Description
Adopting the Blinkenlights approach raises the question of how to visualize higher-level artifacts from the raw contents of physical memory ?
We can identify two classic perspectives/usecases:
A) From a system/forensics standpoint without access to source code, but only system artefacts like symbols, checked builds, ...
B) From a developer standpoint with access to source code.
Volatility Framework would have implemented one side of a coin, in the way parsing memory content in regards to the guest running OS.
On the other side of the coin, we can find apps like :
The idea here is to bridge the gap between these apps and Blinkenlights.
I guess some kind of facilities should lso be put in place to provide Physical address to Virtual Address translations.