(Sorry for the odd linking, as a ‘new’ user I can only post two links per post)
Awhile ago I was investigating some malware which required frequent inspection of some running process memory structures. To make my life easier I wrote a tool that could take c# defined memory structures and convert them into 010 editor templates (with recursive depth).
I believe Sweetscape is working to improve the memory dump / live memory debugging facilities but I was able to automate out most of the potential complexities.
An example of a generated template can be found here RunningProcess.bt for some of the primary header data on a running process.
I am happy to generate any template files from c# structures if requested. One of the great additions to c# in the past few years has been the automated generation of nearly the entire standard windows namespace, and recently the WDK namespace as well. See github [dot] com/microsoft/CsWin32 for details.
Combining my tool with CSWin32 and you can rapidly get 010 Templates for many common structures with little to no manual coding.
I wasn’t originally planning to post the tool, as it was mostly designed for internal use, but I was able to clean it up to the point others could.
For more details you can see the GH repo.
I am curious how many people use 010 Editor with live memory, one item I spent a decent bit of time on was determining the exact padding and sizing for memory structures. I submitted some suggestions up to Sweetscape for them to hopefully continue to improve the tool for live analysis. It is something of a chicken and the egg problem in terms of people needing tooling to do more complex live work but them needing a demand for such tooling to write features.