It is possible to get full information of a process by digging into its directory under /proc. However, it’s not so easy for newbies to understand the data. What if some tools which could present the information in a comprehensible way? This article explores three such utilities.

We will track a process by its PID on Ubuntu. The easiest way to get the PID of a running process by its name is:

$ pidof yandex-browser-beta 21906 21887 21880

The instance with PID 21880 is our pick.

1. Statistics of a process

prtstat shows the CPU affinity, threads, state, process, group and sessions ID, page faults, CPU times, memory and scheduling information of a process.

$ sudo prtstat 21880 Process: yandex_browser State: S (sleeping) CPU#: 0 TTY: 0:0 Threads: 1 Process, Group and Session IDs Process ID: 21880 Parent ID: 21879 Group ID: 1086 Session ID: 1086 T Group ID: -1 Page Faults This Process (minor major): 4481 0 Child Processes (minor major): 113 0 CPU Times This Process (user system guest blkio): 0.02 0.01 0.00 0.00 Child processes (user system guest): 0.00 0.00 0.00 Memory Vsize: 378 MB RSS: 44 MB RSS Limit: 18446744073709 MB Code Start: 0x7f2b4f372000 Code Stop: 0x7f2b548d4210 Stack Start: 0x7fffcb779250 Stack Pointer (ESP): 0x7fffcb778618 Inst Pointer (EIP): 0x7f2b48a27c3b Scheduling Policy: normal Nice: 0 RT Priority: 0 (non RT)

prtstat is installed by default on Ubuntu. Otherwise, run:

$ sudo apt-get install psmisc

2. Files opened by a process

lsof will show all the files a running process has opened. That includes regular files, directories, block special files, character special files, executing text references, libraries, stream or network files (Internet socket, NFS file or UNIX domain socket).

$ lsof -a -p 21880 yandex_br 21880 neo rtd DIR 0,4 0 651549 /proc/21881/fdinfo yandex_br 21880 neo txt REG 8,2 94290504 131695 /opt/yandex/browser-beta/yandex_browser yandex_br 21880 neo mem REG 8,2 17354336 132390 /usr/lib/pepperflashplugin-nonfree/libpepflashplayer.so yandex_br 21880 neo mem REG 8,2 14223936 132619 /opt/yandex/browser-beta/libyapdf.so ... yandex_br 21880 neo 0r CHR 1,3 0t0 1029 /dev/null yandex_br 21880 neo 1w FIFO 0,9 0t0 650715 pipe yandex_br 21880 neo 2w FIFO 0,9 0t0 650717 pipe yandex_br 21880 neo 3u unix 0x0000000000000000 0t0 651540 socket yandex_br 21880 neo 4r REG 8,2 10456832 132611 /opt/yandex/browser-beta/icudtl.dat yandex_br 21880 neo 5u sock 0,8 0t0 649878 can't identify protocol yandex_br 21880 neo 6u unix 0x0000000000000000 0t0 651536 socket

lsof is installed by default on Ubuntu. Otherwise, run:

$ sudo apt-get install lsof

3. Stack trace of a process

pstack shows the stack trace of a running process. Note that the debugging symbols have to be enabled in the binary to make any sense of the output. The binary should not be stripped. Another limitation is it supports only 32-bit ELF binaries at the time of writing.

$ pstack 21880 21880: /opt/yandex/browser-beta/yandex_browser --type=zygote --user-id=9C458564-5009-A49F-B1C9-5FF0676BFBD5 --user-data-dir=/home/a... (No symbols found) crawl: Input/output error Error tracing through process 21880

To install pstack on Ubuntu:

$ sudo apt-get install pstack

For 64-bit, another option is to check the stack information directly from /proc:

$ cat /proc/21880/stack [<0000000000000000>] do_wait+0x1e8/0x260 [<0000000000000000>] SyS_waitid+0x85/0x190 [<0000000000000000>] system_call_fastpath+0x16/0x1b [<0000000000000000>] 0xffffffffffffffff

Tip

To check the stack of the running kernel:

$ cat /proc/self/stack [<0000000000000000>] save_stack_trace_tsk+0x26/0x50 [<0000000000000000>] proc_pid_stack+0xa4/0xf0 [<0000000000000000>] proc_single_show+0x5f/0xa0 [<0000000000000000>] seq_read+0xfb/0x3c0 [<0000000000000000>] __vfs_read+0x18/0x50 [<0000000000000000>] vfs_read+0x95/0x130 [<0000000000000000>] SyS_read+0x4f/0xb0 [<0000000000000000>] system_call_fastpath+0x16/0x1b [<0000000000000000>] 0xffffffffffffffff