!dump (save the physical memory into a file)
Description of '!dump' command in HyperDbg.
!dump
!dump [FromAddress (hex)] [ToAddress (hex)] [path Path (string)]
Saves a range of the physical memory into a file.
[FromAddress (hex)]
The start physical address of where it needs to be dumped.
[ToAddress (hex)]
The end of the physical address of where it needs to be dumped.
[path Path (string)]
The path of where the dump file needs to be saved.
The following command saves the physical memory from the address
bd000 to bf000 in the file c:\rev\dump1.dmp.HyperDbg> .dump bd000 bf000 path c:\rev\dump1.dmp
the dump file is saved at: c:\rev\dump1.dmp
The following command saves the physical memory from the address
bd000 to bd000+6000 in the file c:\rev\dump2.dmp.HyperDbg> .dump bd000 bd000+6000 path c:\rev\dump2.dmp
the dump file is saved at: c:\rev\dump2.dmp
This command reads the memory in the 4KB chunks and is the same as this command, just you have to set the memory reading
Style to DEBUGGER_SHOW_COMMAND_DUMP.Starting from v0.6, this command was added to the HyperDbg debugger.
This command is guaranteed to keep debuggee in a halt state (in Debugger Mode); thus, nothing will change during its execution.
None