sentinel-stack/sentinel-vmi/src/npf_handler.c
sentinel-stack/sentinel-vmi/src/npf_handler.c
Section titled “sentinel-stack/sentinel-vmi/src/npf_handler.c”| Name | |
|---|---|
| enum | fault_classification { FAULT_IGNORE = 0, FAULT_LEGITIMATE = 1, FAULT_SUSPICIOUS = 2, FAULT_MALICIOUS = 3} |
Functions
Section titled “Functions”| Name | |
|---|---|
| const char * | classification_to_string(enum fault_classification c) |
| int | is_legitimate_fault(struct vmi_session * s, uint64_t fault_gpa, const char * region_name) |
| enum fault_classification | classify_fault(struct vmi_session * s, uint64_t gpa, int write_access, const char ** region_out, int * critical_out, int * is_collateral) |
| uint32_t | identify_malicious_pid(struct vmi_session * s) |
| int | npf_handler_init(struct vmi_session * s) |
| int | npf_handler_is_authorized(uint64_t cr3, uint32_t pid) |
| void | npf_handler_clear_authorized(void ) |
| void | npf_handler_process(struct vmi_session * s, uint64_t gpa, int write_access) |
| int | npf_handler_report_integrity_violation(struct vmi_session * s, const char * region_name, uint64_t gpa, uint64_t expected_hash, uint64_t actual_hash, int critical) |
Attributes
Section titled “Attributes”| Name | |
|---|---|
| const char *[] | legitimate_writers |
Defines
Section titled “Defines”| Name | |
|---|---|
| SYSCALL_ENTRY_SIZE | |
| SYSCALL_MAX_ENTRIES | |
| SYSCALL_TABLE_SIZE |
Types Documentation
Section titled “Types Documentation”enum fault_classification
Section titled “enum fault_classification”| Enumerator | Value | Description |
|---|---|---|
| FAULT_IGNORE | 0 | |
| FAULT_LEGITIMATE | 1 | |
| FAULT_SUSPICIOUS | 2 | |
| FAULT_MALICIOUS | 3 |
Functions Documentation
Section titled “Functions Documentation”function classification_to_string
Section titled “function classification_to_string”static const char * classification_to_string( enum fault_classification c)function is_legitimate_fault
Section titled “function is_legitimate_fault”static int is_legitimate_fault( struct vmi_session * s, uint64_t fault_gpa, const char * region_name)function classify_fault
Section titled “function classify_fault”static enum fault_classification classify_fault( struct vmi_session * s, uint64_t gpa, int write_access, const char ** region_out, int * critical_out, int * is_collateral)function identify_malicious_pid
Section titled “function identify_malicious_pid”uint32_t identify_malicious_pid( struct vmi_session * s)function npf_handler_init
Section titled “function npf_handler_init”int npf_handler_init( struct vmi_session * s)function npf_handler_is_authorized
Section titled “function npf_handler_is_authorized”int npf_handler_is_authorized( uint64_t cr3, uint32_t pid)function npf_handler_clear_authorized
Section titled “function npf_handler_clear_authorized”void npf_handler_clear_authorized( void)function npf_handler_process
Section titled “function npf_handler_process”void npf_handler_process( struct vmi_session * s, uint64_t gpa, int write_access)function npf_handler_report_integrity_violation
Section titled “function npf_handler_report_integrity_violation”int npf_handler_report_integrity_violation( struct vmi_session * s, const char * region_name, uint64_t gpa, uint64_t expected_hash, uint64_t actual_hash, int critical)Attributes Documentation
Section titled “Attributes Documentation”variable legitimate_writers
Section titled “variable legitimate_writers”static const char *[] legitimate_writers = { "ftrace", "livepatch", "kprobes", NULL};Macros Documentation
Section titled “Macros Documentation”define SYSCALL_ENTRY_SIZE
Section titled “define SYSCALL_ENTRY_SIZE”#define SYSCALL_ENTRY_SIZE 8ULLdefine SYSCALL_MAX_ENTRIES
Section titled “define SYSCALL_MAX_ENTRIES”#define SYSCALL_MAX_ENTRIES 512ULLdefine SYSCALL_TABLE_SIZE
Section titled “define SYSCALL_TABLE_SIZE”#define SYSCALL_TABLE_SIZE (SYSCALL_ENTRY_SIZE * SYSCALL_MAX_ENTRIES)Updated on 2026-05-26 at 13:25:29 +0000