The d* command and its variations are among the most commonly used commands. In this article I’m covering the most important combinations and showing their output.
The d* command is used to display information from memory, including heap and stack. The information can be presented in different formats.
dd is useful to see the memory using double word format. It means 4 bytes or 32 bits.
The default count is 32 DWORDs (128 bytes).
db is useful to see the data in byte format.
Tip: When you don’t know the data format, use db. Using db you can see numbers, ASCII characters and Unicode characters. This is the variation I use most of the time.
This variation is used to display Unicode strings.
This variation is used to display ASCII strings.
Tip: If da shows you the characters followed by “.”, like:
And du shows you the same string, but without ".", it means it’s a Unicode string, not an ASCII string. So, you may want to use du.
This is also very useful. It displays double word values (4 bytes) and ASCII characters.
It displays binary values and byte values.
Tip: This command offers an easy way to see each byte for a double word value and its corresponding bits.
Another command that’s similar to dyb is .formats.
You can also use another variation with the commands above to see a specific number of double words.
dd <address> L 1
db <address> L 100
dc <address> L 20
Here you can see scripts that use the d* command.