intentrace is a strace for everyone, intentrace works similarly to strace in that it intercepts and records the system calls which are called by a pro

Search code, repositories, users, issues, pull requests...

submited by
Style Pass
2024-11-08 05:30:03

intentrace is a strace for everyone, intentrace works similarly to strace in that it intercepts and records the system calls which are called by a process, it then reasons through these syscalls by consulting an enormous backlog of handwritten syscall deductions. Due to the fact that linux syscalls almost always have dual usage that's obfuscated by libraries, seeing what a syscall is exactly asking for is immensely useful when e.g. a programmer is debugging a crashing binary.

Intentrace follows a similar working methodology to the one employed by the UniKraft kernel in that it attempts to cover a high percentage of the most popular linux software despite supporting only around 166 syscalls out of the 380+ linux syscalls (see page 8 of the Unikraft Paper for an example of strategic syscall coverage: https://arxiv.org/pdf/2104.12721). It's planned eventually for intentrace to cover all linux syscalls.

intentrace was originally intended to be a 2 window TUI, where a top panel shows a normal stream of syscalls, and a bottom panel containing metadata and explanation, however this was abandoned in favor of the current scheme.

Leave a Comment