fsatrace
fsatrace copied to clipboard
jacereda
Filesystem access tracer
fsatrace does not appear to trace the mkdir calls, which can create unexpected traces when working with temporary directories. Consider the Rust library [tempfile](https://docs.rs/tempfile/latest/tempfile/). Here's a simple case where we...
These Linux-specific memory regions are significantly better than /dev/shm ones since they are automatically reclaimed when all file descriptors pointing to them are closed. Moreover, they do not have a...
Hello, I'm seeing a segfault in the traced app, when it's trying to write to the shared memory buffer back to `fsatrace`: ``` #4 emitOp (oc=oc@entry=114, op1=, p2=p2@entry=0x0) at src/emit.c:118...
Removing a symbolic link looks like removing the link's destination (but perhaps should not?). Demonstration: ``` $ touch foo $ ln -s foo bar $ fsatrace erwdtmq /dev/stdout -- rm...
At the moment if you run `fsatrace rwm - -- some command` twice in parallel then they end up sharing a buffer and results from both get shared. I have...
https://docs.microsoft.com/en-us/windows/win32/etw/about-event-tracing - not sure if that would be faster or slower than Kernel hooking. There's a chance it might be simpler though. See https://github.com/lowleveldesign/wtrace for an example of building it...
For a paper we're writing about Rattle (which uses fsatrace) we'd like to quantify in some way how much of the filesystem API fsatrace covers. Right now, it looks like...
First of all, thank you for the great tool! It seems that `fsatrace` doesn't track reads from files that do not exist. For example, if the file `1.c` does not...
Given a 32bit binary, I tried with both `cat` and `sleep` from http://unxutils.sourceforge.net/, if I create `foo.bat`: ``` sleep 0s ``` Then do `fsatrace rwm - -- cmd /c foo.bat`...
Even after copying the `gcc` binary into `$TMP` doing `gcc -c main.c` doesn't trace the read of `main.c` or the write of `main.o`. My guess is because `gcc` spawns a...