The Sleuth Kit Framework
4.1
|
Supports the loading of custom dynamic libraries to perform analysis on a single TskFile. More...
#include <TskFileAnalysisPluginModule.h>
Public Member Functions | |
virtual void | checkInterface () |
Verifies that the required interface for a plugin module is defined by the module library. More... | |
virtual Status | run (TskFile *fileToAnalyze) |
Method that is used to run file analysis modules. More... | |
Public Member Functions inherited from TskPluginModule | |
TskModule::Status | initialize () |
Calls the initialize function in the module library, if present. | |
virtual void | setPath (const std::string &location) |
Loads the module library. More... | |
virtual | ~TskPluginModule () |
Destructor that calls the finalize function of the module library and unloads the library. | |
Public Member Functions inherited from TskModule | |
std::string | getArguments () const |
Get the arguments. | |
std::string | getDescription () const |
Get the module description. | |
int | getModuleId () const |
Get the module id. | |
std::string | getName () const |
Get the module name. | |
virtual std::string | getPath () const |
Returns the fully qualified path to the module. | |
std::string | getVersion () const |
Get the module version. | |
virtual Status | report () |
Method that is used to run report modules. More... | |
void | setArguments (const std::string &args) |
Set the arguments to be passed to the module. | |
void | setModuleId (int moduleId) |
Set the module id. | |
Additional Inherited Members | |
Public Types inherited from TskModule | |
enum | Status { OK = 0, FAIL, STOP } |
Standard values that module methods can return. More... | |
Static Public Attributes inherited from TskModule | |
static const std::string | CURRENT_FILE_MACRO = "#CURRENT_FILE#" |
The TskModule class supports the use of a string macro that is expanded to the path of the file currently under analysis. More... | |
Protected Member Functions inherited from TskPluginModule | |
void * | getSymbol (const std::string symbol) |
Get a pointer to a function in the module library. More... | |
bool | hasSymbol (const std::string symbol) |
Checks whether or not the module library defines a particular symbol. More... | |
bool | isLoaded () const |
Checks whether or not the module library is loaded. More... | |
Static Protected Member Functions inherited from TskModule | |
static std::string | expandArgumentMacros (const std::string &args, const TskFile *fileToAnalyze) |
Protected Attributes inherited from TskModule | |
std::string | m_arguments |
std::string | m_description |
int | m_moduleId |
std::string | m_modulePath |
std::string | m_name |
std::string | m_version |
Static Protected Attributes inherited from TskPluginModule | |
static const std::string | DESCRIPTION_SYMBOL = "description" |
static const std::string | FINALIZE_SYMBOL = "finalize" |
static const std::string | GET_BUILD_TYPE_SYMBOL = "getBuildType" |
static const std::string | GET_COMPILER_SYMBOL = "getCompiler" |
static const std::string | GET_COMPILER_VERSION_SYMBOL = "getCompilerVersion" |
static const std::string | GET_FRAMEWORK_VERSION_SYMBOL = "getFrameWorkVersion" |
static const std::string | INITIALIZE_SYMBOL = "initialize" |
static const std::string | NAME_SYMBOL = "name" |
static const std::string | REPORT_SYMBOL = "report" |
static const std::string | RUN_SYMBOL = "run" |
static const std::string | VERSION_SYMBOL = "version" |
Supports the loading of custom dynamic libraries to perform analysis on a single TskFile.
|
virtual |
Verifies that the required interface for a plugin module is defined by the module library.
Implements TskPluginModule.
References TskModule::getPath(), TskPluginModule::hasSymbol(), TskPluginModule::isLoaded(), and LOGERROR.
|
virtual |
Method that is used to run file analysis modules.
Implements TskModule.
References TskModule::FAIL, TskModule::getName(), TskModule::getPath(), TskPluginModule::getSymbol(), TskPluginModule::hasSymbol(), TskPluginModule::isLoaded(), LOGERROR, TskException::message(), and TskModule::OK.
Copyright © 2011-2013 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.