🔮 Clairvoyance visualizer: virtual address space exploration

Overview

clairvoyance creates a colorful visualization of the page protection of an entire 64-bit process address space (user and kernel) running on a Windows 64-bit kernel.

To transform the linear dimension space, that is the address space, into a 2 dimensions visualization, the hilbert space-filling curve is used. Every colored pixel on the picture represents the page protection (UserRead, UserReadWrite, etc.) of a 4KB page in virtual memory.

The address space is directly calculated by manually parsing the four-level page tables hierarchy associated with a process from a kernel crash-dump that has been generated using WindDbg.

Visit the Github repository to learn more and contribute 🤗

Navigation

⚡Zoom with the mouse wheel,
⚡Pinch zoom two fingers,
⚡Drag the address space to explore,
⚡When a pixel is clicked, its virtual address is copied in the clipboard and displayed in the navbar.