• Stars
    star
    238
  • Rank 169,306 (Top 4 %)
  • Language
    C
  • License
    GNU Lesser Genera...
  • Created about 3 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The Linux port of the Sysinternals Sysmon tool.

SysinternalsEBPF Build Status

Build

Please see build instructions here.

Autodiscovery of Offsets

SysinternalsEBPF attempts to automatically discover the offsets of some members of some kernel structs. If this fails, please provide details of the kernel version (and config if possible) plus the error message to the GitHub issues page.

You can then generate a configuration file to override the autodiscovery by building the getOffsets module in the /opt/sysinternals/getOffsets directory. See the README.md in that directory for more information.

If you define EBPF_CO_RE in your own eBPF programs that use SysinternalsEBPF, the library will use the CORE libbpf APIs.

Manual Page

A man page for SysinternalsEBPF can be found in the package directory, and is installed by both deb and rpm packages.

Use 'find' on the package directory to locate it manually.

License

SysinternalsEBPF is licensed under LGPL2.1. SysinternalsEBPF includes libbpf, which is licensed under LGPL2.1. Libbpf can be located at https://github.com/libbpf/libbpf The SysinternalsEBPF library of eBPF code is licensed under GPL2.