Hi,
looking into the source code i found out the corresponding function
"dbgcCmdWorkerSearchMem" in src/VBox/Debugger/DBGCEmulateCodeView.cpp
the 'range' parameter correspond to the 'pAddress' parameter of this
function, which is claimed to be "Where to start searching".
I tested the 'sa' command in such a way and it seemed to work as
expected. See below:
-------------------------------------------------------------------------------------------------------------------------------
VBoxDbg> sa 1 kd
%00000000009df960: 6b 64 19 6d 80 64 19 6d-75 64 19 6d 8b 64 19 6d
kd.m.d.mud.m.d.m
%0000000000a08a4f: 6b 64 02 8e f0 80 40 32-95 80 8d 5a 0e 75 81 16
[email protected]..
....
%00000000011045df: 6b 64 65 66 2e 55 00 84-21 53 6e 6f 77 64 6f 6f
kdef.U..!Snowdoo
%0000000001112076: 6b 64 6f 6f 72 00 a4 21-5a 69 6e 64 6f 73 2e 41
kdoor..!Zindos.A
VBoxDbg> sa 1000000 kd
%00000000011045df: 6b 64 65 66 2e 55 00 84-21 53 6e 6f 77 64 6f 6f
kdef.U..!Snowdoo
%0000000001112076: 6b 64 6f 6f 72 00 a4 21-5a 69 6e 64 6f 73 2e 41
kdoor..!Zindos.A
...
%0000000001c7436f: 6b 64 18 86 15 c1 09 4c-0d 49 00 1c 90 dc 62 1a
kd.....L.I....b.
%0000000001ccd585: 6b 64 0f 00 cf 84 60 01-8e 43 92 30 34 6c 3f 10
kd....`..C.04l?.
VBoxDbg> sa 1cc0000 kd
%0000000001ccd585: 6b 64 0f 00 cf 84 60 01-8e 43 92 30 34 6c 3f 10
kd....`..C.04l?.
%0000000001cd8c90: 6b 64 1d 48 4e 80 51 62-e5 10 94 73 41 83 01 c0
kd.HN.Qb...sA...
...
%0000000001eb725b: 6b 64 44 0d 00 01 00 00-00 dd b9 6d e9 3d 01 00
kdD........m.=..
%0000000001edc4e9: 6b 64 44 00 27 05 8c f0-c4 ed 01 f0 c4 ed 01 28
kdD.'..........(
----------------------------------------------------------------------------------------------------------------------------
When you will test it on your own, you will notice that the command will
output a maximum of 25 hits per search.
This is encoded in the wrapper function "dbgcCmdSearchMemType" within
the same file and, unfortunately, it cannot be changed by any debugger
parameter.
The only way to do it, is to modify the sources.
Hope this helps,
Regards,
Federico
On 07/05/2015 14:31, Lonnie Cumberland wrote:
Hello All,
Can someone please tell me if there are any examples or tutorials on
using the VirtualBox built-in debugger? I have read over the
information in Chapter 12 of the manual, but it really does not show
any specifics related to the address "range" format used in the SA
(Search) command to access Guest ram. I need to scan the Guest ram
while the VM is active to collect come information. The Host is a
Windows 7 (64Bit) and test Guest is also a Windows 7 (64bit).
Any information or experiences using the built-in debugger would be
greatly appreciated.
Thanks and have a great day,
Lonnie
< CONFIDENTIALITY NOTICE > The information contained in this
communication is confidential and is intended only for the use of the
recipient named above, and may be legally privileged and exempt from
disclosure under applicable law. If the reader of this message is not
the intended recipient, please resend to sender and delete the
original from your computer system. You are hereby notified that any
dissemination, distribution or copying of this communication is
strictly prohibited. Opinions, conclusions and other information in
this message that do not relate to our official business should be
understood as neither given nor endorsed.
On Wed, May 6, 2015 at 9:44 AM, Lonnie Cumberland
<[email protected]
<mailto:[email protected]>> wrote:
Hi Again All,
I think that I have answered my own question in that I have now
been looking through the VBox debugger commands and actually what
I wanted to do was to search through the guest memory for a
specific string.
To do this, I have found the
sa <range> <pattern> ---- search memory for ASCII string.
Is there any information, or example, on the format needed for the
<range> ?
Kind Regards and have a great day,
Lonnie
< CONFIDENTIALITY NOTICE > The information contained in this
communication is confidential and is intended only for the use of
the recipient named above, and may be legally privileged and
exempt from disclosure under applicable law. If the reader of
this message is not the intended recipient, please resend to
sender and delete the original from your computer system. You are
hereby notified that any dissemination, distribution or copying of
this communication is strictly prohibited. Opinions, conclusions
and other information in this message that do not relate to our
official business should be understood as neither given nor endorsed.
On Wed, May 6, 2015 at 9:29 AM, Lonnie Cumberland
<[email protected]
<mailto:[email protected]>> wrote:
Greetings All,
I am getting a feel for the VirtualBox debugger (dbg) in that
I need to be able to look through an active guest memory.
Can someone please tell me the best approach to looking
through a guest memory with dbg?
Kind Regards and have a great day,
Lonnie
< CONFIDENTIALITY NOTICE > The information contained in this
communication is confidential and is intended only for the use
of the recipient named above, and may be legally privileged
and exempt from disclosure under applicable law. If the
reader of this message is not the intended recipient, please
resend to sender and delete the original from your computer
system. You are hereby notified that any dissemination,
distribution or copying of this communication is strictly
prohibited. Opinions, conclusions and other information in
this message that do not relate to our official business
should be understood as neither given nor endorsed.
_______________________________________________
vbox-dev mailing list
[email protected]
https://www.virtualbox.org/mailman/listinfo/vbox-dev
_______________________________________________
vbox-dev mailing list
[email protected]
https://www.virtualbox.org/mailman/listinfo/vbox-dev
