| description |
|---|
Description of '!dump' command in HyperDbg. |
!dump
!dump [FromAddress (hex)] [ToAddress (hex)] [path Path (string)]
Saves a range of the physical memory into a file.
[FromAddress (hex)]
The start physical address of where it needs to be dumped.
[ToAddress (hex)]
The end of the physical address of where it needs to be dumped.
[path Path (string)]
The path of where the dump file needs to be saved.
The following command saves the physical memory from the address bd000 to bf000 in the file c:\rev\dump1.dmp.
HyperDbg> .dump bd000 bf000 path c:\rev\dump1.dmp
the dump file is saved at: c:\rev\dump1.dmp
The following command saves the physical memory from the address bd000 to bd000+6000 in the file c:\rev\dump2.dmp.
HyperDbg> .dump bd000 bd000+6000 path c:\rev\dump2.dmp
the dump file is saved at: c:\rev\dump2.dmpThe '.dump' command is used for dumping the virtual memory.
This command reads the memory in the 4KB chunks and is the same as this command, just you have to set the memory reading Style to DEBUGGER_SHOW_COMMAND_DUMP.
Starting from v0.6, this command was added to the HyperDbg debugger.
This command is guaranteed to keep debuggee in a halt state (in Debugger Mode); thus, nothing will change during its execution.
None