Like strace, but lists files the program accesses. Inspired by [tracefile].
This tool's primary purpose is to assist in discovering which files/directories a program
accesses during its lifetime. It works by making use of [strace] and parsing its output to
find out which files and folders were accessed.
It supports various options, such as filtering based on file type (file, directory, symlink, pipe, socket, executable, etc).
See what files ls accesses during a normal run:
bash
ftrace -- ls
See all executable files:
bash
ftrace --type f --type x -- ls
See all paths that the program tried to access (even ones that didn't exist). This is
sometimes useful to understand a search algorithm that a program uses to find linked libraries,
etc.
bash
ftrace --non-existent -- ls
Attach to an already running process (note that this requires elevated privileges):
bash
ftrace --pid 1729
Since [strace] outputs via STDERR, if the program being run also emits output over STDERR it
can confuse ftrace. For this reason any line that ftrace doesn't recognise is ignored and not
parsed. You can print lines that weren't recognised with the --invalid flag.
First and foremost, make sure you've installed [strace] on your system.
It's almost always in your distribution's package manager.
Coming Soon! (GitHub actions is yet to be configured for this repository.)
NOTE: The minimum Rust version required is 1.46.0.
bash
cargo install ftrace
NOTE: The minimum Rust version required is 1.46.0.
bash
git clone https://github.com/acheronfail/ftrace/
cd ftrace
cargo install --path .
License: Unlicense OR MIT OR Apache-2.0