Skip to content

emesare/yclass

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

89 Commits
assets
assets
 
 
examples
examples
 
 
fonts
fonts
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.rs
build.rs
 
 
run_unix.sh
run_unix.sh
 
 

Repository files navigation

YClass

A program that allows you to inspect and recreate data structures of other processes.

Installation

To compile YClass you will need Rust.

git clone https://github.com/ItsEthra/yclass
cd yclass
cargo r --release

Features

  • Preserving fields' offsets when other fields are replaced.
  • Different variable types:
    • I8, I16, I32, I64
    • U8, U16, U32, U64
    • F32, F64
    • Pointer
    • Bool
  • Generating Rust/C++ code out of classes.
  • Saving/Opening project files.
  • Plugin API to customize reading behavior.
  • Preview of the memory pointer is pointing to.
  • Structure spider: tool that can search through multilevel pointers for specific values.

Hotkeys

  • Ctrl-C - Copies selected field's address (in hex) to the clipboard.
  • Ctrl-Shift-C - Copies selected field's value as 8 byte (in hex) to the clipboard.
  • Alt-A - Open a window to select a process to attach.
  • Alt-Ctrl-A - Attach to the most recent process.
  • Alt-D - Detach from the process.

Planned features

  • - Writing values.
  • - Save/Open project files.
  • - Pointer preview on hover with unknown fields.
  • - Disassembly of function pointers.

Plugin API

You can write a plugin to change the way YClass reads memory. To do that you will need a shared library(.dll or .so) that exports following functions specified below. u32 return value should be treated as status code. If it's 0 then no error is displayed. Otherwise return value is displayed in the notification. Required functions:

  • fn yc_attach(process_id: u32) -> u32 - Called when attaching to a process.
  • fn yc_read(address: usize, buffer: *mut u8, buffer_size: usize) -> u32 - Called(very frequently) when reading memory.
    • address is in attached process address space.
    • buffer is in current process address space.
  • fn yc_write(address: usize, buffer: *const u8, buffer_size: usize) -> u32 - Called(rarely) when writing memory.
    • address is in attached process address space.
    • buffer is in current process address space.
  • fn yc_can_read(address: usize) -> bool - Called(mildly frequently) to check if address is "readable", i.e. a pointer.
    • address is in attached process address space.
  • fn yc_detach() - Called when detaching from a process.

After its done, put your library at ./plugin.ycpl or specify the path under plugin_path key in your config.

Config path:

  • Windows - C:\Users\%USER%\AppData\Roaming\yclass\config.toml
  • Unix - ~/.config/yclass/config.toml($XDG_CONFIG_HOME)

About

Inspect and recreate in-memory data structures

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Rust 99.9%
  • Shell 0.1%