eStrace

eStrace(eBPF syscall trace) is a tool that traces system calls using eBPF. Compared to strace, it is more flexible and harder to detect. It currently supports two architectures: x86_64 and aarch64. With eStrace, you can conveniently debug and analyze your Linux/Android applications.

It is recommended to use kernel version 5.10 or higher when running it.

Building

Setup

# check lld
ld.lld -v
rustup target add x86_64-unknown-linux-musl
cargo install bpf-linker

And for android:

rustup target add aarch64-unknown-linux-musl

Build

cargo xtask build
cargo xtask build --arch aarch64-unknown-linux-musl

# release
cargo xtask build --release
cargo xtask build --arch aarch64-unknown-linux-musl --release

Build and Run

cargo xtask run -- <args>

ToDo

Support for additional architectures.

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
.cargo		.cargo
.github/workflows		.github/workflows
.vscode		.vscode
cli		cli
common		common
ebpf		ebpf
imgs		imgs
xtask		xtask
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
LICENSE		LICENSE
README.md		README.md
rust-toolchain.toml		rust-toolchain.toml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

eStrace

Building

Setup

Build

Build and Run

ToDo

About

Uh oh!

Releases 4

Packages

Uh oh!

Contributors 3

Uh oh!

Languages

License

ri-char/eStrace

Folders and files

Latest commit

History

Repository files navigation

eStrace

Building

Setup

Build

Build and Run

ToDo

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 4

Packages 0

Uh oh!

Contributors 3

Uh oh!

Languages

Packages