LinuxCommandLibrary

frida-trace

Dynamic function call tracer using Frida

TLDR

Trace functions matching a pattern in a process

$ frida-trace -i "[pattern]" [process_name]
copy
Trace all functions in a specific module
$ frida-trace -I "[module]" [process_name]
copy
Trace Objective-C methods matching a pattern
$ frida-trace -m "[pattern]" [process_name]
copy
Trace Java methods on an Android device
$ frida-trace -U -f [com.example.app] -j "[pattern]"
copy
Spawn a program and trace its imports
$ frida-trace -T -f [/path/to/binary]
copy
Trace a function at a specific offset in a stripped binary
$ frida-trace -p [pid] -a "[module]![0xoffset]"
copy
Trace functions on a USB-connected device with module decoration
$ frida-trace -U --decorate -i "[pattern]" [app_name]
copy

SYNOPSIS

frida-trace [options] [target]

DESCRIPTION

frida-trace is a tool for dynamically tracing function calls in running processes. It can hook native functions (C/C++), Objective-C methods, Swift functions, and Java methods, logging their invocation with arguments and return values.
When you trace a function, frida-trace auto-generates JavaScript handler stubs in a \_\_handlers\_\_/ directory that you can customize to log arguments, modify return values, or implement arbitrary instrumentation logic. If a handler file already exists, it will not be overwritten.
The include (-i, -I) and exclude (-x, -X) options are procedural; each operates on the current working set of functions, so their order matters.

PARAMETERS

-i FUNCTION, --include FUNCTION

Include [MODULE!]FUNCTION (glob pattern)
-x FUNCTION, --exclude FUNCTION
Exclude [MODULE!]FUNCTION (glob pattern)
-I MODULE, --include-module MODULE
Include all functions in MODULE (glob pattern)
-X MODULE, --exclude-module MODULE
Exclude all functions in MODULE (glob pattern)
-a MODULE!OFFSET, --add MODULE!OFFSET
Add function at OFFSET in MODULE (for stripped binaries)
-T, --include-imports
Include the program's imports
-t MODULE, --include-module-imports MODULE
Include MODULE's imports
-m METHOD, --include-objc-method METHOD
Include Objective-C METHOD (glob pattern)
-M METHOD, --exclude-objc-method METHOD
Exclude Objective-C METHOD (glob pattern)
-y FUNC, --include-swift-func FUNC
Include Swift FUNC (glob pattern)
-Y FUNC, --exclude-swift-func FUNC
Exclude Swift FUNC (glob pattern)
-j METHOD, --include-java-method METHOD
Include Java METHOD (glob pattern)
-J METHOD, --exclude-java-method METHOD
Exclude Java METHOD (glob pattern)
-d, --decorate
Add module name to generated onEnter log statement
-q, --quiet
Do not format output messages
-o FILE, --output FILE
Dump messages to file
-S PATH, --init-session PATH
Path to JavaScript file used to initialize session
-f TARGET, --file TARGET
Spawn FILE as a new process
-p PID, --attach-pid PID
Attach to process by PID
-U, --usb
Connect to USB device
-D ID, --device ID
Connect to device with the given ID

CAVEATS

Tracing many functions with broad glob patterns (like **-i "\*") can severely slow down or freeze the target process. For stripped binaries without symbol information, you must use -a MODULE!OFFSET which requires prior knowledge of function offsets from static analysis tools like Ghidra or IDA Pro. The handler directory (\\handlers\\/**) is created in the current working directory; existing handlers are not overwritten, which can cause confusion if tracing targets change. Root or elevated privileges are required for cross-process injection.

HISTORY

frida-trace was one of the earliest tools built on top of the Frida core, included in the frida-tools package since Frida's public release in 2014. Its function tracing capability leverages Frida's Stalker code tracing component. Over the years, support was added for Objective-C methods, Swift functions, and Java methods, reflecting the tool's evolution alongside the mobile security research community.

SEE ALSO

frida(1), frida-ps(1), strace(1), ltrace(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard