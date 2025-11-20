Get modules Returns an array with information about the system modules (drivers) loaded into the kernel of the OS. Copy Copied! doca_error_t doca_apsh_modules_get(struct doca_apsh_system *system, struct doca_apsh_module ***modules, int *modules_size); Array of struct doca_apsh_module

int – size of the returned array

doca_error status

Get processes Returns an array with information about each process running on the system. Copy Copied! doca_error_t doca_apsh_processes_get(struct doca_apsh_system *system, struct doca_apsh_process ***processes, int *processes_size); Array of struct doca_apsh_process

int – size of the returned array

doca_error status

Get library For a specified process, this function returns an array with information about each library loaded into this process. Copy Copied! doca_error_t doca_apsh_libs_get(struct doca_apsh_process *process, struct doca_apsh_lib ***libs, int *libs_size); Array of struct doca_apsh_lib

int – size of the returned array

doca_error status

Get threads For a specified process, this function returns an array with information about each thread running within this process. Copy Copied! doca_error_t doca_apsh_threads_get(struct doca_apsh_process *process, struct doca_apsh_thread ***threads, int *threads_size); Array of struct doca_apsh_thread

int – size of the returned array

doca_error status

Get virtual memory areas/virtual address description For a specified process, this function returns an array with information about each virtual memory area within this process. Copy Copied! doca_error_t doca_apsh_vads_get(struct doca_apsh_process *process, struct doca_apsh_vad ***vads, int *vads_size); Array of struct doca_apsh_vma

int – size of the returned array

doca_error status

Get privileges For a specified process, this function returns an array with information about each possible privilege for this process, as described here. Note Available on a Windows host only. Copy Copied! doca_error_t doca_apsh_privileges_get(struct doca_apsh_process *process, struct doca_apsh_privilege ***privileges, int *privileges_size); Array of struct doca_apsh_privilege

int – size of the returned array

doca_error status

Get environment variables For a specified process, this function returns an array with information about each environment variable within this process. Note Available on a Windows host only. Copy Copied! doca_error_t doca_apsh_envars_get(struct doca_apsh_process *process, struct doca_apsh_envar ***envars, int *envars_size); Array of struct doca_apsh_envar

int – size of the returned array

doca_error status

Get handles For a specified process, this function returns an array with information about each handle this process holds. Note Available on a Windows host only. Copy Copied! doca_error_t doca_apsh_handles_get(struct doca_apsh_process *process, struct doca_apsh_handle ***handles, int *handles_size); Array of struct doca_apsh_handle

int – size of the returned array

doca_error status

Get LDR modules For a specified process, this function returns an array with information about each loaded module within this process. Note Available on a Windows host only. Copy Copied! doca_error_t doca_apsh_ldrmodules_get(struct doca_apsh_process *process, struct doca_apsh_ldrmodule ***ldrmodules, int *ldrmodules_size); Array of struct doca_apsh_ldrmodule

int – size of the returned array

doca_error status

Process attestation For a specified process, this function attests the memory pages of the process according to a precomputed golden hash file given as an input. Note Single-threaded processes are supported at beta level. Copy Copied! doca_error_t doca_apsh_attestation_get(struct doca_apsh_process *process, const char *exec_hash_map_path, struct doca_apsh_attestation ***attestation, int *attestation_size); Array of struct doca_apsh_attestation

int – size of the returned array

doca_error status

Attestation refresh Refreshes a single attestation handler of a process with a new snapshot. Copy Copied! doca_error_t doca_apsh_attst_refresh(struct doca_apsh_attestation ***attestation, int *attestation_size); Array of struct doca_apsh_attestation

int – size of the returned array

doca_error status

Get NetScan This function scans the system's physical memory (Windows) or kernel memory space (Linux) and returns an array with information about each socket that resides in the memory. Note Only available on hosts with either Linux OS or one of the following Windows 10 OS builds: Arch Build No. x86 10240 10586 14393 15063 17134 19041 x64 15063 16299 17134 17763 18362 18363 19041 Note This feature is currently supported at beta level. Copy Copied! doca_error_t doca_apsh_netscan_get(struct doca_apsh_system *system, struct doca_apsh_netscan ***connections, int *connections_size); Array of struct doca_apsh_netscan

int – size of the returned array

doca_error status

Get process parameters For a specified process, this function returns a struct object (not an array) with information about the process' parameters (ones not included in the "get processes" capability). Note Available on a Windows host only. Note This feature is currently supported at beta level. Copy Copied! doca_error_t doca_apsh_process_parameters_get(struct doca_apsh_process *process, struct doca_apsh_process_parameters **process_parameters); An object of struct doca_apsh_process_paramters

doca_error status

Get security identifier (SID) For a specified process, this function returns an array with information about each SID (security identifier) included in the process's security context. Note Available on a Windows host only. Copy Copied! doca_error_t doca_apsh_sids_get(struct doca_apsh_process *process, struct doca_apsh_sid ***sids, int *sids_size); Array of struct doca_apsh_sid

int – size of the returned array

doca_error status

Perform Yara scan For a specified process, this function returns an array with information about each Yara rule match found in the process' memory. Note Available on a Windows host and Ubuntu 22.04 DPU. Copy Copied! doca_error_t doca_apsh_yara_get(struct doca_apsh_process *process, enum doca_apsh_yara_rule *yara_rules_arr, uint32_t yara_rules_arr_size, uint64_t scan_type, struct doca_apsh_yara ***yara_matches, int *yara_matches_size); Note To get a better understanding of the arguments, refer to documentation in doca_apsh.h . Array of struct doca_apsh_yara

int – size of the returned array

doca_error status

Get containers Returns an array with information about each container running on the system. Note Available on a Linux host only. Note Only available for containers on the following runtimes: runc

containerd Copy Copied! doca_error_t doca_apsh_containers_get(struct doca_apsh_system *system, struct doca_apsh_container ***containers, int *containers_size); Array of struct doca_apsh_container

int – size of the returned array

doca_error status

Get container's processes For a specified container, this function returns an array with information about each process running within this container. Note Available on a Linux host only. Note Only available for containers on the following runtimes: runc

containerd Copy Copied! doca_error_t doca_apsh_container_processes_get(struct doca_apsh_container *container, struct doca_apsh_process ***processes, int *processes_size); Array of struct doca_apsh_process

int – size of the returned array

doca_error status

Get Process NetScan This function scans the system's physical memory (Windows) or kernel memory space (Linux) and returns an array with information about each socket that resides in the memory. Note Only available on hosts with either Linux OS or one of the following Windows 10 OS builds: Arch Build No. x86 10240 10586 14393 15063 17134 19041 x64 15063 16299 17134 17763 18362 18363 19041 Note This feature is currently supported at beta level. Copy Copied! doca_error_t doca_apsh_process_netscan_get(struct doca_apsh_process *process, struct doca_apsh_netscan ***connections, int *connections_size); Array of struct doca_apsh_netscan

int – size of the returned array

doca_error status