Dump memory in lldb

gdb dump lldb
user3192959 picture user3192959 · Jan 14, 2014 · Viewed 11.3k times · Source

As stated on this site. When I want to dump memory in gdb.

The start point is 0x1000 and end 0x2000.

For lldb start is 0x1000 and end 0x1200 .

Is there a reason for this or is just a mistake ?

Main question is: How do I dump a memory area from 0x1000 to 0x2000 in lldb?

Answer

DonCristobal picture DonCristobal · Jan 14, 2014

The following works fine for me:

    (lldb) memory read --outfile /tmp/mem.txt 0x6080000fe680 0x6080000fe680+1000

Dumps 1000 bytes of memory, from the given start address, in hex format, to /tmp/mem.txt. Use --binary for binary format.

You could also use 'count' to state how many bytes you want to dump:

    (lldb) memory read --outfile /tmp/mem.txt --count 1000 0x6080000fe680

If you are in Xcode debugging environment and have a variable named 'note1', you can also use:

    (lldb) memory read --outfile /tmp/mem.bin note1 note1+100

Reads at the actual location 0x1000 fail in Xcode for me ("memory read failed"), must be protected in some way.

As to the difference between 0x1200 and 0x2000 in the documentation, I think it's simply a small mistake.

Related questions

How to dump data stored in objective-c object (NSArray or NSDictionary)

Forgive me for a potentially silly question here, but in other programming languages (scripting ones like PHP or Perl) it is often easy to dump everything contained within a variable. For instance, in PHP there are the var_dump() or …

Read More
Gdb dump memory in specific region, save formatted output into a file

I have a buggy (memory leaked) software. As an evidence, I have 1GB of core.dump file. Heap size is 900MB, so obviously, something allocates, but does not free the memory. So, I have a memory region to examine like …

Read More
Core dump file analysis

What are all the things I will need to check while analyzing a core dump file? Please tell me from scratch.

Read More