Crates.io | hstrace |
lib.rs | hstrace |
version | 0.0.5 |
source | src |
created_at | 2020-02-16 13:53:47.626075 |
updated_at | 2021-04-11 16:04:45.325637 |
description | Syscall tracing from command line and as a library |
homepage | |
repository | https://github.com/blaind/hstrace |
max_upload_size | |
id | 209771 |
size | 529,231 |
Syscall tracing from command line and as a library. See the design draft: https://github.com/blaind/hstrace/blob/master/docs/01_hstrace_plan.md
This is a WIP implementation, and not production ready. Might not be finished. Multiple issues exist: 1) codebase is not ready to be expanded yet, major refactoring is needed especially for the AV
and Value
structs to be more generic, 2) attach to process is not instant, some calls are missed at beginning, 3) not all syscalls are implemented, 4) cross-platform support is missing, 5) as a comparison, strace
codebase is over 200k LoC in total (incl comments), so finishing the work is quite an undertaking
Install the binary:
$ cargo install hstrace
Run the command
$ hstrace -h
hstrace for stracing processes
USAGE:
hstrace [FLAGS] [OPTIONS] <prog>...
FLAGS:
-h, --help Prints help information
--no-follow Do not follow child processes as they are created
-V, --version Prints version information
OPTIONS:
-e <expr> Expression
-m <mode> Run mode [default: strace]
-o <file> Save output to a file instead of stderr. If suffix is `.json`, will be stored in JSON-format
(format subject to change)
-p <pid> PID to trace
-s <strsize> Maximum length of printable strings [default: 32]
ARGS:
<prog>... Program to strace
Add this to your Cargo.toml
:
[dependencies]
hstrace = "0.0.4"
And this to your code:
use hstrace::prelude::*;
fn main() {
let mut tracer = HStraceBuilder::new().program("ps").arg("uxaw").build();
tracer.start().unwrap();
for syscall in tracer.iter_as_syscall() {
match syscall.name {
hstrace::Ident::Openat | hstrace::Ident::Fstat | hstrace::Ident::Stat => {
println!("File operation detected: {:?}", syscall);
}
hstrace::Ident::Socket | hstrace::Ident::Bind | hstrace::Ident::Connect => {
println!("Network operation detected: {:?}", syscall);
}
_ => (),
}
}
}
See examples/03_match_syscall_name.rs and other examples.