DownloadResearchTutorialhwdbg

!dump (save the physical memory into a file)

Description of '!dump' command in HyperDbg.

Command

!dump

Syntax

!dump [FromAddress (hex)] [ToAddress (hex)] [path Path (string)]

Description

Saves a range of the physical memory into a file.

Parameters

[FromAddress (hex)]

The start physical address of where it needs to be dumped.

[ToAddress (hex)]

The end of the physical address of where it needs to be dumped.

[path Path (string)]

The path of where the dump file needs to be saved.

Examples

The following command saves the physical memory from the address bd000 to bf000 in the file c:\rev\dump1.dmp.

HyperDbg> .dump bd000 bf000 path c:\rev\dump1.dmp
the dump file is saved at: c:\rev\dump1.dmp

The following command saves the physical memory from the address bd000 to bd000+6000 in the file c:\rev\dump2.dmp.

HyperDbg> .dump bd000 bd000+6000 path c:\rev\dump2.dmp
the dump file is saved at: c:\rev\dump2.dmp

IOCTL

Remarks

Starting from v0.6, this command was added to the HyperDbg debugger.

This command is guaranteed to keep debuggee in a halt state (in Debugger Mode); thus, nothing will change during its execution.

Requirements

None

Related

Previous!pa2va (convert physical address to virtual address)Next!pcitree (show PCI/PCIe device tree)

Last updated