How to do a memory dump in Bochs?

Question

How do you do a memory dump in Bochs?

(Either physical or virtual -- but both would be even better!)

DavidsonDFGL · Answer 1 · 2016-06-18T03:33:15.030

I know this question has already been a while, but I had the same problem and I could solve.

GUI Debug

Bochs accompanies a visual debugger that can be activated with the following flags in

./configure \
--enable-x86-debugger \
--enable-debugger \
--enable-debugger-gui

when you will build it, and add this option in your Bochs configuration file:

display_library: x, options = "gui_debug"

With the gui debugger open, you can at any time press the "break" button and in the View menu, you have the "Physical MemDump" and "Linear MemDump" options, just enter the start address and bochs will dump 4kB for you.

Without GUI Debug

If you prefer, you can also use the text mode, the breakpoint can be set with the command "lbreak addr" (for linear) or "pbreak addr" (physical), to list the configured breakpoints just type "info break" and to delete them "d number". Single step (s) and to continue execution (continue).

With the execution paused, you can dump with the "x" (linear) and "xp" (physical) followed by some optional parameters such as the output format, number of bytes, and the address, for example.

Example:

x /30bx 0xC0000000

will make 30 bytes dump in hexadecimal format from the linear address 0xC0000000.

Writing in the file

In some cases, the dump can be large enough to be read on the screen. In these cases you can do it to a file using the command "writemem".

Its syntax is:

writemem "filename" linearAddress lenght_in_bytes

so if you need to dump the first 1024 bytes of the linear address 0xdeadbeef to the "dump" file, something like:

writemem "dump" 0xdeadbeef 1024

should work.

Please refer to http://bochs.sourceforge.net/doc/docbook/user/internal-debugger.html for more information.

score 0 · Answer 2 · edited Jun 12 '20 at 13:48

0

Perhaps you're looking for Save and restore simulation:

The state of cpu(s), memory and all devices can be saved now. When running Bochs with there will be a button in the header bar called "Suspend".

(emphasis added)

edited Jun 12 '20 at 13:48

Community

1

answered Jul 12 '11 at 06:44

Hugh Allen

9,820
6
34
42

1

Er... yes, the contents of the memory is there, but how do I look at it? – user541686 Jul 12 '11 at 06:46

score 0 · Answer 3 · edited Jun 12 '20 at 13:48

0

Try memsave and pmemsave commands in the Bochs console.

‘memsave addr size file’

save to disk virtual memory dump starting at addr of size size.

‘pmemsave addr size file’

save to disk physical memory dump starting at addr of size size.

edited Jun 12 '20 at 13:48

Community

1

answered Jul 12 '11 at 08:20

u1686_grawity

426,297
64
894
966

1

Are you sure Bochs supports this? – user541686 Jul 16 '11 at 17:52
doesn't work... – Milind R Feb 08 '14 at 19:30

score 0 · Answer 4 · answered Feb 08 '14 at 20:12

0

Apparently there is writemem

    writemem                     dump a number of bytes of virtual memory starting from
                                 the specified linear address into a file

But it doesn't seem to work.

answered Feb 08 '14 at 20:12

Milind R

887
1
12
29

Update me if you do get this to work somehow – Milind R Feb 08 '14 at 20:12

How to do a memory dump in Bochs?

4 Answers4

GUI Debug

Without GUI Debug

Writing in the file