Skip to content

Latest commit

 

History

History
59 lines (44 loc) · 856 Bytes

README.md

File metadata and controls

59 lines (44 loc) · 856 Bytes

File Monitor for Android

A simple cli tool to monitor the file opening of application processes.

Requirement

  1. ebpf enabled kernel
    # zcat /proc/config.gz | grep CONFIG_BPF=y
    CONFIG_BPF=y
  2. kprobe enabled kernel
    # zcat /proc/config.gz | grep CONFIG_KPROBES=y
    CONFIG_KPROBES=y
  3. arm64/x86_64 architecture
    $ uname -m
    aarch64 or x86_64
  4. root required

Usage

# ./file-monitor

As Library

m, err := monitor.NewMonitor()
if err != nil {
	println(err.Error())
	return
}
defer m.Close()

m.Launch()

for {
	event, ok := <-m.Events(): 
	
	// handle events
}

Build

  1. Install make, clang, Android NDK
  2. ANDROID_NDK=/path/to/android-ndk make all

Notice

3rd party licenses
  1. bpf_core_read.h LGPL-2.1 OR BSD-2-Clause