Alessandro Gario
  • Projects
  • GitHub
  • LinkedIn
  • RSS
Alessandro Gario

Development

mquire: Linux memory forensics without debug symbols

 Posted on March 15, 2026  |   3 min

mquire is a Linux memory forensics tool that can analyze kernel memory snapshots without relying on external debug symbols, by using BTF type data and kallsyms information already embedded inside the kernel itself. [Read More]
Categories: Development  Tags: forensics 

btfparse, a parser for linux kernel debug symbols

 Posted on February 1, 2022  |   3 min

A short post on how the BTF type format was born, why I wrote a small parser library for it and where to find it. [Read More]
Categories: Development  Tags: bpf 

Releasing two BPF tools I developed: ebpfpub and ebpfault

 Posted on January 7, 2019  |   1 min

I’ve released two new BPF tools written in C++ with LLVM: ebpfault (a system call fault injector) and ebpfpub (a system call tracer). [Read More]
Categories: Development  Tags: bpf 

© 2026 Alessandro Gario

Hugo v0.163.0 powered  •  Theme Beautiful Hugo adapted from Beautiful Jekyll