Module kthread 

Linux kernel thread enumeration and anomaly detection.

Enumerates kernel threads and flags suspicious ones. Rootkits commonly create kernel threads to maintain persistence. Kernel threads have specific characteristics: their mm pointer is NULL (meaning cr3 is None in ProcessInfo) and their parent is typically kthreadd (pid 2).

Re-exports

pub use crate::heuristics::classify_kthread;

Structs

KernelThreadInfo

Information about a kernel thread extracted from memory.

Functions

walk_kernel_threads

Walk the given process list and extract kernel thread information.