Sense_Mem
The memory sensor is currently only working for linux and osx, with a calling context that is privileged enough to read memory in other processes (typically root). There may also be other local protections that prevent this from being allowed altogether.
The control windows looks as follows:
This is a filtered view of the data in proc/pid/maps that removed file- mapped entries (as you can use other senses, e.g. file or pipe to navigate them). It can be navigated with the UP/DOWN (single entry) and LEFT/RIGHT (pages). Pressing SELECT (mapped by default to ENTER key) will spawn a new data window with a sample of the contents at the page (if it was possible to read).
The data window has an additional menu entry, Refresh Clock that toggles a period refresh of the current sample position. Seeking is more limited than with the file sense in that it currently only allows stepping backwards and forwards in page-aligned sample-window sizes.
-
Periodic Refresh operates on a best-effort basis, a current read operation will not be aborted to restart a new one.
-
Since this works on live memory, there are many cases where you will see an outdated view, like when pages has been mapped in/out or have had their permissions changed.
-
Process control commands, event driven refresh
-
UI enhancement for periodic state and wraparound indication, and mouse- based page launch/selection.
-
Using remapped shared memory- tricks for improving acquisition speed but sacrificing transparency.
-
Automatic Mfsense- switch, sample the same address n times with a time or event based trigger. Map these samples into a static mfsense session.
-
Background analysis of mapped pages in filtered mode (histogram, ...)