Skip to content

The design and implementation of bpftime

The hook implementation is based on binary rewriting and the underly technique is inspired by:

For more details about how to implement the inline hook, please refer to our blog: Implementing an Inline Hook in C in 5 minutes and the demo

The injection of userspace eBPF runtime into a running program is based on ptrace and also provided by frida-gum library.

How the bpftime work entirely in userspace:

How it works

How the bpftime work with kernel eBPF:

How it works with kernel eBPF

For more details, please refer to: