Inspect and recreate in-memory data structures

Overview

YClass

A program that allows you to inspect and recreate data structures of other processes.

Installation

To compile YClass you will need Rust.

git clone https://github.com/ItsEthra/yclass
cd yclass
cargo r --release

Features

  • Preserving fields' offsets when other fields are replaced.
  • Different variable types:
    • I8, I16, I32, I64
    • U8, U16, U32, U64
    • F32, F64
    • Pointer
    • Bool
  • Generating Rust/C++ code out of classes.
  • Saving/Opening project files.
  • Plugin API to customize reading behavior.
  • Preview of the memory pointer is pointing to.
  • Structure spider: tool that can search through multilevel pointers for specific values.

Hotkeys

  • Ctrl-C - Copies selected field's address (in hex) to the clipboard.
  • Ctrl-Shift-C - Copies selected field's value as 8 byte (in hex) to the clipboard.
  • Alt-A - Open a window to select a process to attach.
  • Alt-Ctrl-A - Attach to the most recent process.
  • Alt-D - Detach from the process.

Planned features

  • - Writing values.
  • - Save/Open project files.
  • - Pointer preview on hover with unknown fields.
  • - Show in which module pointer address falls.
  • - Disassembly of function pointers.

Plugin API

You can write a plugin to change the way YClass reads memory. To do that you will need a shared library(.dll or .so) that exports following functions specified below. u32 return value should be treated as status code. If it's 0 then no error is displayed. Otherwise return value is displayed in the notification. Required functions:

  • fn yc_attach(process_id: u32) -> u32 - Called when attaching to a process.
  • fn yc_read(address: usize, buffer: *mut u8, buffer_size: usize) -> u32 - Called(very frequently) when reading memory.
    • address is in attached process address space.
    • buffer is in current process address space.
  • fn yc_write(address: usize, buffer: *const u8, buffer_size: usize) -> u32 - Called(rarely) when writing memory.
    • address is in attached process address space.
    • buffer is in current process address space.
  • fn yc_can_read(address: usize) -> bool - Called(mildly frequently) to check if address is "readable", i.e. a pointer.
    • address is in attached process address space.
  • fn yc_detach() - Called when detaching from a process.

After its done, put your library at ./plugin.ycpl or specify the path under plugin_path key in your config.

Config path:

  • Windows - C:\Users\%USER%\AppData\Roaming\yclass\config.toml
  • Unix - ~/.config/yclass/config.toml($XDG_CONFIG_HOME)
You might also like...
Build beautiful desktop apps with flutter and rust. 🌠 (wip)
Build beautiful desktop apps with flutter and rust. 🌠 (wip)

flutter-rs Build flutter desktop app in dart & rust. Get Started Install requirements Rust flutter sdk Develop install the cargo flutter command cargo

Simple and portable (but not inflexible) GUI library in C that uses the native GUI technologies of each platform it supports.
Simple and portable (but not inflexible) GUI library in C that uses the native GUI technologies of each platform it supports.

libui: a portable GUI library for C This README is being written. Status It has come to my attention that I have not been particularly clear about how

Integrate Qml and Rust by building the QMetaObject at compile time.

QMetaObject crate for Rust The qmetaobject crate is a crate which is used to expose rust object to Qt and QML. Objectives Rust procedural macro (custo

OS-native file dialogs on Linux, OS X and Windows
OS-native file dialogs on Linux, OS X and Windows

nfd-rs nfd-rs is a Rust binding to the library nativefiledialog, that provides a convenient cross-platform interface to opening file dialogs on Linux,

Build smaller, faster, and more secure desktop applications with a web frontend.
Build smaller, faster, and more secure desktop applications with a web frontend.

TAURI Tauri Apps footprint: minuscule performance: ludicrous flexibility: gymnastic security: hardened Current Releases Component Descrip

File system enumerator and monitor for Android.

File system enumerator and file monitor for Android. Built to be compatible with other command line utilties! This tool was created to somewhat automa

A tiny, neat C library that portably invokes native file open and save dialogs.
A tiny, neat C library that portably invokes native file open and save dialogs.

Native File Dialog A tiny, neat C library that portably invokes native file open, folder select and save dialogs. Write dialog code once and have it p

SixtyFPS is a toolkit to efficiently develop fluid graphical user interfaces for any display: embedded devices and desktop applications. We support multiple programming languages, such as Rust, C++ or JavaScript.
SixtyFPS is a toolkit to efficiently develop fluid graphical user interfaces for any display: embedded devices and desktop applications. We support multiple programming languages, such as Rust, C++ or JavaScript.

SixtyFPS is a toolkit to efficiently develop fluid graphical user interfaces for any display: embedded devices and desktop applications. We support multiple programming languages, such as Rust, C++ or JavaScript.

AccessKit: UI accessibility infrastructure across platforms and programming languages

AccessKit: UI accessibility infrastructure across platforms and programming languages Motivation There are numerous UI toolkits, and new ones continue

Owner
Madly in ❤️ with Rust.      Discord: ItsEthra#5454
null
A data-first Rust-native UI design toolkit.

Druid A data-first Rust-native UI toolkit. Druid is an experimental Rust-native UI toolkit. Its main goal is to offer a polished user experience. Ther

null 8.2k Dec 31, 2022
Simplify generating an fltk gui from a data structure

This crate aims to simplify generating gui from a data structure.

fltk-rs 3 Dec 19, 2021
Modular FFXIV data toolkit written in rust.

ironworks Modular FFXIV data toolkit written in rust. ironworks is pre-1.0, and as such its API should be considered unstable. Breaking API changes wi

Saxon Landers 10 Oct 21, 2022
Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust.

Deno Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Features Secure by default. No file,

Derek Jones 2 Aug 13, 2022
Rust bindings to Core Foundation and other low level libraries on Mac OS X and iOS

core-foundation-rs Compatibility Targets macOS 10.7 by default. To enable features added in macOS 10.8, set Cargo feature mac_os_10_8_features. To hav

Servo 685 Jan 2, 2023
Rust bindings and wrappers for GLib, GDK 3, GTK+ 3 and Cairo.

THIS REPOSITORY IS DEPRECATED SEE: https://github.com/rust-gnome rgtk Rust bindings and wrappers for GLib, GDK 3, GTK+ 3 and Cairo. Building rgtk expe

Jeremy Letang 124 Jul 10, 2022
A simple, clean, and beautiful WYSIWYG Markdown editor and content-management system

ScribeDown Current version: v0.0.1 Feature level: See the roadmap Beautiful, Clean, Writer-Oriented The goal of ScribeDown is to make Markdown the bes

Alex Dumas 4 Dec 20, 2022
A collection of components and widgets that are built for bevy_ui and the ECS pattern

Widgets for Bevy UI A collection of components and widgets that are built for bevy_ui and the ECS pattern. Current State This was started recently and

Gabriel Bourgeois 3 Sep 2, 2022
Unofficial Linux QQ client, based on GTK4 and libadwaita, developed with Rust and Relm4.

GTK QQ (WIP) Unofficial Linux QQ client, based on GTK4 and libadwaita, developed with Rust and Relm4. Screenshots Light Dark Note The two screenshots

Lomírus 198 Dec 24, 2022
A powerful color picker and formatter, built with GTK and Rust

Eyedropper A powerful color picker and formatter. More screenshots Features Pick a Color Enter a color in Hex-Format Parse RGBA/ARGB Hex-Colors View c

Jonathan 108 Dec 24, 2022