VOGONS

Common searches


Ways to dump memory to a file->

Topic actions

First post, by Peter Swinkels

User metadata
Rank Member
Rank
Member

Let's say there's a program running in DOSBox and the first 640K of memory needs to be dumped to a file, what would be the way to do it? I know a few, none all that practical (IMHO). Has anyone here done this? If so what is the preferred method?

Reply with your suggestions... Or not.

Reply 5 of 20, by BloodyCactus

User metadata
Rank Oldbie
Rank
Oldbie

first it was dosbox, then real dos, now windows? maybe next os/2?

--/\-[ Stu : Bloody Cactus :: http://kråketær.com :: http://mega-tokyo.com ]-/\--

Reply 7 of 20, by Peter Swinkels

User metadata
Rank Member
Rank
Member

Okay, I am going to investigate the DOSBox Debugger suggestion...

I see the following knowledge and skills are required:
1. know how to compile DOSBOX from the sources
2. have knowledge about assembler
3. have experience in system programming

Points 2 and 3 shouldn't be too big an issue, but considering my luck getting large projects I have downloaded to compile expect a lot of noobish questions from someone who should know a lot about programming... Argh!

Reply 9 of 20, by Peter Swinkels

User metadata
Rank Member
Rank
Member
Qbix wrote on 2020-01-29, 11:01:

There is a debugger build in the development forum.

Okay, but how recent is it? It offers a lot of options, but the interface is very primitive. So much so I am keeping other options open such as compiling it from source and perhaps customizing it.

Reply 10 of 20, by Qbix

User metadata
Rank DOSBox Author
Rank
DOSBox Author
Peter Swinkels wrote on 2020-01-29, 11:06:
Qbix wrote on 2020-01-29, 11:01:

There is a debugger build in the development forum.

Okay, but how recent is it? It offers a lot of options, but the interface is very primitive. So much so I am keeping other options open such as compiling it from source and perhaps customizing it.

functionality wise not much has changed.
It's a tool for debugging games and the interface works for that.

dumping memory to file, is one command, no matter how fancy you make the interface, you still need to activate that command somehow.

Water flows down the stream
How to ask questions the smart way!

Reply 11 of 20, by Peter Swinkels

User metadata
Rank Member
Rank
Member
Qbix wrote on 2020-01-29, 12:04:
functionality wise not much has changed. It's a tool for debugging games and the interface works for that. […]
Show full quote
Peter Swinkels wrote on 2020-01-29, 11:06:
Qbix wrote on 2020-01-29, 11:01:

There is a debugger build in the development forum.

Okay, but how recent is it? It offers a lot of options, but the interface is very primitive. So much so I am keeping other options open such as compiling it from source and perhaps customizing it.

functionality wise not much has changed.
It's a tool for debugging games and the interface works for that.

dumping memory to file, is one command, no matter how fancy you make the interface, you still need to activate that command somehow.

Okay, I will give it a try once I get to it. Be prepared for noob questions... from an advanced pc user... 😂

Reply 12 of 20, by Peter Swinkels

User metadata
Rank Member
Rank
Member

Okay, I am no noob when it comes to analyzing binary data and can make a guess as to how the memdump.txt file is layed out. To the point: which tools would you recommend to analyze all that raw data?

Reply 13 of 20, by Peter Swinkels

User metadata
Rank Member
Rank
Member
Peter Swinkels wrote on 2020-01-29, 15:44:

Okay, I am no noob when it comes to analyzing binary data and can make a guess as to how the memdump.txt file is layed out. To the point: which tools would you recommend to analyze all that raw data?

*rant*
I guess my question was too open ended, to be able to tear into a DOS program general knowledge of DOS and old hardware is handy (helppc is a wonderful reference tool for that.) Hmmm, the reason I started this thread is because part of me is still obsessing over how that "game" Cartooners sticks together... 🤔 I have pretty much figured all the file formats out... Just look for all the information scattered over several sites. Another game that has me obsessed is an even more ancient game called Alley Cat, through luck more than skill I figured out which parts of the tons of x86 opcodes scrolling over my screen decrease the number of lives. Even found out about cheat hidden in the game that way. Finding myself sitting behind my pc scratching my head trying to figure out what code handles the cat dying afterwards. Frustrated that all knowledge and experience leave me stuck I find myself asking wtf I am nagging for help here and not just forget about what is by now an antique game. 😤 Makes it all the more amazing some people managed to hack a game and create a cheat engine or a complete MS-DOS system emulator.
*/rant*

Last edited by Peter Swinkels on 2020-01-31, 14:33. Edited 1 time in total.

Reply 14 of 20, by BloodyCactus

User metadata
Rank Oldbie
Rank
Oldbie

your going about things the wrong way trying to dump the entirety of ram and then look at it.

you want tools like IDA to disassembler the game.

--/\-[ Stu : Bloody Cactus :: http://kråketær.com :: http://mega-tokyo.com ]-/\--

Reply 15 of 20, by Peter Swinkels

User metadata
Rank Member
Rank
Member

I tried IDA and several other disassemblers... they are pretty scary ... even for someone who does know about x86 assembly language. How do people make sense of all that info thrown at them?

Reply 16 of 20, by junglemontana

User metadata
Rank Newbie
Rank
Newbie

Hm... in many cases it might be a better idea to dump memory into a binary file instead of text...? Then you can examine it using a hex editor (if you know what you are looking for) or load it in a disassembler if you want to analyze the code parts.

But if you want to examine the game code, try loading it in a disassembler directly. And use the Dosbox debugger. It's somewhat minimalistic but so is everything under DOS.

Although, now I recall someone mentioning a Dosbox plugin for IDA. But I don't know if it's still being developed, or if it works with the free version.

My favorite disassembler is Ghidra because I find it much more user friendly than radare2, and unlike IDA, it doesn't require $$$ when you need features that aren't included in the free version. (BTW, I think DOS executable support was removed in freeware v7, and even v5 doesn't properly disassemble all formats.) Some people steer clear of it as it was developed by the NSA. But I've been pretty happy with it.

Some people seem to recommend Hiew (a hex editor with a disassembler engine) but I've never used it.

I'm a newbie in the field of reversing so this is just my 2 cents. 😜

Reply 18 of 20, by BloodyCactus

User metadata
Rank Oldbie
Rank
Oldbie

people have reverse engineered entire dos games. Its just time/effort/dedication. To answer your question, yes, I have.

--/\-[ Stu : Bloody Cactus :: http://kråketær.com :: http://mega-tokyo.com ]-/\--

Reply 19 of 20, by aqrit

User metadata
Rank Member
Rank
Member

Has anyone here successfully reverse engineered parts of an old DOS game?

Yes, I have.

How do people make sense of all that info thrown at them?

Learn "game hacking".

Memory Scanner -> hardware breakpoint -> disassembly.
String -> hardware breakpoint -> disassembly.
DOS Interrupt -> breakpoint -> disassembly.

Memory Scanner,
Disassembler,
Debugger,
Hex-Editor,
Interrupt List...

UNP may be useful for some targets.