Reputation: 444
Is there a way to dump all the physical memory value?
I understand that each user process is given a virtual address space, and that can be dumped. But is there a way to dump the Physical Address Space? Suppose I have 32-bit system with 4GB memory, can i write a program to print each physical memory location.
I understand it violates memory protection etc. but if its possible how can convert this into a kernel process or lower level process to allow me access to the entire memory..?
I'd like to know how to write such code (if possible) on Windows/Linux platform( or kernel).. OR in case I've to use Assembly or something like that, how to shift to that privilege level.
Upvotes: 4
Views: 2351
Answers (5)
Reputation: 31
Try this NTMIO - A WINDOWS COMMAND LINE TO ACCESS HARDWARE RESOURCES http://siliconkit.com/ocart/index.php?route=product/product&keyword=ntmio&category_id=0&product_id=285
Upvotes: 0
Reputation: 239071
In Linux, you can open and map the device file /dev/mem (if you have read permission to it). This corresponds to physical memory.
Upvotes: 2
Reputation: 49984
I'm thinking you could probably do it with a kernel mode driver, but the result would be gibberish as what is in the user section of RAM at the time you grabbed it would be what the OS had paged in, it may be part of one application or a mish mash of a whole bunch. This previous SO question may also be helpful: How does a Windows Kernel mode Driver, access paged memory ?
Upvotes: 0
Reputation: 3519
It is possible, on Windows, to access physical memory directly. Some of the things you can do:
- Use the Device\PhysicalMemory object -- you can't access all physical memory, and user-mode access to it is restricted starting from Windows Server 2003 SP1.
- Use Address Windowing Extensions -- you can control your own virtual-to-physical address mappings, so in a sense you are accessing physical memory directly, although still through page tables.
- Write a kernel-mode driver -- there are kernel-mode APIs to access physical memory directly, to allocate physical memory pages, etc. One reason for that is DMA (Direct Memory Access).
None of these methods will give you easy, unrestricted access to any physical memory location. If I may ask, what are you trying to accomplish?
Upvotes: 0
Reputation: 34625
can i write a program to print each physical memory location.
I think no operating system gives the user access to physical memory location. So, you cann't. What ever, you are seeing are virtual addresses produced by the Operating System.
Upvotes: 0
Related Questions
- Get address of ram sections during runtime
- How can I copy memory data from pointer to array ASSEMBLY 8086
- Dump global datas to disk in assembly code
- Dumping memory to file
- Getting memory section information
- Printing the physical address of a C pointer
- get memory address from user
- In C, how can I print out what is stored at a specific memory address?
- How to programmatically get the exact address in the memory space according to the assembly statement
- How to find out what parts of the physical memory contain data/instructions of what processes?