Skip to main content

classify_psaux

memf_linux::heuristics

Function classify_psaux 

Source 
pub fn classify_psaux(state: u64, uid: u32, flags: u64, vsize: u64) -> bool
Expand description

Classify whether process auxiliary state is suspicious.

Flags impossible combinations: zombie root processes, non-root kernel threads, and processes with extremely large virtual address spaces.