rekall.stdlib.parsers module

Payload Parsers

rekall.stdlib.parsers.bbox_payload_parser(accessor, x1='bbox_x1', y1='bbox_y1', x2='bbox_x2', y2='bbox_y2')

Parses an object to generate a bbox payload.

Generates a dict with this structure: { “x1”: …, “y1”: …, “x2”: …, “y2”: … } @x1, @y1, @x2, @y2 are field names in the object. @accessor takes in the object and a field name and gets the value for that object.

rekall.stdlib.parsers.dict_payload_parser(accessor, fields)

Parse an object to generate a payload.

@accesor takes in object and a field name and gets a value. @fields is a dict mapping from field names in the payload to field names in the object.

rekall.stdlib.parsers.in_array(parser_fn)

Generate a new parser function that wraps a payload result in an array.

rekall.stdlib.parsers.label_payload_parser(accessor, label)

Parser that produces { “label”: … }

rekall.stdlib.parsers.merge_dict_parsers(parser_fns)

Generate a new parser that merges the result of multiple parsers.

@parser_fns is a list of parser functions. Must parse objects into dicts with unique keys.

rekall.stdlib.parsers.named_payload(name, parser_fn)

Wraps a parser result in a dictionary under given name.