sentinel-stack/sentinel-vmi/include/sentinel_vmi.h
sentinel-stack/sentinel-vmi/include/sentinel_vmi.h
Section titled “sentinel-stack/sentinel-vmi/include/sentinel_vmi.h”Classes
Section titled “Classes”| Name | |
|---|---|
| struct | vmi_memslot |
| struct | vmi_session |
| struct | vmi_process |
Functions
Section titled “Functions”| Name | |
|---|---|
| struct vmi_session * | kvmi_setup(const char * vm_name) |
| void | kvmi_teardown(struct vmi_session * session) |
| int | kvmi_session_heartbeat(struct vmi_session * session) |
| int | vmi_read_physical(struct vmi_session * s, uint64_t gpa, void * buf, size_t size) |
| int | vmi_write_physical(struct vmi_session * s, uint64_t gpa, const void * buf, size_t size) |
| int | vmi_gva_to_gpa(struct vmi_session * s, uint64_t cr3, uint64_t gva, uint64_t * gpa) |
| int | vmi_read_virtual(struct vmi_session * s, uint64_t cr3, uint64_t gva, void * buf, size_t size) |
| void | task_walker_dump(struct vmi_session * s) |
| int | task_walker_find_pid(struct vmi_session * s, uint32_t pid, uint64_t * task_addr) |
| int | task_walker_read_process(struct vmi_session * s, uint64_t task_gva, struct vmi_process * out) |
| int | task_walker_detect_privilege_escalation(struct vmi_session * s) |
| int | task_walker_set_offsets_profile(const char * kernel_version) |
| const char * | task_walker_get_offsets_profile(void ) |
| int | task_walker_detect_orphans(struct vmi_session * s) |
| int | task_walker_detect_fork_bomb(struct vmi_session * s, uint32_t threshold) |
| int | task_walker_detect_suspicious_ancestry(struct vmi_session * s) |
| int | npt_guard_arm(struct vmi_session * s) |
| void | npt_guard_disarm(struct vmi_session * s) |
| void | npt_guard_handle_events(struct vmi_session * s) |
| int | npf_handler_init(struct vmi_session * s) |
| void | npf_handler_process(struct vmi_session * s, uint64_t gpa, int write_access) |
| int | npf_handler_report_integrity_violation(struct vmi_session * s, const char * region_name, uint64_t gpa, uint64_t expected_hash, uint64_t actual_hash, int critical) |
| int | heki_server_init(struct vmi_session * session, const char * socket_path) |
| void | heki_server_poll(void ) |
| int | bridge_init(void ) |
| void | bridge_teardown(void ) |
| void | bridge_signal_malicious(uint32_t pid, const char * reason) |
| void | bridge_signal_suspicious(uint32_t pid, const char * reason) |
| void | bridge_flush_alerts(void ) |
| int | npt_guard_protect_dynamic(struct vmi_session * s, uint64_t gpa, uint64_t size, int critical, const char * name) |
| int | npt_guard_check_bounds(uint64_t gpa, const char ** region_name, int * is_critical) |
Defines
Section titled “Defines”| Name | |
|---|---|
| VMI_MAX_VCPUS | |
| VMI_PAGE_SIZE | |
| VMI_PAGE_SHIFT | |
| VMI_MEMSLOT_F_REMOTE_PROCESS | |
| TASK_COMM_LEN |
Functions Documentation
Section titled “Functions Documentation”function kvmi_setup
Section titled “function kvmi_setup”struct vmi_session * kvmi_setup( const char * vm_name)function kvmi_teardown
Section titled “function kvmi_teardown”void kvmi_teardown( struct vmi_session * session)function kvmi_session_heartbeat
Section titled “function kvmi_session_heartbeat”int kvmi_session_heartbeat( struct vmi_session * session)function vmi_read_physical
Section titled “function vmi_read_physical”int vmi_read_physical( struct vmi_session * s, uint64_t gpa, void * buf, size_t size)function vmi_write_physical
Section titled “function vmi_write_physical”int vmi_write_physical( struct vmi_session * s, uint64_t gpa, const void * buf, size_t size)function vmi_gva_to_gpa
Section titled “function vmi_gva_to_gpa”int vmi_gva_to_gpa( struct vmi_session * s, uint64_t cr3, uint64_t gva, uint64_t * gpa)function vmi_read_virtual
Section titled “function vmi_read_virtual”int vmi_read_virtual( struct vmi_session * s, uint64_t cr3, uint64_t gva, void * buf, size_t size)function task_walker_dump
Section titled “function task_walker_dump”void task_walker_dump( struct vmi_session * s)function task_walker_find_pid
Section titled “function task_walker_find_pid”int task_walker_find_pid( struct vmi_session * s, uint32_t pid, uint64_t * task_addr)function task_walker_read_process
Section titled “function task_walker_read_process”int task_walker_read_process( struct vmi_session * s, uint64_t task_gva, struct vmi_process * out)function task_walker_detect_privilege_escalation
Section titled “function task_walker_detect_privilege_escalation”int task_walker_detect_privilege_escalation( struct vmi_session * s)function task_walker_set_offsets_profile
Section titled “function task_walker_set_offsets_profile”int task_walker_set_offsets_profile( const char * kernel_version)function task_walker_get_offsets_profile
Section titled “function task_walker_get_offsets_profile”const char * task_walker_get_offsets_profile( void)function task_walker_detect_orphans
Section titled “function task_walker_detect_orphans”int task_walker_detect_orphans( struct vmi_session * s)function task_walker_detect_fork_bomb
Section titled “function task_walker_detect_fork_bomb”int task_walker_detect_fork_bomb( struct vmi_session * s, uint32_t threshold)function task_walker_detect_suspicious_ancestry
Section titled “function task_walker_detect_suspicious_ancestry”int task_walker_detect_suspicious_ancestry( struct vmi_session * s)function npt_guard_arm
Section titled “function npt_guard_arm”int npt_guard_arm( struct vmi_session * s)function npt_guard_disarm
Section titled “function npt_guard_disarm”void npt_guard_disarm( struct vmi_session * s)function npt_guard_handle_events
Section titled “function npt_guard_handle_events”void npt_guard_handle_events( struct vmi_session * s)function npf_handler_init
Section titled “function npf_handler_init”int npf_handler_init( struct vmi_session * s)function npf_handler_process
Section titled “function npf_handler_process”void npf_handler_process( struct vmi_session * s, uint64_t gpa, int write_access)function npf_handler_report_integrity_violation
Section titled “function npf_handler_report_integrity_violation”int npf_handler_report_integrity_violation( struct vmi_session * s, const char * region_name, uint64_t gpa, uint64_t expected_hash, uint64_t actual_hash, int critical)function heki_server_init
Section titled “function heki_server_init”int heki_server_init( struct vmi_session * session, const char * socket_path)function heki_server_poll
Section titled “function heki_server_poll”void heki_server_poll( void)function bridge_init
Section titled “function bridge_init”int bridge_init( void)function bridge_teardown
Section titled “function bridge_teardown”void bridge_teardown( void)function bridge_signal_malicious
Section titled “function bridge_signal_malicious”void bridge_signal_malicious( uint32_t pid, const char * reason)function bridge_signal_suspicious
Section titled “function bridge_signal_suspicious”void bridge_signal_suspicious( uint32_t pid, const char * reason)function bridge_flush_alerts
Section titled “function bridge_flush_alerts”void bridge_flush_alerts( void)function npt_guard_protect_dynamic
Section titled “function npt_guard_protect_dynamic”int npt_guard_protect_dynamic( struct vmi_session * s, uint64_t gpa, uint64_t size, int critical, const char * name)function npt_guard_check_bounds
Section titled “function npt_guard_check_bounds”int npt_guard_check_bounds( uint64_t gpa, const char ** region_name, int * is_critical)Macros Documentation
Section titled “Macros Documentation”define VMI_MAX_VCPUS
Section titled “define VMI_MAX_VCPUS”#define VMI_MAX_VCPUS 64define VMI_PAGE_SIZE
Section titled “define VMI_PAGE_SIZE”#define VMI_PAGE_SIZE 4096define VMI_PAGE_SHIFT
Section titled “define VMI_PAGE_SHIFT”#define VMI_PAGE_SHIFT 12define VMI_MEMSLOT_F_REMOTE_PROCESS
Section titled “define VMI_MEMSLOT_F_REMOTE_PROCESS”#define VMI_MEMSLOT_F_REMOTE_PROCESS (1U << 31)define TASK_COMM_LEN
Section titled “define TASK_COMM_LEN”#define TASK_COMM_LEN 16Updated on 2026-05-26 at 13:25:29 +0000