Process - (Core|Memory|System) dump

Process States


A core dumps is the content of the working memory of a process at a specific time, generally when:

  • the process has crashed
  • or otherwise terminated abnormally.


A core dump represents the complete contents of the dumped regions of the address space of the dumped process.

Modern operating systems typically generate a file containing an image of the memory belonging to the crashed process, or the memory images of parts of the address space related to that process, along with other information such as:

  • the values of processor registers,
  • program counter,
  • stack pointer
  • memory management information
  • system flags
  • and other processor and operating system information.

Known Format:



Memory dump can be printed as

These files can be viewed as text, printed, or analysed tools such as:

  • on Linux systems:
  • Windows:
    • WinDbg


In Linux the core dump file generated after an application has crashed is stored in the directory from where the application was run.

To place the core dump files in another location, the “kernel.core_pattern” variable in the /etc/sysctl.conf file is used. The current value of this variable can be checked by running this command as root:

sysctl -a | grep core_pattern

The output should be similar to this:

kernel.core_pattern = core
# You may also see this output:
kernel.core_pattern = | /usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t e


  • abrt is the Automatic Bug Reporting Tool (ABRT). The daemon is running. ABRT will dynamically overwrite the destination of core files to /var/spool/abrt/.

The value can be manually reset using the sysctl -p command.

Generating a stack trace

stack trace

cd /path/to/core/file
gdb path_to_executable

Determining which executable produced the core file

The command to accomplish this is:

file <core file name>

Documentation / Reference

Discover More
Language - Symbol table

A symbol table is a used by a compiler or interpreter, where each identifier (a.k.a. symbol with a name) in a program's source code is associated with information relating to its declaration or appearance...
OS / Linux - Executable and Linkable Format (ELF)

The Executable and Linkable Format (ELF, formerly named Extensible Linking Format), is a object file format (executable files and shared libraries) used also for core dumps. The format of an ELF...
Process States
Process - Stack Trace

Stack trace OS Tools Solaris, Linux, HP-UX pstack AIX procstack Oracle database and/or clusterware processes 459694.1Procwatcher Windows windbg, procexp from core dump

Share this page:
Follow us:
Task Runner