6 Replies - 295 Views - Last Post: 03 November 2017 - 05:09 AM Rate Topic: -----

#1 noobydoods  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 113
  • Joined: 21-May 14

Reading memory dump file

Posted 01 November 2017 - 01:52 AM

Hi, so this is actually a general sort of question but I am using python. Basically i'm just trying to figure out how Im gonna start this whole process (i feel like im a fish out of water) so I found this site Working with Binary Data in Python and thought of trying out one of the codes:

with open("dumpfile.raw", "rb") as binary_file:
    # Read the whole file at once
    data = binary_file.read()
    print(data)

    # Seek position and read N bytes
    binary_file.seek(0,0)  # Go to beginning
    couple_bytes = binary_file.read(2)
    print(couple_bytes)



the author commented the basics of what is going on. but obviously cmd gets an error coz the dumpfile is huge so it can't read the whole thing i guess. i just wanted to test the code out see if the .raw file is read and if it gets printed. is there a way to read the first 10 lines or something? then if not print in cmd write it out into a new file? can that file be a .txt file?

Is This A Good Question/Topic? 0
  • +

Replies To: Reading memory dump file

#2 andrewsw  Icon User is online

  • the case is sol-ved
  • member icon

Reputation: 6379
  • View blog
  • Posts: 25,770
  • Joined: 12-December 12

Re: Reading memory dump file

Posted 01 November 2017 - 02:03 AM

What are the error details?

If you cannot read the whole file then comment out those lines (or obtain a smaller file). The second block is reading a couple of bytes, so you could increase this so that you can at least read part of the file.

"is there a way to read the first 10 lines" If it is a binary file then it won't have simple line divisions like a text file.

It is probably possible to create some kind of text file but isn't that taking you too far away from the objectives? I.e. "working with binary data".
(If the file is just raw binary, though, then it probably won't easily convert to a meaningful text file.)

BTW Which file are you trying to read? Where does it come from?
Was This Post Helpful? 0
  • +
  • -

#3 noobydoods  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 113
  • Joined: 21-May 14

Re: Reading memory dump file

Posted 03 November 2017 - 03:11 AM

Command prompt stops at
data = binary_file.read()
and says MemoryError, so i was just guessing its because its a huge file that it can't read it. i dont know. Im trying to read a memory dump file of the a windows 7 system gotten from the tool DumpIt. the format being .raw
Was This Post Helpful? 0
  • +
  • -

#4 andrewsw  Icon User is online

  • the case is sol-ved
  • member icon

Reputation: 6379
  • View blog
  • Posts: 25,770
  • Joined: 12-December 12

Re: Reading memory dump file

Posted 03 November 2017 - 03:27 AM

So, as I say, skip attempting to read the whole file in one go (or find a smaller file). Attempt to read a small chunk of it. If this succeeds then it likely confirms your suspicion that the file is too large to read() in one go.
Was This Post Helpful? 0
  • +
  • -

#5 DK3250  Icon User is offline

  • Pythonian
  • member icon

Reputation: 320
  • View blog
  • Posts: 1,055
  • Joined: 27-December 13

Re: Reading memory dump file

Posted 03 November 2017 - 04:13 AM

@andrewsw: Maybe a small hint of how to read smaller chunks would be helpful for OP. readline() ?
Was This Post Helpful? 0
  • +
  • -

#6 andrewsw  Icon User is online

  • the case is sol-ved
  • member icon

Reputation: 6379
  • View blog
  • Posts: 25,770
  • Joined: 12-December 12

Re: Reading memory dump file

Posted 03 November 2017 - 04:34 AM

Would a binary file understand readline()? Typically we read binary in chunks or bytes, as the code in the first post does.

I haven't done much dismembering of bytes though ;)

Added: Apparently readline() on a binary file will look for \n but "You have to do all the newline handling yourself. Otherwise it isn't a binary read." (source)

It still looks like just commenting the read() would be a simple first step :)
Was This Post Helpful? 0
  • +
  • -

#7 DK3250  Icon User is offline

  • Pythonian
  • member icon

Reputation: 320
  • View blog
  • Posts: 1,055
  • Joined: 27-December 13

Re: Reading memory dump file

Posted 03 November 2017 - 05:09 AM

ok, - I have never used binary files.
Looking in the documentation, https://docs.python....nputoutput.html, I find:

Quote

7.2.1. Methods of File Objects
The rest of the examples in this section will assume that a file object called f has already been created.

To read a fileís contents, call f.read(size), which reads some quantity of data and returns it as a string (in text mode) or bytes object (in binary mode). size is an optional numeric argument. When size is omitted or negative, the entire contents of the file will be read and returned; itís your problem if the file is twice as large as your machineís memory. Otherwise, at most size bytes are read and returned. If the end of the file has been reached, f.read() will return an empty string ('').

So something like
data = binary_file.read(size)
If size = 1, one byte at a time is read.

Interesting, - I have never used this...
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1