Finding out where Syscalls are Called From: Stack Traces with Strace
One of the great strengths of strace as a debugging tool is that it shows you what a program is doing regardless of whether it was compiled with debug info or not. The downside of this is that you only see the program’s syscall. You can use this information to deduce what is happening in the program but you don’t see from where in the program those syscalls originate.
The good news is that if your program was compiled with debug info strace can actually show a stack trace for every syscall in your binary.
This program uses the printf function to print three lines of output. This function is part of the C standard library. To actually output the text it has to call the operating system by using the syscall write. We will look for this later in the strace output.
What we see here is that after every syscall (in this example only write and exit_group are shown) strace prints a stack trace that led to the call of the syscall. The stack trace has to be read from the bottom to the top with the top line being the function that made the actual syscall.
