Solved

memory dump

Posted on 2006-06-27
13
509 Views
Last Modified: 2012-06-27
how can i show memory contents of certian mamory location to the screen or out put file
0
Comment
Question by:szcuny
  • 3
  • 3
  • 2
  • +2
13 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 100 total points
Comment Utility
You can do that e.g. like

#include <fstream>
#include <iomanip>
#include <stdlib.h>

using namespace std;

typedef unsigned char BYTE;
typedef unsigned long DWORD;

void DumpMemory ( const BYTE* pMem, const size_t sz, const char* pFile) {

    DWORD dw;

    //
    //  Try to remove files that have the same name
    //
    _unlink ( pFile );

    ofstream os;

    os.open ( pFile );

    os << setbase ( 16 );

    //
    //  Write the data with a width of 40 columns
    //
    for ( dw = 1; dw <= sz; ++dw ) {

        os << ( long) pMem [ dw ] << " ";

        if ( !( dw % 40 ) ) os << endl;
    }

    os.close ();
}

int main () {

    BYTE test [ 120 ];

    for ( int i = 0; i < 120; ++i) test [ i ] = i;

    DumpMemory ( test, 120, "memdump.txt" );

    return 0;
}
0
 
LVL 18

Assisted Solution

by:JoseParrot
JoseParrot earned 100 total points
Comment Utility
Hi,

The following code in Borland C++ Builder would access the memory by absolute address, but causes an Access Violation:
void __fastcall TForm1::Button1Click(TObject *Sender)
{
  int i;
  register ax;

  asm {
  mov bx,0
  mov es,bx
  mov ax,[es:bx] <--- actually makes an addressing violation when attempt to read [0000:0000]
  }
  i=ax;
  Edit1->Text=i;
}

This other also (try to) access directly the memory:
void __fastcall TForm1::Button1Click(TObject *Sender)
{
   int *p;

   p = (int *)100;
   Edit1->Text=*p;
}

Conclusion: In Windows, which is a protected operating system, you will need to write a real device driver, using the Microsoft DDK. Similar occurs to Linux.

What you can is only is get a byte inside a variable, for example:
   char c = string[4];

Good times of the old DOS and Basic's PICK and POKE...

Jose
0
 

Assisted Solution

by:aveo
aveo earned 100 total points
Comment Utility
Hi,
There is an API  ReadProcessMemory().You can search it thru MSDN.
This function reads data from an area of memory.

aveo
0
 
LVL 39

Assisted Solution

by:itsmeandnobodyelse
itsmeandnobodyelse earned 100 total points
Comment Utility
Or use that:

#include <iostream>
#include <iomanip>

// print memory in hex and as strings
void dumpMemory(ostream& os, void* p, int nsiz)
{
    os << hex << p << " " << dec << nsiz << endl;
    unsigned char* pb = (unsigned char*)p;
    for (int j = 0; j < nsiz; j+=16)
    {  
        int jj;
        for (jj = j; jj < j + 16 && jj < nsiz; jj++)
        {
            os << setw(2) << setfill('0') << hex << (unsigned int)pb[jj] << dec << ' ';
        }
        for (jj = j; jj < j + 16 && jj < nsiz; jj++)
        {
            if ((pb[jj] < ' ' || pb[jj] > '~') && pb[jj] != '|')
                os << '.';
            else
                os << (char)pb[jj];
        }
        os << endl;
    }
}

That can be used like that:

int main()
{
     void* p = 0x06852410;  // any valid memory address or pointer != NULL

     dumpMemory(cout, p, 512);  // use a multiple of 16 to get a proper output
     return 0;
}


For output on file pass a ofstream object instead of cout. For output to Windows use a ostringstream object and put the contents of the stringstream string to a window using a monodistant font.

   #include <sstream>
   
   ...
   ostringstream oss;
   dumpMemory(oss, p, 512);  // use a multiple of 16 to get a proper output
   ...
   LOGFONT lf = { 0 };
   strcpy(lf.lfFaceName, "Courier");
   lf.lfHeight = 100;
   lf.lfPitchAndFamily = FIXED_PITCH;
   HFONT hf = CreatePointFontIndirect(&lf);
   SendMessage(hwnd, WM_SETFONT, (WPARAM)hf, 0)
   SetWindowText(hwnd, oss.str().c_str());

Regards, Alex


Regards, Alex
0
 
LVL 4

Assisted Solution

by:havman56
havman56 earned 100 total points
Comment Utility


very easy no need of any programming code .........ha ha

go to ur cmd prompt

1. type debug
2. then type -d 8000 80ff
3. displays ur memory
4. copy and save it in file

wowwwwwwww so easy !  curious whether this is what u need .

here i used 8000, 80ff as example u can give ur own address

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 39

Expert Comment

by:itsmeandnobodyelse
Comment Utility
>>>> wowwwwwwww so easy

A GUI debugger has some advantages over a commandline debugger that hardly can be compensated  by a memory dump output.

It's 16 years ago I lastly used a commandline debugger. And I do not regret.

Regards, Alex
0
 
LVL 18

Expert Comment

by:JoseParrot
Comment Utility
As per my understanding, havman56 answer satisfy 100% what stated in the question. The only constraint is that we are in a C++ Programming area, so it is implicit that szcuny waits for some hints on C++ programing to pick memory content.

Random access to memory outside the addresses reserved by Windows for the program will be stoped by Windows, as an access violation.

If the objective is to watch the memory area occupied by a variable, it is trivial. I think what szcuny waits is a way of, given any valid address, say 00000010:00000100, get the values in a predifined range and show the contents of such memory space.

The only way I know is to write a low level program with freedom to access any memory address. This is why I pointed to the DDK - Device Drive Kit.

Jose
0
 
LVL 39

Expert Comment

by:itsmeandnobodyelse
Comment Utility
Maybe there is some confusion here:

if starting the debugger from the commandline not passing an executable to debug, the addresses that could be dumped are *physical* memory addresses. If you got a pointer in your progrgram it's *virtual* memory mapped from the OS. So entering an address of your virtual memory to the debugger won't show you the contents you ainterested of. You either would need to recalculate the virtual address to a physical one - what might be difficult or impossible if the memory actually was swapped - or start the executable in question via the (commandline) debugger what is a different game either.

Note, the dump output function I posted above has an equivalent output to that of the debugger.

Regards, Alex




0
 
LVL 4

Expert Comment

by:havman56
Comment Utility
yeah i agree for both of u .

but when u need memory dump command line dump is suffient . i guess so :)

i also agree when u need mapped memory or paging, virtual memory etc .....  u cannot do command line

jose many thanks for support for my answer . i dunno whether i deserve it !
0
 
LVL 4

Expert Comment

by:havman56
Comment Utility


mmmmmmmmmmm?
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

  Included as part of the C++ Standard Template Library (STL) is a collection of generic containers. Each of these containers serves a different purpose and has different pros and cons. It is often difficult to decide which container to use and …
Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now