Dump memory in lldb

13,545

The following works fine for me:

    (lldb) memory read --outfile /tmp/mem.txt 0x6080000fe680 0x6080000fe680+1000

Dumps 1000 bytes of memory, from the given start address, in hex format, to /tmp/mem.txt. Use --binary for binary format.

You could also use 'count' to state how many bytes you want to dump:

    (lldb) memory read --outfile /tmp/mem.txt --count 1000 0x6080000fe680

If you are in Xcode debugging environment and have a variable named 'note1', you can also use:

    (lldb) memory read --outfile /tmp/mem.bin note1 note1+100

Reads at the actual location 0x1000 fail in Xcode for me ("memory read failed"), must be protected in some way.

As to the difference between 0x1200 and 0x2000 in the documentation, I think it's simply a small mistake.

Share:
13,545
Admin
Author by

Admin

Updated on June 09, 2022

Comments

  • Admin
    Admin about 2 years

    As stated on this site. When I want to dump memory in gdb.

    The start point is 0x1000 and end 0x2000.

    For lldb start is 0x1000 and end 0x1200 .

    Is there a reason for this or is just a mistake ?


    Main question is: How do I dump a memory area from 0x1000 to 0x2000 in lldb?

  • Jason Molenda
    Jason Molenda over 10 years
    Also useful to note that you don't need to type the full lldb commands - only enough that it unambiguous. memory read --outfile /tmp/mem.txt --count 1000 0x6080000fe680 can also be entered as m r -o /tmp/mem.txt -c 1000 0x6080000fe680. It's important to use the long form of the commands in examples for clarity, but I like to also demonstrate the shortest unique forms that people can use so they don't think they are required to type all of that on a day to day basis. Also, don't forget the gdb compat mem read cmds, e.g. x/32gx $pc, when talking about reading memory from the lldb cmd line.
  • KunMing Xie
    KunMing Xie over 7 years
    binary format. memory read --binary --outfile /tmp/bkey -c 162 0x165b35f4