Skip to main content

GloballyLoadedLibrary

memf_linux::preload_scanner

Struct GloballyLoadedLibrary

pub struct GloballyLoadedLibrary {
    pub path: String,
    pub present_in_pid_count: usize,
    pub total_pids_checked: usize,
    pub prevalence: f64,
    pub elf_report: Option<ElfCapabilityReport>,
}

Expand description

A shared library and how widely it is mapped across processes — the core signal for LD_PRELOAD-style rootkit detection: a malicious preload is injected into every process, so an unusually high prevalence is suspicious.

Fields§

§path: String

Filesystem path of the shared object (e.g. /usr/lib/evil.so).

§present_in_pid_count: usize

Number of inspected PIDs that have this library mapped.

§total_pids_checked: usize

Total number of PIDs inspected (the prevalence denominator).

§prevalence: f64

Fraction of inspected processes mapping this library, in [0.0, 1.0].

§elf_report: Option<ElfCapabilityReport>

Optional ELF capability analysis of the library, when available.

Trait Implementations§

impl Debug for GloballyLoadedLibrary

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

impl Freeze for GloballyLoadedLibrary

impl RefUnwindSafe for GloballyLoadedLibrary

impl Send for GloballyLoadedLibrary

impl Sync for GloballyLoadedLibrary

impl Unpin for GloballyLoadedLibrary

impl UnsafeUnpin for GloballyLoadedLibrary

impl UnwindSafe for GloballyLoadedLibrary

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.