Skip to content
/ class_recovery Public

Retrieve Java Class files from a memory dump

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

provided-space/class_recovery

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
.github/workflows
.github/workflows
 
 
.idea
.idea
 
 
assets
assets
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Retrieve Java Class files from a memory dump

Class Recovery

This tool helps you find class files within a dumped java process.
Encrypted classes are supported to an extent where the decrypted buffer has reached the JVM.

How does it work?

The class_recovery searches for all matches with the byte sequence 0xCAFEBABE in the file buffer and from there on tries to parse the classes. (See The class File Format)
This rather primitive approach allows us to gather only the relevant information and calculating the end of the class file, without the risk of failing due to class file manipulation, such as certain crashers / obfuscation techniques.

Currently, all class file formats are supported, up to Java version 22. This project uses https://github.com/openjdk/jdk ClassFileParser as reference for the implementation.

Impression

Impression

About

Retrieve Java Class files from a memory dump

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Initial release Latest
May 12, 2024

Languages