Shows the virtual address memory content in hex form.
Parameters
[Address (hex)]
The virtual address of where we want to read its memory.
[l Length (hex)] (optional)
The length (byte) in hex format.
[pid ProcessId (hex)] (optional)
The Process ID in hex format that we want to see the memory from its context (cr3).
If you don't specify the pid, then the default pid is the current process (HyperDbg) process layout of memory.
Examples
The following command is used when we want to read the content of memory at nt!Kd_DEFAULT_Mask with length of 0x50from the memory layout view of process (4 a.k.a. system process) in a hex byte format.
The following command is used when we want to read the content of memory at nt!Kd_DEFAULT_Mask+@rax+10 with length of 0x30from the memory layout view of process (4 a.k.a. system process) in a hex byte format.
The following command is used when we want to read the content of memory at fffff800`3ad6f010 with length of 0x50 from the memory layout view of process (4 a.k.a. system process) in a hex byte format.
The following example shows the content of memory at fffff800`3ad6f010 from current process layout in a Double-word value (4 bytes) and ASCII characters format.
The following example shows the content of memory at fffff800`3ad6f010 from current process layout in a Double-word values (4 bytes) format with the length of 0x10.
HyperDbg> dd fffff800`3ad6f010 l 10
fffff800`3ad6f010 245C8948 6C894808 89481024 57182474
The following example shows the content of memory at fffff800`3ad6f010 from current process layout in a Quad-word values (8 bytes) format.
If you don't specify the length, the default length for HyperDbg is 0x80 Bytes.
Please note that you should specify a space between 'l' and the length in HyperDbg. For example, 'l10' is invalid, but 'l 10' is valid. (It's opposed to windbg).
This command is guaranteed to keep debuggee in a halt state (in Debugger Mode); thus, nothing will change during its execution.
