Pstack + lsstack

Overview

Pstack and lsstack are a port of lsstack program from Solaris systems.

They print the call stacks for all threads in a command line given process, with symbolic names for functions.

Implementation

To do his work either pstack and lsstack uses ptrace call and /proc/PID/exe link to the program executable.

First of all, pstack/lsstack reads all simbols of the executable from /proc/PID/exe link using ELF specification. Then begins reading process stack using ptrace in this way:

1. ptrace(PTRACE_ATTACH, pid, 0, 0) --> Initialices the trace.

2. ptrace(PTRACE_PEEKDATA, pid, addr, 0) --> Returns a word that is in the location of addr from pid.

3. ptrace(PTRACE_PEEKUSER, pid, reg, 0) --> Reads a word at offset addr in the children's user area (where are registers and other proces info, see and ).

4. ptrace(PTRACE_CONT, thePid, 1, 0) --> Ends the trace.