-
intentrace
intentrace is strace with intent, it goes all the way for you instead of half the way. intentrace is currently in beta
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
-
While it doesn't capture every syscall, you can get pretty far with the (seemingly little known) Endpoint Security Framework: https://developer.apple.com/documentation/endpointsecurity
I cobbled together a little tool at my previous job that would capture a full trace of all process fork+exec and file opens, which would then present all of these events in the usual tracing UI (like you'd get when view a trace of a single program with Tracy[1] or Perfetto[2]).
We had a massive monorepo built with bazel and a heap of shell, and it wasn't clear which part of our code base was responsible for generating some mis-generated file. This tool gave me the whole inter-process call stack, complete with arguments and environment variables, letting me quickly find where and how to fix the problem.
It's such a nice tool to have that it kinda blows my mind that no one has openly published anything like it. By leveraging eBPF on Linux, the same UI could be used on both macOS and Linux. If I had more time and energy, I'd do it myself.
[1]: https://github.com/wolfpld/tracy
[2]: https://perfetto.dev/