Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 545
  • Last Modified:

memory dump

how can i show memory contents of certian mamory location to the screen or out put file
0
szcuny
Asked:
szcuny
  • 3
  • 3
  • 2
  • +2
5 Solutions
 
jkrCommented:
You can do that e.g. like

#include <fstream>
#include <iomanip>
#include <stdlib.h>

using namespace std;

typedef unsigned char BYTE;
typedef unsigned long DWORD;

void DumpMemory ( const BYTE* pMem, const size_t sz, const char* pFile) {

    DWORD dw;

    //
    //  Try to remove files that have the same name
    //
    _unlink ( pFile );

    ofstream os;

    os.open ( pFile );

    os << setbase ( 16 );

    //
    //  Write the data with a width of 40 columns
    //
    for ( dw = 1; dw <= sz; ++dw ) {

        os << ( long) pMem [ dw ] << " ";

        if ( !( dw % 40 ) ) os << endl;
    }

    os.close ();
}

int main () {

    BYTE test [ 120 ];

    for ( int i = 0; i < 120; ++i) test [ i ] = i;

    DumpMemory ( test, 120, "memdump.txt" );

    return 0;
}
0
 
Jose ParrotGraphics ExpertCommented:
Hi,

The following code in Borland C++ Builder would access the memory by absolute address, but causes an Access Violation:
void __fastcall TForm1::Button1Click(TObject *Sender)
{
  int i;
  register ax;

  asm {
  mov bx,0
  mov es,bx
  mov ax,[es:bx] <--- actually makes an addressing violation when attempt to read [0000:0000]
  }
  i=ax;
  Edit1->Text=i;
}

This other also (try to) access directly the memory:
void __fastcall TForm1::Button1Click(TObject *Sender)
{
   int *p;

   p = (int *)100;
   Edit1->Text=*p;
}

Conclusion: In Windows, which is a protected operating system, you will need to write a real device driver, using the Microsoft DDK. Similar occurs to Linux.

What you can is only is get a byte inside a variable, for example:
   char c = string[4];

Good times of the old DOS and Basic's PICK and POKE...

Jose
0
 
aveoCommented:
Hi,
There is an API  ReadProcessMemory().You can search it thru MSDN.
This function reads data from an area of memory.

aveo
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
itsmeandnobodyelseCommented:
Or use that:

#include <iostream>
#include <iomanip>

// print memory in hex and as strings
void dumpMemory(ostream& os, void* p, int nsiz)
{
    os << hex << p << " " << dec << nsiz << endl;
    unsigned char* pb = (unsigned char*)p;
    for (int j = 0; j < nsiz; j+=16)
    {  
        int jj;
        for (jj = j; jj < j + 16 && jj < nsiz; jj++)
        {
            os << setw(2) << setfill('0') << hex << (unsigned int)pb[jj] << dec << ' ';
        }
        for (jj = j; jj < j + 16 && jj < nsiz; jj++)
        {
            if ((pb[jj] < ' ' || pb[jj] > '~') && pb[jj] != '|')
                os << '.';
            else
                os << (char)pb[jj];
        }
        os << endl;
    }
}

That can be used like that:

int main()
{
     void* p = 0x06852410;  // any valid memory address or pointer != NULL

     dumpMemory(cout, p, 512);  // use a multiple of 16 to get a proper output
     return 0;
}


For output on file pass a ofstream object instead of cout. For output to Windows use a ostringstream object and put the contents of the stringstream string to a window using a monodistant font.

   #include <sstream>
   
   ...
   ostringstream oss;
   dumpMemory(oss, p, 512);  // use a multiple of 16 to get a proper output
   ...
   LOGFONT lf = { 0 };
   strcpy(lf.lfFaceName, "Courier");
   lf.lfHeight = 100;
   lf.lfPitchAndFamily = FIXED_PITCH;
   HFONT hf = CreatePointFontIndirect(&lf);
   SendMessage(hwnd, WM_SETFONT, (WPARAM)hf, 0)
   SetWindowText(hwnd, oss.str().c_str());

Regards, Alex


Regards, Alex
0
 
havman56Commented:


very easy no need of any programming code .........ha ha

go to ur cmd prompt

1. type debug
2. then type -d 8000 80ff
3. displays ur memory
4. copy and save it in file

wowwwwwwww so easy !  curious whether this is what u need .

here i used 8000, 80ff as example u can give ur own address

0
 
itsmeandnobodyelseCommented:
>>>> wowwwwwwww so easy

A GUI debugger has some advantages over a commandline debugger that hardly can be compensated  by a memory dump output.

It's 16 years ago I lastly used a commandline debugger. And I do not regret.

Regards, Alex
0
 
Jose ParrotGraphics ExpertCommented:
As per my understanding, havman56 answer satisfy 100% what stated in the question. The only constraint is that we are in a C++ Programming area, so it is implicit that szcuny waits for some hints on C++ programing to pick memory content.

Random access to memory outside the addresses reserved by Windows for the program will be stoped by Windows, as an access violation.

If the objective is to watch the memory area occupied by a variable, it is trivial. I think what szcuny waits is a way of, given any valid address, say 00000010:00000100, get the values in a predifined range and show the contents of such memory space.

The only way I know is to write a low level program with freedom to access any memory address. This is why I pointed to the DDK - Device Drive Kit.

Jose
0
 
itsmeandnobodyelseCommented:
Maybe there is some confusion here:

if starting the debugger from the commandline not passing an executable to debug, the addresses that could be dumped are *physical* memory addresses. If you got a pointer in your progrgram it's *virtual* memory mapped from the OS. So entering an address of your virtual memory to the debugger won't show you the contents you ainterested of. You either would need to recalculate the virtual address to a physical one - what might be difficult or impossible if the memory actually was swapped - or start the executable in question via the (commandline) debugger what is a different game either.

Note, the dump output function I posted above has an equivalent output to that of the debugger.

Regards, Alex




0
 
havman56Commented:
yeah i agree for both of u .

but when u need memory dump command line dump is suffient . i guess so :)

i also agree when u need mapped memory or paging, virtual memory etc .....  u cannot do command line

jose many thanks for support for my answer . i dunno whether i deserve it !
0
 
havman56Commented:


mmmmmmmmmmm?
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now