| Modifier and Type | Method and Description |
|---|---|
KernelRootkit.Builder |
KernelRootkit.Builder.addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
Object value) |
KernelRootkit.Builder |
KernelRootkit.Builder.clear() |
KernelRootkit.Builder |
KernelRootkit.Builder.clearField(com.google.protobuf.Descriptors.FieldDescriptor field) |
KernelRootkit.Builder |
KernelRootkit.Builder.clearName()
Rootkit name, when available.
|
KernelRootkit.Builder |
KernelRootkit.Builder.clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) |
KernelRootkit.Builder |
KernelRootkit.Builder.clearUnexpectedCodeModification()
True if unexpected modifications of kernel code memory are present.
|
KernelRootkit.Builder |
KernelRootkit.Builder.clearUnexpectedFtraceHandler()
True if `ftrace` points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
|
KernelRootkit.Builder |
KernelRootkit.Builder.clearUnexpectedInterruptHandler()
True if interrupt handlers that are are not in the expected kernel or
module code regions are present.
|
KernelRootkit.Builder |
KernelRootkit.Builder.clearUnexpectedKernelCodePages()
True if kernel code pages that are not in the expected kernel or module
code regions are present.
|
KernelRootkit.Builder |
KernelRootkit.Builder.clearUnexpectedKprobeHandler()
True if `kprobe` points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
|
KernelRootkit.Builder |
KernelRootkit.Builder.clearUnexpectedProcessesInRunqueue()
True if unexpected processes in the scheduler run queue are present.
|
KernelRootkit.Builder |
KernelRootkit.Builder.clearUnexpectedReadOnlyDataModification()
True if unexpected modifications of kernel read-only data memory are
present.
|
KernelRootkit.Builder |
KernelRootkit.Builder.clearUnexpectedSystemCallHandler()
True if system call handlers that are are not in the expected kernel or
module code regions are present.
|
KernelRootkit.Builder |
KernelRootkit.Builder.clone() |
KernelRootkit.Builder |
Finding.Builder.getKernelRootkitBuilder()
Signature of the kernel rootkit.
|
KernelRootkit.Builder |
KernelRootkit.Builder.mergeFrom(com.google.protobuf.CodedInputStream input,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
KernelRootkit.Builder |
KernelRootkit.Builder.mergeFrom(KernelRootkit other) |
KernelRootkit.Builder |
KernelRootkit.Builder.mergeFrom(com.google.protobuf.Message other) |
KernelRootkit.Builder |
KernelRootkit.Builder.mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields) |
static KernelRootkit.Builder |
KernelRootkit.newBuilder() |
static KernelRootkit.Builder |
KernelRootkit.newBuilder(KernelRootkit prototype) |
KernelRootkit.Builder |
KernelRootkit.newBuilderForType() |
protected KernelRootkit.Builder |
KernelRootkit.newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) |
KernelRootkit.Builder |
KernelRootkit.Builder.setField(com.google.protobuf.Descriptors.FieldDescriptor field,
Object value) |
KernelRootkit.Builder |
KernelRootkit.Builder.setName(String value)
Rootkit name, when available.
|
KernelRootkit.Builder |
KernelRootkit.Builder.setNameBytes(com.google.protobuf.ByteString value)
Rootkit name, when available.
|
KernelRootkit.Builder |
KernelRootkit.Builder.setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
int index,
Object value) |
KernelRootkit.Builder |
KernelRootkit.Builder.setUnexpectedCodeModification(boolean value)
True if unexpected modifications of kernel code memory are present.
|
KernelRootkit.Builder |
KernelRootkit.Builder.setUnexpectedFtraceHandler(boolean value)
True if `ftrace` points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
|
KernelRootkit.Builder |
KernelRootkit.Builder.setUnexpectedInterruptHandler(boolean value)
True if interrupt handlers that are are not in the expected kernel or
module code regions are present.
|
KernelRootkit.Builder |
KernelRootkit.Builder.setUnexpectedKernelCodePages(boolean value)
True if kernel code pages that are not in the expected kernel or module
code regions are present.
|
KernelRootkit.Builder |
KernelRootkit.Builder.setUnexpectedKprobeHandler(boolean value)
True if `kprobe` points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
|
KernelRootkit.Builder |
KernelRootkit.Builder.setUnexpectedProcessesInRunqueue(boolean value)
True if unexpected processes in the scheduler run queue are present.
|
KernelRootkit.Builder |
KernelRootkit.Builder.setUnexpectedReadOnlyDataModification(boolean value)
True if unexpected modifications of kernel read-only data memory are
present.
|
KernelRootkit.Builder |
KernelRootkit.Builder.setUnexpectedSystemCallHandler(boolean value)
True if system call handlers that are are not in the expected kernel or
module code regions are present.
|
KernelRootkit.Builder |
KernelRootkit.Builder.setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields) |
KernelRootkit.Builder |
KernelRootkit.toBuilder() |
| Modifier and Type | Method and Description |
|---|---|
Finding.Builder |
Finding.Builder.setKernelRootkit(KernelRootkit.Builder builderForValue)
Signature of the kernel rootkit.
|
Copyright © 2023 Google LLC. All rights reserved.