No 3rd party kernel module required. These tools get their superpowers from BPF: an in-kernel virtual machine that can run tracing programs safely and efficiently (JIT & in-kernel aggregations). BPF is built into the Linux kernel, and bcc uses features added in the 4.x series.
Observe the execution of any software. These tools use static and dynamic tracing of both user- and kernel-level code (via kprobes, uprobes, tracepoints, and USDT). Trace block device I/O, TCP functions, file system operations, syscalls, Node.js probes, and lots more.
Dozens of performance analysis tools are included with example files and man pages. Classics like bitesize, execsnoop, opensnoop, and zfsslower, as well as new tools including offcputime and memleak. Write you own tools using bcc’s Python or lua front ends.