memf-linux-0.2.1
- memf-linux 0.2.1
- Permalink
- Docs.rs crate page
- Apache-2.0
- Links
- crates.io
- Source
- Owners
- h4x0r
- Dependencies
- forensicnomicon ^0.5 normal
  goblin ^0.9 normal
  inventory ^0.3 normal
  memf-core ^0.2.1 normal
  memf-correlate ^0.2.1 normal
  memf-format ^0.2.1 normal
  memf-symbols ^0.2.1 normal
  serde ^1 normal
  thiserror ^2 normal
  serde_json ^1 dev
- Versions
- 100% of the crate is documented
Platform
- x86_64-unknown-linux-gnu
Feature flags

docs.rs

Rust

Skip to main content

All

memf_linux0.2.1

Crate Items

Structs
Enums
Constants
Traits
Functions
Type Aliases

List of all items

Structs

Enums

Error
types::BootTimeSource
types::ConnectionState
types::ElfType
types::FdAbuseType
types::ModuleState
types::NeighState
types::ProcessState
types::Protocol
types::SshKeyType

Traits

WalkerPlugin

Functions

arp::walk_arp_cache
bash::walk_bash_history
bash_history::classify_bash_command
bash_history::extract_bash_history_from_bytes
boot_time::extract_boot_time
bpf::walk_bpf_programs
capabilities::cap_name
capabilities::walk_capabilities
cgroups::walk_cgroups
check_afinfo::walk_check_afinfo
check_creds::walk_check_creds
check_fops::check_fops_entry
check_fops::is_kernel_text_address
check_fops::scan_proc_fops
check_hooks::check_inline_hooks
check_idt::gate_type_name
check_idt::walk_check_idt
check_modules::check_hidden_modules
cmdline::walk_cmdlines
cmdline::walk_process_cmdline
container_escape::walk_container_escape
cpu_pinning::is_suspicious_pinning
cpu_pinning::scan_cpu_pinning
crontab::walk_crontab_entries
deleted_exe::is_deleted_exe
deleted_exe::strip_deleted_suffix
deleted_exe::walk_deleted_exe
dentry_cache::walk_dentry_cache
dmesg::extract_dmesg
ebpf_progs::map_type_name
ebpf_progs::walk_ebpf_maps
elf_analysis::analyse_elf_capabilities
elf_analysis::scan_elf_string_artifacts
elfinfo::walk_elfinfo
envvars::walk_envvars
envvars::walk_process_envvars
files::walk_files
files::walk_process_files
framebuffer::walk_framebuffer_linux
fs::walk_filesystems
ftrace::walk_ftrace_hooks
fuse_abuse::is_suspicious_fuse_mount
fuse_abuse::scan_fuse_abuse
futex_forensics::walk_futex_table
heuristics::classify_afinfo_hook
heuristics::classify_bpf_program
heuristics::classify_capabilities
heuristics::classify_cgroup
heuristics::classify_container_escape
heuristics::classify_deleted_exe
heuristics::classify_ebpf_map
heuristics::classify_ftrace_hook
heuristics::classify_futex
heuristics::classify_hidden_dentry
heuristics::classify_idt_entry
heuristics::classify_io_uring
heuristics::classify_iomem
heuristics::classify_kernel_timer
heuristics::classify_kmsg
heuristics::classify_kthread
heuristics::classify_ld_preload
heuristics::classify_library
heuristics::classify_memfd
heuristics::classify_module_visibility
heuristics::classify_mount
heuristics::classify_notifier
heuristics::classify_oom_victim
heuristics::classify_pam_hook
heuristics::classify_perf_event
heuristics::classify_psaux
heuristics::classify_ptrace
heuristics::classify_raw_socket
heuristics::classify_shared_creds
heuristics::classify_signal_handler
heuristics::classify_systemd_unit
heuristics::classify_tmpfs_file
heuristics::classify_unix_socket
heuristics::classify_zombie_orphan
io_uring::walk_io_uring
iomem::walk_iomem_regions
ipc::walk_semaphores
ipc::walk_shm_segments
kaslr::adjust_address
kaslr::detect_kaslr_offset
kernel_timers::walk_kernel_timers
keyboard_notifiers::walk_keyboard_notifiers
kmsg::parse_printk_record
kmsg::walk_kmsg
kthread::walk_kernel_threads
ld_preload::scan_ld_preload
library_list::walk_library_list
magic_gid::classify_magic_gid
magic_gid::has_magic_gid
malfind::scan_malfind
maps::walk_maps
maps::walk_process_maps
memfd_create::walk_memfd_create
modules::walk_modules
modxview::walk_modxview
mountinfo::walk_mounts
namespaces::walk_namespaces
netfilter::parse_ipt_entries
netfilter::protocol_name
netfilter::walk_netfilter_rules
netlink_audit::is_audit_tampered
netlink_audit::scan_audit_tampering
network::walk_connections
network::walk_connections6
oom_events::walk_oom_events
pam_hooks::walk_pam_hooks
perf_event::perf_type_name
perf_event::walk_perf_events
preload_scanner::find_globally_loaded_from_elfs
preload_scanner::find_globally_loaded_libraries
preload_scanner::parse_linux_elfs_tsv
proc_cmdline::is_miner_cmdline
proc_cmdline::is_ssh_tunnel_cmdline
proc_cmdline::parse_proc_cmdline
proc_hidden::find_hidden_processes
proc_hidden::is_dkom_hidden
process::build_pstree
process::walk_processes
psaux::task_state_name
psaux::walk_psaux
psxview::walk_psxview
ptrace::scan_ptrace_relationships
raw_sockets::walk_raw_sockets
seccomp::walk_seccomp_profiles
shared_mem_anomaly::is_suspicious_shm
shared_mem_anomaly::scan_shared_mem_anomalies
signal_handlers::handler_type
signal_handlers::signal_name
signal_handlers::walk_signal_handlers
ssh_keys::extract_ssh_keys
syscalls::check_syscall_table
systemd_units::classify_systemd_unit
systemd_units::walk_systemd_units
thread::walk_threads
timerfd_signalfd::is_suspicious_fd_count
timerfd_signalfd::scan_fd_abuse
tmpfs_recovery::walk_tmpfs_files
tty_check::check_tty_hooks
unix_sockets::socket_type_name
unix_sockets::walk_unix_sockets
user_ns_escalation::is_escalation_suspicious
user_ns_escalation::scan_user_ns_escalation
vdso_tamper::is_vdso_tampered
vdso_tamper::scan_vdso_tampering
vma_walker::for_each_task_vma
zombie_orphan::walk_zombie_orphan

Type Aliases

Result

Constants

io_uring::IORING_OP_CONNECT
io_uring::IORING_OP_OPENAT
io_uring::IORING_OP_READ
io_uring::IORING_OP_RECVMSG
io_uring::IORING_OP_SENDMSG
io_uring::IORING_OP_WRITE
magic_gid::FATHER_MAGIC_GID
magic_gid::KNOWN_MAGIC_GIDS