gcore

gcore [OPTION]... PID
Where PID is the process ID of the target running process.

-o FILE, --output=FILE
    Specifies the name of the output core dump file. If this option is omitted, `gcore` defaults to creating a file named `core.PID` in the current working directory, where `PID` is the process ID of the dumped process.

`gcore` is a utility that generates a core dump file from a currently running process. This is particularly useful for post-mortem debugging, allowing developers and system administrators to inspect the memory state of a program at a specific point in time without terminating it. Unlike terminating a process with `SIGSEGV` or similar signals which might generate a core dump, `gcore` allows you to non-invasively capture the process's memory snapshot. The generated core file can then be loaded into a debugger like `gdb` to analyze the program's state, variables, and call stack, helping to diagnose issues like crashes, hangs, or unexpected behavior. It effectively freezes the process briefly to take the snapshot, minimizing disruption to a live system.

Permissions: To generate a core dump, `gcore` typically requires the same user ID as the target process or root privileges.
Process State: While `gcore` aims to be non-invasive, it briefly pauses the target process to capture the memory state. This pause, though usually very short, might impact real-time applications or sensitive systems.
Disk Space: Core dump files can be very large, consuming significant disk space, especially for processes with large memory footprints. Ensure sufficient free space before generating a dump.
`ptrace` limitations: `gcore` relies on the `ptrace` system call. If `ptrace` is restricted (e.g., via `YAMA` security module, `sysctl kernel.ptrace_scope`), `gcore` might fail.

Once a core dump file (`core.PID` or a custom file name) is generated, it can be loaded into `gdb` for analysis. The typical command for this is:
gdb executable_path core_file_path
For example: gdb /usr/bin/myprogram core.12345
Inside `gdb`, you can then use commands like bt (backtrace), info locals, print variable, etc., to inspect the program's state at the time the core dump was taken.

The `gcore` utility is typically distributed as part of the `gdb` (GNU Debugger) package or the `binutils` project. Its development is intertwined with `gdb`'s capabilities, providing a standalone method to achieve what `gdb` can do interactively: capture a process's memory image for later inspection. It emerged as a convenient tool for system administrators and developers needing to quickly diagnose issues on live systems without having to attach `gdb` and then manually detach.

gdb(1), kill(1), core(5), proc(5)