Module ftrace 

Ftrace hook detection from kernel memory.

Detects malicious ftrace hooks by walking the ftrace_ops_list global linked list. Each ftrace_ops entry records a func function pointer that is called for every instrumented kernel function. A func pointer that lies outside the kernel text range (_stext.._etext) is a strong indicator of a rootkit hook.

Re-exports

pub use crate::heuristics::classify_ftrace_hook;

Structs

FtraceHookInfo

Information about a single ftrace_ops entry.

Functions

walk_ftrace_hooks

Walk ftrace_ops_list and return all registered ftrace hooks.