Skip to main content

classify_kthread

memf_linux::heuristics

Function classify_kthread 

Source 
pub fn classify_kthread(
    name: &str,
    start_fn_addr: u64,
) -> (bool, Option<String>)
Expand description

Classify whether a kernel thread entry looks suspicious.

Returns (is_suspicious, reason). Flags unnamed threads, threads with userspace start-function addresses, and hex-pattern names.