trace local function calls like strace and ltrace
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.gitattributes
.gitconfig
.gitignore
Makefile
README.md
ftrace.c
functools.h
logging.h
ptrace_helpers.h
readelf.h
test.c

README.md

ftrace

ltrace/strace but for local functions

Contents

Introduction

The basic idea behind the implementation is:

  1. Read in ELF file and identify symbols
  2. Fork and ptrace target process
  3. Add breakpoints to all symbols
  4. Catch breakpoints and log function call; additionally, add a temp. breakpoint to return pointer (for decreasing depthing and logging return value)
  5. Repeat

Some other fancy stuff happens in the background. For instance, if no header file is provided simple taint analysis is done on functions to determine the number of function arguments.

Installation

Usage

./ftrace <program> [arg 1] [arg2] ...

Optional parameters

  • -C - adds colored output
  • -H <file> - header file to use for function logging
  • -R - display function return values
  • -o <file> - specifies output file (replaces stderr)
  • -h - display this message

Example

test.c

#include <stdio.h>
#include <stdlib.h>

int fib(int n) {
	if (n == 0 || n == 1) return 1;
	else return fib(n - 1) + fib(n - 2);
}

int main(int argc, char **argv) {
	int n = atoi(argv[1]);
	printf("%d\n", fib(n));
	return 0;
}
$ gcc -o test test.c
$ ./ftrace ./test 3
_start()
__libc_csu_init(2, *0x7ffe0cb39158, *0x7ffe0cb39170)
main(2, *0x7ffe0cb39158)
fib(3)
  fib(2)
    fib(1)
    fib(0)
  fib(1)
3

Future work

Dependencies

Limitations

  • Currently only compatible with 64 bit ELF files.