Collaboration diagram for DOCA App Shield:

Modules
	DOCA App Shield Attributes

Macros
#define	doca_apsh_sys_config(system, attr, value) (__doca_apsh_sys_config(system, attr, (void *)((uintptr_t)value)))
	configure attribute value for a system, such as: hashtest limit, symbols map ... More...

#define	doca_apsh_module_info_get(module, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_module_info_get(module, attr))
	Get attribute value for a module. More...

#define	doca_apsh_process_info_get(process, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_process_info_get(process, attr))
	Get attribute value for a process. More...

#define	doca_apsh_lib_info_get(lib, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_lib_info_get(lib, attr))
	Get attribute value for a lib. More...

#define	doca_apsh_thread_info_get(thread, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_thread_info_get(thread, attr))
	Get attribute value for a thread. More...

#define	doca_apsh_vad_info_get(vad, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_vad_info_get(vad, attr))
	Get attribute value for a vad. More...

#define	doca_apsh_attst_info_get(attestation, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_attst_info_get(attestation, attr))
	Get attribute value for a attestation. More...

#define	doca_apsh_privilege_info_get(privilege, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_privilege_info_get(privilege, attr))
	Get attribute value for a privilege. More...

#define	doca_apsh_envar_info_get(envar, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_envar_info_get(envar, attr))
	Get attribute value for an environment variable. More...

#define	doca_apsh_ldrmodule_info_get(ldrmodule, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_ldrmodule_info_get(ldrmodule, attr))
	Get attribute value for a ldrmodule. More...

#define	doca_apsh_handle_info_get(handle, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_handle_info_get(handle, attr))
	Get attribute value for a handle. More...

#define	doca_apsh_process_parameters_info_get(process_parameters, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_process_parameters_info_get(process_parameters, attr))
	get attribute value for a process-parameter More...

#define	doca_apsh_sid_info_get(sid, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_sid_info_get(sid, attr))
	Get attribute value for a SID. More...

#define	doca_apsh_netscan_info_get(connection, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_netscan_info_get(connection, attr))
	Get attribute value for a connection. More...

#define	doca_apsh_interface_info_get(interface, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_interface_info_get(interface, attr))
	Get attribute value for an interface. More...

#define	doca_apsh_yara_info_get(yara, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_yara_info_get(yara, attr))
	Get attribute value for a yara. More...

#define	doca_apsh_injection_detect_info_get(suspected_injection, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_injection_detect_info_get(suspected_injection, attr))
	Get attribute value for a suspected_injection. More...

#define	doca_apsh_container_info_get(container, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_container_info_get(container, attr))
	Get attribute value for a container. More...

#define	doca_apsh_proc_file_details_info_get(file_details, attr) ((attr##_TYPE)(uintptr_t)__doca_apsh_proc_file_details_info_get(file_details, attr))
	Get attribute value for a file. More...

Functions
DOCA_EXPERIMENTAL struct doca_apsh_ctx *	doca_apsh_create (void)
	Create a new apsh handler. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_start (struct doca_apsh_ctx *ctx)
	Start apsh handler. More...

DOCA_EXPERIMENTAL void	doca_apsh_destroy (struct doca_apsh_ctx *ctx)
	Free the APSH memory and close connections. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_dma_dev_set (struct doca_apsh_ctx ctx, struct doca_dev dma_dev)
	Set apsh dma device. More...

DOCA_EXPERIMENTAL struct doca_apsh_system *	doca_apsh_system_create (struct doca_apsh_ctx *ctx)
	Create a new system handler. More...

DOCA_EXPERIMENTAL void	doca_apsh_system_destroy (struct doca_apsh_system *system)
	Destroy system handler. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_system_start (struct doca_apsh_system *system)
	Start system handler. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_sys_os_symbol_map_set (struct doca_apsh_system system, const char system_os_symbol_map_path)
	Set system os symbol map. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_sys_os_symbol_map_folder_set (struct doca_apsh_system system, const char system_os_symbol_folder_path)
	Set folder that system os symbol map files. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_sys_mem_region_set (struct doca_apsh_system system, const char system_mem_region_path)
	Set system allowed memory regions. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_sys_dev_set (struct doca_apsh_system system, struct doca_dev_rep dev)
	Set system device. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_sys_os_type_set (struct doca_apsh_system *system, enum doca_apsh_system_os os_type)
	Set system os type. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_sys_kpgd_file_set (struct doca_apsh_system system, const char system_kpgd_file_path)
	Set system kpgd file. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_sys_set_scan_window_size (struct doca_apsh_system *system, uint32_t scan_window_size)
	Set system yara scan window size. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_sys_set_scan_window_step (struct doca_apsh_system *system, uint32_t scan_window_step)
	Set system yara scan window step. More...

DOCA_EXPERIMENTAL doca_error_t	__doca_apsh_sys_config (struct doca_apsh_system system, enum doca_apsh_system_config_attr attr, void value)
	Shadow function - configure attribute value for a system. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_modules_get (struct doca_apsh_system system, struct doca_apsh_module *modules, int modules_size)
	Get array of current modules installed on the system. More...

DOCA_EXPERIMENTAL void	doca_apsh_module_free (struct doca_apsh_module **modules)
	Destroys a modules array. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_module_info_get (struct doca_apsh_module *module, enum doca_apsh_module_attr attr)
	Shadow function - get attribute value for a module. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_processes_get (struct doca_apsh_system system, struct doca_apsh_process *processes, int processes_size)
	Get array of current processes running on the system. More...

DOCA_EXPERIMENTAL void	doca_apsh_processes_free (struct doca_apsh_process **processes)
	Destroys a process context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_process_info_get (struct doca_apsh_process *process, enum doca_apsh_process_attr attr)
	Shadow function - get attribute value for a process. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_libs_get (struct doca_apsh_process process, struct doca_apsh_lib *libs, int libs_size)
	Get array of current process loadable libraries. More...

DOCA_EXPERIMENTAL void	doca_apsh_libs_free (struct doca_apsh_lib **libs)
	Destroys a libs context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_lib_info_get (struct doca_apsh_lib *lib, enum doca_apsh_lib_attr attr)
	Shadow function - get attribute value for a lib. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_threads_get (struct doca_apsh_process process, struct doca_apsh_thread *threads, int threads_size)
	Get array of current process threads. More...

DOCA_EXPERIMENTAL void	doca_apsh_threads_free (struct doca_apsh_thread **threads)
	Destroys a threads context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_thread_info_get (struct doca_apsh_thread *thread, enum doca_apsh_thread_attr attr)
	Shadow function - get attribute value for a thread. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_vads_get (struct doca_apsh_process process, struct doca_apsh_vad *vads, int vads_size)
	Get array of current process vads - virtual address descriptor. More...

DOCA_EXPERIMENTAL void	doca_apsh_vads_free (struct doca_apsh_vad **vads)
	Destroys a vads context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_vad_info_get (struct doca_apsh_vad *vad, enum doca_apsh_vad_attr attr)
	Shadow function - get attribute value for a vad. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_attestation_get (struct doca_apsh_process process, const char exec_hash_map_path, struct doca_apsh_attestation **attestation, int attestation_size)
	Get current process attestation. More...

DOCA_EXPERIMENTAL void	doca_apsh_attestation_free (struct doca_apsh_attestation **attestation)
	Destroys a attestation context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_attst_info_get (struct doca_apsh_attestation *attestation, enum doca_apsh_attestation_attr attr)
	Shadow function - get attribute value for a attestation. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_attst_refresh (struct doca_apsh_attestation **attestation, int attestation_size)
	refresh single attestation handler of a process with new snapshot More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_privileges_get (struct doca_apsh_process process, struct doca_apsh_privilege *privileges, int privileges_size)
	Get array of current process privileges. More...

DOCA_EXPERIMENTAL void	doca_apsh_privileges_free (struct doca_apsh_privilege **privileges)
	Destroys a privileges context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_privilege_info_get (struct doca_apsh_privilege *privilege, enum doca_apsh_privilege_attr attr)
	Shadow function - get attribute value for a privilege. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_envars_get (struct doca_apsh_process process, struct doca_apsh_envar *envars, int envars_size)
	Get array of current process environment variables. More...

DOCA_EXPERIMENTAL void	doca_apsh_envars_free (struct doca_apsh_envar **envars)
	Destroys a envars context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_envar_info_get (struct doca_apsh_envar *envar, enum doca_apsh_envar_attr attr)
	Shadow function - get attribute value for an environment variable. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_ldrmodules_get (struct doca_apsh_process process, struct doca_apsh_ldrmodule *ldrmodules, int ldrmodules_size)
	Get array of current process modules. More...

DOCA_EXPERIMENTAL void	doca_apsh_ldrmodules_free (struct doca_apsh_ldrmodule **ldrmodules)
	Destroys a ldrmodules context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_ldrmodule_info_get (struct doca_apsh_ldrmodule *ldrmodule, enum doca_apsh_ldrmodule_attr attr)
	Shadow function - get attribute value for a modules. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_handles_get (struct doca_apsh_process process, struct doca_apsh_handle *handles, int handles_size)
	Get array of current process handles. More...

DOCA_EXPERIMENTAL void	doca_apsh_handles_free (struct doca_apsh_handle **handles)
	Destroys a handles context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_handle_info_get (struct doca_apsh_handle *handle, enum doca_apsh_handle_attr attr)
	Shadow function - get attribute value for a handle. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_process_parameters_get (struct doca_apsh_process process, struct doca_apsh_process_parameters *process_parameters)
	Get current process parameters. More...

DOCA_EXPERIMENTAL void	doca_apsh_process_parameters_free (struct doca_apsh_process_parameters *process_parameters)
	Destroys a process-parameters context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_process_parameters_info_get (struct doca_apsh_process_parameters *process_parameters, enum doca_apsh_process_parameters_attr attr)
	Shadow function - get attribute value for a process-parameter. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_sids_get (struct doca_apsh_process process, struct doca_apsh_sid *sids, int sids_size)
	Get array of current process SIDs. More...

DOCA_EXPERIMENTAL void	doca_apsh_sids_free (struct doca_apsh_sid **sids)
	Destroys a SIDs context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_sid_info_get (struct doca_apsh_sid *sid, enum doca_apsh_sid_attr attr)
	Shadow function - get attribute value for a SID. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_netscan_get (struct doca_apsh_system system, struct doca_apsh_netscan *connections, int connections_size)
	Get array of current connections. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_process_netscan_get (struct doca_apsh_process process, struct doca_apsh_netscan *connections, int connections_size)
	Get array of current connections for a specified process. More...

DOCA_EXPERIMENTAL void	doca_apsh_netscan_free (struct doca_apsh_netscan **connections)
	Destroys a netscan context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_netscan_info_get (struct doca_apsh_netscan *connection, enum doca_apsh_netscan_attr attr)
	Shadow function - get attribute value for a connection. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_interfaces_get (struct doca_apsh_system system, struct doca_apsh_interface *interfaces, int interfaces_size)
	Get array of all interfaces. More...

DOCA_EXPERIMENTAL void	doca_apsh_interfaces_free (struct doca_apsh_interface **interfaces)
	Destroys an interfaces data array. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_interface_info_get (struct doca_apsh_interface *interface, enum doca_apsh_interface_attr attr)
	Shadow function - get attribute value for an interface. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_yara_get (struct doca_apsh_process process, enum doca_apsh_yara_rule yara_rules_arr, uint32_t yara_rules_arr_size, uint64_t scan_type, struct doca_apsh_yara **yara_matches, int yara_matches_size)
	Scan current process with yara rules. The scanning is done with a window size and step that are set by doca_apsh_sys_set_scan_window_size and doca_apsh_sys_set_scan_window_step. More...

DOCA_EXPERIMENTAL void	doca_apsh_yara_free (struct doca_apsh_yara **yara_matches)
	Destroys a yara context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_yara_info_get (struct doca_apsh_yara *yara, enum doca_apsh_yara_attr attr)
	Shadow function - get attribute value for a yara. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_injection_detect_get (struct doca_apsh_process process, struct doca_apsh_injection_detect *suspected_injections, int suspected_injections_size)
	Get suspected code injections of current process. More...

DOCA_EXPERIMENTAL void	doca_apsh_injection_detect_free (struct doca_apsh_injection_detect **suspected_injections)
	Destroys an injection_detect context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_injection_detect_info_get (struct doca_apsh_injection_detect *suspected_injection, enum doca_apsh_injection_detect_attr attr)
	Shadow function - get attribute value for a suspected_injection. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_containers_get (struct doca_apsh_system system, struct doca_apsh_container *containers, int containers_size)
	Get array of current containers running on the system. More...

DOCA_EXPERIMENTAL void	doca_apsh_containers_free (struct doca_apsh_container **containers)
	Destroys a container context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_container_info_get (struct doca_apsh_container *container, enum doca_apsh_container_attr attr)
	Shadow function - get attribute value for a container. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_container_processes_get (struct doca_apsh_container container, struct doca_apsh_process *processes, int processes_size)
	Get array of current processes running on the container. More...

DOCA_EXPERIMENTAL doca_error_t	doca_apsh_proc_files_details_get (struct doca_apsh_process process, struct doca_apsh_proc_file_details *files_details, int files_details_size)
	Get array of metadata on current process executable files and libraries. More...

DOCA_EXPERIMENTAL void	doca_apsh_proc_files_details_free (struct doca_apsh_proc_file_details **files_details)
	Destroys a files_details context. More...

DOCA_EXPERIMENTAL const void *	__doca_apsh_proc_file_details_info_get (struct doca_apsh_proc_file_details *file_details, enum doca_apsh_proc_file_details_attr attr)
	Shadow function - get attribute value for file details. More...

Detailed Description

DOCA App Shield library let you to monitor operation system that resides on the host. This is done with the DPU DMA capabilities. Please follow the programmer guide for system configurations.

Macro Definition Documentation

◆ doca_apsh_attst_info_get

#define doca_apsh_attst_info_get	(	attestation,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_attst_info_get(attestation, attr))

Get attribute value for a attestation.

Get the requested info from attestation handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

attestation	single attestation handler
attr	Attribute to get the info on the module

Returns: return the info requested (with casting)

Definition at line 884 of file doca_apsh.h.

◆ doca_apsh_container_info_get

#define doca_apsh_container_info_get	(	container,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_container_info_get(container, attr))

Get attribute value for a container.

Get the requested info from container handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

container	single container handler
attr	Attribute to get the info on the module

Returns: return the info requested (with casting)

Definition at line 1727 of file doca_apsh.h.

◆ doca_apsh_envar_info_get

#define doca_apsh_envar_info_get	(	envar,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_envar_info_get(envar, attr))

Get attribute value for an environment variable.

Get the requested info from envar handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

envar	single envar handler
attr	Attribute to get the info on the module

Returns: return the info requested (with casting)

Definition at line 1046 of file doca_apsh.h.

◆ doca_apsh_handle_info_get

#define doca_apsh_handle_info_get	(	handle,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_handle_info_get(handle, attr))

Get attribute value for a handle.

Get the requested info from handle handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

handle	single handle handler
attr	Attribute to get the info on the module

Returns: return the info requested (with casting)

Definition at line 1185 of file doca_apsh.h.

◆ doca_apsh_injection_detect_info_get

#define doca_apsh_injection_detect_info_get	(	suspected_injection,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_injection_detect_info_get(suspected_injection, attr))

Get attribute value for a suspected_injection.

Get the requested info from suspected_injection handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

suspected_injection	single injection_detect handler
attr	Attribute to get the info on the suspected injection

Returns: return the info requested (with casting)

Definition at line 1658 of file doca_apsh.h.

◆ doca_apsh_interface_info_get

#define doca_apsh_interface_info_get	(	interface,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_interface_info_get(interface, attr))

Get attribute value for an interface.

Get the requested info from interface handler. The info is right to the snapshot (at the get function moment) If the requested info is an array or string no data is copied. The caller should not release the returned object. full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

interface	single interface handler
attr	Attribute to get the info on the interface

Returns: return the info requested (with casting)

Definition at line 1505 of file doca_apsh.h.

◆ doca_apsh_ldrmodule_info_get

#define doca_apsh_ldrmodule_info_get	(	ldrmodule,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_ldrmodule_info_get(ldrmodule, attr))

Get attribute value for a ldrmodule.

Get the requested info from ldrmodule handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

ldrmodule	single ldrmodule handler
attr	Attribute to get the info on the module

Returns: return the info requested (with casting)

Definition at line 1115 of file doca_apsh.h.

◆ doca_apsh_lib_info_get

#define doca_apsh_lib_info_get	(	lib,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_lib_info_get(lib, attr))

Get attribute value for a lib.

Get the requested info from lib handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

lib	single lib handler
attr	Attribute to get the info on the module

Returns: return the info requested (with casting)

Definition at line 682 of file doca_apsh.h.

◆ doca_apsh_module_info_get

#define doca_apsh_module_info_get	(	module,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_module_info_get(module, attr))

Get attribute value for a module.

Get the requested info from module handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

module	single module handler
attr	Attribute to get the info on the module

Returns: return the info requested (with casting)

Definition at line 553 of file doca_apsh.h.

◆ doca_apsh_netscan_info_get

#define doca_apsh_netscan_info_get	(	connection,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_netscan_info_get(connection, attr))

Get attribute value for a connection.

Get the requested info from connection handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

connection	single connection handler
attr	Attribute to get the info on the connection

Returns: return the info requested (with casting)

Definition at line 1432 of file doca_apsh.h.

◆ doca_apsh_privilege_info_get

#define doca_apsh_privilege_info_get	(	privilege,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_privilege_info_get(privilege, attr))

Get attribute value for a privilege.

Get the requested info from privilege handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

privilege	single privilege handler
attr	Attribute to get the info on the module

Returns: return the info requested (with casting)

Definition at line 976 of file doca_apsh.h.

◆ doca_apsh_proc_file_details_info_get

#define doca_apsh_proc_file_details_info_get	(	file_details,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_proc_file_details_info_get(file_details, attr))

Get attribute value for a file.

Get the requested info from file details handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

file_details	single file details handler
attr	Attribute to get the info on the file details

Returns: return the info requested (with casting)

Definition at line 1823 of file doca_apsh.h.

◆ doca_apsh_process_info_get

#define doca_apsh_process_info_get	(	process,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_process_info_get(process, attr))

Get attribute value for a process.

Get the requested info from process handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

process	single process handler
attr	Attribute to get the info on the module

Returns: return the info requested (with casting)

Definition at line 618 of file doca_apsh.h.

◆ doca_apsh_process_parameters_info_get

#define doca_apsh_process_parameters_info_get	(	process_parameters,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_process_parameters_info_get(process_parameters, attr))

get attribute value for a process-parameter

Get the requested info from process_parameters handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

process_parameters	single process_parameters handler
attr	Attribute to get the info on the process_parameters

Returns: return the info requested (with casting)

Definition at line 1253 of file doca_apsh.h.

◆ doca_apsh_sid_info_get

#define doca_apsh_sid_info_get	(	sid,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_sid_info_get(sid, attr))

Get attribute value for a SID.

Get the requested info from SID handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

sid	single SID handler
attr	Attribute to get the info on the module

Returns: return the info requested (with casting)

Definition at line 1321 of file doca_apsh.h.

◆ doca_apsh_sys_config

#define doca_apsh_sys_config	(	system,
		attr,
		value
	)	(__doca_apsh_sys_config(system, attr, (void *)((uintptr_t)value)))

configure attribute value for a system, such as: hashtest limit, symbols map ...

Parameters

system	system handler
attr	Attribute to set in the system
value	the value to set

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_NOT_SUPPORTED - if attr was OS type and an unsupported OS type had been received.
DOCA_ERROR_NO_MEMORY - if memory allocation failed.
DOCA_ERROR_BAD_STATE - if system is already started.

Definition at line 488 of file doca_apsh.h.

◆ doca_apsh_thread_info_get

#define doca_apsh_thread_info_get	(	thread,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_thread_info_get(thread, attr))

Get attribute value for a thread.

Get the requested info from thread handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

thread	single thread handler
attr	Attribute to get the info on the module

Returns: return the info requested (with casting)

Definition at line 748 of file doca_apsh.h.

◆ doca_apsh_vad_info_get

#define doca_apsh_vad_info_get	(	vad,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_vad_info_get(vad, attr))

Get attribute value for a vad.

Get the requested info from vad handler. The info is right to the snapshot (at the get function moment) full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

vad	single vad handler
attr	Attribute to get the info on the module

Returns: return the info requested (with casting)

Definition at line 813 of file doca_apsh.h.

◆ doca_apsh_yara_info_get

#define doca_apsh_yara_info_get	(	yara,
		attr
	)	((attr##_TYPE)(uintptr_t)__doca_apsh_yara_info_get(yara, attr))

Get attribute value for a yara.

Get the requested info from yara handler. The info is right to the snapshot (at the get function moment) Full list (type and descriptions) can be found in doca_apsh_attr.h

Parameters

yara	single yara handler
attr	Attribute to get the info on the yara

Returns: return the info requested (with casting)

Definition at line 1588 of file doca_apsh.h.

Function Documentation

◆ __doca_apsh_attst_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_attst_info_get	(	struct doca_apsh_attestation *	attestation,
		enum doca_apsh_attestation_attr	attr
	)

Shadow function - get attribute value for a attestation.

Do not use this function, recommended to use doca_apsh_attestation_info_get

Parameters

attestation	single attestation handler
attr	Attribute to get the info on the attestation

Returns: return the info requested, need to cast

◆ __doca_apsh_container_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_container_info_get	(	struct doca_apsh_container *	container,
		enum doca_apsh_container_attr	attr
	)

Shadow function - get attribute value for a container.

Do not use this function, recommended to use doca_apsh_container_info_get

Parameters

container	single container handler
attr	Attribute to get the info on the container

Returns: return the info requested, need to cast

◆ __doca_apsh_envar_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_envar_info_get	(	struct doca_apsh_envar *	envar,
		enum doca_apsh_envar_attr	attr
	)

Shadow function - get attribute value for an environment variable.

Do not use this function, recommended to use doca_apsh_envar_info_get

Parameters

envar	single envar handler
attr	Attribute to get the info on the envar

Returns: return the info requested, need to cast

◆ __doca_apsh_handle_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_handle_info_get	(	struct doca_apsh_handle *	handle,
		enum doca_apsh_handle_attr	attr
	)

Shadow function - get attribute value for a handle.

Do not use this function, recommended to use doca_apsh_handle_info_get

Parameters

handle	single handle handler
attr	Attribute to get the info on the handle

Returns: return the info requested, need to cast

◆ __doca_apsh_injection_detect_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_injection_detect_info_get	(	struct doca_apsh_injection_detect *	suspected_injection,
		enum doca_apsh_injection_detect_attr	attr
	)

Shadow function - get attribute value for a suspected_injection.

Do not use this function, recommended to use doca_apsh_injection_detect_info_get

Parameters

suspected_injection	single injection_detect handler
attr	Attribute to get the info on the suspected injection

Returns: return the info requested, need to cast

◆ __doca_apsh_interface_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_interface_info_get	(	struct doca_apsh_interface *	interface,
		enum doca_apsh_interface_attr	attr
	)

Shadow function - get attribute value for an interface.

Do not use this function, recommended to use doca_apsh_interface_info_get

Parameters

interface	single interface handler
attr	Attribute to get the info on the interface

Returns: return the info requested, need to cast

◆ __doca_apsh_ldrmodule_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_ldrmodule_info_get	(	struct doca_apsh_ldrmodule *	ldrmodule,
		enum doca_apsh_ldrmodule_attr	attr
	)

Shadow function - get attribute value for a modules.

Do not use this function, recommended to use doca_apsh_ldrmodule_info_get

Parameters

ldrmodule	single ldrmodule handler
attr	Attribute to get the info on the module

Returns: return the info requested, need to cast

◆ __doca_apsh_lib_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_lib_info_get	(	struct doca_apsh_lib *	lib,
		enum doca_apsh_lib_attr	attr
	)

Shadow function - get attribute value for a lib.

Do not use this function, recommended to use doca_apsh_lib_info_get

Parameters

lib	single lib handler
attr	Attribute to get the info on the lib

Returns: return the info requested, need to cast

◆ __doca_apsh_module_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_module_info_get	(	struct doca_apsh_module *	module,
		enum doca_apsh_module_attr	attr
	)

Shadow function - get attribute value for a module.

Do not use this function, recommended to use doca_apsh_mod_info_get

Parameters

module	single module handler
attr	Attribute to get the info on the module

Returns: return the info requested, need to cast

◆ __doca_apsh_netscan_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_netscan_info_get	(	struct doca_apsh_netscan *	connection,
		enum doca_apsh_netscan_attr	attr
	)

Shadow function - get attribute value for a connection.

Do not use this function, recommended to use doca_apsh_netscan_info_get

Parameters

connection	single connection handler
attr	Attribute to get the info on the connection

Returns: return the info requested, need to cast

◆ __doca_apsh_privilege_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_privilege_info_get	(	struct doca_apsh_privilege *	privilege,
		enum doca_apsh_privilege_attr	attr
	)

Shadow function - get attribute value for a privilege.

Do not use this function, recommended to use doca_apsh_privilege_info_get

Parameters

privilege	single privilege handler
attr	Attribute to get the info on the privilege

Returns: return the info requested, need to cast

◆ __doca_apsh_proc_file_details_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_proc_file_details_info_get	(	struct doca_apsh_proc_file_details *	file_details,
		enum doca_apsh_proc_file_details_attr	attr
	)

Shadow function - get attribute value for file details.

Do not use this function, recommended to use doca_apsh_proc_file_info_get

Parameters

file_details	single file handler
attr	Attribute to get the info on the file

Returns: return the info requested, need to cast

◆ __doca_apsh_process_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_process_info_get	(	struct doca_apsh_process *	process,
		enum doca_apsh_process_attr	attr
	)

Shadow function - get attribute value for a process.

Do not use this function, recommended to use doca_apsh_process_info_get

Parameters

process	single process handler
attr	Attribute to get the info on the process

Returns: return the info requested, need to cast

◆ __doca_apsh_process_parameters_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_process_parameters_info_get	(	struct doca_apsh_process_parameters *	process_parameters,
		enum doca_apsh_process_parameters_attr	attr
	)

Shadow function - get attribute value for a process-parameter.

Do not use this function, recommended to use doca_apsh_process_parameters_info_get

Parameters

process_parameters	single process_parameters handler
attr	Attribute to get the info on the process_parameters

Returns: return the info requested, need to cast

◆ __doca_apsh_sid_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_sid_info_get	(	struct doca_apsh_sid *	sid,
		enum doca_apsh_sid_attr	attr
	)

Shadow function - get attribute value for a SID.

Do not use this function, recommended to use doca_apsh_sid_info_get

Parameters

sid	single SID handler
attr	Attribute to get the info on the SID

Returns: return the info requested, need to cast

◆ __doca_apsh_sys_config()

DOCA_EXPERIMENTAL doca_error_t __doca_apsh_sys_config	(	struct doca_apsh_system *	system,
		enum doca_apsh_system_config_attr	attr,
		void *	value
	)

Shadow function - configure attribute value for a system.

Do not use this function, recommended to use doca_apsh_sys_config

Parameters

system	system handler
attr	Attribute to set in the system
value	the value to set

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_NOT_SUPPORTED - if attr was OS type and an unsupported OS type had been received.
DOCA_ERROR_NO_MEMORY - if memory allocation failed.
DOCA_ERROR_BAD_STATE - if system is already started.

◆ __doca_apsh_thread_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_thread_info_get	(	struct doca_apsh_thread *	thread,
		enum doca_apsh_thread_attr	attr
	)

Shadow function - get attribute value for a thread.

Do not use this function, recommended to use doca_apsh_thread_info_get

Parameters

thread	single thread handler
attr	Attribute to get the info on the thread

Returns: return the info requested, need to cast

◆ __doca_apsh_vad_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_vad_info_get	(	struct doca_apsh_vad *	vad,
		enum doca_apsh_vad_attr	attr
	)

Shadow function - get attribute value for a vad.

Do not use this function, recommended to use doca_apsh_vad_info_get

Parameters

vad	single vad handler
attr	Attribute to get the info on the vad

Returns: return the info requested, need to cast

◆ __doca_apsh_yara_info_get()

DOCA_EXPERIMENTAL const void* __doca_apsh_yara_info_get	(	struct doca_apsh_yara *	yara,
		enum doca_apsh_yara_attr	attr
	)

Shadow function - get attribute value for a yara.

Do not use this function, recommended to use doca_apsh_yara_info_get

Parameters

yara	single yara handler
attr	Attribute to get the info on the yara

Returns: return the info requested, need to cast

◆ doca_apsh_attestation_free()

DOCA_EXPERIMENTAL void doca_apsh_attestation_free ( struct doca_apsh_attestation ** attestation )

Destroys a attestation context.

Parameters

attestation Attestation opaque pointer of the process to destroy

◆ doca_apsh_attestation_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_attestation_get	(	struct doca_apsh_process *	process,
		const char *	exec_hash_map_path,
		struct doca_apsh_attestation ***	attestation,
		int *	attestation_size
	)

Get current process attestation.

This function is multithreaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return is snapshot, this is not dynamic, need to free it.

Parameters

process	Process handler
exec_hash_map_path	path to file containing the hash calculations of the executable and dlls/libs of the process note that changing the process code or any libs can effect this. The file can be created by running the doca_exec_hash_build_map tool on the system.
attestation	Attestation opaque pointers of the process
attestation_size	Output param, will contain size of attestation array on success.

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if modules list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to modules array.
DOCA_ERROR_NOT_FOUND - if process hasn't been found.

◆ doca_apsh_attst_refresh()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_attst_refresh	(	struct doca_apsh_attestation ***	attestation,
		int *	attestation_size
	)

refresh single attestation handler of a process with new snapshot

This function is multithreaded compatible with different system context, Refresh the snapshot of the handler. Recommended to query all wanted information before refreshing.

Parameters

attestation	single attestation handler to refresh
attestation_size	Output param, will contain size of attestation array on success.

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if modules list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to modules array.
DOCA_ERROR_NOT_FOUND - if process hasn't been found.

◆ doca_apsh_container_processes_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_container_processes_get	(	struct doca_apsh_container *	container,
		struct doca_apsh_process ***	processes,
		int *	processes_size
	)

Get array of current processes running on the container.

This function is multithreaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Parameters

container	single container handler
processes	Array of process opaque pointers of the systems
processes_size	Output param, will contain size of processes array on success.

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if processes list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to processes array.

◆ doca_apsh_containers_free()

DOCA_EXPERIMENTAL void doca_apsh_containers_free ( struct doca_apsh_container ** containers )

Destroys a container context.

Parameters

containers Array of container opaque pointers of the systems to destroy

◆ doca_apsh_containers_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_containers_get	(	struct doca_apsh_system *	system,
		struct doca_apsh_container ***	containers,
		int *	containers_size
	)

Get array of current containers running on the system.

This function is multithreaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

currently supports the following container runtime tools:

containerd

Parameters

system	System handler
containers	Array of container opaque pointers of the systems
containers_size	Output param, will contain size of containers array on success.

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if containers list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to containers array.

◆ doca_apsh_create()

DOCA_EXPERIMENTAL struct doca_apsh_ctx* doca_apsh_create ( void )

Create a new apsh handler.

Allocate memory and init the opaque struct for apsh handler. Before using the system handler use doca_apsh_start

Returns: apsh context required for creating system handler, NULL on failure

◆ doca_apsh_destroy()

DOCA_EXPERIMENTAL void doca_apsh_destroy ( struct doca_apsh_ctx * ctx )

Free the APSH memory and close connections.

Parameters

ctx	apsh context to destroy

◆ doca_apsh_dma_dev_set()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_dma_dev_set	(	struct doca_apsh_ctx *	ctx,
		struct doca_dev *	dma_dev
	)

Set apsh dma device.

This is a Mandatory setter

Parameters

ctx	apsh handler
dma_dev	doca device with dma capabilities, please refer to doca_dev.h

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_NO_MEMORY - if cannot alloc new buffer for dma_dev_name.

◆ doca_apsh_envars_free()

DOCA_EXPERIMENTAL void doca_apsh_envars_free ( struct doca_apsh_envar ** envars )

Destroys a envars context.

Parameters

envars Array of envars opaque pointers of the process to destroy

◆ doca_apsh_envars_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_envars_get	(	struct doca_apsh_process *	process,
		struct doca_apsh_envar ***	envars,
		int *	envars_size
	)

Get array of current process environment variables.

This function is multi-threaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, the function allocates this array, use doca_apsh_envars_free to free it.

Note: currently supported only for windows systems.

Parameters

process	Process handler
envars	Array of environment variables opaque pointers of the process. in case process doesn't have any envars, will return NULL.
envars_size	Output param, will contain size of envars array on success.

Returns

DOCA_SUCCESS - in case of success (including the case envars_size is zero). doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if envars list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to envars array.
DOCA_ERROR_NOT_SUPPORTED - in case of unsupported system os.

◆ doca_apsh_handles_free()

DOCA_EXPERIMENTAL void doca_apsh_handles_free ( struct doca_apsh_handle ** handles )

Destroys a handles context.

Parameters

handles Array of handles opaque pointers of the process to destroy

◆ doca_apsh_handles_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_handles_get	(	struct doca_apsh_process *	process,
		struct doca_apsh_handle ***	handles,
		int *	handles_size
	)

Get array of current process handles.

This function is multi-threaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Note: currently supported only for windows systems.

Parameters

process	Process handler
handles	Array of handles opaque pointers of the process. in case process doesn't have any handles, will return NULL.
handles_size	Output param, will contain size of handles array on success.

Returns

DOCA_SUCCESS - in case of success (including the case handles_size is zero). doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if handles list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to handles array.
DOCA_ERROR_NOT_SUPPORTED - in case of unsupported system os.

◆ doca_apsh_injection_detect_free()

DOCA_EXPERIMENTAL void doca_apsh_injection_detect_free ( struct doca_apsh_injection_detect ** suspected_injections )

Destroys an injection_detect context.

Parameters

suspected_injections suspected_injections opaque pointer of the process to destroy

◆ doca_apsh_injection_detect_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_injection_detect_get	(	struct doca_apsh_process *	process,
		struct doca_apsh_injection_detect ***	suspected_injections,
		int *	suspected_injections_size
	)

Get suspected code injections of current process.

This function is multithreaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return is snapshot, this is not dynamic, need to free it.

Note: currently supported only for windows systems.

Parameters

process	Process handler
suspected_injections	suspected injections opaque pointers of the process
suspected_injections_size	Output param, will contain size of suspected_injections array on success.

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_NOT_FOUND - if process structures haven't been found.
DOCA_ERROR_INITIALIZATION - if injections list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to injections array.
DOCA_ERROR_NOT_SUPPORTED - in case of unsupported system os.

◆ doca_apsh_interfaces_free()

DOCA_EXPERIMENTAL void doca_apsh_interfaces_free ( struct doca_apsh_interface ** interfaces )

Destroys an interfaces data array.

Parameters

interfaces Array of interface data opaque pointers of the system to destroy

◆ doca_apsh_interfaces_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_interfaces_get	(	struct doca_apsh_system *	system,
		struct doca_apsh_interface ***	interfaces,
		int *	interfaces_size
	)

Get array of all interfaces.

This function is multi-threaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Note: currently supported only for Linux OS.

Parameters

system	System handler
interfaces	Pointer to array of interfaces opaque pointers of the system
interfaces_size	Output param, will contain size of interfaces data array on success

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if interfaces data list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to interfaces data array.
DOCA_ERROR_NOT_SUPPORTED - if unsupported OS type has been received (or unsupported OS build).
DOCA_ERROR_BAD_STATE - if system isn't started yet.

◆ doca_apsh_ldrmodules_free()

DOCA_EXPERIMENTAL void doca_apsh_ldrmodules_free ( struct doca_apsh_ldrmodule ** ldrmodules )

Destroys a ldrmodules context.

Parameters

ldrmodules Array of ldrmodules opaque pointers of the process to destroy

◆ doca_apsh_ldrmodules_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_ldrmodules_get	(	struct doca_apsh_process *	process,
		struct doca_apsh_ldrmodule ***	ldrmodules,
		int *	ldrmodules_size
	)

Get array of current process modules.

This function is multi-threaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Note: currently supported only for windows systems.

Parameters

process	Process handler
ldrmodules	Array of ldrmodules opaque pointers of the process. in case process doesn't have any modules, will return NULL.
ldrmodules_size	Output param, will contain size of ldrmodules array on success.

Returns

DOCA_SUCCESS - in case of success (including the case ldrmodules_size is zero). doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if ldrmodules list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to ldrmodules array.
DOCA_ERROR_NOT_SUPPORTED - in case of unsupported system os.

◆ doca_apsh_libs_free()

DOCA_EXPERIMENTAL void doca_apsh_libs_free ( struct doca_apsh_lib ** libs )

Destroys a libs context.

Parameters

libs	Array of libs opaque pointers of the process to destroy

◆ doca_apsh_libs_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_libs_get	(	struct doca_apsh_process *	process,
		struct doca_apsh_lib ***	libs,
		int *	libs_size
	)

Get array of current process loadable libraries.

This function is multithreaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Parameters

process	Process handler
libs	Array of libs opaque pointers of the process. in case process doesn't point to any libs, will return NULL.
libs_size	Output param, will contain size of libs array on success.

Returns

DOCA_SUCCESS - in case of success (including the case libs_size is zero). doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if libs list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to libs array.

◆ doca_apsh_module_free()

DOCA_EXPERIMENTAL void doca_apsh_module_free ( struct doca_apsh_module ** modules )

Destroys a modules array.

Parameters

modules Array of module opaque pointers of the systems to destroy

◆ doca_apsh_modules_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_modules_get	(	struct doca_apsh_system *	system,
		struct doca_apsh_module ***	modules,
		int *	modules_size
	)

Get array of current modules installed on the system.

This function is multithreaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Parameters

system	System handler
modules	Array of module opaque pointers of the systems
modules_size	Output param, will contain size of modules array on success.

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if modules list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to modules array.

◆ doca_apsh_netscan_free()

DOCA_EXPERIMENTAL void doca_apsh_netscan_free ( struct doca_apsh_netscan ** connections )

Destroys a netscan context.

Parameters

connections Array of connections opaque pointers of the system to destroy

◆ doca_apsh_netscan_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_netscan_get	(	struct doca_apsh_system *	system,
		struct doca_apsh_netscan ***	connections,
		int *	connections_size
	)

Get array of current connections.

This function is multi-threaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Note: currently supported only for systems with windows 10 build (such as: windows 10 and windows server 2019).

Parameters

system	System handler
connections	Pointer to array of connections opaque pointers of the system
connections_size	Output param, will contain size of connections array on success

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if connections list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to connections array.
DOCA_ERROR_NOT_SUPPORTED - if unsupported OS type has been received (or unsupported OS build).
list of supported builds:

Windows 10 10240 x86 Windows 10 10586 x86 Windows 10 14393 x86 Windows 10 15063 x64

Windows 10 15063 x86 Windows 10 16299 x64 Windows 10 17134 x64 Windows 10 17134 x86

Windows 10 17763 x64 Windows 10 18362 x64 Windows 10 18363 x64 Windows 10 19041 x64

Windows 10 19041 x86
DOCA_ERROR_BAD_STATE - if system isn't started yet.

◆ doca_apsh_privileges_free()

DOCA_EXPERIMENTAL void doca_apsh_privileges_free ( struct doca_apsh_privilege ** privileges )

Destroys a privileges context.

Parameters

privileges Array of privileges opaque pointers of the process to destroy

◆ doca_apsh_privileges_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_privileges_get	(	struct doca_apsh_process *	process,
		struct doca_apsh_privilege ***	privileges,
		int *	privileges_size
	)

Get array of current process privileges.

This function is multi-threaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Note: currently supported only for windows systems.

Parameters

process	Process handler
privileges	Array of privileges opaque pointers of the process. in case process doesn't have any privileges, will return NULL.
privileges_size	Output param, will contain size of privileges array on success.

Returns

DOCA_SUCCESS - in case of success (including the case privileges_size is zero). doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if privileges list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to privileges array.
DOCA_ERROR_NOT_SUPPORTED - in case of unsupported system os.

◆ doca_apsh_proc_files_details_free()

DOCA_EXPERIMENTAL void doca_apsh_proc_files_details_free ( struct doca_apsh_proc_file_details ** files_details )

Destroys a files_details context.

Parameters

files_details Array of files_details opaque pointers of the process to destroy

◆ doca_apsh_proc_files_details_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_proc_files_details_get	(	struct doca_apsh_process *	process,
		struct doca_apsh_proc_file_details ***	files_details,
		int *	files_details_size
	)

Get array of metadata on current process executable files and libraries.

This function is multi-threaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Note: currently supported only for linux systems.

Parameters

process	Process handler
files_details	Array of file details opaque pointers of the process. in case process doesn't have any files, will return NULL.
files_details_size	Output param, will contain size of files_details array on success.

Returns

DOCA_SUCCESS - in case of success (including the case files_details_size is zero). doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if files list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to files_details array.
DOCA_ERROR_NOT_SUPPORTED - in case of unsupported system os.

◆ doca_apsh_process_netscan_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_process_netscan_get	(	struct doca_apsh_process *	process,
		struct doca_apsh_netscan ***	connections,
		int *	connections_size
	)

Get array of current connections for a specified process.

This function is multi-threaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Note: currently supported only for linux and windows 10 build systems (such as: windows 10 and windows server 2019).

Parameters

process	Process handler
connections	Pointer to array of connections opaque pointers of the system
connections_size	Output param, will contain size of connections array on success

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if connections list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to connections array.
DOCA_ERROR_NOT_SUPPORTED - if windows OS build is unsupported.
list of supported windows builds:

Windows 10 10240 x86 Windows 10 10586 x86 Windows 10 14393 x86 Windows 10 15063 x64

Windows 10 15063 x86 Windows 10 16299 x64 Windows 10 17134 x64 Windows 10 17134 x86

Windows 10 17763 x64 Windows 10 18362 x64 Windows 10 18363 x64 Windows 10 19041 x64

Windows 10 19041 x86

◆ doca_apsh_process_parameters_free()

DOCA_EXPERIMENTAL void doca_apsh_process_parameters_free ( struct doca_apsh_process_parameters * process_parameters )

Destroys a process-parameters context.

Parameters

process_parameters process-parameters opaque pointer of the process

◆ doca_apsh_process_parameters_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_process_parameters_get	(	struct doca_apsh_process *	process,
		struct doca_apsh_process_parameters **	process_parameters
	)

Get current process parameters.

This function is multi-threaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return object is a snapshot, not a dynamic object, need to free it.

Note: currently supported only for windows systems.

Parameters

process	Process handler
process_parameters	Pointer of process-parameters opaque pointer of the process. In case process-parameters data are paged out, will return NULL.

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if process-parameters object initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot allocate memory to process-parameters object.
DOCA_ERROR_NOT_SUPPORTED - in case of unsupported system os.
DOCA_ERROR_BAD_STATE - in case the relevant memory is not present in the system memory.

◆ doca_apsh_processes_free()

DOCA_EXPERIMENTAL void doca_apsh_processes_free ( struct doca_apsh_process ** processes )

Destroys a process context.

Parameters

processes Array of process opaque pointers of the systems to destroy

◆ doca_apsh_processes_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_processes_get	(	struct doca_apsh_system *	system,
		struct doca_apsh_process ***	processes,
		int *	processes_size
	)

Get array of current processes running on the system.

This function is multithreaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Parameters

system	System handler
processes	Array of process opaque pointers of the systems
processes_size	Output param, will contain size of processes array on success.

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if processes list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to processes array.

◆ doca_apsh_sids_free()

DOCA_EXPERIMENTAL void doca_apsh_sids_free ( struct doca_apsh_sid ** sids )

Destroys a SIDs context.

Parameters

sids	Array of SIDs opaque pointers of the process to destroy

◆ doca_apsh_sids_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_sids_get	(	struct doca_apsh_process *	process,
		struct doca_apsh_sid ***	sids,
		int *	sids_size
	)

Get array of current process SIDs.

This function is multi-threaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Note: currently supported only for windows systems.

Parameters

process	Process handler
sids	Array of SIDs opaque pointers of the process. in case process doesn't have any SIDs, will return NULL.
sids_size	Output param, will contain size of SIDs array on success.

Returns

DOCA_SUCCESS - in case of success (including the case handles_size is zero). doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if SIDs list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to SIDs array.
DOCA_ERROR_NOT_SUPPORTED - in case of unsupported system os.

◆ doca_apsh_start()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_start ( struct doca_apsh_ctx * ctx )

Start apsh handler.

Start apsh handler and init connection to devices. Need to set apsh params with setter functions before starting the system. Mandatory setters: doca_apsh_dma_dev_set. Other setters can be query automatically but will take time.

Parameters

ctx	App Shield handler

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.

◆ doca_apsh_sys_dev_set()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_dev_set	(	struct doca_apsh_system *	system,
		struct doca_dev_rep *	dev
	)

Set system device.

This is a Mandatory setter

Parameters

system	system handler
dev	the device that is connected to the system to be queried. for example a vf that is connected to a vm or pf that is connected to the bare-metal. doca representor device from dma device configured in doca_apsh_dma_dev_set. to query the right device please refer to doca_dev.h for full options.

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_BAD_STATE - if system was already started.

◆ doca_apsh_sys_kpgd_file_set()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_kpgd_file_set	(	struct doca_apsh_system *	system,
		const char *	system_kpgd_file_path
	)

Set system kpgd file.

This is not a must setter

Parameters

system	system handler
system_kpgd_file_path	the path to kpgd file

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_NOT_SUPPORTED - if unsupported OS type had been received.
DOCA_ERROR_BAD_STATE - if system was already started.

◆ doca_apsh_sys_mem_region_set()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_mem_region_set	(	struct doca_apsh_system *	system,
		const char *	system_mem_region_path
	)

Set system allowed memory regions.

This is a Mandatory setter

Parameters

system	system handler
system_mem_region_path	path to json file containing the memory regions of the devices The memory regions are unique per system, would not change on reboot or between different devices of the same system. note that adding/removing device from the host can change the regions. The json can be created by running the doca_system_mem_region tool on the system.

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_NO_MEMORY - if cannot alloc new buffer for system_os_symbol_map_path.
DOCA_ERROR_BAD_STATE - if system was already started.

◆ doca_apsh_sys_os_symbol_map_folder_set()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_os_symbol_map_folder_set	(	struct doca_apsh_system *	system,
		const char *	system_os_symbol_folder_path
	)

Set folder that system os symbol map files.

Parameters

system	system handler
system_os_symbol_folder_path	the folder that contains os memory map data files. this folder will be scanned in order to find the symbol map. note that this parameter is considered only if os symbol map path is not provided. the map should be created by running the doca_system_os_symbol_map tool on the system os and then placed in the os_symbol_folder.

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_NO_MEMORY - if cannot alloc new buffer for system_os_symbol_folder_path.
DOCA_ERROR_BAD_STATE - if system was already started.

◆ doca_apsh_sys_os_symbol_map_set()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_os_symbol_map_set	(	struct doca_apsh_system *	system,
		const char *	system_os_symbol_map_path
	)

Set system os symbol map.

This is a Mandatory setter

Parameters

system	system handler
system_os_symbol_map_path	the os memory map data, unique per os build please note that changing linux kernel (adding/removing modules) will change the map should be created by running the doca_system_os_symbol_map tool on the system os

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_NO_MEMORY - if cannot alloc new buffer for system_os_symbol_map_path.
DOCA_ERROR_BAD_STATE - if system was already started.

◆ doca_apsh_sys_os_type_set()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_os_type_set	(	struct doca_apsh_system *	system,
		enum doca_apsh_system_os	os_type
	)

Set system os type.

This is a must setter

Parameters

system	system handler
os_type	system os type - windows/linux

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_NOT_SUPPORTED - if unsupported OS type had been received.
DOCA_ERROR_BAD_STATE - if system was already started.

◆ doca_apsh_sys_set_scan_window_size()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_set_scan_window_size	(	struct doca_apsh_system *	system,
		uint32_t	scan_window_size
	)

Set system yara scan window size.

This is not a must setter. Default size is 4KB.

Parameters

system	system handler
scan_window_size	yara scan window size (in bytes) a condition on scan window size is: (window_scan_size % PAGE_SIZE == 0) or (PAGE_SIZE % window_scan_size == 0)

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.

◆ doca_apsh_sys_set_scan_window_step()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_sys_set_scan_window_step	(	struct doca_apsh_system *	system,
		uint32_t	scan_window_step
	)

Set system yara scan window step.

This is not a must setter. Default size is 4KB. Since this setter is dependent on scan_window_size, make sure to call it after "doca_apsh_sys_set_scan_window_size".

Parameters

system	system handler
scan_window_step	yara scan window step (in bytes) a condition on scan window step is: window_scan_size % scan_window_step == 0

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.

◆ doca_apsh_system_create()

DOCA_EXPERIMENTAL struct doca_apsh_system* doca_apsh_system_create ( struct doca_apsh_ctx * ctx )

Create a new system handler.

Allocate memory and init the opaque struct for system handler. Before using the system handler use doca_apsh_system_start

Parameters

ctx	apsh handler

Returns: returns system pointer, NULL on failure

◆ doca_apsh_system_destroy()

DOCA_EXPERIMENTAL void doca_apsh_system_destroy ( struct doca_apsh_system * system )

Destroy system handler.

This will not destroy process/module/libs ...

Parameters

system system context to destroy

◆ doca_apsh_system_start()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_system_start ( struct doca_apsh_system * system )

Start system handler.

Start system handler and init connection to the system. Need to set system params with setter functions before starting the system. Mandatory setters: os_symbol_map, mem_region, dev. Other setters can be query automatically but will take time.

Parameters

system system handler

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if app-shield system initialization has failed.

◆ doca_apsh_threads_free()

DOCA_EXPERIMENTAL void doca_apsh_threads_free ( struct doca_apsh_thread ** threads )

Destroys a threads context.

Parameters

threads Array of threads opaque pointers of the process to destroy

◆ doca_apsh_threads_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_threads_get	(	struct doca_apsh_process *	process,
		struct doca_apsh_thread ***	threads,
		int *	threads_size
	)

Get array of current process threads.

This function is multithreaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Parameters

process	Process handler
threads	Array of threads opaque pointers of the process. in case process doesn't have any threads, will return NULL.
threads_size	Output param, will contain size of threads array on success.

Returns

DOCA_SUCCESS - in case of success (including the case threads_size is zero). doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if threads list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to threads array.

◆ doca_apsh_vads_free()

DOCA_EXPERIMENTAL void doca_apsh_vads_free ( struct doca_apsh_vad ** vads )

Destroys a vads context.

Parameters

vads	Array of vads opaque pointers of the process to destroy

◆ doca_apsh_vads_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_vads_get	(	struct doca_apsh_process *	process,
		struct doca_apsh_vad ***	vads,
		int *	vads_size
	)

Get array of current process vads - virtual address descriptor.

This function is multithreaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Parameters

process	Process handler
vads	Array of vads opaque pointers of the process. in case process doesn't point to any vads, will return NULL.
vads_size	Output param, will contain size of vads array on success.

Returns

DOCA_SUCCESS - in case of success (including the case vads_size is zero). doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if modules list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to modules array.
DOCA_ERROR_NOT_FOUND - if process hasn't been found.

◆ doca_apsh_yara_free()

DOCA_EXPERIMENTAL void doca_apsh_yara_free ( struct doca_apsh_yara ** yara_matches )

Destroys a yara context.

Parameters

yara_matches Array of yara matches opaque pointers to destroy

◆ doca_apsh_yara_get()

DOCA_EXPERIMENTAL doca_error_t doca_apsh_yara_get	(	struct doca_apsh_process *	process,
		enum doca_apsh_yara_rule *	yara_rules_arr,
		uint32_t	yara_rules_arr_size,
		uint64_t	scan_type,
		struct doca_apsh_yara ***	yara_matches,
		int *	yara_matches_size
	)

Scan current process with yara rules. The scanning is done with a window size and step that are set by doca_apsh_sys_set_scan_window_size and doca_apsh_sys_set_scan_window_step.

This function is multithreaded compatible with different system context, meaning do not call this function simultaneously with the same system context. The return array is snapshot, this is not dynamic array, need to free it.

Note

1. Currently supported only for windows systems

Currently supported only on DPU with Ubuntu 22.04.

Parameters

process	Process handler
yara_rules_arr	Array of type doca_apsh_yara_rule containing the rules to check against the process's memory
yara_rules_arr_size	Length of yara_rules_arr
scan_type	YARA scan type bitmask - to scan the whole vad tree or just heaps This will affect performance, please see enum doca_apsh_yara_scan_type
yara_matches	Point to array of yara matches opaque pointers. In case no yara matches were found, will return NULL.
yara_matches_size	Output param, will contain size of YARA array on success.

Returns

DOCA_SUCCESS - in case of success. doca_error code - in case of failure:

DOCA_ERROR_INVALID_VALUE - if an invalid input had been received.
DOCA_ERROR_INITIALIZATION - if yara matches list initialization failed.
DOCA_ERROR_NO_MEMORY - if cannot alloc memory to yara matches array.
DOCA_ERROR_NOT_FOUND - if process hasn't been found.
DOCA_ERROR_NOT_SUPPORTED - in case of unsupported system os or DPU.

Modules

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ doca_apsh_attst_info_get

◆ doca_apsh_container_info_get

◆ doca_apsh_envar_info_get

◆ doca_apsh_handle_info_get

◆ doca_apsh_injection_detect_info_get

◆ doca_apsh_interface_info_get

◆ doca_apsh_ldrmodule_info_get

◆ doca_apsh_lib_info_get

◆ doca_apsh_module_info_get

◆ doca_apsh_netscan_info_get

◆ doca_apsh_privilege_info_get

◆ doca_apsh_proc_file_details_info_get

◆ doca_apsh_process_info_get

◆ doca_apsh_process_parameters_info_get

◆ doca_apsh_sid_info_get

◆ doca_apsh_sys_config

◆ doca_apsh_thread_info_get

◆ doca_apsh_vad_info_get

◆ doca_apsh_yara_info_get

Function Documentation

◆ __doca_apsh_attst_info_get()

◆ __doca_apsh_container_info_get()

◆ __doca_apsh_envar_info_get()

◆ __doca_apsh_handle_info_get()

◆ __doca_apsh_injection_detect_info_get()

◆ __doca_apsh_interface_info_get()

◆ __doca_apsh_ldrmodule_info_get()

◆ __doca_apsh_lib_info_get()

◆ __doca_apsh_module_info_get()

◆ __doca_apsh_netscan_info_get()

◆ __doca_apsh_privilege_info_get()

◆ __doca_apsh_proc_file_details_info_get()

◆ __doca_apsh_process_info_get()

◆ __doca_apsh_process_parameters_info_get()

◆ __doca_apsh_sid_info_get()

◆ __doca_apsh_sys_config()

◆ __doca_apsh_thread_info_get()

◆ __doca_apsh_vad_info_get()

◆ __doca_apsh_yara_info_get()

◆ doca_apsh_attestation_free()

◆ doca_apsh_attestation_get()

◆ doca_apsh_attst_refresh()

◆ doca_apsh_container_processes_get()

◆ doca_apsh_containers_free()

◆ doca_apsh_containers_get()

◆ doca_apsh_create()

◆ doca_apsh_destroy()

◆ doca_apsh_dma_dev_set()

◆ doca_apsh_envars_free()

◆ doca_apsh_envars_get()

◆ doca_apsh_handles_free()

◆ doca_apsh_handles_get()

◆ doca_apsh_injection_detect_free()

◆ doca_apsh_injection_detect_get()

◆ doca_apsh_interfaces_free()

◆ doca_apsh_interfaces_get()

◆ doca_apsh_ldrmodules_free()

◆ doca_apsh_ldrmodules_get()

◆ doca_apsh_libs_free()

◆ doca_apsh_libs_get()

◆ doca_apsh_module_free()

◆ doca_apsh_modules_get()

◆ doca_apsh_netscan_free()

◆ doca_apsh_netscan_get()

◆ doca_apsh_privileges_free()

◆ doca_apsh_privileges_get()

◆ doca_apsh_proc_files_details_free()

◆ doca_apsh_proc_files_details_get()

◆ doca_apsh_process_netscan_get()

◆ doca_apsh_process_parameters_free()

◆ doca_apsh_process_parameters_get()

◆ doca_apsh_processes_free()

◆ doca_apsh_processes_get()

◆ doca_apsh_sids_free()

◆ doca_apsh_sids_get()