I'm running a game in dosbox and i want to dump all the memory used by the game to a file. I know that the DosBox debugger has this option but im not very clear on what parameters i need to specify to let it know i want it to dump ALL the memory and not just a segment.
Thanks for any help anyone can offer.
-T
MEMDUMP [seg]:[off] [len]
- Write memory to file memdump.txt
If the game in target uses protected mode, try to find a
selector that has 0 as base adress (mostly used as system
selector for the dos extender) and you should be able to
dump the complete memory.
e.g. duke3d: "memdump 180:0 1000000" to dump 16mb main memory.
hth
wrote:If the game in target uses protected mode, try to find a selector that has 0 as base adress (mostly used as system selector for […]
If the game in target uses protected mode, try to find a
selector that has 0 as base adress (mostly used as system
selector for the dos extender) and you should be able to
dump the complete memory.
e.g. duke3d: "memdump 180:0 1000000" to dump 16mb main memory.hth
Hello:
I'm triying to dump all the memory for a game called Vanguard Ace. It uses the WDOSX 0.95 DOS extender. So i tried the command:
memdumpbin 0:0 1000000 to dump all the memory, so I can get some memory adresses to start to hack the game. But I get the following error:
PAGING:PageFault at 110000 type [0:0] queue 1.
I think is because this game uses dpmi. I googled a lot searching dpmi, dos extended mode, but no luck. I can't understand what is "a selector that has 0 as base adress". Can you please, explain me a bit how I can find this selector, so I can dump all the memory?. I own the full version of this game and I would like to hack the main exe of the game so I have infinite energy and ammo. I had hacked some games with the debugger of dosbox. But can0t hack this one becasue of this dpmi issue.
Thanks in advance. I'll really appreciate if you can lend me a hand with this one. I googled like a crazy with no luck.
Whipon.
Do you know the difference between linear and physical adresses?
Have a look at intel/x86 docs.
Taking 0x80:0x1234 as address: the linear address is made by adding
an offset (the 0x1234) to a base (which is selected by the, um, selector,
which is 0x80). The base/limit/protection information of a selector can
be grabbed by "selinfo 80" typed into the dosbox debugger console thing.
Say the base is 0x100000, then our linear address is 0x101234. Fine.
If you find a selector with zero-base, you can memdump "all" memory
with ease, if linear address==physical address.
Now if paging is enabled, linear addresses are translated using the 2-stage
page tables. Type "paging" in dosbox to see the translations (only pmode).
It gets pretty tricky to memdump that, because it might even be that some
of the (game's) memory isn't in physical memory (paged out onto disk).
Got to see if we have some "dump physical memory" thing in the debugger,
but think not.
Most likely you won't really have to dump all memory, have a look at the
DS segment, and try dumping as much of that as you can (analyze what
addresses the game accesses etc.)
Thank you very much. Its just I was a little "lost". But with your help I can continue now.
Thank you 😉.
Whipon.
