SkillAgentSearch skills...

EStrace

A tool that traces system calls using eBPF

GenerateConvertImprove

Install / Use

/learn @ri-char/EStrace
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

eStrace

eStrace(eBPF syscall trace) is a tool that traces system calls using eBPF. Compared to strace, it is more flexible and harder to detect. It currently supports two architectures: x86_64 and aarch64. With eStrace, you can conveniently debug and analyze your Linux/Android applications.

It is recommended to use kernel version 5.10 or higher when running it.

screenshot

Building

Setup

# check lld
ld.lld -v
rustup target add x86_64-unknown-linux-musl
cargo install bpf-linker

And for android:

rustup target add aarch64-unknown-linux-musl

Build

cargo xtask build
cargo xtask build --arch aarch64-unknown-linux-musl

# release
cargo xtask build --release
cargo xtask build --arch aarch64-unknown-linux-musl --release

Build and Run

cargo xtask run -- <args>

ToDo

  • Support for additional architectures.

ri-char

View profile

View on GitHub
GitHub Stars269
CategoryDevelopment
Updated1mo ago
Forks51
ri-char/eStrace

Languages

Rust

Security Score

95/100

Audited on Mar 1, 2026

No findings