Hello,
MemMAP is a tool inspired by j00ru's KernelMAP (see here). I've written my own version with a couple more interesting features. A list follows:
The framed area is organized such that the top-left corner is address 0x80000000, and the bottom right corner is 0xFFFFF000 (or, for user-mode processes, 0x00000000 - 0x7FFFF000). Each pixel represents one page of memory (4096 bytes). Below are several screenshots:
When run without arguments, on Windows Vista SP1:
Visualizing Microsoft Visual Studio 2008 (memmap -p 5976):
Help window:
If there's a bug, please let me know! Please note that I offer no guarantees about this program - it does not write to memory, and does not load a kernel-mode driver, but it might still crash a process. Do not run this on any important system.
Thanks,
--AD
MemMAP is a tool inspired by j00ru's KernelMAP (see here). I've written my own version with a couple more interesting features. A list follows:
- More memory types included (kernel thread stacks and GDI objects)
- Ability to visualize the memory of a user-mode process
- Help dialog with description of memory types
- Refresh feature
The framed area is organized such that the top-left corner is address 0x80000000, and the bottom right corner is 0xFFFFF000 (or, for user-mode processes, 0x00000000 - 0x7FFFF000). Each pixel represents one page of memory (4096 bytes). Below are several screenshots:
When run without arguments, on Windows Vista SP1:
Visualizing Microsoft Visual Studio 2008 (memmap -p 5976):
Help window:
If there's a bug, please let me know! Please note that I offer no guarantees about this program - it does not write to memory, and does not load a kernel-mode driver, but it might still crash a process. Do not run this on any important system.
Thanks,
--AD
Attachments
The program file. Unzip anywhere and double-click it.
(36.89 KiB) Downloaded 119 times
(36.89 KiB) Downloaded 119 times
