/eparser

Primary LanguageGoApache License 2.0Apache-2.0

EParser

EParser is a simple utility that can be used to dump the eBPF programs and maps of an ELF file.

System requirements

  • golang 1.13+
  • This project was developed on an Ubuntu Focal machine (Linux Kernel 5.4) but should be compatible with 4.13+ kernels (not tested).

Build

  1. To build EParser, run:
# ~ make build
  1. To install EParser (copy to /usr/bin/eparser) run:
# ~ make install

Getting started

Run eparser -h to get help.

# ~ eparser -h
Usage:
  eparser [command]

Available Commands:
  help        Help about any command
  map         prints information about one or multiple maps
  prog        prints information about one or multiple programs

Flags:
  -a, --asset string   path to the eBPF asset (ELF format expected)
  -h, --help           help for eparser

Use "eparser [command] --help" for more information about a command.

Examples

List all the program sections provided in the ELF file

# ~ eparser prog --asset my_elf_file.o

Dump the bytecode of a program

# ~ eparser prog --asset my_elf_file.o --section kprobe/my_program --dump

List all the maps declared in the ELF file

# ~ eparser map --asset my_elf_file.o