Skip to content

alegrey91/harpoon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

37 Commits

.github/workflows

.github/workflows

Β 
Β 

.vscode

.vscode

Β 
Β 

cmd

cmd

Β 
Β 

ebpf

ebpf

Β 
Β 

internal

internal

Β 
Β 

.gitignore

.gitignore

Β 
Β 

LICENSE

LICENSE

Β 
Β 

Makefile

Makefile

Β 
Β 

README.md

README.md

Β 
Β 

go.mod

go.mod

Β 
Β 

go.sum

go.sum

Β 
Β 

harpoon.png

harpoon.png

Β 
Β 

install

install

Β 
Β 

main.go

main.go

Β 
Β 

Repository files navigation

Harpoon

gopher

Harpoon aims to capture the syscalls (as if they were fishes) from the execution flow (the river) of a single user-defined function.

Introduction

This tool is designed to provide fine-grained visibility into the syscalls made by specific functions within a program. Unlike traditional system call tracing tools like strace, which capture all syscalls made during the entire program's execution, this project leverages the power of eBPF to pinpoint and monitor system calls exclusively within targeted functions.

Getting Started

First of all, let's identify the symbol of the function you want to trace from the binary. Suppose you want to trace the function doSomething() present in the example program ./binary. In order to get the symbol from the binary itself, you need to use the following command:

objdump --syms ./binary | grep doSomething
0000000000480720 g     F .text  0000000000000067 main.doSomething

So, main.doSomething is the symbol of the function we want to trace using harpoon.

Then, let's run harpoon to extract the syscalls from the function main.doSomething:

harpoon capture -f main.doSomething ./binary
read
sigaltstack
gettid
close
mmap
fcntl
write
futex
openat
clone
getrlimit

These are the syscalls that have been executed by the traced function!

Installation

To install harpoon you currently have 2 options:

Download

You can easily download the latest release using the installation script:

curl -s https://raw.githubusercontent.com/alegrey91/harpoon/main/install | sudo sh

Build

Or you can build harpoon manually by using the following command:

make build

After the build is completed, you can find the executable under the bin/ directory.

Debugging

In case you want to run the application locally, I've provided the .vscode/launch.json file to easily debug the application with root privileges in vscode. Just replace the parameters marked with <>.

Talks

I had the pleasure of speaking about harpoon at the following conferences:

References

I would like to point out that without the references mentioned below this project would never have come to life. As a result, the code draws significant inspiration from the references listed here:

About

πŸ” Trace syscalls from user-space functions, by using eBPF 🐝

Topics

golang security-audit syscalls ebpf seccomp system-calls ebpf-programs security-tools

Resources

Readme

License

Apache-2.0 license
Activity

Stars

45 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 6

v0.4.1 Latest
Apr 22, 2024
+ 5 releases

Packages

No packages published

Languages