eStrace

eStrace(eBPF syscall trace) is a tool that traces system calls using eBPF. Compared to strace, it is more flexible and harder to detect. It currently supports two architectures: x86_64 and aarch64. With eStrace, you can conveniently debug and analyze your Linux/Android applications.

It is recommended to use kernel version 5.10 or higher when running it.

Building

Setup

# check lld
ld.lld -v
rustup target add x86_64-unknown-linux-musl
cargo install bpf-linker

And for android:

rustup target add aarch64-unknown-linux-musl

Build

cargo xtask build
cargo xtask build --arch aarch64-unknown-linux-musl

# release
cargo xtask build --release
cargo xtask build --arch aarch64-unknown-linux-musl --release

Build and Run

cargo xtask run -- <args>

ToDo

Support for additional architectures.

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
.cargo		.cargo
.github/workflows		.github/workflows
.vscode		.vscode
cli		cli
common		common
ebpf		ebpf
imgs		imgs
xtask		xtask
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
LICENSE		LICENSE
README.md		README.md
rust-toolchain.toml		rust-toolchain.toml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

eStrace

Building

Setup

Build

Build and Run

ToDo

About

Releases 4

Packages

Contributors 3

Languages

License

ri-char/eStrace

Folders and files

Latest commit

History

Repository files navigation

eStrace

Building

Setup

Build

Build and Run

ToDo

About

Resources

License

Stars

Watchers

Forks

Releases 4

Packages 0

Contributors 3

Languages

Packages