Class KernelRootkit (2.25.0)
Version 2.25.0keyboard_arrow_down
public final class KernelRootkit extends GeneratedMessageV3 implements KernelRootkitOrBuilder
Kernel mode rootkit signatures.
Protobuf type google.cloud.securitycenter.v1.KernelRootkit
Static Fields
NAME_FIELD_NUMBER
public static final int NAME_FIELD_NUMBER
Field Value
Type
Description
int
UNEXPECTED_CODE_MODIFICATION_FIELD_NUMBER
public static final int UNEXPECTED_CODE_MODIFICATION_FIELD_NUMBER
Field Value
Type
Description
int
UNEXPECTED_FTRACE_HANDLER_FIELD_NUMBER
public static final int UNEXPECTED_FTRACE_HANDLER_FIELD_NUMBER
Field Value
Type
Description
int
UNEXPECTED_INTERRUPT_HANDLER_FIELD_NUMBER
public static final int UNEXPECTED_INTERRUPT_HANDLER_FIELD_NUMBER
Field Value
Type
Description
int
UNEXPECTED_KERNEL_CODE_PAGES_FIELD_NUMBER
public static final int UNEXPECTED_KERNEL_CODE_PAGES_FIELD_NUMBER
Field Value
Type
Description
int
UNEXPECTED_KPROBE_HANDLER_FIELD_NUMBER
public static final int UNEXPECTED_KPROBE_HANDLER_FIELD_NUMBER
Field Value
Type
Description
int
UNEXPECTED_PROCESSES_IN_RUNQUEUE_FIELD_NUMBER
public static final int UNEXPECTED_PROCESSES_IN_RUNQUEUE_FIELD_NUMBER
Field Value
Type
Description
int
UNEXPECTED_READ_ONLY_DATA_MODIFICATION_FIELD_NUMBER
public static final int UNEXPECTED_READ_ONLY_DATA_MODIFICATION_FIELD_NUMBER
Field Value
Type
Description
int
UNEXPECTED_SYSTEM_CALL_HANDLER_FIELD_NUMBER
public static final int UNEXPECTED_SYSTEM_CALL_HANDLER_FIELD_NUMBER
Field Value
Type
Description
int
Static Methods
getDefaultInstance()
public static KernelRootkit getDefaultInstance ()
getDescriptor()
public static final Descriptors . Descriptor getDescriptor ()
newBuilder()
public static KernelRootkit . Builder newBuilder ()
newBuilder(KernelRootkit prototype)
public static KernelRootkit . Builder newBuilder ( KernelRootkit prototype )
public static KernelRootkit parseDelimitedFrom ( InputStream input )
public static KernelRootkit parseDelimitedFrom ( InputStream input , ExtensionRegistryLite extensionRegistry )
parseFrom(byte[] data)
public static KernelRootkit parseFrom ( byte [] data )
Parameter
Name
Description
data
byte []
parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
public static KernelRootkit parseFrom ( byte [] data , ExtensionRegistryLite extensionRegistry )
parseFrom(ByteString data)
public static KernelRootkit parseFrom ( ByteString data )
parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static KernelRootkit parseFrom ( ByteString data , ExtensionRegistryLite extensionRegistry )
public static KernelRootkit parseFrom ( CodedInputStream input )
public static KernelRootkit parseFrom ( CodedInputStream input , ExtensionRegistryLite extensionRegistry )
public static KernelRootkit parseFrom ( InputStream input )
public static KernelRootkit parseFrom ( InputStream input , ExtensionRegistryLite extensionRegistry )
parseFrom(ByteBuffer data)
public static KernelRootkit parseFrom ( ByteBuffer data )
parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
public static KernelRootkit parseFrom ( ByteBuffer data , ExtensionRegistryLite extensionRegistry )
parser()
public static Parser<KernelRootkit> parser ()
Methods
equals(Object obj)
public boolean equals ( Object obj )
Parameter
Name
Description
obj
Object
Overrides
getDefaultInstanceForType()
public KernelRootkit getDefaultInstanceForType ()
getName()
Rootkit name when available.
string name = 1;
Returns
Type
Description
String
The name.
getNameBytes()
public ByteString getNameBytes ()
Rootkit name when available.
string name = 1;
Returns
Type
Description
ByteString
The bytes for name.
getParserForType()
public Parser<KernelRootkit> getParserForType ()
Overrides
getSerializedSize()
public int getSerializedSize ()
Returns
Type
Description
int
Overrides
getUnexpectedCodeModification()
public boolean getUnexpectedCodeModification ()
True when unexpected modifications of kernel code memory are present.
bool unexpected_code_modification = 2;
Returns
Type
Description
boolean
The unexpectedCodeModification.
getUnexpectedFtraceHandler()
public boolean getUnexpectedFtraceHandler ()
True when ftrace
points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
bool unexpected_ftrace_handler = 4;
Returns
Type
Description
boolean
The unexpectedFtraceHandler.
getUnexpectedInterruptHandler()
public boolean getUnexpectedInterruptHandler ()
True when interrupt handlers that are are not in the expected kernel or
module code regions are present.
bool unexpected_interrupt_handler = 8;
Returns
Type
Description
boolean
The unexpectedInterruptHandler.
getUnexpectedKernelCodePages()
public boolean getUnexpectedKernelCodePages ()
True when kernel code pages that are not in the expected kernel or module
code regions are present.
bool unexpected_kernel_code_pages = 6;
Returns
Type
Description
boolean
The unexpectedKernelCodePages.
getUnexpectedKprobeHandler()
public boolean getUnexpectedKprobeHandler ()
True when kprobe
points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
bool unexpected_kprobe_handler = 5;
Returns
Type
Description
boolean
The unexpectedKprobeHandler.
getUnexpectedProcessesInRunqueue()
public boolean getUnexpectedProcessesInRunqueue ()
True when unexpected processes in the scheduler run queue are present. Such
processes are in the run queue, but not in the process task list.
bool unexpected_processes_in_runqueue = 9;
Returns
Type
Description
boolean
The unexpectedProcessesInRunqueue.
getUnexpectedReadOnlyDataModification()
public boolean getUnexpectedReadOnlyDataModification ()
True when unexpected modifications of kernel read-only data memory are
present.
bool unexpected_read_only_data_modification = 3;
Returns
Type
Description
boolean
The unexpectedReadOnlyDataModification.
getUnexpectedSystemCallHandler()
public boolean getUnexpectedSystemCallHandler ()
True when system call handlers that are are not in the expected kernel or
module code regions are present.
bool unexpected_system_call_handler = 7;
Returns
Type
Description
boolean
The unexpectedSystemCallHandler.
getUnknownFields()
public final UnknownFieldSet getUnknownFields ()
Overrides
hashCode()
Returns
Type
Description
int
Overrides
internalGetFieldAccessorTable()
protected GeneratedMessageV3 . FieldAccessorTable internalGetFieldAccessorTable ()
Overrides
isInitialized()
public final boolean isInitialized ()
Overrides
newBuilderForType()
public KernelRootkit . Builder newBuilderForType ()
newBuilderForType(GeneratedMessageV3.BuilderParent parent)
protected KernelRootkit . Builder newBuilderForType ( GeneratedMessageV3 . BuilderParent parent )
Overrides
newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
protected Object newInstance ( GeneratedMessageV3 . UnusedPrivateParameter unused )
Returns
Type
Description
Object
Overrides
toBuilder()
public KernelRootkit . Builder toBuilder ()
writeTo(CodedOutputStream output)
public void writeTo ( CodedOutputStream output )
Overrides
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-10-11 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-10-11 UTC."],[],[]]