Include dependency graph for doca_apsh.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Macros | |
| #define | doca_apsh_sys_config(system, attr, value) (__doca_apsh_sys_config(system, attr, (void *)((uintptr_t)value))) |
| configure attribute value for a system, such as: hashtest limit, symbols map ... More... | |
| #define | doca_apsh_module_info_get(module, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_module_info_get(module, attr)) |
| Get attribute value for a module. More... | |
| #define | doca_apsh_process_info_get(process, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_process_info_get(process, attr)) |
| Get attribute value for a process. More... | |
| #define | doca_apsh_lib_info_get(lib, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_lib_info_get(lib, attr)) |
| Get attribute value for a lib. More... | |
| #define | doca_apsh_thread_info_get(thread, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_thread_info_get(thread, attr)) |
| Get attribute value for a thread. More... | |
| #define | doca_apsh_vad_info_get(vad, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_vad_info_get(vad, attr)) |
| Get attribute value for a vad. More... | |
| #define | doca_apsh_attst_info_get(attestation, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_attst_info_get(attestation, attr)) |
| Get attribute value for a attestation. More... | |
| #define | doca_apsh_privilege_info_get(privilege, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_privilege_info_get(privilege, attr)) |
| Get attribute value for a privilege. More... | |
| #define | doca_apsh_envar_info_get(envar, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_envar_info_get(envar, attr)) |
| Get attribute value for an environment variable. More... | |
| #define | doca_apsh_ldrmodule_info_get(ldrmodule, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_ldrmodule_info_get(ldrmodule, attr)) |
| Get attribute value for a ldrmodule. More... | |
| #define | doca_apsh_handle_info_get(handle, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_handle_info_get(handle, attr)) |
| Get attribute value for a handle. More... | |
| #define | doca_apsh_process_parameters_info_get(process_parameters, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_process_parameters_info_get(process_parameters, attr)) |
| get attribute value for a process-parameter More... | |
| #define | doca_apsh_sid_info_get(sid, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_sid_info_get(sid, attr)) |
| Get attribute value for a SID. More... | |
| #define | doca_apsh_netscan_info_get(connection, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_netscan_info_get(connection, attr)) |
| Get attribute value for a connection. More... | |
| #define | doca_apsh_interface_info_get(interface, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_interface_info_get(interface, attr)) |
| Get attribute value for an interface. More... | |
| #define | doca_apsh_yara_info_get(yara, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_yara_info_get(yara, attr)) |
| Get attribute value for a yara. More... | |
| #define | doca_apsh_injection_detect_info_get(suspected_injection, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_injection_detect_info_get(suspected_injection, attr)) |
| Get attribute value for a suspected_injection. More... | |
| #define | doca_apsh_container_info_get(container, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_container_info_get(container, attr)) |
| Get attribute value for a container. More... | |
| #define | doca_apsh_proc_file_details_info_get(file_details, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_proc_file_details_info_get(file_details, attr)) |
| Get attribute value for a file. More... | |
Functions | |
| DOCA_EXPERIMENTAL struct doca_apsh_ctx * | doca_apsh_create (void) |
| Create a new apsh handler. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_start (struct doca_apsh_ctx *ctx) |
| Start apsh handler. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_destroy (struct doca_apsh_ctx *ctx) |
| Free the APSH memory and close connections. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_dma_dev_set (struct doca_apsh_ctx *ctx, struct doca_dev *dma_dev) |
| Set apsh dma device. More... | |
| DOCA_EXPERIMENTAL struct doca_apsh_system * | doca_apsh_system_create (struct doca_apsh_ctx *ctx) |
| Create a new system handler. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_system_destroy (struct doca_apsh_system *system) |
| Destroy system handler. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_system_start (struct doca_apsh_system *system) |
| Start system handler. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_sys_os_symbol_map_set (struct doca_apsh_system *system, const char *system_os_symbol_map_path) |
| Set system os symbol map. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_sys_os_symbol_map_folder_set (struct doca_apsh_system *system, const char *system_os_symbol_folder_path) |
| Set folder that system os symbol map files. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_sys_mem_region_set (struct doca_apsh_system *system, const char *system_mem_region_path) |
| Set system allowed memory regions. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_sys_dev_set (struct doca_apsh_system *system, struct doca_dev_rep *dev) |
| Set system device. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_sys_os_type_set (struct doca_apsh_system *system, enum doca_apsh_system_os os_type) |
| Set system os type. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_sys_kpgd_file_set (struct doca_apsh_system *system, const char *system_kpgd_file_path) |
| Set system kpgd file. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_sys_set_scan_window_size (struct doca_apsh_system *system, uint32_t scan_window_size) |
| Set system yara scan window size. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_sys_set_scan_window_step (struct doca_apsh_system *system, uint32_t scan_window_step) |
| Set system yara scan window step. More... | |
| DOCA_EXPERIMENTAL doca_error_t | __doca_apsh_sys_config (struct doca_apsh_system *system, enum doca_apsh_system_config_attr attr, void *value) |
| Shadow function - configure attribute value for a system. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_modules_get (struct doca_apsh_system *system, struct doca_apsh_module ***modules, int *modules_size) |
| Get array of current modules installed on the system. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_module_free (struct doca_apsh_module **modules) |
| Destroys a modules array. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_module_info_get (struct doca_apsh_module *module, enum doca_apsh_module_attr attr) |
| Shadow function - get attribute value for a module. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_processes_get (struct doca_apsh_system *system, struct doca_apsh_process ***processes, int *processes_size) |
| Get array of current processes running on the system. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_processes_free (struct doca_apsh_process **processes) |
| Destroys a process context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_process_info_get (struct doca_apsh_process *process, enum doca_apsh_process_attr attr) |
| Shadow function - get attribute value for a process. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_libs_get (struct doca_apsh_process *process, struct doca_apsh_lib ***libs, int *libs_size) |
| Get array of current process loadable libraries. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_libs_free (struct doca_apsh_lib **libs) |
| Destroys a libs context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_lib_info_get (struct doca_apsh_lib *lib, enum doca_apsh_lib_attr attr) |
| Shadow function - get attribute value for a lib. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_threads_get (struct doca_apsh_process *process, struct doca_apsh_thread ***threads, int *threads_size) |
| Get array of current process threads. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_threads_free (struct doca_apsh_thread **threads) |
| Destroys a threads context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_thread_info_get (struct doca_apsh_thread *thread, enum doca_apsh_thread_attr attr) |
| Shadow function - get attribute value for a thread. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_vads_get (struct doca_apsh_process *process, struct doca_apsh_vad ***vads, int *vads_size) |
| Get array of current process vads - virtual address descriptor. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_vads_free (struct doca_apsh_vad **vads) |
| Destroys a vads context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_vad_info_get (struct doca_apsh_vad *vad, enum doca_apsh_vad_attr attr) |
| Shadow function - get attribute value for a vad. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_attestation_get (struct doca_apsh_process *process, const char *exec_hash_map_path, struct doca_apsh_attestation ***attestation, int *attestation_size) |
| Get current process attestation. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_attestation_free (struct doca_apsh_attestation **attestation) |
| Destroys a attestation context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_attst_info_get (struct doca_apsh_attestation *attestation, enum doca_apsh_attestation_attr attr) |
| Shadow function - get attribute value for a attestation. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_attst_refresh (struct doca_apsh_attestation ***attestation, int *attestation_size) |
| refresh single attestation handler of a process with new snapshot More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_privileges_get (struct doca_apsh_process *process, struct doca_apsh_privilege ***privileges, int *privileges_size) |
| Get array of current process privileges. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_privileges_free (struct doca_apsh_privilege **privileges) |
| Destroys a privileges context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_privilege_info_get (struct doca_apsh_privilege *privilege, enum doca_apsh_privilege_attr attr) |
| Shadow function - get attribute value for a privilege. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_envars_get (struct doca_apsh_process *process, struct doca_apsh_envar ***envars, int *envars_size) |
| Get array of current process environment variables. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_envars_free (struct doca_apsh_envar **envars) |
| Destroys a envars context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_envar_info_get (struct doca_apsh_envar *envar, enum doca_apsh_envar_attr attr) |
| Shadow function - get attribute value for an environment variable. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_ldrmodules_get (struct doca_apsh_process *process, struct doca_apsh_ldrmodule ***ldrmodules, int *ldrmodules_size) |
| Get array of current process modules. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_ldrmodules_free (struct doca_apsh_ldrmodule **ldrmodules) |
| Destroys a ldrmodules context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_ldrmodule_info_get (struct doca_apsh_ldrmodule *ldrmodule, enum doca_apsh_ldrmodule_attr attr) |
| Shadow function - get attribute value for a modules. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_handles_get (struct doca_apsh_process *process, struct doca_apsh_handle ***handles, int *handles_size) |
| Get array of current process handles. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_handles_free (struct doca_apsh_handle **handles) |
| Destroys a handles context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_handle_info_get (struct doca_apsh_handle *handle, enum doca_apsh_handle_attr attr) |
| Shadow function - get attribute value for a handle. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_process_parameters_get (struct doca_apsh_process *process, struct doca_apsh_process_parameters **process_parameters) |
| Get current process parameters. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_process_parameters_free (struct doca_apsh_process_parameters *process_parameters) |
| Destroys a process-parameters context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_process_parameters_info_get (struct doca_apsh_process_parameters *process_parameters, enum doca_apsh_process_parameters_attr attr) |
| Shadow function - get attribute value for a process-parameter. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_sids_get (struct doca_apsh_process *process, struct doca_apsh_sid ***sids, int *sids_size) |
| Get array of current process SIDs. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_sids_free (struct doca_apsh_sid **sids) |
| Destroys a SIDs context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_sid_info_get (struct doca_apsh_sid *sid, enum doca_apsh_sid_attr attr) |
| Shadow function - get attribute value for a SID. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_netscan_get (struct doca_apsh_system *system, struct doca_apsh_netscan ***connections, int *connections_size) |
| Get array of current connections. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_process_netscan_get (struct doca_apsh_process *process, struct doca_apsh_netscan ***connections, int *connections_size) |
| Get array of current connections for a specified process. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_netscan_free (struct doca_apsh_netscan **connections) |
| Destroys a netscan context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_netscan_info_get (struct doca_apsh_netscan *connection, enum doca_apsh_netscan_attr attr) |
| Shadow function - get attribute value for a connection. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_interfaces_get (struct doca_apsh_system *system, struct doca_apsh_interface ***interfaces, int *interfaces_size) |
| Get array of all interfaces. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_interfaces_free (struct doca_apsh_interface **interfaces) |
| Destroys an interfaces data array. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_interface_info_get (struct doca_apsh_interface *interface, enum doca_apsh_interface_attr attr) |
| Shadow function - get attribute value for an interface. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_yara_get (struct doca_apsh_process *process, enum doca_apsh_yara_rule *yara_rules_arr, uint32_t yara_rules_arr_size, uint64_t scan_type, struct doca_apsh_yara ***yara_matches, int *yara_matches_size) |
| Scan current process with yara rules. The scanning is done with a window size and step that are set by doca_apsh_sys_set_scan_window_size and doca_apsh_sys_set_scan_window_step. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_yara_free (struct doca_apsh_yara **yara_matches) |
| Destroys a yara context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_yara_info_get (struct doca_apsh_yara *yara, enum doca_apsh_yara_attr attr) |
| Shadow function - get attribute value for a yara. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_injection_detect_get (struct doca_apsh_process *process, struct doca_apsh_injection_detect ***suspected_injections, int *suspected_injections_size) |
| Get suspected code injections of current process. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_injection_detect_free (struct doca_apsh_injection_detect **suspected_injections) |
| Destroys an injection_detect context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_injection_detect_info_get (struct doca_apsh_injection_detect *suspected_injection, enum doca_apsh_injection_detect_attr attr) |
| Shadow function - get attribute value for a suspected_injection. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_containers_get (struct doca_apsh_system *system, struct doca_apsh_container ***containers, int *containers_size) |
| Get array of current containers running on the system. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_containers_free (struct doca_apsh_container **containers) |
| Destroys a container context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_container_info_get (struct doca_apsh_container *container, enum doca_apsh_container_attr attr) |
| Shadow function - get attribute value for a container. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_container_processes_get (struct doca_apsh_container *container, struct doca_apsh_process ***processes, int *processes_size) |
| Get array of current processes running on the container. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_apsh_proc_files_details_get (struct doca_apsh_process *process, struct doca_apsh_proc_file_details ***files_details, int *files_details_size) |
| Get array of metadata on current process executable files and libraries. More... | |
| DOCA_EXPERIMENTAL void | doca_apsh_proc_files_details_free (struct doca_apsh_proc_file_details **files_details) |
| Destroys a files_details context. More... | |
| DOCA_EXPERIMENTAL const void * | __doca_apsh_proc_file_details_info_get (struct doca_apsh_proc_file_details *file_details, enum doca_apsh_proc_file_details_attr attr) |
| Shadow function - get attribute value for file details. More... | |
