What is process dump(memory) and how to use it?

G

Gagatyn2020-04-17 01:04:39

C++ / C#

Gagatyn, 2020-04-17 01:04:39

I think C++ has a hand in this question. Because most software and games are written in it or in a C-like language. Please correct me if this is not the case.

In general, I was interested in the question: what is a process memory dump and how to use it. Not OS, but some program or game.

I have already tried to open the dump file with the IDA trial version, but I could not understand anything in its contents.
Tell:

Is it right to create dumps through the task manager and are there other ways, but are these methods needed?
Is it possible to get useful information from a memory dump?
What other tools are there to open and view dumps?
What is contained in this "black box" of the dump file?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

CityCat4, 2020-04-17
@CityCat4

Is it possible to get useful information from a memory dump?

"useful" is a relative category. And what will be useful to me, may be completely uninteresting to you. And vice versa, of course.
For example, the xcomutil program (for the 1996 game UFO Defense: Enemy Unknown) shows the relative coordinates of an enemy unit and its state. For those who play it - this is priceless info. For those who do not play - it is completely useless :)

D

Developer, 2020-04-17
@samodum

A memory dump is a slice of data directly from memory itself, from RAM.
> "Is it possible to get useful information from a memory dump?"
Rewrite it in Russian, otherwise it is completely incomprehensible what it is about.
>"I already tried to open the dump file with a trial version of IDA, but there is little information and nothing is clear at all"
Naturally, this is a set of bytes understandable to the machine. You will have to work hard to translate this into human language.