Status
The Status window (really just a toolbar embedded at the bottom of the memory window manager window) provides real-time information about the current process, driver, and selected elements within the analysis session. It serves as an always-visible information bar that displays contextual details about the active analysis target and current selection state.
User Interface
| Section |
Description |
| Process/Driver Info |
Left section showing target process or driver details |
| Separator |
Visual divider between information sections |
| Selection Info |
Right section displaying current selection context |
- PID: Process identifier number
- Base: Process base address in memory
- DTB: Directory Table Base for memory translation
- PEB: Process Environment Block address
- EPROCESS: Kernel process structure address
- Threads: Total thread count in the process
- Driver: Driver name identifier
- Path: Full file system path to driver
- Base: Driver base address in kernel memory
- Entry: Driver entry point address
| Selection Type |
Information Displayed |
| Region |
Base address, formatted size, and region type |
| Page |
Base address, formatted size, and memory protection |
| Thread |
Thread ID, start address, and execution state |
| Section |
Section name, virtual address, and virtual size |