Solved

memory dump

Posted on 2006-06-27
13
519 Views
Last Modified: 2012-06-27
how can i show memory contents of certian mamory location to the screen or out put file
0
Comment
Question by:szcuny
  • 3
  • 3
  • 2
  • +2
13 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 100 total points
ID: 16997862
You can do that e.g. like

#include <fstream>
#include <iomanip>
#include <stdlib.h>

using namespace std;

typedef unsigned char BYTE;
typedef unsigned long DWORD;

void DumpMemory ( const BYTE* pMem, const size_t sz, const char* pFile) {

    DWORD dw;

    //
    //  Try to remove files that have the same name
    //
    _unlink ( pFile );

    ofstream os;

    os.open ( pFile );

    os << setbase ( 16 );

    //
    //  Write the data with a width of 40 columns
    //
    for ( dw = 1; dw <= sz; ++dw ) {

        os << ( long) pMem [ dw ] << " ";

        if ( !( dw % 40 ) ) os << endl;
    }

    os.close ();
}

int main () {

    BYTE test [ 120 ];

    for ( int i = 0; i < 120; ++i) test [ i ] = i;

    DumpMemory ( test, 120, "memdump.txt" );

    return 0;
}
0
 
LVL 18

Assisted Solution

by:JoseParrot
JoseParrot earned 100 total points
ID: 16999007
Hi,

The following code in Borland C++ Builder would access the memory by absolute address, but causes an Access Violation:
void __fastcall TForm1::Button1Click(TObject *Sender)
{
  int i;
  register ax;

  asm {
  mov bx,0
  mov es,bx
  mov ax,[es:bx] <--- actually makes an addressing violation when attempt to read [0000:0000]
  }
  i=ax;
  Edit1->Text=i;
}

This other also (try to) access directly the memory:
void __fastcall TForm1::Button1Click(TObject *Sender)
{
   int *p;

   p = (int *)100;
   Edit1->Text=*p;
}

Conclusion: In Windows, which is a protected operating system, you will need to write a real device driver, using the Microsoft DDK. Similar occurs to Linux.

What you can is only is get a byte inside a variable, for example:
   char c = string[4];

Good times of the old DOS and Basic's PICK and POKE...

Jose
0
 

Assisted Solution

by:aveo
aveo earned 100 total points
ID: 17008204
Hi,
There is an API  ReadProcessMemory().You can search it thru MSDN.
This function reads data from an area of memory.

aveo
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 39

Assisted Solution

by:itsmeandnobodyelse
itsmeandnobodyelse earned 100 total points
ID: 17009585
Or use that:

#include <iostream>
#include <iomanip>

// print memory in hex and as strings
void dumpMemory(ostream& os, void* p, int nsiz)
{
    os << hex << p << " " << dec << nsiz << endl;
    unsigned char* pb = (unsigned char*)p;
    for (int j = 0; j < nsiz; j+=16)
    {  
        int jj;
        for (jj = j; jj < j + 16 && jj < nsiz; jj++)
        {
            os << setw(2) << setfill('0') << hex << (unsigned int)pb[jj] << dec << ' ';
        }
        for (jj = j; jj < j + 16 && jj < nsiz; jj++)
        {
            if ((pb[jj] < ' ' || pb[jj] > '~') && pb[jj] != '|')
                os << '.';
            else
                os << (char)pb[jj];
        }
        os << endl;
    }
}

That can be used like that:

int main()
{
     void* p = 0x06852410;  // any valid memory address or pointer != NULL

     dumpMemory(cout, p, 512);  // use a multiple of 16 to get a proper output
     return 0;
}


For output on file pass a ofstream object instead of cout. For output to Windows use a ostringstream object and put the contents of the stringstream string to a window using a monodistant font.

   #include <sstream>
   
   ...
   ostringstream oss;
   dumpMemory(oss, p, 512);  // use a multiple of 16 to get a proper output
   ...
   LOGFONT lf = { 0 };
   strcpy(lf.lfFaceName, "Courier");
   lf.lfHeight = 100;
   lf.lfPitchAndFamily = FIXED_PITCH;
   HFONT hf = CreatePointFontIndirect(&lf);
   SendMessage(hwnd, WM_SETFONT, (WPARAM)hf, 0)
   SetWindowText(hwnd, oss.str().c_str());

Regards, Alex


Regards, Alex
0
 
LVL 4

Assisted Solution

by:havman56
havman56 earned 100 total points
ID: 17011089


very easy no need of any programming code .........ha ha

go to ur cmd prompt

1. type debug
2. then type -d 8000 80ff
3. displays ur memory
4. copy and save it in file

wowwwwwwww so easy !  curious whether this is what u need .

here i used 8000, 80ff as example u can give ur own address

0
 
LVL 39

Expert Comment

by:itsmeandnobodyelse
ID: 17011453
>>>> wowwwwwwww so easy

A GUI debugger has some advantages over a commandline debugger that hardly can be compensated  by a memory dump output.

It's 16 years ago I lastly used a commandline debugger. And I do not regret.

Regards, Alex
0
 
LVL 18

Expert Comment

by:JoseParrot
ID: 17012600
As per my understanding, havman56 answer satisfy 100% what stated in the question. The only constraint is that we are in a C++ Programming area, so it is implicit that szcuny waits for some hints on C++ programing to pick memory content.

Random access to memory outside the addresses reserved by Windows for the program will be stoped by Windows, as an access violation.

If the objective is to watch the memory area occupied by a variable, it is trivial. I think what szcuny waits is a way of, given any valid address, say 00000010:00000100, get the values in a predifined range and show the contents of such memory space.

The only way I know is to write a low level program with freedom to access any memory address. This is why I pointed to the DDK - Device Drive Kit.

Jose
0
 
LVL 39

Expert Comment

by:itsmeandnobodyelse
ID: 17015972
Maybe there is some confusion here:

if starting the debugger from the commandline not passing an executable to debug, the addresses that could be dumped are *physical* memory addresses. If you got a pointer in your progrgram it's *virtual* memory mapped from the OS. So entering an address of your virtual memory to the debugger won't show you the contents you ainterested of. You either would need to recalculate the virtual address to a physical one - what might be difficult or impossible if the memory actually was swapped - or start the executable in question via the (commandline) debugger what is a different game either.

Note, the dump output function I posted above has an equivalent output to that of the debugger.

Regards, Alex




0
 
LVL 4

Expert Comment

by:havman56
ID: 17020421
yeah i agree for both of u .

but when u need memory dump command line dump is suffient . i guess so :)

i also agree when u need mapped memory or paging, virtual memory etc .....  u cannot do command line

jose many thanks for support for my answer . i dunno whether i deserve it !
0
 
LVL 4

Expert Comment

by:havman56
ID: 17265258


mmmmmmmmmmm?
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is C++ STL?: STL stands for Standard Template Library and is a part of standard C++ libraries. It contains many useful data structures (containers) and algorithms, which can spare you a lot of the time. Today we will look at the STL Vector. …
C++ Properties One feature missing from standard C++ that you will find in many other Object Oriented Programming languages is something called a Property (http://www.experts-exchange.com/Programming/Languages/CPP/A_3912-Object-Properties-in-C.ht…
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question