Class KernelRootkit (2.19.0) 
  
  
  
   
  
    
  
  
    
    
    
    
  Version 2.19.0keyboard_arrow_down  
  
 
    
    
    
      
  
  
  
    
public   final   class  KernelRootkit   extends   GeneratedMessageV3   implements   KernelRootkitOrBuilder  
   Kernel mode rootkit signatures.
 Protobuf type google.cloud.securitycenter.v1.KernelRootkit
Static Fields
   
  NAME_FIELD_NUMBER 
  
    
public   static   final   int   NAME_FIELD_NUMBER  
  Field Value 
  
  UNEXPECTED_CODE_MODIFICATION_FIELD_NUMBER 
  
    
public   static   final   int   UNEXPECTED_CODE_MODIFICATION_FIELD_NUMBER  
  Field Value 
  
  UNEXPECTED_FTRACE_HANDLER_FIELD_NUMBER 
  
    
public   static   final   int   UNEXPECTED_FTRACE_HANDLER_FIELD_NUMBER  
  Field Value 
  
  UNEXPECTED_INTERRUPT_HANDLER_FIELD_NUMBER 
  
    
public   static   final   int   UNEXPECTED_INTERRUPT_HANDLER_FIELD_NUMBER  
  Field Value 
  
  UNEXPECTED_KERNEL_CODE_PAGES_FIELD_NUMBER 
  
    
public   static   final   int   UNEXPECTED_KERNEL_CODE_PAGES_FIELD_NUMBER  
  Field Value 
  
  UNEXPECTED_KPROBE_HANDLER_FIELD_NUMBER 
  
    
public   static   final   int   UNEXPECTED_KPROBE_HANDLER_FIELD_NUMBER  
  Field Value 
  
  UNEXPECTED_PROCESSES_IN_RUNQUEUE_FIELD_NUMBER 
  
    
public   static   final   int   UNEXPECTED_PROCESSES_IN_RUNQUEUE_FIELD_NUMBER  
  Field Value 
  
  UNEXPECTED_READ_ONLY_DATA_MODIFICATION_FIELD_NUMBER 
  
    
public   static   final   int   UNEXPECTED_READ_ONLY_DATA_MODIFICATION_FIELD_NUMBER  
  Field Value 
  
  UNEXPECTED_SYSTEM_CALL_HANDLER_FIELD_NUMBER 
  
    
public   static   final   int   UNEXPECTED_SYSTEM_CALL_HANDLER_FIELD_NUMBER  
  Field Value 
  
  Static Methods
   
  getDefaultInstance() 
  
    
public   static   KernelRootkit   getDefaultInstance ()  
  Returns 
  
  getDescriptor() 
  
    
public   static   final   Descriptors . Descriptor   getDescriptor ()  
  Returns 
  
  newBuilder() 
  
    
public   static   KernelRootkit . Builder   newBuilder ()  
  Returns 
  
  newBuilder(KernelRootkit prototype) 
  
    
public   static   KernelRootkit . Builder   newBuilder ( KernelRootkit   prototype )  
  Parameter 
  
  Returns 
  
  
    
public   static   KernelRootkit   parseDelimitedFrom ( InputStream   input )  
  Parameter 
  
  Returns 
  
  Exceptions 
  
  
    
public   static   KernelRootkit   parseDelimitedFrom ( InputStream   input ,   ExtensionRegistryLite   extensionRegistry )  
  Parameters 
  
  Returns 
  
  Exceptions 
  
  parseFrom(byte[] data) 
  
    
public   static   KernelRootkit   parseFrom ( byte []   data )  
  Parameter 
  
    
      
        Name Description  
      
        databyte [] 
     
  
  Returns 
  
  Exceptions 
  
  parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry) 
  
    
public   static   KernelRootkit   parseFrom ( byte []   data ,   ExtensionRegistryLite   extensionRegistry )  
  Parameters 
  
  Returns 
  
  Exceptions 
  
  parseFrom(ByteString data) 
  
    
public   static   KernelRootkit   parseFrom ( ByteString   data )  
  Parameter 
  
  Returns 
  
  Exceptions 
  
  parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry) 
  
    
public   static   KernelRootkit   parseFrom ( ByteString   data ,   ExtensionRegistryLite   extensionRegistry )  
  Parameters 
  
  Returns 
  
  Exceptions 
  
  
    
public   static   KernelRootkit   parseFrom ( CodedInputStream   input )  
  Parameter 
  
  Returns 
  
  Exceptions 
  
  
    
public   static   KernelRootkit   parseFrom ( CodedInputStream   input ,   ExtensionRegistryLite   extensionRegistry )  
  Parameters 
  
  Returns 
  
  Exceptions 
  
  
    
public   static   KernelRootkit   parseFrom ( InputStream   input )  
  Parameter 
  
  Returns 
  
  Exceptions 
  
  
    
public   static   KernelRootkit   parseFrom ( InputStream   input ,   ExtensionRegistryLite   extensionRegistry )  
  Parameters 
  
  Returns 
  
  Exceptions 
  
  parseFrom(ByteBuffer data) 
  
    
public   static   KernelRootkit   parseFrom ( ByteBuffer   data )  
  Parameter 
  
  Returns 
  
  Exceptions 
  
  parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry) 
  
    
public   static   KernelRootkit   parseFrom ( ByteBuffer   data ,   ExtensionRegistryLite   extensionRegistry )  
  Parameters 
  
  Returns 
  
  Exceptions 
  
  parser() 
  
    
public   static   Parser<KernelRootkit>   parser ()  
  Returns 
  
  Methods
   
  equals(Object obj) 
  
    
public   boolean   equals ( Object   obj )  
  Parameter 
  
  Returns 
  
  Overrides 
  
  getDefaultInstanceForType() 
  
    
public   KernelRootkit   getDefaultInstanceForType ()  
  Returns 
  
  getName() 
  
   Rootkit name when available.
 string name = 1;
Returns 
  
    
      
        Type Description  
      
        String The name.
 
     
  
  getNameBytes() 
  
    
public   ByteString   getNameBytes ()  
   Rootkit name when available.
 string name = 1;
Returns 
  
  getParserForType() 
  
    
public   Parser<KernelRootkit>   getParserForType ()  
  Returns 
  
  Overrides 
  
  getSerializedSize() 
  
    
public   int   getSerializedSize ()  
  Returns 
  
  Overrides 
  
  getUnexpectedCodeModification() 
  
    
public   boolean   getUnexpectedCodeModification ()  
   True if unexpected modifications of kernel code memory are present.
 bool unexpected_code_modification = 2;
Returns 
  
    
      
        Type Description  
      
        boolean The unexpectedCodeModification.
 
     
  
  getUnexpectedFtraceHandler() 
  
    
public   boolean   getUnexpectedFtraceHandler ()  
   True if ftrace points are present with callbacks pointing to regions
 that are not in the expected kernel or module code range.
 bool unexpected_ftrace_handler = 4;
Returns 
  
    
      
        Type Description  
      
        boolean The unexpectedFtraceHandler.
 
     
  
  getUnexpectedInterruptHandler() 
  
    
public   boolean   getUnexpectedInterruptHandler ()  
   True if interrupt handlers that are are not in the expected kernel or
 module code regions are present.
 bool unexpected_interrupt_handler = 8;
Returns 
  
    
      
        Type Description  
      
        boolean The unexpectedInterruptHandler.
 
     
  
  getUnexpectedKernelCodePages() 
  
    
public   boolean   getUnexpectedKernelCodePages ()  
   True if kernel code pages that are not in the expected kernel or module
 code regions are present.
 bool unexpected_kernel_code_pages = 6;
Returns 
  
    
      
        Type Description  
      
        boolean The unexpectedKernelCodePages.
 
     
  
  getUnexpectedKprobeHandler() 
  
    
public   boolean   getUnexpectedKprobeHandler ()  
   True if kprobe points are present with callbacks pointing to regions
 that are not in the expected kernel or module code range.
 bool unexpected_kprobe_handler = 5;
Returns 
  
    
      
        Type Description  
      
        boolean The unexpectedKprobeHandler.
 
     
  
  getUnexpectedProcessesInRunqueue() 
  
    
public   boolean   getUnexpectedProcessesInRunqueue ()  
   True if unexpected processes in the scheduler run queue are present. Such
 processes are in the run queue, but not in the process task list.
 bool unexpected_processes_in_runqueue = 9;
Returns 
  
    
      
        Type Description  
      
        boolean The unexpectedProcessesInRunqueue.
 
     
  
  getUnexpectedReadOnlyDataModification() 
  
    
public   boolean   getUnexpectedReadOnlyDataModification ()  
   True if unexpected modifications of kernel read-only data memory are
 present.
 bool unexpected_read_only_data_modification = 3;
Returns 
  
    
      
        Type Description  
      
        boolean The unexpectedReadOnlyDataModification.
 
     
  
  getUnexpectedSystemCallHandler() 
  
    
public   boolean   getUnexpectedSystemCallHandler ()  
   True if system call handlers that are are not in the expected kernel or
 module code regions are present.
 bool unexpected_system_call_handler = 7;
Returns 
  
    
      
        Type Description  
      
        boolean The unexpectedSystemCallHandler.
 
     
  
  getUnknownFields() 
  
    
public   final   UnknownFieldSet   getUnknownFields ()  
  Returns 
  
  Overrides 
  
  hashCode() 
  
  Returns 
  
  Overrides 
  
  internalGetFieldAccessorTable() 
  
    
protected   GeneratedMessageV3 . FieldAccessorTable   internalGetFieldAccessorTable ()  
  Returns 
  
  Overrides 
  
  isInitialized() 
  
    
public   final   boolean   isInitialized ()  
  Returns 
  
  Overrides 
  
  newBuilderForType() 
  
    
public   KernelRootkit . Builder   newBuilderForType ()  
  Returns 
  
  newBuilderForType(GeneratedMessageV3.BuilderParent parent) 
  
    
protected   KernelRootkit . Builder   newBuilderForType ( GeneratedMessageV3 . BuilderParent   parent )  
  Parameter 
  
  Returns 
  
  Overrides 
  
  newInstance(GeneratedMessageV3.UnusedPrivateParameter unused) 
  
    
protected   Object   newInstance ( GeneratedMessageV3 . UnusedPrivateParameter   unused )  
  Parameter 
  
  Returns 
  
  Overrides 
  
  toBuilder() 
  
    
public   KernelRootkit . Builder   toBuilder ()  
  Returns 
  
  writeTo(CodedOutputStream output) 
  
    
public   void   writeTo ( CodedOutputStream   output )  
  Parameter 
  
  Overrides 
  
  Exceptions 
  
 
     
    
  
  
  
     
  
    
    
      
       
    
    
  
  
 
  Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
  Last updated 2025-10-11 UTC.
 
 
  
  
  
    
      [[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-10-11 UTC."],[],[]]