Skip to content

moonmd/gtrace

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 

Repository files navigation

gtrace - Hierarchical System Call Tracer

gtrace is a command-line utility for Linux that provides hierarchical tracing of program execution, emphasizing filesystem interactions and process management.

Description

gtrace generates structured and detailed views of program behavior, highlighting interactions with the filesystem and processes. It creates a hierarchical representation of processes and threads, capturing essential system calls related to file access and process creation. Designed to simplify the analysis of complex program interactions, it generates clear, organized reports detailing file usage and process hierarchies.

Features

  • Hierarchical Process Tracing: Clearly visualizes processes and threads in a parent-child hierarchy based on system calls (fork, vfork, clone).
  • Focused System Call Reporting: Highlights key system calls associated with file access (open, stat, rename) and process control (execve, fork, clone).
  • Comprehensive File Interaction Reports: Reports file accesses sorted by:
    • Time of access
    • Absolute file path
    • Filename (basename)
  • Categorized Access Lists: Separate lists of files that were read, written, or executed.
  • Customizable Filtering: Exclude files or directories from reports using regular expressions.
  • Execution Controls: Ability to set time limits for tracing program execution.

Dependencies

  • The Linux strace utility (must be available in the system's PATH)

Usage

Usage: ./gtrace -o <output_dir> [options] <program> [args...]

Options

  • -o --output <dir>: (Required) Directory for report outputs.
  • -s --subdir: Create a timestamped subdirectory within the output directory named after the traced program.
  • -x --exclude <regex>: Exclude files matching regex from reports. Multiple uses allowed.
  • -f --flags: Show individual file access flags instead of summarized access types.
  • -t --timeout <seconds>: Set a maximum duration for tracing.
  • -n --dryrun: Preview the trace command without execution.
  • -v --verbose: Enable verbose mode. Double (-vv) for detailed debugging output.
  • -h --help: Display help information.

Example

./gtrace -o ./trace_output -s -- /bin/ls -l /tmp

This command will:

  1. Ensure ./trace_output exists.
  2. Create a timestamped subdirectory (e.g., gtrace_1678886400).
  3. Execute and trace /bin/ls -l /tmp.
  4. Generate detailed hierarchical reports inside the created subdirectory.

Output Files

gtrace produces several informative reports in the designated output directory:

  • trace_tree.txt: Displays a hierarchical view of processes, threads, and system calls with relative timestamps.

  • accessed_files_TIME.txt: Chronological list of file accesses.

  • accessed_files_PATH.txt: File accesses sorted by path.

  • accessed_files_NAME.txt: File accesses sorted by basename.

  • accessed_files_READ.txt: Files read during execution.

  • accessed_files_WRITE.txt: Files written, created, modified, or deleted.

  • accessed_files_EXEC.txt: Executed programs.

  • trace_debug.txt: Verbose dbug logs for troubleshooting (-v or -vv).

About

Gtrace documentation

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published