Thread: What is a hex dump?

  1. #1
    Registered User
    Join Date
    Jan 2005
    Posts
    183

    What is a hex dump?

    Hey all, I could do with a little help if anyone would be so kind.

    I am currently debugging a program of mine which involves creating a messagebox. I wish to insert a breakpoint after some code following the messagebox; thus, I need to ensure that I am working on the correct section of ASM code. To do this I searched for the string that the messagebox displays in a Hex Dump of the application, but the string was nowhere to be found.

    I thought that a hex dump was a list of addresses in a processes memory and the contents of the addresses. I figured that, to use the string, the application must store it somewhere (i.e. in it's memory) and the debugger would therefore display the string and it's associated address(es) in the hex dump. I must be mistaken.

    I also noted that Sysinternals' Process Explorer was able to find the string in an image of the executable, but not the memory. What exactly is an image? (A google search listed alot of Linux related articles; I am working on a windows machine and wasn't sure if the info is relevant.) I guess my main question is "where are strings stored in an executable file?".

    Thankyou for your time.

  2. #2
    Programming Wraith GReaper's Avatar
    Join Date
    Apr 2009
    Location
    Greece
    Posts
    2,739
    Quote Originally Posted by Necrofear View Post
    I am currently debugging a program of mine which involves creating a messagebox. I wish to insert a breakpoint after some code following the messagebox; thus, I need to ensure that I am working on the correct section of ASM code. To do this I searched for the string that the messagebox displays in a Hex Dump of the application, but the string was nowhere to be found.
    Don't you have a debugger?
    Devoted my life to programming...

  3. #3
    Programming Wraith GReaper's Avatar
    Join Date
    Apr 2009
    Location
    Greece
    Posts
    2,739
    Right from wikipedia:
    Hex dump is a hexadecimal view (on screen or a printout) of computer data, from RAM or from a file or storage device. Each byte (8-bits) is represented as a two-digit hexadecimal number. Hex dumps are commonly organized into rows of 8 or 16 bytes, sometimes separated by whitespaces. Some hex dumps have the hexadecimal memory address at the beginning and checksum byte at the end of each line.

    Although the name implies the use of base-16 output, options may be available for base-8 (octal) or base-10 (decimal) output. Some common names for this program function are hexdump and od.
    Devoted my life to programming...

  4. #4
    Registered User
    Join Date
    Jan 2005
    Posts
    183
    Cheers for the quick replies Sipher.

    Yeah, I have multiple debuggers (for comparison purposes) but I am kinda new to debugging and am trying to get use to it. It seems like a handy skill to have. I assumed, perhaps incorrectly, that one must manually place a breakpoint within the asm code at the desired location. Or are breakpoints set up at runtime?

    Thankyou also for the wikipedia extract. I actually read that earlier, but I'm afraid I still do not understand why hardcoded data in an application is not present in a Hex dump. For instance, I thought that the following call would require both "Hello" and "Message" to be stored in memory:

    Code:
    MessageBox(NULL, "Hello", "Message", MB_OK);
    Are such strings stored inside an executable file or in the system's RAM?
    If so, how would Sysinternals' Process Explorer locate the string?
    Any help would be greatly appreciated.

  5. #5
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    A debugger will break if 1) it hits a user set breakpoint, or 2) the program is about to crash (a hardware exception).

    String literals (eg. "Hello") are stored in the executable file, and gets copied to RAM when you run it.

  6. #6
    Just a pushpin. bernt's Avatar
    Join Date
    May 2009
    Posts
    426
    To do this I searched for the string that the messagebox displays in a Hex Dump of the application, but the string was nowhere to be found.
    Keep in mind that you can print pointer values with printf("%p") and that this is generally bad practice anyway since the location could change the next time you change your program (like when you remove the printf).

    -----
    If you compile with debugging information (with gcc and gdb that's the -g option; the documentation says that "-g" is for gdb only though and that it will likely break other debuggers) then you can set the breakpoint as a line in a source file.

    EDIT: This is done at runtime.

    break filename:linenum
    Set a breakpoint at line linenum in source file filename.
    (Debugging with GDB - Set Breaks)
    Last edited by bernt; 06-26-2010 at 09:45 AM.
    Consider this post signed

  7. #7
    Registered User C_ntua's Avatar
    Join Date
    Jun 2008
    Posts
    1,853
    There are IDE out there which you would set a breakpoint with a single click. Some let you do even more stuff like execute one line of code at a time.

    I am guessing you cannot find "Hello" in the hex dumb? You probably should see it... An easiest way maybe would be to try to disassemble the code rather than hexdumbing it.

  8. #8
    Registered User
    Join Date
    Jan 2005
    Posts
    183
    Thankyou for all the replies.

    Keep in mind that you can print pointer values with printf("%p") and that this is generally bad practice anyway since the location could change the next time you change your program (like when you remove the printf).
    This actually makes alot of sense, I should have thought of it myself. As I said, I'm trying to get the hang of debugging but it looks like this is a much more suitable option in this instance. Many thanks.

    I am guessing you cannot find "Hello" in the hex dumb? You probably should see it... An easiest way maybe would be to try to disassemble the code rather than hexdumbing it.
    Yeah, that's spot on; "Hello" is not present in the hex dump. This is what confused me originally, I could not think why it wouldn't be there. I actually have a dissassembly of the code, but my ASM knowlage is limited. I am currently in the process of learning to read it though, so hopefully I'll be able to work with strings soon.

    Thanks again people.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Hex dump
    By Banana Man in forum C Programming
    Replies: 17
    Last Post: 01-06-2008, 11:03 AM
  2. Single hex dump - Error codes / Plain errors...
    By Blackroot in forum Windows Programming
    Replies: 4
    Last Post: 04-03-2007, 03:46 AM
  3. Replies: 11
    Last Post: 03-24-2006, 11:26 AM
  4. hex dump
    By coo_pal in forum Tech Board
    Replies: 2
    Last Post: 05-23-2003, 07:07 AM