Skip to content

mateo-rfz/attace

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
build
build
 
 
src
src
 
 
test
test
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

Attace

Attace is a lightweight Linux tool for tracing system calls (syscalls), similar to strace. It is designed for learning, security research, and low-level system development.

Features

  • Trace a program from the start: --start [program] [args]
  • Attach to a running process by PID: [pid]
  • Display syscall names and arguments
  • Show precise timestamps for each syscall
  • Safe Ctrl+C handling to detach from the traced process

Installation

Clone the repository:

git clone https://github.com/yourusername/attace.git
cd attace

Build using the provided Makefile:

make

The executable attace will be available in the build/ directory.

Usage

Trace a new program

./build/attace --start /bin/ls -l

This runs /bin/ls and traces all its syscalls.

Attach to a running process

./build/attace 12345

Where 12345 is the PID of the process you want to trace.

Example Output

12:34:56.123456789 : syscall entry of 12345 is open ("/etc/passwd", 0, 0)
12:34:56.123457000 : syscall entry of 12345 is read (3, 0x7ff..., 1024)

Notes

  • Root privileges may be required to attach to processes you do not own.
  • Currently supports tracing syscalls on x86_64 Linux architectures.
  • Attace is primarily for educational and research purposes.

About

syscall tracer for linux ( x86-64 arch)

mateorfz.ir/posts/How-strace-Works

Topics

linux tracer strace syscall

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages