26 #ifndef _DOCA_APSH__H_
27 #define _DOCA_APSH__H_
55 struct doca_apsh_system;
62 struct doca_apsh_module;
69 struct doca_apsh_process;
76 struct doca_apsh_thread;
95 struct doca_apsh_attestation;
102 struct doca_apsh_privilege;
109 struct doca_apsh_envar;
116 struct doca_apsh_ldrmodule;
123 struct doca_apsh_handle;
130 struct doca_apsh_process_parameters;
137 struct doca_apsh_sid;
144 struct doca_apsh_netscan;
151 struct doca_apsh_interface;
158 struct doca_apsh_yara;
165 struct doca_apsh_injection_detect;
172 struct doca_apsh_container;
179 struct doca_apsh_proc_file_details;
325 const char *system_os_symbol_folder_path);
488 #define doca_apsh_sys_config(system, attr, value) (__doca_apsh_sys_config(system, attr, (void *)((uintptr_t)value)))
512 struct doca_apsh_module ***modules,
553 #define doca_apsh_module_info_get(module, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_module_info_get(module, attr))
577 struct doca_apsh_process ***processes,
578 int *processes_size);
618 #define doca_apsh_process_info_get(process, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_process_info_get(process, attr))
682 #define doca_apsh_lib_info_get(lib, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_lib_info_get(lib, attr))
707 struct doca_apsh_thread ***threads,
748 #define doca_apsh_thread_info_get(thread, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_thread_info_get(thread, attr))
813 #define doca_apsh_vad_info_get(vad, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_vad_info_get(vad, attr))
842 const char *exec_hash_map_path,
843 struct doca_apsh_attestation ***attestation,
844 int *attestation_size);
884 #define doca_apsh_attst_info_get(attestation, attr) \
885 ((attr##_TYPE)(uintptr_t)__doca_apsh_attst_info_get(attestation, attr))
935 struct doca_apsh_privilege ***privileges,
936 int *privileges_size);
976 #define doca_apsh_privilege_info_get(privilege, attr) \
977 ((attr##_TYPE)(uintptr_t)__doca_apsh_privilege_info_get(privilege, attr))
1005 struct doca_apsh_envar ***envars,
1046 #define doca_apsh_envar_info_get(envar, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_envar_info_get(envar, attr))
1074 struct doca_apsh_ldrmodule ***ldrmodules,
1075 int *ldrmodules_size);
1115 #define doca_apsh_ldrmodule_info_get(ldrmodule, attr) \
1116 ((attr##_TYPE)(uintptr_t)__doca_apsh_ldrmodule_info_get(ldrmodule, attr))
1144 struct doca_apsh_handle ***handles,
1185 #define doca_apsh_handle_info_get(handle, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_handle_info_get(handle, attr))
1212 struct doca_apsh_process_parameters **process_parameters);
1253 #define doca_apsh_process_parameters_info_get(process_parameters, attr) \
1254 ((attr##_TYPE)(uintptr_t)__doca_apsh_process_parameters_info_get(process_parameters, attr))
1321 #define doca_apsh_sid_info_get(sid, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_sid_info_get(sid, attr))
1356 struct doca_apsh_netscan ***connections,
1357 int *connections_size);
1391 struct doca_apsh_netscan ***connections,
1392 int *connections_size);
1432 #define doca_apsh_netscan_info_get(connection, attr) \
1433 ((attr##_TYPE)(uintptr_t)__doca_apsh_netscan_info_get(connection, attr))
1462 struct doca_apsh_interface ***interfaces,
1463 int *interfaces_size);
1505 #define doca_apsh_interface_info_get(interface, attr) \
1506 ((attr##_TYPE)(uintptr_t)__doca_apsh_interface_info_get(interface, attr))
1545 uint32_t yara_rules_arr_size,
1547 struct doca_apsh_yara ***yara_matches,
1548 int *yara_matches_size);
1588 #define doca_apsh_yara_info_get(yara, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_yara_info_get(yara, attr))
1616 struct doca_apsh_injection_detect ***suspected_injections,
1617 int *suspected_injections_size);
1658 #define doca_apsh_injection_detect_info_get(suspected_injection, attr) \
1659 ((attr##_TYPE)(uintptr_t)__doca_apsh_injection_detect_info_get(suspected_injection, attr))
1686 struct doca_apsh_container ***containers,
1687 int *containers_size);
1727 #define doca_apsh_container_info_get(container, attr) \
1728 ((attr##_TYPE)(uintptr_t)__doca_apsh_container_info_get(container, attr))
1752 struct doca_apsh_process ***processes,
1753 int *processes_size);
1781 struct doca_apsh_proc_file_details ***files_details,
1782 int *files_details_size);
1823 #define doca_apsh_proc_file_details_info_get(file_details, attr) \
1824 ((attr##_TYPE)(uintptr_t)__doca_apsh_proc_file_details_info_get(file_details, attr))
doca_apsh_proc_file_details_attr
doca app shield process file details attributes
doca_apsh_interface_attr
doca app shield interface attributes
doca_apsh_envar_attr
doca app shield envars attributes
doca_apsh_privilege_attr
doca app shield privileges attributes windows privilege list can be found on: https://docs....
doca_apsh_lib_attr
doca app shield lib attributes
doca_apsh_handle_attr
doca app shield handle attributes
doca_apsh_netscan_attr
doca app shield netscan attributes
doca_apsh_ldrmodule_attr
doca app shield LDR-Modules attributes
doca_apsh_injection_detect_attr
doca app shield injection detect attributes
doca_apsh_vad_attr
doca app shield virtual address descriptor attributes
doca_apsh_system_config_attr
doca app shield configuration attributes
doca_apsh_attestation_attr
doca app shield attestation attributes
doca_apsh_process_parameters_attr
doca app shield process-parameters attributes
doca_apsh_yara_rule
available doca app shield yara rules
doca_apsh_sid_attr
doca app shield SID (security identifiers) attributes
doca_apsh_module_attr
doca app shield module attributes
doca_apsh_yara_attr
doca app shield yara attributes
doca_apsh_thread_attr
doca app shield thread attributes
doca_apsh_container_attr
doca app shield process attributes
doca_apsh_system_os
system os types
doca_apsh_process_attr
doca app shield process attributes
DOCA_EXPERIMENTAL const void * __doca_apsh_yara_info_get(struct doca_apsh_yara *yara, enum doca_apsh_yara_attr attr)
Shadow function - get attribute value for a yara.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_interfaces_get(struct doca_apsh_system *system, struct doca_apsh_interface ***interfaces, int *interfaces_size)
Get array of all interfaces.
DOCA_EXPERIMENTAL void doca_apsh_netscan_free(struct doca_apsh_netscan **connections)
Destroys a netscan context.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_process_netscan_get(struct doca_apsh_process *process, struct doca_apsh_netscan ***connections, int *connections_size)
Get array of current connections for a specified process.
DOCA_EXPERIMENTAL void doca_apsh_threads_free(struct doca_apsh_thread **threads)
Destroys a threads context.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_kpgd_file_set(struct doca_apsh_system *system, const char *system_kpgd_file_path)
Set system kpgd file.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_set_scan_window_step(struct doca_apsh_system *system, uint32_t scan_window_step)
Set system yara scan window step.
DOCA_EXPERIMENTAL const void * __doca_apsh_attst_info_get(struct doca_apsh_attestation *attestation, enum doca_apsh_attestation_attr attr)
Shadow function - get attribute value for a attestation.
DOCA_EXPERIMENTAL const void * __doca_apsh_sid_info_get(struct doca_apsh_sid *sid, enum doca_apsh_sid_attr attr)
Shadow function - get attribute value for a SID.
DOCA_EXPERIMENTAL const void * __doca_apsh_lib_info_get(struct doca_apsh_lib *lib, enum doca_apsh_lib_attr attr)
Shadow function - get attribute value for a lib.
DOCA_EXPERIMENTAL const void * __doca_apsh_process_parameters_info_get(struct doca_apsh_process_parameters *process_parameters, enum doca_apsh_process_parameters_attr attr)
Shadow function - get attribute value for a process-parameter.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_os_symbol_map_folder_set(struct doca_apsh_system *system, const char *system_os_symbol_folder_path)
Set folder that system os symbol map files.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_proc_files_details_get(struct doca_apsh_process *process, struct doca_apsh_proc_file_details ***files_details, int *files_details_size)
Get array of metadata on current process executable files and libraries.
DOCA_EXPERIMENTAL const void * __doca_apsh_vad_info_get(struct doca_apsh_vad *vad, enum doca_apsh_vad_attr attr)
Shadow function - get attribute value for a vad.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_privileges_get(struct doca_apsh_process *process, struct doca_apsh_privilege ***privileges, int *privileges_size)
Get array of current process privileges.
DOCA_EXPERIMENTAL const void * __doca_apsh_injection_detect_info_get(struct doca_apsh_injection_detect *suspected_injection, enum doca_apsh_injection_detect_attr attr)
Shadow function - get attribute value for a suspected_injection.
DOCA_EXPERIMENTAL void doca_apsh_injection_detect_free(struct doca_apsh_injection_detect **suspected_injections)
Destroys an injection_detect context.
DOCA_EXPERIMENTAL void doca_apsh_libs_free(struct doca_apsh_lib **libs)
Destroys a libs context.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_mem_region_set(struct doca_apsh_system *system, const char *system_mem_region_path)
Set system allowed memory regions.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_dev_set(struct doca_apsh_system *system, struct doca_dev_rep *dev)
Set system device.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_container_processes_get(struct doca_apsh_container *container, struct doca_apsh_process ***processes, int *processes_size)
Get array of current processes running on the container.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_processes_get(struct doca_apsh_system *system, struct doca_apsh_process ***processes, int *processes_size)
Get array of current processes running on the system.
DOCA_EXPERIMENTAL void doca_apsh_sids_free(struct doca_apsh_sid **sids)
Destroys a SIDs context.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_sids_get(struct doca_apsh_process *process, struct doca_apsh_sid ***sids, int *sids_size)
Get array of current process SIDs.
DOCA_EXPERIMENTAL void doca_apsh_module_free(struct doca_apsh_module **modules)
Destroys a modules array.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_set_scan_window_size(struct doca_apsh_system *system, uint32_t scan_window_size)
Set system yara scan window size.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_start(struct doca_apsh_ctx *ctx)
Start apsh handler.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_libs_get(struct doca_apsh_process *process, struct doca_apsh_lib ***libs, int *libs_size)
Get array of current process loadable libraries.
DOCA_EXPERIMENTAL doca_error_t __doca_apsh_sys_config(struct doca_apsh_system *system, enum doca_apsh_system_config_attr attr, void *value)
Shadow function - configure attribute value for a system.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_os_type_set(struct doca_apsh_system *system, enum doca_apsh_system_os os_type)
Set system os type.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_injection_detect_get(struct doca_apsh_process *process, struct doca_apsh_injection_detect ***suspected_injections, int *suspected_injections_size)
Get suspected code injections of current process.
DOCA_EXPERIMENTAL const void * __doca_apsh_netscan_info_get(struct doca_apsh_netscan *connection, enum doca_apsh_netscan_attr attr)
Shadow function - get attribute value for a connection.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_yara_get(struct doca_apsh_process *process, enum doca_apsh_yara_rule *yara_rules_arr, uint32_t yara_rules_arr_size, uint64_t scan_type, struct doca_apsh_yara ***yara_matches, int *yara_matches_size)
Scan current process with yara rules. The scanning is done with a window size and step that are set b...
DOCA_EXPERIMENTAL void doca_apsh_handles_free(struct doca_apsh_handle **handles)
Destroys a handles context.
DOCA_EXPERIMENTAL const void * __doca_apsh_envar_info_get(struct doca_apsh_envar *envar, enum doca_apsh_envar_attr attr)
Shadow function - get attribute value for an environment variable.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_handles_get(struct doca_apsh_process *process, struct doca_apsh_handle ***handles, int *handles_size)
Get array of current process handles.
DOCA_EXPERIMENTAL struct doca_apsh_ctx * doca_apsh_create(void)
Create a new apsh handler.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_envars_get(struct doca_apsh_process *process, struct doca_apsh_envar ***envars, int *envars_size)
Get array of current process environment variables.
DOCA_EXPERIMENTAL const void * __doca_apsh_ldrmodule_info_get(struct doca_apsh_ldrmodule *ldrmodule, enum doca_apsh_ldrmodule_attr attr)
Shadow function - get attribute value for a modules.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_dma_dev_set(struct doca_apsh_ctx *ctx, struct doca_dev *dma_dev)
Set apsh dma device.
DOCA_EXPERIMENTAL void doca_apsh_proc_files_details_free(struct doca_apsh_proc_file_details **files_details)
Destroys a files_details context.
DOCA_EXPERIMENTAL void doca_apsh_privileges_free(struct doca_apsh_privilege **privileges)
Destroys a privileges context.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_vads_get(struct doca_apsh_process *process, struct doca_apsh_vad ***vads, int *vads_size)
Get array of current process vads - virtual address descriptor.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_ldrmodules_get(struct doca_apsh_process *process, struct doca_apsh_ldrmodule ***ldrmodules, int *ldrmodules_size)
Get array of current process modules.
DOCA_EXPERIMENTAL void doca_apsh_interfaces_free(struct doca_apsh_interface **interfaces)
Destroys an interfaces data array.
DOCA_EXPERIMENTAL const void * __doca_apsh_interface_info_get(struct doca_apsh_interface *interface, enum doca_apsh_interface_attr attr)
Shadow function - get attribute value for an interface.
DOCA_EXPERIMENTAL void doca_apsh_attestation_free(struct doca_apsh_attestation **attestation)
Destroys a attestation context.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_netscan_get(struct doca_apsh_system *system, struct doca_apsh_netscan ***connections, int *connections_size)
Get array of current connections.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_threads_get(struct doca_apsh_process *process, struct doca_apsh_thread ***threads, int *threads_size)
Get array of current process threads.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_attestation_get(struct doca_apsh_process *process, const char *exec_hash_map_path, struct doca_apsh_attestation ***attestation, int *attestation_size)
Get current process attestation.
DOCA_EXPERIMENTAL const void * __doca_apsh_module_info_get(struct doca_apsh_module *module, enum doca_apsh_module_attr attr)
Shadow function - get attribute value for a module.
DOCA_EXPERIMENTAL struct doca_apsh_system * doca_apsh_system_create(struct doca_apsh_ctx *ctx)
Create a new system handler.
DOCA_EXPERIMENTAL void doca_apsh_yara_free(struct doca_apsh_yara **yara_matches)
Destroys a yara context.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_containers_get(struct doca_apsh_system *system, struct doca_apsh_container ***containers, int *containers_size)
Get array of current containers running on the system.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_os_symbol_map_set(struct doca_apsh_system *system, const char *system_os_symbol_map_path)
Set system os symbol map.
DOCA_EXPERIMENTAL void doca_apsh_destroy(struct doca_apsh_ctx *ctx)
Free the APSH memory and close connections.
DOCA_EXPERIMENTAL void doca_apsh_process_parameters_free(struct doca_apsh_process_parameters *process_parameters)
Destroys a process-parameters context.
DOCA_EXPERIMENTAL void doca_apsh_ldrmodules_free(struct doca_apsh_ldrmodule **ldrmodules)
Destroys a ldrmodules context.
DOCA_EXPERIMENTAL void doca_apsh_envars_free(struct doca_apsh_envar **envars)
Destroys a envars context.
DOCA_EXPERIMENTAL const void * __doca_apsh_process_info_get(struct doca_apsh_process *process, enum doca_apsh_process_attr attr)
Shadow function - get attribute value for a process.
DOCA_EXPERIMENTAL void doca_apsh_containers_free(struct doca_apsh_container **containers)
Destroys a container context.
DOCA_EXPERIMENTAL void doca_apsh_processes_free(struct doca_apsh_process **processes)
Destroys a process context.
DOCA_EXPERIMENTAL const void * __doca_apsh_privilege_info_get(struct doca_apsh_privilege *privilege, enum doca_apsh_privilege_attr attr)
Shadow function - get attribute value for a privilege.
DOCA_EXPERIMENTAL const void * __doca_apsh_handle_info_get(struct doca_apsh_handle *handle, enum doca_apsh_handle_attr attr)
Shadow function - get attribute value for a handle.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_modules_get(struct doca_apsh_system *system, struct doca_apsh_module ***modules, int *modules_size)
Get array of current modules installed on the system.
DOCA_EXPERIMENTAL void doca_apsh_system_destroy(struct doca_apsh_system *system)
Destroy system handler.
DOCA_EXPERIMENTAL const void * __doca_apsh_thread_info_get(struct doca_apsh_thread *thread, enum doca_apsh_thread_attr attr)
Shadow function - get attribute value for a thread.
DOCA_EXPERIMENTAL void doca_apsh_vads_free(struct doca_apsh_vad **vads)
Destroys a vads context.
DOCA_EXPERIMENTAL const void * __doca_apsh_container_info_get(struct doca_apsh_container *container, enum doca_apsh_container_attr attr)
Shadow function - get attribute value for a container.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_attst_refresh(struct doca_apsh_attestation ***attestation, int *attestation_size)
refresh single attestation handler of a process with new snapshot
DOCA_EXPERIMENTAL doca_error_t doca_apsh_system_start(struct doca_apsh_system *system)
Start system handler.
DOCA_EXPERIMENTAL doca_error_t doca_apsh_process_parameters_get(struct doca_apsh_process *process, struct doca_apsh_process_parameters **process_parameters)
Get current process parameters.
DOCA_EXPERIMENTAL const void * __doca_apsh_proc_file_details_info_get(struct doca_apsh_proc_file_details *file_details, enum doca_apsh_proc_file_details_attr attr)
Shadow function - get attribute value for file details.
#define DOCA_EXPERIMENTAL
To set a Symbol (or specifically a function) as experimental.
enum doca_error doca_error_t
DOCA API return codes.
struct upf_accel_ctx * ctx
1.9.1