Tracy

Tracy is a system call tracing, modification and injection framework for Linux, written entirely in C and some assembly. Tracy aims to be mostly cross architecture; and the API is platform agnostic with some platform specific extensions, where required.

Tracy makes use of the ptrace system call but attempts to provide a much higher level API to system call tracing than ptrace does. Using the low level ptrace interface in combination with Tracy is also possible, but not recommended.

See Tracy/TODO for the current limitations

Tracy will probably see some more extensions soon, we will shift the focus a bit more on debugging and tracing in general. This means that not all functions will be 100% "safe" (as in: if programmers want to mess with the debugger, they may be able to do so) but such functionality will clearly be labelled as such. Planned:

News

Media

Past events: (Note: There is still no proper detailed video of tracy available due to recording at several large events failing -- the FOSDEM one is too short and lacks some details, the OHM one had a complete failure wrt recording and the openfest one is decent if you do not care about A/V syncing)

Short term goals

Motivation

Cross architecture system call tracing is complicated. All the architectures differ on a low level; a level typically not visible to programmers and only touched by compilers.

Every architecture has its own different set (and number) of registers; and Linux (obviously) has an system call ABI for each architecture. In some cases, Linux supports multiple system call ABIs per architecture. (For example on AMD64 and ARM architectures)

Writing a cross-architecture system call tracer is thus not an easy task. A simple look at strace (http://sourceforge.net/projects/strace/) shows how terrible the code can become: countless compiler directives and functions that grow to monstrous sizes.

Tracy aims to provide a (mostly) cross platform API to system call tracing; with some additions:

Limitations

Currently the only supported platform is Linux; and the supported architectures are:

Source code

Currently, the source is hosted on Github

Documentation

Documentation can be found in the "doc" folder in the source repository. We use the sphinx documentation tool for our documentation; for (possibly outdated) online documentation, see http://wizzup.org/tracy

Contributing / Contact

Projects using Tracy

The following projects are known to use Tracy:

If you are using Tracy, please let us know, see Contact.

Examples

A very basic example in C:

   1 #include <stdlib.h>
   2 #include "tracy.h"
   3 
   4 int hook_write(struct tracy_event * e) {
   5     if (e->child->pre_syscall) {
   6         if(e->args.a0 == 1) {
   7             return TRACY_HOOK_DENY;
   8         }
   9     }
  10 
  11     return TRACY_HOOK_CONTINUE;
  12 }
  13 
  14 int main(int argc, char** argv) {
  15     struct tracy * tracy;
  16 
  17     tracy = tracy_init(TRACY_TRACE_CHILDREN | TRACY_VERBOSE);
  18 
  19     if (tracy_set_hook(tracy, "write", TRACY_ABI_NATIVE, hook_write)) {
  20         fprintf(stderr, "Could not hook write\n");
  21         return EXIT_FAILURE;
  22     }
  23 
  24     if (argc < 2) {
  25         printf("Usage: ./example <program-name>\n");
  26         return EXIT_FAILURE;
  27     }
  28 
  29     argv++; argc--;
  30 
  31     if (!tracy_exec(tracy, argv)) {
  32         perror("tracy_exec");
  33         return EXIT_FAILURE;
  34     }
  35 
  36     tracy_main(tracy);
  37 
  38     tracy_free(tracy);
  39 
  40     return EXIT_SUCCESS;
  41 }

Tracy (last edited 2015-10-04 21:30:02 by MerlijnWajer)