Whenever one routine calls another, certain information about the calling routine must be saved so that, upon return, execution within the calling routine can be resumed where it left off. The information from the calling routine is saved in a structure of data known as a “frame” and is “pushed” onto what is referred to as a “stack.”

During system crash dump analysis, stacks play a vital role. It is here where we find out who called whom and with what arguments. Although we can use adb’s $c command to get a C stack traceback, we will also want to be able to examine stacks by hand on some occasions. In order to be able to do that, we need to understand what a stack looks like. Before we talk about a specific architecture’s stack ...