Module kernel_timers 

Linux kernel timer enumeration for rootkit callback detection.

Kernel timers (timer_list and hrtimer) provide periodic callbacks. Rootkits use them for periodic check-in, keylogger flushing, or hiding their tracks. Enumerating kernel timers reveals hidden periodic execution.

The classifier checks whether a timer callback function address falls within the kernel text range (_stext.._etext). Callbacks pointing outside kernel text are flagged as suspicious.

Re-exports

pub use crate::heuristics::classify_kernel_timer;

Structs

KernelTimerInfo

Information about a kernel timer extracted from the timer wheel.

Functions

walk_kernel_timers

Walk the kernel timer wheel and return all active timer entries.