Collaboration diagram for DOCA App Shield Attributes:

Typedefs
typedef struct doca_dev *	DOCA_APSH_DMA_DEV_TYPE
	dma dev name More...

typedef char *	DOCA_APSH_OS_SYMBOL_MAP_TYPE
	os symbol map path More...

typedef char *	DOCA_APSH_MEM_REGION_TYPE
	memory region path More...

typedef char *	DOCA_APSH_KPGD_FILE_TYPE
	kpgd file path More...

typedef struct doca_dev_rep *	DOCA_APSH_VHCA_ID_TYPE
	vhca id More...

typedef enum doca_apsh_system_os	DOCA_APSH_OS_TYPE_TYPE
	os type More...

typedef uint32_t	DOCA_APSH_SCAN_WIN_SIZE_TYPE
	yara scan window size More...

typedef uint32_t	DOCA_APSH_SCAN_WIN_STEP_TYPE
	yara scan window step More...

typedef int	DOCA_APSH_HASHTEST_LIMIT_TYPE
	limit of vm areas to attest More...

typedef int	DOCA_APSH_MODULES_LIMIT_TYPE
	limit of modules number More...

typedef int	DOCA_APSH_PROCESS_LIMIT_TYPE
	limit of processes number More...

typedef int	DOCA_APSH_THREADS_LIMIT_TYPE
	limit of threads number More...

typedef int	DOCA_APSH_LIBS_LIMIT_TYPE
	limit of libs number More...

typedef int	DOCA_APSH_VADS_LIMIT_TYPE
	limit of vads number More...

typedef int	DOCA_APSH_WINDOWS_ENVARS_LIMIT_TYPE
	length limit of envars for windows More...

typedef int	DOCA_APSH_STRING_LIMIT_TYPE
	length limit of apsh_read_str More...

typedef char *	DOCA_APSH_OS_SYMBOL_MAP_FOLDER_TYPE
	os symbol map folder path More...

typedef int	DOCA_APSH_FILESIZE_LIMIT_TYPE
	limit of parsed files size More...

typedef uint32_t	DOCA_APSH_PROCESS_PID_TYPE
	process pid type More...

typedef uint32_t	DOCA_APSH_PROCESS_PPID_TYPE
	process pid type More...

typedef const char *	DOCA_APSH_PROCESS_COMM_TYPE
	process comm type More...

typedef uint64_t	DOCA_APSH_PROCESS_CPU_TIME_TYPE
	process cpu time type More...

typedef uint64_t	DOCA_APSH_PROCESS_WINDOWS_OFFSET_TYPE
	process offset type More...

typedef uint32_t	DOCA_APSH_PROCESS_WINDOWS_THREADS_TYPE
	process threads type More...

typedef uint64_t	DOCA_APSH_PROCESS_WINDOWS_EXIT_TIME_TYPE
	process exit time type More...

typedef uint32_t	DOCA_APSH_PROCESS_LINUX_GID_TYPE
	process gid type More...

typedef uint32_t	DOCA_APSH_PROCESS_LINUX_UID_TYPE
	process uid type More...

typedef uint64_t	DOCA_APSH_PROCESS_LINUX_STATE_TYPE
	process state type More...

typedef uint32_t	DOCA_APSH_PROCESS_LINUX_NS_PID_TYPE
	process PID namespace type More...

typedef uint32_t	DOCA_APSH_PROCESS_LINUX_NS_MNT_TYPE
	process mount namespace type More...

typedef uint32_t	DOCA_APSH_PROCESS_LINUX_NS_NET_TYPE
	process network namespace type More...

typedef uint32_t	DOCA_APSH_THREAD_PID_TYPE
	thread pid type More...

typedef uint32_t	DOCA_APSH_THREAD_TID_TYPE
	thread tid type More...

typedef uint64_t	DOCA_APSH_THREAD_STATE_TYPE
	thread state type More...

typedef uint8_t	DOCA_APSH_THREAD_WINDOWS_WAIT_REASON_TYPE
	thread wait reason type More...

typedef uint64_t	DOCA_APSH_THREAD_WINDOWS_OFFSET_TYPE
	thread offset type More...

typedef uint8_t	DOCA_APSH_THREAD_WINDOWS_SUSPEND_COUNT_TYPE
	thread suspend count type More...

typedef const char *	DOCA_APSH_THREAD_LINUX_PROC_NAME_TYPE
	thread proc name type More...

typedef const char *	DOCA_APSH_THREAD_LINUX_THREAD_NAME_TYPE
	thread thread name type More...

typedef uint32_t	DOCA_APSH_LIB_PID_TYPE
	lib pid type More...

typedef const char *	DOCA_APSH_LIB_LIBRARY_PATH_TYPE
	lib loaded library path type More...

typedef uint64_t	DOCA_APSH_LIB_LOAD_ADRESS_TYPE
	lib load address for both Windows and Linux More...

typedef const char *	DOCA_APSH_LIB_WINDOWS_DLL_NAME_TYPE
	lib dll name type More...

typedef uint32_t	DOCA_APSH_LIB_WINDOWS_SIZE_OF_IMAGE_TYPE
	lib size of image type More...

typedef uint64_t	DOCA_APSH_LIB_LINUX_LOAD_ADRESS_TYPE
	lib load address for Linux More...

typedef uint32_t	DOCA_APSH_VMA_PID_TYPE
	vma pid type More...

typedef uint64_t	DOCA_APSH_VMA_OFFSET_TYPE
	vma offset type More...

typedef const char *	DOCA_APSH_VMA_PROTECTION_TYPE
	vma protection type More...

typedef uint64_t	DOCA_APSH_VMA_VM_START_TYPE
	vma vm start type More...

typedef uint64_t	DOCA_APSH_VMA_VM_END_TYPE
	vma vm end type More...

typedef const char *	DOCA_APSH_VMA_PROCESS_NAME_TYPE
	vma file path type More...

typedef const char *	DOCA_APSH_VMA_FILE_PATH_TYPE
	vma file path type More...

typedef uint32_t	DOCA_APSH_VMA_WINDOWS_COMMIT_CHARGE_TYPE
	vma commit charge type More...

typedef uint32_t	DOCA_APSH_VMA_WINDOWS_PRIVATE_MEMORY_TYPE
	vma private memory type More...

typedef const char *	DOCA_APSH_VMA_WINDOWS_TAG_TYPE
	vma tag type More...

typedef uint32_t	DOCA_APSH_ATTESTATION_PID_TYPE
	attestation pid type More...

typedef const char *	DOCA_APSH_ATTESTATION_COMM_TYPE
	attestation comm type More...

typedef const char *	DOCA_APSH_ATTESTATION_PATH_OF_MEMORY_AREA_TYPE
	attestation path of memory area type More...

typedef const char *	DOCA_APSH_ATTESTATION_PROTECTION_TYPE
	attestation protection type More...

typedef uint64_t	DOCA_APSH_ATTESTATION_START_ADDRESS_TYPE
	attestation start address type More...

typedef uint64_t	DOCA_APSH_ATTESTATION_END_ADDRESS_TYPE
	attestation end address type More...

typedef int	DOCA_APSH_ATTESTATION_PAGES_NUMBER_TYPE
	attestation pages number type More...

typedef int	DOCA_APSH_ATTESTATION_PAGES_PRESENT_TYPE
	attestation pages present type More...

typedef int	DOCA_APSH_ATTESTATION_MATCHING_HASHES_TYPE
	attestation matching hashes type More...

typedef bool	DOCA_APSH_ATTESTATION_HASH_DATA_IS_PRESENT_TYPE
	attestation hash data is present type More...

typedef uint64_t	DOCA_APSH_MODULES_OFFSET_TYPE
	module offset type More...

typedef const char *	DOCA_APSH_MODULES_NAME_TYPE
	module name type More...

typedef uint32_t	DOCA_APSH_MODULES_SIZE_TYPE
	module size type More...

typedef uint32_t	DOCA_APSH_PRIVILEGES_PID_TYPE
	privilege process pid More...

typedef const char *	DOCA_APSH_PRIVILEGES_NAME_TYPE
	privilege name type More...

typedef bool	DOCA_APSH_PRIVILEGES_IS_ON_TYPE
	privilege is on type More...

typedef bool	DOCA_APSH_PRIVILEGES_WINDOWS_PRESENT_TYPE
	privilege windows present type More...

typedef bool	DOCA_APSH_PRIVILEGES_WINDOWS_ENABLED_TYPE
	privilege windows enabled type More...

typedef bool	DOCA_APSH_PRIVILEGES_WINDOWS_DEFAULT_TYPE
	privilege windows enabled by default type More...

typedef uint32_t	DOCA_APSH_ENVARS_PID_TYPE
	envars pid type More...

typedef const char *	DOCA_APSH_ENVARS_VARIABLE_TYPE
	envars variable type More...

typedef const char *	DOCA_APSH_ENVARS_VALUE_TYPE
	envars value type More...

typedef uint64_t	DOCA_APSH_ENVARS_WINDOWS_BLOCK_TYPE
	envars windows block address type More...

typedef uint32_t	DOCA_APSH_LDRMODULE_PID_TYPE
	ldrmodule pid type More...

typedef uint64_t	DOCA_APSH_LDRMODULE_BASE_ADDRESS_TYPE
	ldrmodule base address type More...

typedef const char *	DOCA_APSH_LDRMODULE_LIBRARY_PATH_TYPE
	ldrmodule library path type More...

typedef const char *	DOCA_APSH_LDRMODULE_WINDOWS_DLL_NAME_TYPE
	ldrmodule windows dll name type More...

typedef uint32_t	DOCA_APSH_LDRMODULE_WINDOWS_SIZE_OF_IMAGE_TYPE
	ldrmodule size of image type More...

typedef bool	DOCA_APSH_LDRMODULE_WINDOWS_INLOAD_TYPE
	ldrmodule inload type More...

typedef bool	DOCA_APSH_LDRMODULE_WINDOWS_INMEM_TYPE
	ldrmodule inmem type More...

typedef bool	DOCA_APSH_LDRMODULE_WINDOWS_ININIT_TYPE
	ldrmodule ininit type More...

typedef uint32_t	DOCA_APSH_HANDLE_PID_TYPE
	handle pid type More...

typedef uint64_t	DOCA_APSH_HANDLE_VALUE_TYPE
	handle value type More...

typedef uint64_t	DOCA_APSH_HANDLE_TABLE_ENTRY_TYPE
	handle table entry type More...

typedef const char *	DOCA_APSH_HANDLE_TYPE_TYPE
	handle type type More...

typedef uint64_t	DOCA_APSH_HANDLE_ACCESS_TYPE
	handle access type More...

typedef const char *	DOCA_APSH_HANDLE_NAME_TYPE
	handle name type More...

typedef uint32_t	DOCA_APSH_PROCESS_PARAMETERS_PID_TYPE
	process-parameters pid More...

typedef const char *	DOCA_APSH_PROCESS_PARAMETERS_CMD_LINE_TYPE
	process-parameters command line More...

typedef uint64_t	DOCA_APSH_PROCESS_PARAMETERS_IMAGE_BASE_ADDR_TYPE
	process-parameters image base address More...

typedef const char *	DOCA_APSH_PROCESS_PARAMETERS_IMAGE_FULL_PATH_TYPE
	process-parameters image full path More...

typedef uint32_t	DOCA_APSH_PROCESS_SID_PID_TYPE
	SID process id. More...

typedef const char *	DOCA_APSH_PROCESS_SID_STRING_TYPE
	SID strings. More...

typedef uint32_t	DOCA_APSH_PROCESS_SID_ATTRIBUTES_TYPE
	SID attributes flag. More...

typedef uint32_t	DOCA_APSH_NETSCAN_PID_TYPE
	netscan process id More...

typedef const char *	DOCA_APSH_NETSCAN_COMM_TYPE
	netscan process name More...

typedef const char *	DOCA_APSH_NETSCAN_PROTOCOL_TYPE
	netscan connection protocol More...

typedef const char *	DOCA_APSH_NETSCAN_LOCAL_ADDR_TYPE
	netscan connection local address More...

typedef const char *	DOCA_APSH_NETSCAN_REMOTE_ADDR_TYPE
	netscan connection remote address More...

typedef uint64_t	DOCA_APSH_NETSCAN_LOCAL_PORT_TYPE
	netscan connection local port More...

typedef uint64_t	DOCA_APSH_NETSCAN_REMOTE_PORT_TYPE
	netscan connection remote port More...

typedef const char *	DOCA_APSH_NETSCAN_STATE_TYPE
	netscan connection state More...

typedef const char *	DOCA_APSH_NETSCAN_TIME_TYPE
	netscan windows connection creation time - depricated More...

typedef const char *	DOCA_APSH_NETSCAN_WINDOWS_TIME_TYPE
	netscan windows connection creation time More...

typedef uint32_t	DOCA_APSH_NETSCAN_LINUX_FD_TYPE
	netscan linux connection file descriptor More...

typedef uint64_t	DOCA_APSH_NETSCAN_LINUX_SOCKET_OFFSET_TYPE
	netscan linux connection socket offset More...

typedef const char *	DOCA_APSH_NETSCAN_LINUX_FAMILY_TYPE
	netscan linux connection Family More...

typedef const char *	DOCA_APSH_NETSCAN_LINUX_TYPE_TYPE
	netscan linux connection Type More...

typedef const char *	DOCA_APSH_NETSCAN_LINUX_FILTER_TYPE
	netscan linux connection filter More...

typedef uint32_t	DOCA_APSH_NETSCAN_LINUX_NET_NAMESPACE_TYPE
	netscan linux connection net namespace More...

typedef uint64_t	DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_SENT_TYPE
	netscan linux connection TCP sent bytes More...

typedef uint64_t	DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_ACKED_TYPE
	netscan linux connection TCP acknowledged bytes More...

typedef uint64_t	DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_RECEIVED_TYPE
	netscan linux connection TCP received bytes More...

typedef uint32_t	DOCA_APSH_NETSCAN_LINUX_TCP_SEGS_IN_TYPE
	netscan linux connection TCP segments in More...

typedef uint32_t	DOCA_APSH_NETSCAN_LINUX_TCP_SEGS_OUT_TYPE
	netscan linux connection TCP segments out More...

typedef uint32_t	DOCA_APSH_NETSCAN_LINUX_TCP_DATA_SEGS_IN_TYPE
	netscan linux connection TCP data segments in More...

typedef uint32_t	DOCA_APSH_NETSCAN_LINUX_TCP_DATA_SEGS_OUT_TYPE
	netscan linux connection TCP data segments out More...

typedef char *	DOCA_APSH_NETSCAN_LINUX_INTERFACE_NAME_TYPE
	netscan linux interface name More...

typedef char **	DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV4_ARR_TYPE
	netscan interface IPV4 array More...

typedef uint32_t	DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV4_ARR_SIZE_TYPE
	netscan linux interface IPV4 array size More...

typedef char **	DOCA_APSH_NETSCAN_LINUX_INTERFACE_MAC_ARR_TYPE
	netscan linux interface MAC array More...

typedef uint32_t	DOCA_APSH_NETSCAN_LINUX_INTERFACE_MAC_ARR_SIZE_TYPE
	netscan linux interface MAC array size More...

typedef char **	DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV6_ARR_TYPE
	netscan linux interface IPV6 array More...

typedef uint32_t	DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV6_ARR_SIZE_TYPE
	netscan linux interface IPV6 array size More...

typedef const char *	DOCA_APSH_LINUX_INTERFACE_NAME_TYPE
	linux interface name More...

typedef char **	DOCA_APSH_LINUX_INTERFACE_IPV4_ARR_TYPE
	linux interface IPV4 More...

typedef unsigned char *	DOCA_APSH_LINUX_INTERFACE_IPV4_PREFIX_LEN_ARR_TYPE
	linux inteface IPV4 prefix len More...

typedef uint32_t	DOCA_APSH_LINUX_INTERFACE_IPV4_ARR_SIZE_TYPE
	linux IPV4 adrress array size More...

typedef char **	DOCA_APSH_LINUX_INTERFACE_MAC_ARR_TYPE
	linux interface mac address array More...

typedef uint32_t	DOCA_APSH_LINUX_INTERFACE_MAC_ARR_SIZE_TYPE
	linux interface mac address array size More...

typedef char **	DOCA_APSH_LINUX_INTERFACE_IPV6_ARR_TYPE
	linux interface IPV6 More...

typedef uint32_t *	DOCA_APSH_LINUX_INTERFACE_IPV6_PREFIX_LEN_ARR_TYPE
	linux IPV6 prefix len More...

typedef uint32_t	DOCA_APSH_LINUX_INTERFACE_IPV6_ARR_SIZE_TYPE
	linux IPV6 adrress array size More...

typedef uint32_t	DOCA_APSH_LINUX_INTERFACE_NAMESPACE_TYPE
	linux namespace More...

typedef uint32_t	DOCA_APSH_YARA_PID_TYPE
	pid of the process More...

typedef const char *	DOCA_APSH_YARA_COMM_TYPE
	name of the process More...

typedef const char *	DOCA_APSH_YARA_RULE_TYPE
	rule name More...

typedef uint64_t	DOCA_APSH_YARA_MATCH_WINDOW_ADDR_TYPE
	virtual address of the scan window of the match More...

typedef uint64_t	DOCA_APSH_YARA_MATCH_WINDOW_LEN_TYPE
	length of the scan window of the match More...

typedef uint32_t	DOCA_APSH_INJECTION_DETECT_PID_TYPE
	injection detect pid type More...

typedef uint64_t	DOCA_APSH_INJECTION_DETECT_VAD_START_TYPE
	injection detect VAD start address type More...

typedef uint64_t	DOCA_APSH_INJECTION_DETECT_VAD_END_TYPE
	injection detect VAD end address type More...

typedef const char *	DOCA_APSH_INJECTION_DETECT_VAD_PROTECTION_TYPE
	injection detect VAD protection type More...

typedef const char *	DOCA_APSH_INJECTION_DETECT_VAD_TAG_TYPE
	injection detect VAD pool tag type More...

typedef const char *	DOCA_APSH_INJECTION_DETECT_VAD_FILE_PATH_TYPE
	injection detect VAD file path type More...

typedef uint64_t	DOCA_APSH_INJECTION_DETECT_SUSPECTED_AREA_START_TYPE
	injection detect suspected area start type More...

typedef uint64_t	DOCA_APSH_INJECTION_DETECT_SUSPECTED_AREA_END_TYPE
	injection detect suspected area end type More...

typedef const char *	DOCA_APSH_CONTAINER_ID_TYPE
	container id type More...

typedef uint32_t	DOCA_APSH_PROCESS_FILE_DETAILS_PID_TYPE
	process file details pid type More...

typedef const char *	DOCA_APSH_PROCESS_FILE_DETAILS_PATH_TYPE
	process file details path type More...

typedef const char *	DOCA_APSH_PROCESS_FILE_DETAILS_SHA1_TYPE
	process file details sha1 type More...

typedef const char *	DOCA_APSH_PROCESS_FILE_DETAILS_SHA256_TYPE
	process file details sha256 type More...

typedef uint64_t	DOCA_APSH_PROCESS_FILE_DETAILS_INODE_TYPE
	process file details inode number type More...

typedef uint64_t	DOCA_APSH_PROCESS_FILE_DETAILS_SIZE_TYPE
	process file details file size type More...

typedef const char *	DOCA_APSH_PROCESS_FILE_DETAILS_ELF_TYPE_TYPE
	process file details elf type type More...

typedef uint64_t	DOCA_APSH_PROCESS_FILE_DETAILS_INODE_ADDRESS_TYPE
	process file details inode address type More...

Enumerations
enum	doca_apsh_system_os { DOCA_APSH_SYSTEM_LINUX = 0 , DOCA_APSH_SYSTEM_WINDOWS = 1 }
	system os types More...

enum	doca_apsh_system_config_attr { DOCA_APSH_OS_SYMBOL_MAP = 0 , DOCA_APSH_MEM_REGION = 1 , DOCA_APSH_KPGD_FILE = 2 , DOCA_APSH_VHCA_ID = 3 , DOCA_APSH_OS_TYPE = 4 , DOCA_APSH_SCAN_WIN_SIZE = 5 , DOCA_APSH_SCAN_WIN_STEP = 6 , DOCA_APSH_HASHTEST_LIMIT = 7 , DOCA_APSH_MODULES_LIMIT = 8 , DOCA_APSH_PROCESS_LIMIT = 9 , DOCA_APSH_THREADS_LIMIT = 10 , DOCA_APSH_LDRMODULES_LIMIT = 11 , DOCA_APSH_LIBS_LIMIT = 12 , DOCA_APSH_VADS_LIMIT = 13 , DOCA_APSH_WINDOWS_ENVARS_LIMIT = 14 , DOCA_APSH_HANDLES_LIMIT = 15 , DOCA_APSH_STRING_LIMIT = 16 , DOCA_APSH_OS_SYMBOL_MAP_FOLDER = 17 , DOCA_APSH_FILESIZE_LIMIT = 18 }
	doca app shield configuration attributes More...

enum	doca_apsh_process_attr { DOCA_APSH_PROCESS_PID = 0 , DOCA_APSH_PROCESS_PPID = 1 , DOCA_APSH_PROCESS_COMM = 2 , DOCA_APSH_PROCESS_CPU_TIME = 3 , DOCA_APSH_PROCESS_WINDOWS_OFFSET = 1000 , DOCA_APSH_PROCESS_WINDOWS_THREADS = 1001 , DOCA_APSH_PROCESS_WINDOWS_EXIT_TIME = 1002 , DOCA_APSH_PROCESS_LINUX_GID = 2000 , DOCA_APSH_PROCESS_LINUX_UID = 2001 , DOCA_APSH_PROCESS_LINUX_STATE = 2002 , DOCA_APSH_PROCESS_LINUX_NS_PID = 2003 , DOCA_APSH_PROCESS_LINUX_NS_MNT = 2004 , DOCA_APSH_PROCESS_LINUX_NS_NET = 2005 }
	doca app shield process attributes More...

enum	doca_apsh_thread_attr { DOCA_APSH_THREAD_PID = 0 , DOCA_APSH_THREAD_TID = 1 , DOCA_APSH_THREAD_STATE = 2 , DOCA_APSH_THREAD_WINDOWS_WAIT_REASON = 1000 , DOCA_APSH_THREAD_WINDOWS_OFFSET = 1001 , DOCA_APSH_THREAD_WINDOWS_SUSPEND_COUNT = 1002 , DOCA_APSH_THREAD_LINUX_PROC_NAME = 2000 , DOCA_APSH_THREAD_LINUX_THREAD_NAME = 2001 }
	doca app shield thread attributes More...

enum	doca_apsh_lib_attr { DOCA_APSH_LIB_PID = 0 , DOCA_APSH_LIB_LIBRARY_PATH = 2 , DOCA_APSH_LIB_LOAD_ADRESS = 3 , DOCA_APSH_LIB_WINDOWS_DLL_NAME = 1000 , DOCA_APSH_LIB_WINDOWS_SIZE_OF_IMAGE = 1001 , DOCA_APSH_LIB_LINUX_LOAD_ADRESS = 2000 }
	doca app shield lib attributes More...

enum	doca_apsh_vad_attr { DOCA_APSH_VMA_PID = 0 , DOCA_APSH_VMA_OFFSET = 1 , DOCA_APSH_VMA_PROTECTION = 2 , DOCA_APSH_VMA_VM_START = 3 , DOCA_APSH_VMA_VM_END = 4 , DOCA_APSH_VMA_PROCESS_NAME = 5 , DOCA_APSH_VMA_FILE_PATH = 6 , DOCA_APSH_VMA_WINDOWS_COMMIT_CHARGE = 1000 , DOCA_APSH_VMA_WINDOWS_PRIVATE_MEMORY = 1001 , DOCA_APSH_VMA_WINDOWS_TAG = 1002 }
	doca app shield virtual address descriptor attributes More...

enum	doca_apsh_attestation_attr { DOCA_APSH_ATTESTATION_PID = 0 , DOCA_APSH_ATTESTATION_COMM = 1 , DOCA_APSH_ATTESTATION_PATH_OF_MEMORY_AREA = 2 , DOCA_APSH_ATTESTATION_PROTECTION = 3 , DOCA_APSH_ATTESTATION_START_ADDRESS = 4 , DOCA_APSH_ATTESTATION_END_ADDRESS = 5 , DOCA_APSH_ATTESTATION_PAGES_NUMBER = 6 , DOCA_APSH_ATTESTATION_PAGES_PRESENT = 7 , DOCA_APSH_ATTESTATION_MATCHING_HASHES = 8 , DOCA_APSH_ATTESTATION_HASH_DATA_IS_PRESENT = 9 }
	doca app shield attestation attributes More...

enum	doca_apsh_module_attr { DOCA_APSH_MODULES_OFFSET = 0 , DOCA_APSH_MODULES_NAME = 1 , DOCA_APSH_MODULES_SIZE = 2 }
	doca app shield module attributes More...

enum	doca_apsh_privilege_attr { DOCA_APSH_PRIVILEGES_PID = 0 , DOCA_APSH_PRIVILEGES_NAME = 2 , DOCA_APSH_PRIVILEGES_IS_ON = 3 , DOCA_APSH_PRIVILEGES_WINDOWS_PRESENT = 1000 , DOCA_APSH_PRIVILEGES_WINDOWS_ENABLED = 1001 , DOCA_APSH_PRIVILEGES_WINDOWS_DEFAULT = 1002 }
	doca app shield privileges attributes windows privilege list can be found on: https://docs.microsoft.com/en-us/windows/win32/secauthz/privilege-constants More...

enum	doca_apsh_envar_attr { DOCA_APSH_ENVARS_PID = 0 , DOCA_APSH_ENVARS_VARIABLE = 2 , DOCA_APSH_ENVARS_VALUE = 3 , DOCA_APSH_ENVARS_WINDOWS_BLOCK = 1000 }
	doca app shield envars attributes More...

enum	doca_apsh_ldrmodule_attr { DOCA_APSH_LDRMODULE_PID = 0 , DOCA_APSH_LDRMODULE_BASE_ADDRESS = 2 , DOCA_APSH_LDRMODULE_LIBRARY_PATH = 3 , DOCA_APSH_LDRMODULE_WINDOWS_DLL_NAME = 1000 , DOCA_APSH_LDRMODULE_WINDOWS_SIZE_OF_IMAGE = 1001 , DOCA_APSH_LDRMODULE_WINDOWS_INLOAD = 1002 , DOCA_APSH_LDRMODULE_WINDOWS_INMEM = 1003 , DOCA_APSH_LDRMODULE_WINDOWS_ININIT = 1004 }
	doca app shield LDR-Modules attributes More...

enum	doca_apsh_handle_attr { DOCA_APSH_HANDLE_PID = 0 , DOCA_APSH_HANDLE_VALUE = 2 , DOCA_APSH_HANDLE_TABLE_ENTRY = 3 , DOCA_APSH_HANDLE_TYPE = 4 , DOCA_APSH_HANDLE_ACCESS = 5 , DOCA_APSH_HANDLE_NAME = 6 }
	doca app shield handle attributes More...

enum	doca_apsh_process_parameters_attr { DOCA_APSH_PROCESS_PARAMETERS_PID = 0 , DOCA_APSH_PROCESS_PARAMETERS_CMD_LINE = 1 , DOCA_APSH_PROCESS_PARAMETERS_IMAGE_BASE_ADDR = 2 , DOCA_APSH_PROCESS_PARAMETERS_IMAGE_FULL_PATH = 3 }
	doca app shield process-parameters attributes More...

enum	doca_apsh_sid_attr { DOCA_APSH_PROCESS_SID_PID = 0 , DOCA_APSH_PROCESS_SID_STRING = 1 , DOCA_APSH_PROCESS_SID_ATTRIBUTES = 2 }
	doca app shield SID (security identifiers) attributes More...

enum	doca_apsh_netscan_attr { DOCA_APSH_NETSCAN_PID = 0 , DOCA_APSH_NETSCAN_COMM = 1 , DOCA_APSH_NETSCAN_PROTOCOL = 2 , DOCA_APSH_NETSCAN_LOCAL_ADDR = 3 , DOCA_APSH_NETSCAN_REMOTE_ADDR = 4 , DOCA_APSH_NETSCAN_LOCAL_PORT = 5 , DOCA_APSH_NETSCAN_REMOTE_PORT = 6 , DOCA_APSH_NETSCAN_STATE = 7 , DOCA_APSH_NETSCAN_TIME = 8 , DOCA_APSH_NETSCAN_WINDOWS_TIME = 1000 , DOCA_APSH_NETSCAN_LINUX_FD = 2000 , DOCA_APSH_NETSCAN_LINUX_SOCKET_OFFSET = 2001 , DOCA_APSH_NETSCAN_LINUX_FAMILY = 2002 , DOCA_APSH_NETSCAN_LINUX_TYPE = 2003 , DOCA_APSH_NETSCAN_LINUX_FILTER = 2004 , DOCA_APSH_NETSCAN_LINUX_NET_NAMESPACE = 2005 , DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_SENT = 2006 , DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_ACKED = 2007 , DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_RECEIVED = 2008 , DOCA_APSH_NETSCAN_LINUX_TCP_SEGS_IN = 2009 , DOCA_APSH_NETSCAN_LINUX_TCP_SEGS_OUT = 2010 , DOCA_APSH_NETSCAN_LINUX_TCP_DATA_SEGS_IN = 2011 , DOCA_APSH_NETSCAN_LINUX_TCP_DATA_SEGS_OUT = 2012 , DOCA_APSH_NETSCAN_LINUX_INTERFACE_NAME = 2013 , DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV4_ARR = 2014 , DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV4_ARR_SIZE = 2015 , DOCA_APSH_NETSCAN_LINUX_INTERFACE_MAC_ARR = 2016 , DOCA_APSH_NETSCAN_LINUX_INTERFACE_MAC_ARR_SIZE = 2017 , DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV6_ARR = 2018 , DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV6_ARR_SIZE = 2019 }
	doca app shield netscan attributes More...

enum	doca_apsh_interface_attr { DOCA_APSH_LINUX_INTERFACE_NAME = 3000 , DOCA_APSH_LINUX_INTERFACE_IPV4_ARR = 3001 , DOCA_APSH_LINUX_INTERFACE_IPV4_PREFIX_LEN_ARR = 3002 , DOCA_APSH_LINUX_INTERFACE_IPV4_ARR_SIZE = 3003 , DOCA_APSH_LINUX_INTERFACE_MAC_ARR = 3004 , DOCA_APSH_LINUX_INTERFACE_MAC_ARR_SIZE = 3005 , DOCA_APSH_LINUX_INTERFACE_IPV6_ARR = 3006 , DOCA_APSH_LINUX_INTERFACE_IPV6_PREFIX_LEN_ARR = 3007 , DOCA_APSH_LINUX_INTERFACE_IPV6_ARR_SIZE = 3008 , DOCA_APSH_LINUX_INTERFACE_NAMESPACE = 3009 }
	doca app shield interface attributes More...

enum	doca_apsh_yara_rule { DOCA_APSH_YARA_RULE_HELLO_WORLD = 0 , DOCA_APSH_YARA_RULE_REFLECTIVE_DLL_INJECTION = 1 , DOCA_APSH_YARA_RULE_MIMIKATZ = 2 }
	available doca app shield yara rules More...

enum	doca_apsh_yara_scan_type { DOCA_APSH_YARA_SCAN_VMA = 1 , DOCA_APSH_YARA_SCAN_HEAP = 1 << 1 }
	doca app shield yara scan type bitmask More...

enum	doca_apsh_yara_attr { DOCA_APSH_YARA_PID = 0 , DOCA_APSH_YARA_COMM = 1 , DOCA_APSH_YARA_RULE = 2 , DOCA_APSH_YARA_MATCH_WINDOW_ADDR = 3 , DOCA_APSH_YARA_MATCH_WINDOW_LEN = 4 }
	doca app shield yara attributes More...

enum	doca_apsh_injection_detect_attr { DOCA_APSH_INJECTION_DETECT_PID , DOCA_APSH_INJECTION_DETECT_VAD_START , DOCA_APSH_INJECTION_DETECT_VAD_END , DOCA_APSH_INJECTION_DETECT_VAD_PROTECTION , DOCA_APSH_INJECTION_DETECT_VAD_TAG , DOCA_APSH_INJECTION_DETECT_VAD_FILE_PATH , DOCA_APSH_INJECTION_DETECT_SUSPECTED_AREA_START , DOCA_APSH_INJECTION_DETECT_SUSPECTED_AREA_END }
	doca app shield injection detect attributes More...

enum	doca_apsh_container_attr { DOCA_APSH_CONTAINER_ID = 0 }
	doca app shield process attributes More...

enum	doca_apsh_proc_file_details_attr { DOCA_APSH_PROCESS_FILE_DETAILS_PID = 0 , DOCA_APSH_PROCESS_FILE_DETAILS_PATH = 1 , DOCA_APSH_PROCESS_FILE_DETAILS_SHA1 = 2 , DOCA_APSH_PROCESS_FILE_DETAILS_SHA256 = 3 , DOCA_APSH_PROCESS_FILE_DETAILS_INODE = 4 , DOCA_APSH_PROCESS_FILE_DETAILS_SIZE = 5 , DOCA_APSH_PROCESS_FILE_DETAILS_ELF_TYPE = 6 , DOCA_APSH_PROCESS_FILE_DETAILS_INODE_ADDRESS = 7 }
	doca app shield process file details attributes More...

Detailed Description

DOCA App Shield attributes to query with get functions, see doca_apsh.h

Typedef Documentation

◆ DOCA_APSH_ATTESTATION_COMM_TYPE

typedef const char* DOCA_APSH_ATTESTATION_COMM_TYPE

attestation comm type

Definition at line 265 of file doca_apsh_attr.h.

◆ DOCA_APSH_ATTESTATION_END_ADDRESS_TYPE

typedef uint64_t DOCA_APSH_ATTESTATION_END_ADDRESS_TYPE

attestation end address type

Definition at line 273 of file doca_apsh_attr.h.

◆ DOCA_APSH_ATTESTATION_HASH_DATA_IS_PRESENT_TYPE

typedef bool DOCA_APSH_ATTESTATION_HASH_DATA_IS_PRESENT_TYPE

attestation hash data is present type

Definition at line 281 of file doca_apsh_attr.h.

◆ DOCA_APSH_ATTESTATION_MATCHING_HASHES_TYPE

typedef int DOCA_APSH_ATTESTATION_MATCHING_HASHES_TYPE

attestation matching hashes type

Definition at line 279 of file doca_apsh_attr.h.

◆ DOCA_APSH_ATTESTATION_PAGES_NUMBER_TYPE

typedef int DOCA_APSH_ATTESTATION_PAGES_NUMBER_TYPE

attestation pages number type

Definition at line 275 of file doca_apsh_attr.h.

◆ DOCA_APSH_ATTESTATION_PAGES_PRESENT_TYPE

typedef int DOCA_APSH_ATTESTATION_PAGES_PRESENT_TYPE

attestation pages present type

Definition at line 277 of file doca_apsh_attr.h.

◆ DOCA_APSH_ATTESTATION_PATH_OF_MEMORY_AREA_TYPE

typedef const char* DOCA_APSH_ATTESTATION_PATH_OF_MEMORY_AREA_TYPE

attestation path of memory area type

Definition at line 267 of file doca_apsh_attr.h.

◆ DOCA_APSH_ATTESTATION_PID_TYPE

typedef uint32_t DOCA_APSH_ATTESTATION_PID_TYPE

attestation pid type

Definition at line 263 of file doca_apsh_attr.h.

◆ DOCA_APSH_ATTESTATION_PROTECTION_TYPE

typedef const char* DOCA_APSH_ATTESTATION_PROTECTION_TYPE

attestation protection type

Definition at line 269 of file doca_apsh_attr.h.

◆ DOCA_APSH_ATTESTATION_START_ADDRESS_TYPE

typedef uint64_t DOCA_APSH_ATTESTATION_START_ADDRESS_TYPE

attestation start address type

Definition at line 271 of file doca_apsh_attr.h.

◆ DOCA_APSH_CONTAINER_ID_TYPE

typedef const char* DOCA_APSH_CONTAINER_ID_TYPE

container id type

Definition at line 656 of file doca_apsh_attr.h.

◆ DOCA_APSH_DMA_DEV_TYPE

typedef struct doca_dev* DOCA_APSH_DMA_DEV_TYPE

dma dev name

Definition at line 69 of file doca_apsh_attr.h.

◆ DOCA_APSH_ENVARS_PID_TYPE

typedef uint32_t DOCA_APSH_ENVARS_PID_TYPE

envars pid type

Definition at line 340 of file doca_apsh_attr.h.

◆ DOCA_APSH_ENVARS_VALUE_TYPE

typedef const char* DOCA_APSH_ENVARS_VALUE_TYPE

envars value type

Definition at line 344 of file doca_apsh_attr.h.

◆ DOCA_APSH_ENVARS_VARIABLE_TYPE

typedef const char* DOCA_APSH_ENVARS_VARIABLE_TYPE

envars variable type

Definition at line 342 of file doca_apsh_attr.h.

◆ DOCA_APSH_ENVARS_WINDOWS_BLOCK_TYPE

typedef uint64_t DOCA_APSH_ENVARS_WINDOWS_BLOCK_TYPE

envars windows block address type

Definition at line 346 of file doca_apsh_attr.h.

◆ DOCA_APSH_FILESIZE_LIMIT_TYPE

typedef int DOCA_APSH_FILESIZE_LIMIT_TYPE

limit of parsed files size

Definition at line 103 of file doca_apsh_attr.h.

◆ DOCA_APSH_HANDLE_ACCESS_TYPE

typedef uint64_t DOCA_APSH_HANDLE_ACCESS_TYPE

handle access type

Definition at line 400 of file doca_apsh_attr.h.

◆ DOCA_APSH_HANDLE_NAME_TYPE

typedef const char* DOCA_APSH_HANDLE_NAME_TYPE

handle name type

Definition at line 402 of file doca_apsh_attr.h.

◆ DOCA_APSH_HANDLE_PID_TYPE

typedef uint32_t DOCA_APSH_HANDLE_PID_TYPE

handle pid type

Definition at line 392 of file doca_apsh_attr.h.

◆ DOCA_APSH_HANDLE_TABLE_ENTRY_TYPE

typedef uint64_t DOCA_APSH_HANDLE_TABLE_ENTRY_TYPE

handle table entry type

Definition at line 396 of file doca_apsh_attr.h.

◆ DOCA_APSH_HANDLE_TYPE_TYPE

typedef const char* DOCA_APSH_HANDLE_TYPE_TYPE

handle type type

Definition at line 398 of file doca_apsh_attr.h.

◆ DOCA_APSH_HANDLE_VALUE_TYPE

typedef uint64_t DOCA_APSH_HANDLE_VALUE_TYPE

handle value type

Definition at line 394 of file doca_apsh_attr.h.

◆ DOCA_APSH_HASHTEST_LIMIT_TYPE

typedef int DOCA_APSH_HASHTEST_LIMIT_TYPE

limit of vm areas to attest

Definition at line 85 of file doca_apsh_attr.h.

◆ DOCA_APSH_INJECTION_DETECT_PID_TYPE

typedef uint32_t DOCA_APSH_INJECTION_DETECT_PID_TYPE

injection detect pid type

Definition at line 632 of file doca_apsh_attr.h.

◆ DOCA_APSH_INJECTION_DETECT_SUSPECTED_AREA_END_TYPE

typedef uint64_t DOCA_APSH_INJECTION_DETECT_SUSPECTED_AREA_END_TYPE

injection detect suspected area end type

Definition at line 646 of file doca_apsh_attr.h.

◆ DOCA_APSH_INJECTION_DETECT_SUSPECTED_AREA_START_TYPE

typedef uint64_t DOCA_APSH_INJECTION_DETECT_SUSPECTED_AREA_START_TYPE

injection detect suspected area start type

Definition at line 644 of file doca_apsh_attr.h.

◆ DOCA_APSH_INJECTION_DETECT_VAD_END_TYPE

typedef uint64_t DOCA_APSH_INJECTION_DETECT_VAD_END_TYPE

injection detect VAD end address type

Definition at line 636 of file doca_apsh_attr.h.

◆ DOCA_APSH_INJECTION_DETECT_VAD_FILE_PATH_TYPE

typedef const char* DOCA_APSH_INJECTION_DETECT_VAD_FILE_PATH_TYPE

injection detect VAD file path type

Definition at line 642 of file doca_apsh_attr.h.

◆ DOCA_APSH_INJECTION_DETECT_VAD_PROTECTION_TYPE

typedef const char* DOCA_APSH_INJECTION_DETECT_VAD_PROTECTION_TYPE

injection detect VAD protection type

Definition at line 638 of file doca_apsh_attr.h.

◆ DOCA_APSH_INJECTION_DETECT_VAD_START_TYPE

typedef uint64_t DOCA_APSH_INJECTION_DETECT_VAD_START_TYPE

injection detect VAD start address type

Definition at line 634 of file doca_apsh_attr.h.

◆ DOCA_APSH_INJECTION_DETECT_VAD_TAG_TYPE

typedef const char* DOCA_APSH_INJECTION_DETECT_VAD_TAG_TYPE

injection detect VAD pool tag type

Definition at line 640 of file doca_apsh_attr.h.

◆ DOCA_APSH_KPGD_FILE_TYPE

typedef char* DOCA_APSH_KPGD_FILE_TYPE

kpgd file path

Definition at line 75 of file doca_apsh_attr.h.

◆ DOCA_APSH_LDRMODULE_BASE_ADDRESS_TYPE

typedef uint64_t DOCA_APSH_LDRMODULE_BASE_ADDRESS_TYPE

ldrmodule base address type

Definition at line 365 of file doca_apsh_attr.h.

◆ DOCA_APSH_LDRMODULE_LIBRARY_PATH_TYPE

typedef const char* DOCA_APSH_LDRMODULE_LIBRARY_PATH_TYPE

ldrmodule library path type

Definition at line 367 of file doca_apsh_attr.h.

◆ DOCA_APSH_LDRMODULE_PID_TYPE

typedef uint32_t DOCA_APSH_LDRMODULE_PID_TYPE

ldrmodule pid type

Definition at line 363 of file doca_apsh_attr.h.

◆ DOCA_APSH_LDRMODULE_WINDOWS_DLL_NAME_TYPE

typedef const char* DOCA_APSH_LDRMODULE_WINDOWS_DLL_NAME_TYPE

ldrmodule windows dll name type

Definition at line 369 of file doca_apsh_attr.h.

◆ DOCA_APSH_LDRMODULE_WINDOWS_ININIT_TYPE

typedef bool DOCA_APSH_LDRMODULE_WINDOWS_ININIT_TYPE

ldrmodule ininit type

Definition at line 377 of file doca_apsh_attr.h.

◆ DOCA_APSH_LDRMODULE_WINDOWS_INLOAD_TYPE

typedef bool DOCA_APSH_LDRMODULE_WINDOWS_INLOAD_TYPE

ldrmodule inload type

Definition at line 373 of file doca_apsh_attr.h.

◆ DOCA_APSH_LDRMODULE_WINDOWS_INMEM_TYPE

typedef bool DOCA_APSH_LDRMODULE_WINDOWS_INMEM_TYPE

ldrmodule inmem type

Definition at line 375 of file doca_apsh_attr.h.

◆ DOCA_APSH_LDRMODULE_WINDOWS_SIZE_OF_IMAGE_TYPE

typedef uint32_t DOCA_APSH_LDRMODULE_WINDOWS_SIZE_OF_IMAGE_TYPE

ldrmodule size of image type

Definition at line 371 of file doca_apsh_attr.h.

◆ DOCA_APSH_LIB_LIBRARY_PATH_TYPE

typedef const char* DOCA_APSH_LIB_LIBRARY_PATH_TYPE

lib loaded library path type

Definition at line 199 of file doca_apsh_attr.h.

◆ DOCA_APSH_LIB_LINUX_LOAD_ADRESS_TYPE

typedef uint64_t DOCA_APSH_LIB_LINUX_LOAD_ADRESS_TYPE

lib load address for Linux

Definition at line 207 of file doca_apsh_attr.h.

◆ DOCA_APSH_LIB_LOAD_ADRESS_TYPE

typedef uint64_t DOCA_APSH_LIB_LOAD_ADRESS_TYPE

lib load address for both Windows and Linux

Definition at line 201 of file doca_apsh_attr.h.

◆ DOCA_APSH_LIB_PID_TYPE

typedef uint32_t DOCA_APSH_LIB_PID_TYPE

lib pid type

Definition at line 197 of file doca_apsh_attr.h.

◆ DOCA_APSH_LIB_WINDOWS_DLL_NAME_TYPE

typedef const char* DOCA_APSH_LIB_WINDOWS_DLL_NAME_TYPE

lib dll name type

Definition at line 203 of file doca_apsh_attr.h.

◆ DOCA_APSH_LIB_WINDOWS_SIZE_OF_IMAGE_TYPE

typedef uint32_t DOCA_APSH_LIB_WINDOWS_SIZE_OF_IMAGE_TYPE

lib size of image type

Definition at line 205 of file doca_apsh_attr.h.

◆ DOCA_APSH_LIBS_LIMIT_TYPE

typedef int DOCA_APSH_LIBS_LIMIT_TYPE

limit of libs number

Definition at line 93 of file doca_apsh_attr.h.

◆ DOCA_APSH_LINUX_INTERFACE_IPV4_ARR_SIZE_TYPE

typedef uint32_t DOCA_APSH_LINUX_INTERFACE_IPV4_ARR_SIZE_TYPE

linux IPV4 adrress array size

Definition at line 561 of file doca_apsh_attr.h.

◆ DOCA_APSH_LINUX_INTERFACE_IPV4_ARR_TYPE

typedef char** DOCA_APSH_LINUX_INTERFACE_IPV4_ARR_TYPE

linux interface IPV4

Definition at line 557 of file doca_apsh_attr.h.

◆ DOCA_APSH_LINUX_INTERFACE_IPV4_PREFIX_LEN_ARR_TYPE

typedef unsigned char* DOCA_APSH_LINUX_INTERFACE_IPV4_PREFIX_LEN_ARR_TYPE

linux inteface IPV4 prefix len

Definition at line 559 of file doca_apsh_attr.h.

◆ DOCA_APSH_LINUX_INTERFACE_IPV6_ARR_SIZE_TYPE

typedef uint32_t DOCA_APSH_LINUX_INTERFACE_IPV6_ARR_SIZE_TYPE

linux IPV6 adrress array size

Definition at line 571 of file doca_apsh_attr.h.

◆ DOCA_APSH_LINUX_INTERFACE_IPV6_ARR_TYPE

typedef char** DOCA_APSH_LINUX_INTERFACE_IPV6_ARR_TYPE

linux interface IPV6

Definition at line 567 of file doca_apsh_attr.h.

◆ DOCA_APSH_LINUX_INTERFACE_IPV6_PREFIX_LEN_ARR_TYPE

typedef uint32_t* DOCA_APSH_LINUX_INTERFACE_IPV6_PREFIX_LEN_ARR_TYPE

linux IPV6 prefix len

Definition at line 569 of file doca_apsh_attr.h.

◆ DOCA_APSH_LINUX_INTERFACE_MAC_ARR_SIZE_TYPE

typedef uint32_t DOCA_APSH_LINUX_INTERFACE_MAC_ARR_SIZE_TYPE

linux interface mac address array size

Definition at line 565 of file doca_apsh_attr.h.

◆ DOCA_APSH_LINUX_INTERFACE_MAC_ARR_TYPE

typedef char** DOCA_APSH_LINUX_INTERFACE_MAC_ARR_TYPE

linux interface mac address array

Definition at line 563 of file doca_apsh_attr.h.

◆ DOCA_APSH_LINUX_INTERFACE_NAME_TYPE

typedef const char* DOCA_APSH_LINUX_INTERFACE_NAME_TYPE

linux interface name

Definition at line 555 of file doca_apsh_attr.h.

◆ DOCA_APSH_LINUX_INTERFACE_NAMESPACE_TYPE

typedef uint32_t DOCA_APSH_LINUX_INTERFACE_NAMESPACE_TYPE

linux namespace

Definition at line 573 of file doca_apsh_attr.h.

◆ DOCA_APSH_MEM_REGION_TYPE

typedef char* DOCA_APSH_MEM_REGION_TYPE

memory region path

Definition at line 73 of file doca_apsh_attr.h.

◆ DOCA_APSH_MODULES_LIMIT_TYPE

typedef int DOCA_APSH_MODULES_LIMIT_TYPE

limit of modules number

Definition at line 87 of file doca_apsh_attr.h.

◆ DOCA_APSH_MODULES_NAME_TYPE

typedef const char* DOCA_APSH_MODULES_NAME_TYPE

module name type

Definition at line 295 of file doca_apsh_attr.h.

◆ DOCA_APSH_MODULES_OFFSET_TYPE

typedef uint64_t DOCA_APSH_MODULES_OFFSET_TYPE

module offset type

Definition at line 293 of file doca_apsh_attr.h.

◆ DOCA_APSH_MODULES_SIZE_TYPE

typedef uint32_t DOCA_APSH_MODULES_SIZE_TYPE

module size type

Definition at line 297 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_COMM_TYPE

typedef const char* DOCA_APSH_NETSCAN_COMM_TYPE

netscan process name

Definition at line 480 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_FAMILY_TYPE

typedef const char* DOCA_APSH_NETSCAN_LINUX_FAMILY_TYPE

netscan linux connection Family

Definition at line 502 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_FD_TYPE

typedef uint32_t DOCA_APSH_NETSCAN_LINUX_FD_TYPE

netscan linux connection file descriptor

Definition at line 498 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_FILTER_TYPE

typedef const char* DOCA_APSH_NETSCAN_LINUX_FILTER_TYPE

netscan linux connection filter

Definition at line 506 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV4_ARR_SIZE_TYPE

typedef uint32_t DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV4_ARR_SIZE_TYPE

netscan linux interface IPV4 array size

Definition at line 528 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV4_ARR_TYPE

typedef char** DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV4_ARR_TYPE

netscan interface IPV4 array

Definition at line 526 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV6_ARR_SIZE_TYPE

typedef uint32_t DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV6_ARR_SIZE_TYPE

netscan linux interface IPV6 array size

Definition at line 536 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV6_ARR_TYPE

typedef char** DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV6_ARR_TYPE

netscan linux interface IPV6 array

Definition at line 534 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_INTERFACE_MAC_ARR_SIZE_TYPE

typedef uint32_t DOCA_APSH_NETSCAN_LINUX_INTERFACE_MAC_ARR_SIZE_TYPE

netscan linux interface MAC array size

Definition at line 532 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_INTERFACE_MAC_ARR_TYPE

typedef char** DOCA_APSH_NETSCAN_LINUX_INTERFACE_MAC_ARR_TYPE

netscan linux interface MAC array

Definition at line 530 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_INTERFACE_NAME_TYPE

typedef char* DOCA_APSH_NETSCAN_LINUX_INTERFACE_NAME_TYPE

netscan linux interface name

Definition at line 524 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_NET_NAMESPACE_TYPE

typedef uint32_t DOCA_APSH_NETSCAN_LINUX_NET_NAMESPACE_TYPE

netscan linux connection net namespace

Definition at line 508 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_SOCKET_OFFSET_TYPE

typedef uint64_t DOCA_APSH_NETSCAN_LINUX_SOCKET_OFFSET_TYPE

netscan linux connection socket offset

Definition at line 500 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_ACKED_TYPE

typedef uint64_t DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_ACKED_TYPE

netscan linux connection TCP acknowledged bytes

Definition at line 512 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_RECEIVED_TYPE

typedef uint64_t DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_RECEIVED_TYPE

netscan linux connection TCP received bytes

Definition at line 514 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_SENT_TYPE

typedef uint64_t DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_SENT_TYPE

netscan linux connection TCP sent bytes

Definition at line 510 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_TCP_DATA_SEGS_IN_TYPE

typedef uint32_t DOCA_APSH_NETSCAN_LINUX_TCP_DATA_SEGS_IN_TYPE

netscan linux connection TCP data segments in

Definition at line 520 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_TCP_DATA_SEGS_OUT_TYPE

typedef uint32_t DOCA_APSH_NETSCAN_LINUX_TCP_DATA_SEGS_OUT_TYPE

netscan linux connection TCP data segments out

Definition at line 522 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_TCP_SEGS_IN_TYPE

typedef uint32_t DOCA_APSH_NETSCAN_LINUX_TCP_SEGS_IN_TYPE

netscan linux connection TCP segments in

Definition at line 516 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_TCP_SEGS_OUT_TYPE

typedef uint32_t DOCA_APSH_NETSCAN_LINUX_TCP_SEGS_OUT_TYPE

netscan linux connection TCP segments out

Definition at line 518 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LINUX_TYPE_TYPE

typedef const char* DOCA_APSH_NETSCAN_LINUX_TYPE_TYPE

netscan linux connection Type

Definition at line 504 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LOCAL_ADDR_TYPE

typedef const char* DOCA_APSH_NETSCAN_LOCAL_ADDR_TYPE

netscan connection local address

Definition at line 484 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_LOCAL_PORT_TYPE

typedef uint64_t DOCA_APSH_NETSCAN_LOCAL_PORT_TYPE

netscan connection local port

Definition at line 488 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_PID_TYPE

typedef uint32_t DOCA_APSH_NETSCAN_PID_TYPE

netscan process id

Definition at line 478 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_PROTOCOL_TYPE

typedef const char* DOCA_APSH_NETSCAN_PROTOCOL_TYPE

netscan connection protocol

Definition at line 482 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_REMOTE_ADDR_TYPE

typedef const char* DOCA_APSH_NETSCAN_REMOTE_ADDR_TYPE

netscan connection remote address

Definition at line 486 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_REMOTE_PORT_TYPE

typedef uint64_t DOCA_APSH_NETSCAN_REMOTE_PORT_TYPE

netscan connection remote port

Definition at line 490 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_STATE_TYPE

typedef const char* DOCA_APSH_NETSCAN_STATE_TYPE

netscan connection state

Definition at line 492 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_TIME_TYPE

typedef const char* DOCA_APSH_NETSCAN_TIME_TYPE

netscan windows connection creation time - depricated

Definition at line 494 of file doca_apsh_attr.h.

◆ DOCA_APSH_NETSCAN_WINDOWS_TIME_TYPE

typedef const char* DOCA_APSH_NETSCAN_WINDOWS_TIME_TYPE

netscan windows connection creation time

Definition at line 496 of file doca_apsh_attr.h.

◆ DOCA_APSH_OS_SYMBOL_MAP_FOLDER_TYPE

typedef char* DOCA_APSH_OS_SYMBOL_MAP_FOLDER_TYPE

os symbol map folder path

Definition at line 101 of file doca_apsh_attr.h.

◆ DOCA_APSH_OS_SYMBOL_MAP_TYPE

typedef char* DOCA_APSH_OS_SYMBOL_MAP_TYPE

os symbol map path

Definition at line 71 of file doca_apsh_attr.h.

◆ DOCA_APSH_OS_TYPE_TYPE

typedef enum doca_apsh_system_os DOCA_APSH_OS_TYPE_TYPE

os type

Definition at line 77 of file doca_apsh_attr.h.

◆ DOCA_APSH_PRIVILEGES_IS_ON_TYPE

typedef bool DOCA_APSH_PRIVILEGES_IS_ON_TYPE

privilege is on type

Definition at line 321 of file doca_apsh_attr.h.

◆ DOCA_APSH_PRIVILEGES_NAME_TYPE

typedef const char* DOCA_APSH_PRIVILEGES_NAME_TYPE

privilege name type

Definition at line 319 of file doca_apsh_attr.h.

◆ DOCA_APSH_PRIVILEGES_PID_TYPE

typedef uint32_t DOCA_APSH_PRIVILEGES_PID_TYPE

privilege process pid

Definition at line 317 of file doca_apsh_attr.h.

◆ DOCA_APSH_PRIVILEGES_WINDOWS_DEFAULT_TYPE

typedef bool DOCA_APSH_PRIVILEGES_WINDOWS_DEFAULT_TYPE

privilege windows enabled by default type

Definition at line 327 of file doca_apsh_attr.h.

◆ DOCA_APSH_PRIVILEGES_WINDOWS_ENABLED_TYPE

typedef bool DOCA_APSH_PRIVILEGES_WINDOWS_ENABLED_TYPE

privilege windows enabled type

Definition at line 325 of file doca_apsh_attr.h.

◆ DOCA_APSH_PRIVILEGES_WINDOWS_PRESENT_TYPE

typedef bool DOCA_APSH_PRIVILEGES_WINDOWS_PRESENT_TYPE

privilege windows present type

Definition at line 323 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_COMM_TYPE

typedef const char* DOCA_APSH_PROCESS_COMM_TYPE

process comm type

Definition at line 129 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_CPU_TIME_TYPE

typedef uint64_t DOCA_APSH_PROCESS_CPU_TIME_TYPE

process cpu time type

Definition at line 131 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_FILE_DETAILS_ELF_TYPE_TYPE

typedef const char* DOCA_APSH_PROCESS_FILE_DETAILS_ELF_TYPE_TYPE

process file details elf type type

Definition at line 685 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_FILE_DETAILS_INODE_ADDRESS_TYPE

typedef uint64_t DOCA_APSH_PROCESS_FILE_DETAILS_INODE_ADDRESS_TYPE

process file details inode address type

Definition at line 687 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_FILE_DETAILS_INODE_TYPE

typedef uint64_t DOCA_APSH_PROCESS_FILE_DETAILS_INODE_TYPE

process file details inode number type

Definition at line 681 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_FILE_DETAILS_PATH_TYPE

typedef const char* DOCA_APSH_PROCESS_FILE_DETAILS_PATH_TYPE

process file details path type

Definition at line 675 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_FILE_DETAILS_PID_TYPE

typedef uint32_t DOCA_APSH_PROCESS_FILE_DETAILS_PID_TYPE

process file details pid type

Definition at line 673 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_FILE_DETAILS_SHA1_TYPE

typedef const char* DOCA_APSH_PROCESS_FILE_DETAILS_SHA1_TYPE

process file details sha1 type

Definition at line 677 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_FILE_DETAILS_SHA256_TYPE

typedef const char* DOCA_APSH_PROCESS_FILE_DETAILS_SHA256_TYPE

process file details sha256 type

Definition at line 679 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_FILE_DETAILS_SIZE_TYPE

typedef uint64_t DOCA_APSH_PROCESS_FILE_DETAILS_SIZE_TYPE

process file details file size type

Definition at line 683 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_LIMIT_TYPE

typedef int DOCA_APSH_PROCESS_LIMIT_TYPE

limit of processes number

Definition at line 89 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_LINUX_GID_TYPE

typedef uint32_t DOCA_APSH_PROCESS_LINUX_GID_TYPE

process gid type

Definition at line 139 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_LINUX_NS_MNT_TYPE

typedef uint32_t DOCA_APSH_PROCESS_LINUX_NS_MNT_TYPE

process mount namespace type

Definition at line 147 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_LINUX_NS_NET_TYPE

typedef uint32_t DOCA_APSH_PROCESS_LINUX_NS_NET_TYPE

process network namespace type

Definition at line 149 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_LINUX_NS_PID_TYPE

typedef uint32_t DOCA_APSH_PROCESS_LINUX_NS_PID_TYPE

process PID namespace type

Definition at line 145 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_LINUX_STATE_TYPE

typedef uint64_t DOCA_APSH_PROCESS_LINUX_STATE_TYPE

process state type

Definition at line 143 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_LINUX_UID_TYPE

typedef uint32_t DOCA_APSH_PROCESS_LINUX_UID_TYPE

process uid type

Definition at line 141 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_PARAMETERS_CMD_LINE_TYPE

typedef const char* DOCA_APSH_PROCESS_PARAMETERS_CMD_LINE_TYPE

process-parameters command line

Definition at line 417 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_PARAMETERS_IMAGE_BASE_ADDR_TYPE

typedef uint64_t DOCA_APSH_PROCESS_PARAMETERS_IMAGE_BASE_ADDR_TYPE

process-parameters image base address

Definition at line 419 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_PARAMETERS_IMAGE_FULL_PATH_TYPE

typedef const char* DOCA_APSH_PROCESS_PARAMETERS_IMAGE_FULL_PATH_TYPE

process-parameters image full path

Definition at line 421 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_PARAMETERS_PID_TYPE

typedef uint32_t DOCA_APSH_PROCESS_PARAMETERS_PID_TYPE

process-parameters pid

Definition at line 415 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_PID_TYPE

typedef uint32_t DOCA_APSH_PROCESS_PID_TYPE

process pid type

Definition at line 125 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_PPID_TYPE

typedef uint32_t DOCA_APSH_PROCESS_PPID_TYPE

process pid type

Definition at line 127 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_SID_ATTRIBUTES_TYPE

typedef uint32_t DOCA_APSH_PROCESS_SID_ATTRIBUTES_TYPE

SID attributes flag.

Definition at line 437 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_SID_PID_TYPE

typedef uint32_t DOCA_APSH_PROCESS_SID_PID_TYPE

SID process id.

Definition at line 433 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_SID_STRING_TYPE

typedef const char* DOCA_APSH_PROCESS_SID_STRING_TYPE

SID strings.

Definition at line 435 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_WINDOWS_EXIT_TIME_TYPE

typedef uint64_t DOCA_APSH_PROCESS_WINDOWS_EXIT_TIME_TYPE

process exit time type

Definition at line 137 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_WINDOWS_OFFSET_TYPE

typedef uint64_t DOCA_APSH_PROCESS_WINDOWS_OFFSET_TYPE

process offset type

Definition at line 133 of file doca_apsh_attr.h.

◆ DOCA_APSH_PROCESS_WINDOWS_THREADS_TYPE

typedef uint32_t DOCA_APSH_PROCESS_WINDOWS_THREADS_TYPE

process threads type

Definition at line 135 of file doca_apsh_attr.h.

◆ DOCA_APSH_SCAN_WIN_SIZE_TYPE

typedef uint32_t DOCA_APSH_SCAN_WIN_SIZE_TYPE

yara scan window size

Definition at line 81 of file doca_apsh_attr.h.

◆ DOCA_APSH_SCAN_WIN_STEP_TYPE

typedef uint32_t DOCA_APSH_SCAN_WIN_STEP_TYPE

yara scan window step

Definition at line 83 of file doca_apsh_attr.h.

◆ DOCA_APSH_STRING_LIMIT_TYPE

typedef int DOCA_APSH_STRING_LIMIT_TYPE

length limit of apsh_read_str

Definition at line 99 of file doca_apsh_attr.h.

◆ DOCA_APSH_THREAD_LINUX_PROC_NAME_TYPE

typedef const char* DOCA_APSH_THREAD_LINUX_PROC_NAME_TYPE

thread proc name type

Definition at line 178 of file doca_apsh_attr.h.

◆ DOCA_APSH_THREAD_LINUX_THREAD_NAME_TYPE

typedef const char* DOCA_APSH_THREAD_LINUX_THREAD_NAME_TYPE

thread thread name type

Definition at line 180 of file doca_apsh_attr.h.

◆ DOCA_APSH_THREAD_PID_TYPE

typedef uint32_t DOCA_APSH_THREAD_PID_TYPE

thread pid type

Definition at line 166 of file doca_apsh_attr.h.

◆ DOCA_APSH_THREAD_STATE_TYPE

typedef uint64_t DOCA_APSH_THREAD_STATE_TYPE

thread state type

Definition at line 170 of file doca_apsh_attr.h.

◆ DOCA_APSH_THREAD_TID_TYPE

typedef uint32_t DOCA_APSH_THREAD_TID_TYPE

thread tid type

Definition at line 168 of file doca_apsh_attr.h.

◆ DOCA_APSH_THREAD_WINDOWS_OFFSET_TYPE

typedef uint64_t DOCA_APSH_THREAD_WINDOWS_OFFSET_TYPE

thread offset type

Definition at line 174 of file doca_apsh_attr.h.

◆ DOCA_APSH_THREAD_WINDOWS_SUSPEND_COUNT_TYPE

typedef uint8_t DOCA_APSH_THREAD_WINDOWS_SUSPEND_COUNT_TYPE

thread suspend count type

Definition at line 176 of file doca_apsh_attr.h.

◆ DOCA_APSH_THREAD_WINDOWS_WAIT_REASON_TYPE

typedef uint8_t DOCA_APSH_THREAD_WINDOWS_WAIT_REASON_TYPE

thread wait reason type

Definition at line 172 of file doca_apsh_attr.h.

◆ DOCA_APSH_THREADS_LIMIT_TYPE

typedef int DOCA_APSH_THREADS_LIMIT_TYPE

limit of threads number

Definition at line 91 of file doca_apsh_attr.h.

◆ DOCA_APSH_VADS_LIMIT_TYPE

typedef int DOCA_APSH_VADS_LIMIT_TYPE

limit of vads number

Definition at line 95 of file doca_apsh_attr.h.

◆ DOCA_APSH_VHCA_ID_TYPE

typedef struct doca_dev_rep* DOCA_APSH_VHCA_ID_TYPE

vhca id

Definition at line 77 of file doca_apsh_attr.h.

◆ DOCA_APSH_VMA_FILE_PATH_TYPE

typedef const char* DOCA_APSH_VMA_FILE_PATH_TYPE

vma file path type

Definition at line 238 of file doca_apsh_attr.h.

◆ DOCA_APSH_VMA_OFFSET_TYPE

typedef uint64_t DOCA_APSH_VMA_OFFSET_TYPE

vma offset type

Definition at line 228 of file doca_apsh_attr.h.

◆ DOCA_APSH_VMA_PID_TYPE

typedef uint32_t DOCA_APSH_VMA_PID_TYPE

vma pid type

Definition at line 226 of file doca_apsh_attr.h.

◆ DOCA_APSH_VMA_PROCESS_NAME_TYPE

typedef const char* DOCA_APSH_VMA_PROCESS_NAME_TYPE

vma file path type

Definition at line 236 of file doca_apsh_attr.h.

◆ DOCA_APSH_VMA_PROTECTION_TYPE

typedef const char* DOCA_APSH_VMA_PROTECTION_TYPE

vma protection type

Definition at line 230 of file doca_apsh_attr.h.

◆ DOCA_APSH_VMA_VM_END_TYPE

typedef uint64_t DOCA_APSH_VMA_VM_END_TYPE

vma vm end type

Definition at line 234 of file doca_apsh_attr.h.

◆ DOCA_APSH_VMA_VM_START_TYPE

typedef uint64_t DOCA_APSH_VMA_VM_START_TYPE

vma vm start type

Definition at line 232 of file doca_apsh_attr.h.

◆ DOCA_APSH_VMA_WINDOWS_COMMIT_CHARGE_TYPE

typedef uint32_t DOCA_APSH_VMA_WINDOWS_COMMIT_CHARGE_TYPE

vma commit charge type

Definition at line 240 of file doca_apsh_attr.h.

◆ DOCA_APSH_VMA_WINDOWS_PRIVATE_MEMORY_TYPE

typedef uint32_t DOCA_APSH_VMA_WINDOWS_PRIVATE_MEMORY_TYPE

vma private memory type

Definition at line 242 of file doca_apsh_attr.h.

◆ DOCA_APSH_VMA_WINDOWS_TAG_TYPE

typedef const char* DOCA_APSH_VMA_WINDOWS_TAG_TYPE

vma tag type

Definition at line 244 of file doca_apsh_attr.h.

◆ DOCA_APSH_WINDOWS_ENVARS_LIMIT_TYPE

typedef int DOCA_APSH_WINDOWS_ENVARS_LIMIT_TYPE

length limit of envars for windows

Definition at line 97 of file doca_apsh_attr.h.

◆ DOCA_APSH_YARA_COMM_TYPE

typedef const char* DOCA_APSH_YARA_COMM_TYPE

name of the process

Definition at line 609 of file doca_apsh_attr.h.

◆ DOCA_APSH_YARA_MATCH_WINDOW_ADDR_TYPE

typedef uint64_t DOCA_APSH_YARA_MATCH_WINDOW_ADDR_TYPE

virtual address of the scan window of the match

Definition at line 613 of file doca_apsh_attr.h.

◆ DOCA_APSH_YARA_MATCH_WINDOW_LEN_TYPE

typedef uint64_t DOCA_APSH_YARA_MATCH_WINDOW_LEN_TYPE

length of the scan window of the match

Definition at line 615 of file doca_apsh_attr.h.

◆ DOCA_APSH_YARA_PID_TYPE

typedef uint32_t DOCA_APSH_YARA_PID_TYPE

pid of the process

Definition at line 607 of file doca_apsh_attr.h.

◆ DOCA_APSH_YARA_RULE_TYPE

typedef const char* DOCA_APSH_YARA_RULE_TYPE

rule name

Definition at line 611 of file doca_apsh_attr.h.

Enumeration Type Documentation

◆ doca_apsh_attestation_attr

enum doca_apsh_attestation_attr

doca app shield attestation attributes

Enumerator
DOCA_APSH_ATTESTATION_PID	attestation process id
DOCA_APSH_ATTESTATION_COMM	attestation process name
DOCA_APSH_ATTESTATION_PATH_OF_MEMORY_AREA	attestation path of memory area
DOCA_APSH_ATTESTATION_PROTECTION	attestation protection
DOCA_APSH_ATTESTATION_START_ADDRESS	attestation start address
DOCA_APSH_ATTESTATION_END_ADDRESS	attestation end address
DOCA_APSH_ATTESTATION_PAGES_NUMBER	attestation process pages count in binary file
DOCA_APSH_ATTESTATION_PAGES_PRESENT	attestation pages present in memory
DOCA_APSH_ATTESTATION_MATCHING_HASHES	attestation pages hash match count from pages in memory
DOCA_APSH_ATTESTATION_HASH_DATA_IS_PRESENT	attestation hash data is present

Definition at line 249 of file doca_apsh_attr.h.

◆ doca_apsh_container_attr

enum doca_apsh_container_attr

doca app shield process attributes

Enumerator
DOCA_APSH_CONTAINER_ID	container id

Definition at line 651 of file doca_apsh_attr.h.

◆ doca_apsh_envar_attr

enum doca_apsh_envar_attr

doca app shield envars attributes

Enumerator
DOCA_APSH_ENVARS_PID	envars pid
DOCA_APSH_ENVARS_VARIABLE	envars variable
DOCA_APSH_ENVARS_VALUE	envars value
DOCA_APSH_ENVARS_WINDOWS_BLOCK	envars windows environment block address

Definition at line 332 of file doca_apsh_attr.h.

◆ doca_apsh_handle_attr

enum doca_apsh_handle_attr

doca app shield handle attributes

Enumerator
DOCA_APSH_HANDLE_PID	handle process id
DOCA_APSH_HANDLE_VALUE	handle value
DOCA_APSH_HANDLE_TABLE_ENTRY	handle table entry
DOCA_APSH_HANDLE_TYPE	handle type
DOCA_APSH_HANDLE_ACCESS	handle access
DOCA_APSH_HANDLE_NAME	handle name

Definition at line 382 of file doca_apsh_attr.h.

◆ doca_apsh_injection_detect_attr

enum doca_apsh_injection_detect_attr

doca app shield injection detect attributes

Enumerator
DOCA_APSH_INJECTION_DETECT_PID	suspected injection process id
DOCA_APSH_INJECTION_DETECT_VAD_START	suspected injection VAD start address
DOCA_APSH_INJECTION_DETECT_VAD_END	suspected injection VAD end address
DOCA_APSH_INJECTION_DETECT_VAD_PROTECTION	suspected injection VAD protection
DOCA_APSH_INJECTION_DETECT_VAD_TAG	suspected injection VAD pool tag
DOCA_APSH_INJECTION_DETECT_VAD_FILE_PATH	suspected injection VAD file path
DOCA_APSH_INJECTION_DETECT_SUSPECTED_AREA_START	suspected injection suspected area start
DOCA_APSH_INJECTION_DETECT_SUSPECTED_AREA_END	suspected injection suspected area end

Definition at line 620 of file doca_apsh_attr.h.

◆ doca_apsh_interface_attr

enum doca_apsh_interface_attr

doca app shield interface attributes

Enumerator
DOCA_APSH_LINUX_INTERFACE_NAME	linux interface name
DOCA_APSH_LINUX_INTERFACE_IPV4_ARR	linux interface IPV4 address array
DOCA_APSH_LINUX_INTERFACE_IPV4_PREFIX_LEN_ARR	linux interface IPV4 prefix_len array
DOCA_APSH_LINUX_INTERFACE_IPV4_ARR_SIZE	linux interface IPV4 address array size
DOCA_APSH_LINUX_INTERFACE_MAC_ARR	linux interface mac address array
DOCA_APSH_LINUX_INTERFACE_MAC_ARR_SIZE	linux interface mac address array size
DOCA_APSH_LINUX_INTERFACE_IPV6_ARR	linux interface IPV6 address array
DOCA_APSH_LINUX_INTERFACE_IPV6_PREFIX_LEN_ARR	linux interface IPV6 prefix_len array
DOCA_APSH_LINUX_INTERFACE_IPV6_ARR_SIZE	linux interface IPV6 address array size
DOCA_APSH_LINUX_INTERFACE_NAMESPACE	linux interface namespace

Definition at line 541 of file doca_apsh_attr.h.

◆ doca_apsh_ldrmodule_attr

enum doca_apsh_ldrmodule_attr

doca app shield LDR-Modules attributes

Enumerator
DOCA_APSH_LDRMODULE_PID	ldrmodule process pid
DOCA_APSH_LDRMODULE_BASE_ADDRESS	ldrmodule base address
DOCA_APSH_LDRMODULE_LIBRARY_PATH	ldrmodule loaded library path
DOCA_APSH_LDRMODULE_WINDOWS_DLL_NAME	ldrmodule dll name
DOCA_APSH_LDRMODULE_WINDOWS_SIZE_OF_IMAGE	ldrmodule size of image
DOCA_APSH_LDRMODULE_WINDOWS_INLOAD	ldrmodule appear in inload list
DOCA_APSH_LDRMODULE_WINDOWS_INMEM	ldrmodule appear in inmem list
DOCA_APSH_LDRMODULE_WINDOWS_ININIT	ldrmodule appear in ininit list

Definition at line 351 of file doca_apsh_attr.h.

◆ doca_apsh_lib_attr

enum doca_apsh_lib_attr

doca app shield lib attributes

Enumerator
DOCA_APSH_LIB_PID	lib pid
DOCA_APSH_LIB_LIBRARY_PATH	lib loaded library path
DOCA_APSH_LIB_LOAD_ADRESS	lib load address for both Windows and Linux
DOCA_APSH_LIB_WINDOWS_DLL_NAME	lib dll name
DOCA_APSH_LIB_WINDOWS_SIZE_OF_IMAGE	lib size of image
DOCA_APSH_LIB_LINUX_LOAD_ADRESS	lib load address for Linux. It's kept for backwards compatibility, use DOCA_APSH_LIB_LOAD_ADRESS instead-

Definition at line 185 of file doca_apsh_attr.h.

◆ doca_apsh_module_attr

enum doca_apsh_module_attr

doca app shield module attributes

Enumerator
DOCA_APSH_MODULES_OFFSET	module offset
DOCA_APSH_MODULES_NAME	module name
DOCA_APSH_MODULES_SIZE	module size

Definition at line 286 of file doca_apsh_attr.h.

◆ doca_apsh_netscan_attr

enum doca_apsh_netscan_attr

doca app shield netscan attributes

Enumerator
DOCA_APSH_NETSCAN_PID	netscan connection process id
DOCA_APSH_NETSCAN_COMM	netscan connection process name
DOCA_APSH_NETSCAN_PROTOCOL	netscan connection protcol
DOCA_APSH_NETSCAN_LOCAL_ADDR	netscan connection local address
DOCA_APSH_NETSCAN_REMOTE_ADDR	netscan connection remote address
DOCA_APSH_NETSCAN_LOCAL_PORT	netscan connection local port
DOCA_APSH_NETSCAN_REMOTE_PORT	netscan connection remote port
DOCA_APSH_NETSCAN_STATE	netscan connection state
DOCA_APSH_NETSCAN_TIME	netscan connection creation time - windows only. depricated - use DOCA_APSH_NETSCAN_WINDOWS_TIME instead
DOCA_APSH_NETSCAN_WINDOWS_TIME	netscan windows connection creation time
DOCA_APSH_NETSCAN_LINUX_FD	netscan linux connection file descriptor
DOCA_APSH_NETSCAN_LINUX_SOCKET_OFFSET	netscan linux connection socket offset
DOCA_APSH_NETSCAN_LINUX_FAMILY	netscan linux connection Family
DOCA_APSH_NETSCAN_LINUX_TYPE	netscan linux connection Type
DOCA_APSH_NETSCAN_LINUX_FILTER	netscan linux connection filter
DOCA_APSH_NETSCAN_LINUX_NET_NAMESPACE	netscan linux connection net namespace
DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_SENT	netscan linux connection TCP sent bytes
DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_ACKED	netscan linux connection TCP acknowledged bytes
DOCA_APSH_NETSCAN_LINUX_TCP_BYTES_RECEIVED	netscan linux connection TCP received bytes
DOCA_APSH_NETSCAN_LINUX_TCP_SEGS_IN	netscan linux connection TCP segments in
DOCA_APSH_NETSCAN_LINUX_TCP_SEGS_OUT	netscan linux connection TCP segments out
DOCA_APSH_NETSCAN_LINUX_TCP_DATA_SEGS_IN	netscan linux connection TCP data segments in
DOCA_APSH_NETSCAN_LINUX_TCP_DATA_SEGS_OUT	netscan linux connection TCP data segments out
DOCA_APSH_NETSCAN_LINUX_INTERFACE_NAME	netscan linux interface name
DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV4_ARR	netscan linux interface IPV4 address array
DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV4_ARR_SIZE
DOCA_APSH_NETSCAN_LINUX_INTERFACE_MAC_ARR	netscan linux interface IPV4 array size netscan linux interface mac address array
DOCA_APSH_NETSCAN_LINUX_INTERFACE_MAC_ARR_SIZE
DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV6_ARR	netscan linux interface mac array size netscan linux interface IPV6 address array
DOCA_APSH_NETSCAN_LINUX_INTERFACE_IPV6_ARR_SIZE

Definition at line 442 of file doca_apsh_attr.h.

◆ doca_apsh_privilege_attr

enum doca_apsh_privilege_attr

doca app shield privileges attributes windows privilege list can be found on: https://docs.microsoft.com/en-us/windows/win32/secauthz/privilege-constants

Enumerator
DOCA_APSH_PRIVILEGES_PID	privilege process pid
DOCA_APSH_PRIVILEGES_NAME	privilege name, for example: SeTcbPrivilege
DOCA_APSH_PRIVILEGES_IS_ON	is the privilege turned on or off. For Windows this is the outcome of get(PRESENT) && (get(ENABLED) \|\| get(DEFAULT))
DOCA_APSH_PRIVILEGES_WINDOWS_PRESENT	privilege present flag
DOCA_APSH_PRIVILEGES_WINDOWS_ENABLED	privilege enabled flag
DOCA_APSH_PRIVILEGES_WINDOWS_DEFAULT	privilege enabledbydefault flag

Definition at line 304 of file doca_apsh_attr.h.

◆ doca_apsh_proc_file_details_attr

enum doca_apsh_proc_file_details_attr

doca app shield process file details attributes

Enumerator
DOCA_APSH_PROCESS_FILE_DETAILS_PID	process file details pid
DOCA_APSH_PROCESS_FILE_DETAILS_PATH	process file details path
DOCA_APSH_PROCESS_FILE_DETAILS_SHA1	process file details sha1
DOCA_APSH_PROCESS_FILE_DETAILS_SHA256	process file details sha256
DOCA_APSH_PROCESS_FILE_DETAILS_INODE	process file details inode number
DOCA_APSH_PROCESS_FILE_DETAILS_SIZE	process file details file size
DOCA_APSH_PROCESS_FILE_DETAILS_ELF_TYPE	process file details elf type
DOCA_APSH_PROCESS_FILE_DETAILS_INODE_ADDRESS	process file details inode address

Definition at line 661 of file doca_apsh_attr.h.

◆ doca_apsh_process_attr

enum doca_apsh_process_attr

doca app shield process attributes

Enumerator
DOCA_APSH_PROCESS_PID	process id
DOCA_APSH_PROCESS_PPID	process parent id
DOCA_APSH_PROCESS_COMM	process executable name
DOCA_APSH_PROCESS_CPU_TIME	process cpu time [ps]
DOCA_APSH_PROCESS_WINDOWS_OFFSET	process offset
DOCA_APSH_PROCESS_WINDOWS_THREADS	process thread count
DOCA_APSH_PROCESS_WINDOWS_EXIT_TIME	process exit time
DOCA_APSH_PROCESS_LINUX_GID	process group id
DOCA_APSH_PROCESS_LINUX_UID	process user id
DOCA_APSH_PROCESS_LINUX_STATE	process state
DOCA_APSH_PROCESS_LINUX_NS_PID	process PID namespace
DOCA_APSH_PROCESS_LINUX_NS_MNT	process mount namespace
DOCA_APSH_PROCESS_LINUX_NS_NET	process network namespace

Definition at line 108 of file doca_apsh_attr.h.

◆ doca_apsh_process_parameters_attr

enum doca_apsh_process_parameters_attr

doca app shield process-parameters attributes

Enumerator
DOCA_APSH_PROCESS_PARAMETERS_PID	process-parameters pid
DOCA_APSH_PROCESS_PARAMETERS_CMD_LINE	process-parameters command line
DOCA_APSH_PROCESS_PARAMETERS_IMAGE_BASE_ADDR	process-parameters image base address
DOCA_APSH_PROCESS_PARAMETERS_IMAGE_FULL_PATH	process-parameters image full path

Definition at line 407 of file doca_apsh_attr.h.

◆ doca_apsh_sid_attr

enum doca_apsh_sid_attr

doca app shield SID (security identifiers) attributes

Enumerator
DOCA_APSH_PROCESS_SID_PID	SID process id
DOCA_APSH_PROCESS_SID_STRING	SID string
DOCA_APSH_PROCESS_SID_ATTRIBUTES	SID attributes flag

Definition at line 426 of file doca_apsh_attr.h.

◆ doca_apsh_system_config_attr

enum doca_apsh_system_config_attr

doca app shield configuration attributes

Enumerator
DOCA_APSH_OS_SYMBOL_MAP	os symbol map path
DOCA_APSH_MEM_REGION	memory region path
DOCA_APSH_KPGD_FILE	kpgd file path
DOCA_APSH_VHCA_ID	vhca id
DOCA_APSH_OS_TYPE	os type
DOCA_APSH_SCAN_WIN_SIZE	yara scan window size
DOCA_APSH_SCAN_WIN_STEP	yara scan window step
DOCA_APSH_HASHTEST_LIMIT	limit of vm areas to attest
DOCA_APSH_MODULES_LIMIT	limit of modules number
DOCA_APSH_PROCESS_LIMIT	limit of processes number
DOCA_APSH_THREADS_LIMIT	limit of threads number
DOCA_APSH_LDRMODULES_LIMIT	limit of ldrmodules number on windows
DOCA_APSH_LIBS_LIMIT	limit of libs number
DOCA_APSH_VADS_LIMIT	limit of vads number
DOCA_APSH_WINDOWS_ENVARS_LIMIT	length limit of envars for windows
DOCA_APSH_HANDLES_LIMIT	limit of handles/FDs/sockets number
DOCA_APSH_STRING_LIMIT	length limit of apsh_read_str
DOCA_APSH_OS_SYMBOL_MAP_FOLDER	os symbol map files folder
DOCA_APSH_FILESIZE_LIMIT	length limit of file size parsing

Definition at line 46 of file doca_apsh_attr.h.

◆ doca_apsh_system_os

enum doca_apsh_system_os

system os types

Enumerator
DOCA_APSH_SYSTEM_LINUX	linux
DOCA_APSH_SYSTEM_WINDOWS	windows

Definition at line 38 of file doca_apsh_attr.h.

◆ doca_apsh_thread_attr

enum doca_apsh_thread_attr

doca app shield thread attributes

Enumerator
DOCA_APSH_THREAD_PID	thread process id
DOCA_APSH_THREAD_TID	thread id
DOCA_APSH_THREAD_STATE	thread state
DOCA_APSH_THREAD_WINDOWS_WAIT_REASON	thread wait reason
DOCA_APSH_THREAD_WINDOWS_OFFSET	thread offset
DOCA_APSH_THREAD_WINDOWS_SUSPEND_COUNT	thread suspend count
DOCA_APSH_THREAD_LINUX_PROC_NAME	thread process name
DOCA_APSH_THREAD_LINUX_THREAD_NAME	thread name

Definition at line 154 of file doca_apsh_attr.h.

◆ doca_apsh_vad_attr

enum doca_apsh_vad_attr

doca app shield virtual address descriptor attributes

Enumerator
DOCA_APSH_VMA_PID	vma process id
DOCA_APSH_VMA_OFFSET	vma offset
DOCA_APSH_VMA_PROTECTION	vma protection
DOCA_APSH_VMA_VM_START	vma vm start
DOCA_APSH_VMA_VM_END	vma vm end
DOCA_APSH_VMA_PROCESS_NAME	vma process name
DOCA_APSH_VMA_FILE_PATH	vma file path
DOCA_APSH_VMA_WINDOWS_COMMIT_CHARGE	vma commit charge
DOCA_APSH_VMA_WINDOWS_PRIVATE_MEMORY	vma private memory
DOCA_APSH_VMA_WINDOWS_TAG	vma pool tag

Definition at line 212 of file doca_apsh_attr.h.

◆ doca_apsh_yara_attr

enum doca_apsh_yara_attr

doca app shield yara attributes

Enumerator
DOCA_APSH_YARA_PID	pid of the process
DOCA_APSH_YARA_COMM	name of the process
DOCA_APSH_YARA_RULE	rule name
DOCA_APSH_YARA_MATCH_WINDOW_ADDR	virtual address of the scan window of the match
DOCA_APSH_YARA_MATCH_WINDOW_LEN	length of the scan window of the match

Definition at line 598 of file doca_apsh_attr.h.

◆ doca_apsh_yara_rule

enum doca_apsh_yara_rule

available doca app shield yara rules

Enumerator
DOCA_APSH_YARA_RULE_HELLO_WORLD	yara rule that scans for "Hello World". Rule name is "Hello_World".
DOCA_APSH_YARA_RULE_REFLECTIVE_DLL_INJECTION	yara rule that scans for Reflective Dll Injection attack. Rule name is "Reflective_Dll_Injection".
DOCA_APSH_YARA_RULE_MIMIKATZ	yara rule that scans for Mimikatz process running on the system. Rule name is "Mimikatz".

Definition at line 578 of file doca_apsh_attr.h.

◆ doca_apsh_yara_scan_type

enum doca_apsh_yara_scan_type

doca app shield yara scan type bitmask

Enumerator
DOCA_APSH_YARA_SCAN_VMA	scan all vma tree, override all others
DOCA_APSH_YARA_SCAN_HEAP	scan heap vads

Definition at line 590 of file doca_apsh_attr.h.

Typedefs

Enumerations