Dump memory in lldb
The following works fine for me:
(lldb) memory read --outfile /tmp/mem.txt 0x6080000fe680 0x6080000fe680+1000
Dumps 1000 bytes of memory, from the given start address, in hex format, to /tmp/mem.txt. Use --binary for binary format.
You could also use 'count' to state how many bytes you want to dump:
(lldb) memory read --outfile /tmp/mem.txt --count 1000 0x6080000fe680
If you are in Xcode debugging environment and have a variable named 'note1', you can also use:
(lldb) memory read --outfile /tmp/mem.bin note1 note1+100
Reads at the actual location 0x1000 fail in Xcode for me ("memory read failed"), must be protected in some way.
As to the difference between 0x1200 and 0x2000 in the documentation, I think it's simply a small mistake.
Admin
Updated on June 09, 2022Comments
-
Admin about 2 years
As stated on this site. When I want to dump memory in gdb.
The start point is
0x1000
and end0x2000
.For lldb start is
0x1000
and end0x1200
.Is there a reason for this or is just a mistake ?
Main question is: How do I dump a memory area from
0x1000
to0x2000
in lldb? -
Jason Molenda over 10 yearsAlso useful to note that you don't need to type the full lldb commands - only enough that it unambiguous.
memory read --outfile /tmp/mem.txt --count 1000 0x6080000fe680
can also be entered asm r -o /tmp/mem.txt -c 1000 0x6080000fe680
. It's important to use the long form of the commands in examples for clarity, but I like to also demonstrate the shortest unique forms that people can use so they don't think they are required to type all of that on a day to day basis. Also, don't forget the gdb compat mem read cmds, e.g.x/32gx $pc
, when talking about reading memory from the lldb cmd line. -
KunMing Xie over 7 yearsbinary format. memory read --binary --outfile /tmp/bkey -c 162 0x165b35f4