Expand description

This crate provides a cross platform way of querying information about other processes running on the system. This let’s you build profiling and debugging tools.


  • Getting the process executable name and current working directory
  • Listing all the threads in the process
  • Suspending the execution of a process or thread
  • Returning if a thread is running or not
  • Getting a stack trace for a thread in the target process
  • Resolve symbols for an address in the other process
  • Copy memory from the other process (using the read_process_memory crate)

This crate provides implementations for Linux, OSX and Windows. However this crate is still very much in alpha stage, and the following caveats apply:

  • Stack unwinding only works on x86_64 processors right now, and is disabled for arm/x86
  • the OSX stack unwinding code is very unstable and shouldn’t be relied on
  • Getting the cwd on windows returns incorrect results


fn get_backtrace(pid: remoteprocess::Pid) -> Result<(), remoteprocess::Error> {
    // Create a new handle to the process
    let process = remoteprocess::Process::new(pid)?;
    // Create a stack unwind object, and use it to get the stack for each thread
    let unwinder = process.unwinder()?;
    let symbolicator = process.symbolicator()?;
    for thread in process.threads()?.iter() {
        println!("Thread {} - {}", thread.id()?, if thread.active()? { "running" } else { "idle" });

        // lock the thread to get a consistent snapshot (unwinding will fail otherwise)
        // Note: the thread will appear idle when locked, so we are calling
        // thread.active() before this
        let _lock = thread.lock()?;

        // Iterate over the callstack for the current thread
        for ip in unwinder.cursor(&thread)? {
            let ip = ip?;

            // Lookup the current stack frame containing a filename/function/linenumber etc
            // for the current address
            symbolicator.symbolicate(ip, true, &mut |sf| {
                println!("\t{}", sf);


This locks a target process using ptrace, and prevents it from running while this struct is alive



Type Definitions