hookline
hookline is a minimal x86-64 Linux runtime tracer by c0redev (parsend), started in 2023
It is built in C and x86-64 assembly and writes JSONL events from ptrace hooks
build
make
test
make test
run by pid
./bin/hookline --binary ... --pid <pid> --hook do_step
run by launch
./bin/hookline --binary ... --launch ... --hook do_step --max-events 20 --log /tmp/events.jsonl
important flags
--binary <path> target ELF
--pid <pid> attach existing process
--launch <path> start and trace target
--hook <name> repeatable function symbol
--all-threads trace all task threads
--search-shared include shared object symbols
--trampoline and --no-trampoline
--patch-plt attempt PLT hook
--max-events <n> total limit
--max-rate <n> per symbol limit
--ring-records <n> ring buffer limit
--filter-pid <pid> event filter
--filter-tid <tid> event filter
--filter-symbol <name> event filter
--no-args skip capture
--log <path> output target
--list-symbols print symbols and exit
license
MIT
unitdevgcc/hookline
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|