• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 572
  • Last Modified:

memory dump

how can i show memory contents of certian mamory location to the screen or out put file
0
szcuny
Asked:
szcuny
  • 3
  • 3
  • 2
  • +2
5 Solutions
 
jkrCommented:
You can do that e.g. like

#include <fstream>
#include <iomanip>
#include <stdlib.h>

using namespace std;

typedef unsigned char BYTE;
typedef unsigned long DWORD;

void DumpMemory ( const BYTE* pMem, const size_t sz, const char* pFile) {

    DWORD dw;

    //
    //  Try to remove files that have the same name
    //
    _unlink ( pFile );

    ofstream os;

    os.open ( pFile );

    os << setbase ( 16 );

    //
    //  Write the data with a width of 40 columns
    //
    for ( dw = 1; dw <= sz; ++dw ) {

        os << ( long) pMem [ dw ] << " ";

        if ( !( dw % 40 ) ) os << endl;
    }

    os.close ();
}

int main () {

    BYTE test [ 120 ];

    for ( int i = 0; i < 120; ++i) test [ i ] = i;

    DumpMemory ( test, 120, "memdump.txt" );

    return 0;
}
0
 
Jose ParrotGraphics ExpertCommented:
Hi,

The following code in Borland C++ Builder would access the memory by absolute address, but causes an Access Violation:
void __fastcall TForm1::Button1Click(TObject *Sender)
{
  int i;
  register ax;

  asm {
  mov bx,0
  mov es,bx
  mov ax,[es:bx] <--- actually makes an addressing violation when attempt to read [0000:0000]
  }
  i=ax;
  Edit1->Text=i;
}

This other also (try to) access directly the memory:
void __fastcall TForm1::Button1Click(TObject *Sender)
{
   int *p;

   p = (int *)100;
   Edit1->Text=*p;
}

Conclusion: In Windows, which is a protected operating system, you will need to write a real device driver, using the Microsoft DDK. Similar occurs to Linux.

What you can is only is get a byte inside a variable, for example:
   char c = string[4];

Good times of the old DOS and Basic's PICK and POKE...

Jose
0
 
aveoCommented:
Hi,
There is an API  ReadProcessMemory().You can search it thru MSDN.
This function reads data from an area of memory.

aveo
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
itsmeandnobodyelseCommented:
Or use that:

#include <iostream>
#include <iomanip>

// print memory in hex and as strings
void dumpMemory(ostream& os, void* p, int nsiz)
{
    os << hex << p << " " << dec << nsiz << endl;
    unsigned char* pb = (unsigned char*)p;
    for (int j = 0; j < nsiz; j+=16)
    {  
        int jj;
        for (jj = j; jj < j + 16 && jj < nsiz; jj++)
        {
            os << setw(2) << setfill('0') << hex << (unsigned int)pb[jj] << dec << ' ';
        }
        for (jj = j; jj < j + 16 && jj < nsiz; jj++)
        {
            if ((pb[jj] < ' ' || pb[jj] > '~') && pb[jj] != '|')
                os << '.';
            else
                os << (char)pb[jj];
        }
        os << endl;
    }
}

That can be used like that:

int main()
{
     void* p = 0x06852410;  // any valid memory address or pointer != NULL

     dumpMemory(cout, p, 512);  // use a multiple of 16 to get a proper output
     return 0;
}


For output on file pass a ofstream object instead of cout. For output to Windows use a ostringstream object and put the contents of the stringstream string to a window using a monodistant font.

   #include <sstream>
   
   ...
   ostringstream oss;
   dumpMemory(oss, p, 512);  // use a multiple of 16 to get a proper output
   ...
   LOGFONT lf = { 0 };
   strcpy(lf.lfFaceName, "Courier");
   lf.lfHeight = 100;
   lf.lfPitchAndFamily = FIXED_PITCH;
   HFONT hf = CreatePointFontIndirect(&lf);
   SendMessage(hwnd, WM_SETFONT, (WPARAM)hf, 0)
   SetWindowText(hwnd, oss.str().c_str());

Regards, Alex


Regards, Alex
0
 
havman56Commented:


very easy no need of any programming code .........ha ha

go to ur cmd prompt

1. type debug
2. then type -d 8000 80ff
3. displays ur memory
4. copy and save it in file

wowwwwwwww so easy !  curious whether this is what u need .

here i used 8000, 80ff as example u can give ur own address

0
 
itsmeandnobodyelseCommented:
>>>> wowwwwwwww so easy

A GUI debugger has some advantages over a commandline debugger that hardly can be compensated  by a memory dump output.

It's 16 years ago I lastly used a commandline debugger. And I do not regret.

Regards, Alex
0
 
Jose ParrotGraphics ExpertCommented:
As per my understanding, havman56 answer satisfy 100% what stated in the question. The only constraint is that we are in a C++ Programming area, so it is implicit that szcuny waits for some hints on C++ programing to pick memory content.

Random access to memory outside the addresses reserved by Windows for the program will be stoped by Windows, as an access violation.

If the objective is to watch the memory area occupied by a variable, it is trivial. I think what szcuny waits is a way of, given any valid address, say 00000010:00000100, get the values in a predifined range and show the contents of such memory space.

The only way I know is to write a low level program with freedom to access any memory address. This is why I pointed to the DDK - Device Drive Kit.

Jose
0
 
itsmeandnobodyelseCommented:
Maybe there is some confusion here:

if starting the debugger from the commandline not passing an executable to debug, the addresses that could be dumped are *physical* memory addresses. If you got a pointer in your progrgram it's *virtual* memory mapped from the OS. So entering an address of your virtual memory to the debugger won't show you the contents you ainterested of. You either would need to recalculate the virtual address to a physical one - what might be difficult or impossible if the memory actually was swapped - or start the executable in question via the (commandline) debugger what is a different game either.

Note, the dump output function I posted above has an equivalent output to that of the debugger.

Regards, Alex




0
 
havman56Commented:
yeah i agree for both of u .

but when u need memory dump command line dump is suffient . i guess so :)

i also agree when u need mapped memory or paging, virtual memory etc .....  u cannot do command line

jose many thanks for support for my answer . i dunno whether i deserve it !
0
 
havman56Commented:


mmmmmmmmmmm?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now