📡🐧 Linux kernel syscall implementation tracker
See mebeim/linux-syscalls for live syscall tables powered by Systrack.
Systrack is a tool to analyze Linux kernel images (vmlinux
) and extract
information about implemented syscalls. Given a vmlinux
image, Systrack can
extract syscall numbers, names, symbol names, definition locations within kernel
sources, function signatures, and more.
Systrack can configure and build kernels for all its supported architectures, and works best at analyzing kernels that it has configured and built by itself.
Systrack is available on PyPI, it requires Python 3.6+ and is installable through Pip:
pip install systrack # Base version with no dependencies
pip install systrack[html] # + HTML output support
Building and installaing from source requires hatch
:
hatch build
pip install dist/systrack-XXX.whl # Base version with no dependencies
pip install dist/systrack-XXX.whl[html] # + HTML output support
Systrack can mainly be used for two purposes: analyzing or building Linux
kernels. For more detailed information, see systrack --help
. For information
about supported architecture/ABI combinations, see systrack --arch help
.
Building can be done through the --build
option. You will need to
provide a kernel source directory (--kdir
) and an architecture/ABI
combination to build for (--arch
).
systrack --build --kdir path/to/linux_git_repo --arch x86-64
Analyzing a kernel image can be done given a vmlinux
ELF with symbols,
and optionally also a kernel source directory (--kdir
). Systrack will
extract information about implemented syscalls from the symbol table present
in the given vmlinux
ELF, and if debugging information is present, it will
also extract file and line number information for syscall definitions.
Supplying --kdir
will help refine and/or correct the location of the
definitions, pointing Systrack to the checked-out sources for the right kernel
version (the same as the one to analyze).
Systrack can guess the architecture and ABI to analyze, but if the given
kernel was built for support for multiple ABIs, the right one can be selected
through --arch
.
systrack path/to/vmlinux
systrack --format json path/to/vmlinux
systrack --kdir path/to/linux_git_repo path/to/vmlinux
systrack --kdir path/to/linux_git_repo --arch x86-64-ia32 path/to/vmlinux
readelf
(from GNU binutils) is used to parse and extract ELF
metadata such as symbols and sections. This is currently the only compulsory
dependency for Systrack to work.addr2line
(from GNU binutils) is used to extract location
information from DWARF debug info (if available). Without this program,
Systrack will not output any information about syscall definition locations.rg
(ripgrep) command is used for much
faster recursive grepping of syscall definition locations within kernel
sources when needed. Otherwise, slower pure-Python code is used.jinja2
Python package, which can be either installed
separately or automatically (pip install systrack[html]
) is used to output
interactive HTML pages with a sortable table, links and more. This is the
richest output format (selectable with --format html
).vmlinux
ELF images and needs ELF symbols. Compressed and stripped kernel images are
not supported. Tools such as
vmlinux-to-elf
can be used to
uncompress and unstrip kernel images, after which Systrack will be able to
analyze them.Copyright © 2023-2024 Marco Bonelli. Licensed under the GNU General Public License v3.0.