{"id":18646697,"url":"https://github.com/rinhizakura/ebpf-strace","last_synced_at":"2025-08-24T16:17:53.479Z","repository":{"id":154865178,"uuid":"619522295","full_name":"RinHizakura/ebpf-strace","owner":"RinHizakura","description":"A demonstration to show how to trace syscalls by eBPF","archived":false,"fork":false,"pushed_at":"2024-10-16T17:07:19.000Z","size":842,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-19T09:51:41.478Z","etag":null,"topics":["ebpf","linux","strace","syscalls"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RinHizakura.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-27T10:02:15.000Z","updated_at":"2024-10-16T17:07:23.000Z","dependencies_parsed_at":"2023-06-08T08:15:30.427Z","dependency_job_id":"acc763ef-7d16-4353-aa86-94d98d061690","html_url":"https://github.com/RinHizakura/ebpf-strace","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RinHizakura%2Febpf-strace","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RinHizakura%2Febpf-strace/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RinHizakura%2Febpf-strace/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RinHizakura%2Febpf-strace/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RinHizakura","download_url":"https://codeload.github.com/RinHizakura/ebpf-strace/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248401990,"owners_count":21097328,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ebpf","linux","strace","syscalls"],"created_at":"2024-11-07T06:22:11.941Z","updated_at":"2025-04-11T12:31:56.998Z","avatar_url":"https://github.com/RinHizakura.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ebpf-strace\n\n## Overview\n\nThe `ebpf-strace` is an experimental tool to trace system calls like\n[strace](https://github.com/strace/strace), but achieving by\n[eBPF](https://en.wikipedia.org/wiki/EBPF) instead of\n[ptrace](https://man7.org/linux/man-pages/man2/ptrace.2.html).\n\nThe tool can be run on x86_64 or aarch64, but most of the\nvalidation only done on x86_64 currently. Besides, only a few syscalls's\narguments can be traced. Please feel free to report for any unusual output\nor implement arguments tracing for more system calls.\n\n## Usage\n\n### Build\n\nThese dependencies are required to build ebpf-strace.\n\n```\n$ sudo apt install clang llvm libelf1 libelf-dev zlib1g-dev\n```\n\nYou will also need `bpftool` for the generating of `vmlinux.h`.\n\n```\n$ git clone https://github.com/libbpf/bpftool.git\n$ cd bpftool\n$ git submodule update --init\n$ cd src\n$ make\n$ sudo make install\n```\n\nAfter the installations, you can build `ebpf-strace` now.\n```\n$ make\n```\n\n### Execute\n\nTo know the detail for how to use ebpf-strace, you can try `-h` for the direction.\n\n```\n$ sudo ./ebpf -h\nUsage: ebpf-strace [OPTIONS] [CMD]...\n\nArguments:\n  [CMD]...  command to run for trace\n\nOptions:\n  -T, --syscall-times  whether to show on the time cost of syscall\n  -h, --help           Print help\n```\n\nFor example, we can trace which system calls are run during the execution\nof `echo hello` with the following command:\n```\n$ sudo ./ebpf-strace echo hello\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frinhizakura%2Febpf-strace","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frinhizakura%2Febpf-strace","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frinhizakura%2Febpf-strace/lists"}