Module perf_event 

Suspicious perf_event detection for Linux memory forensics.

Walks each process’s perf_event_context (via task_struct.perf_event_ctxp[0]) and enumerates all attached perf_event structs. Hardware cache events and raw PMU accesses are flagged as suspicious (Spectre/cache-timing attack patterns).

Re-exports

pub use crate::heuristics::classify_perf_event;

Structs

PerfEventInfo

Information about a single perf_event attached to a process.

Functions

perf_type_name

Map a PERF_TYPE_* constant to a human-readable name.

walk_perf_events

Walk all perf_events across all processes and return structured info.