!db, !dc, !dd, !dq (read physical memory)

Command

!db : read memory as Byte values and ASCII characters

!dc : read memory as Double-word values (4 bytes) and ASCII characters

!dd : read memory as Double-word values (4 bytes)

!dq : read memory as Quad-word values (8 bytes)

Syntax

!db [Address (hex)] [l Length (hex)]

!dc [Address (hex)] [l Length (hex)]

!dd [Address (hex)] [l Length (hex)]

!dq [Address (hex)] [l Length (hex)]

Description

Shows the physical address memory content in hex form.

Parameters

[Address (hex)]

The physical address of where we want to read its memory.

[l Length (hex)] (optional)

The length (byte) in hex format.

Examples

The following command is used when we want to read the content of memory at 1000 with length of 0x50 in a hex byte format.

The following command is used when we want to read the content of memory after evaluating the expression @rax+@rbx with length of 0x50 in a hex byte format.

Note that the result of @rax+@rbx is 0x1000 in this case.

The following example shows the content of memory at 1000 in a double-word value (4 bytes) and ASCII characters format.

The following example shows the content of memory at 1000 in a double-word value (4 bytes) format with the length of 0x10.

The following example shows the content of memory at 1000 in a quad-word value (8 bytes) format.

SDK

To read the memory in the target debuggee, you need to use the following function in libhyperdbg:

Remarks

• If you don't specify the length, the default length for HyperDbg is 0x80 Bytes.

HyperDbg won't remove breakpoints previously set using the 'bp' command if you're disassembling or reading the memory of a special physical address. However, for the virtual addresses, HyperDbg ignores breakpoints and shows the target location's real value.

This command is guaranteed to keep debuggee in a halt state (in Debugger Mode); thus, nothing will change during its execution.

Requirements

None

Related

db, dc, dd, dq (read virtual memory)