rekall.stdlib.merge_ops module

This class contains various useful merge ops.

rekall.stdlib.merge_ops.merge_named_payload(name_to_merge_op)

Merging dictionary payload by key.

name_to_merge_op is a dict mapping from field names to merge_ops.

Example

If name_to_merge_op is {

‘f1’: mergeop1, ‘f2’: mergeop2, ‘f3’: mergeop3

}, Then two payloads { ‘f1’: a1, ‘f2’: b1, ‘f3’: c1 } and { ‘f1’: a2, ‘f2’: b2, ‘f3’: c2 } will be merged into {

‘f1’: mergeop1(a1, a2), ‘f2’: mergeop2(b1, b2), ‘f3’: mergeop3(c1, c2)

}.

rekall.stdlib.merge_ops.payload_first(payload1, payload2)

rekall.stdlib.merge_ops.payload_plus(payload1, payload2)

rekall.stdlib.merge_ops.payload_second(payload1, payload2)