A system call tracer for macOS using the LLDB debugger API.
Status: Beta - Core functionality works, but some features are still in development.
Features
Works with SIP enabled - Unlike dtruss , doesn't require disabling System Integrity Protection
- Unlike , doesn't require disabling System Integrity Protection Pure Python implementation - No kernel extensions or compiled components
- No kernel extensions or compiled components Multiple output formats - JSON Lines and strace-compatible text output
- JSON Lines and strace-compatible text output Syscall filtering - Filter by syscall name or category ( -e trace=file , -e trace=network )
- Filter by syscall name or category ( , ) Symbolic decoding - Automatically decodes flags, error codes, and struct fields
- Automatically decodes flags, error codes, and struct fields Color output - Syntax highlighting when output is a TTY
- Syntax highlighting when output is a TTY Summary statistics - Time/call/error counts with -c
... continue reading