Module ptrace 

Linux ptrace relationship detection for debugging/injection analysis.

ptrace is the Linux debugging/tracing syscall. Attackers use it for process injection (PTRACE_POKETEXT), anti-debugging (tracing themselves), and credential theft (intercepting syscalls of privileged processes).

This module detects active ptrace relationships by inspecting task_struct.ptrace flags and comparing parent vs real_parent pointers (ptrace reparents the tracee under the tracer).

Re-exports

pub use crate::heuristics::classify_ptrace;

Structs

PtraceRelationship

A detected ptrace relationship between a tracer and a tracee process.

Functions

scan_ptrace_relationships

Scan for active ptrace relationships across the given process list.