
PsScan.open
PsScan.run()
PsScan.scan_processes()
PsScan.set_open_method()
PsScan.unsatisfied()
PsScan.version
PsScan.virtual_process_from_physical()
- volatility3.plugins.windows.pstree module
- volatility3.plugins.windows.sessions module
- volatility3.plugins.windows.skeleton_key_check module
- volatility3.plugins.windows.ssdt module
- volatility3.plugins.windows.strings module
- volatility3.plugins.windows.svcscan module
- volatility3.plugins.windows.symlinkscan module
SymlinkScan
SymlinkScan.build_configuration()
SymlinkScan.config
SymlinkScan.config_path
SymlinkScan.context
SymlinkScan.generate_timeline()
SymlinkScan.get_requirements()
SymlinkScan.make_subconfig()
SymlinkScan.open
SymlinkScan.run()
SymlinkScan.scan_symlinks()
SymlinkScan.set_open_method()
SymlinkScan.unsatisfied()
SymlinkScan.version
- volatility3.plugins.windows.vadinfo module
VadInfo
VadInfo.MAXSIZE_DEFAULT
VadInfo.build_configuration()
VadInfo.config
VadInfo.config_path
VadInfo.context
VadInfo.get_requirements()
VadInfo.list_vads()
VadInfo.make_subconfig()
VadInfo.open
VadInfo.protect_values()
VadInfo.run()
VadInfo.set_open_method()
VadInfo.unsatisfied()
VadInfo.vad_dump()
VadInfo.version
- volatility3.plugins.windows.vadyarascan module
- volatility3.plugins.windows.verinfo module
- volatility3.plugins.windows.virtmap module