I don't think you get it. Getting the address of the function call and capturing the entire call stack of a running process is trivial. It has been possible to do this for decades on all platforms where the ABI is known. Knowing what address belongs to which function, knowing the type of the parameters, return values, etc, requires a ton of effort. But I could be wrong. Can you point to any common usecase of dtrace where people use it when no debugging symbols and no providers are present in the user code and everything has to be reverse engineered? I'm not going to bother with inlined functions and the like - which would be unfair for any tool to automatically know about.