https://github.com/super2xl/orpheus

DMA-based memory analysis framework
https://github.com/super2xl/orpheus

direct-memory-access dma leechcore memprocfs

Last synced: 4 months ago
JSON representation

DMA-based memory analysis framework

• Host: GitHub
• URL: https://github.com/super2xl/orpheus
• Owner: super2xl
• License: gpl-3.0
• Created: 2026-01-07T03:23:08.000Z (5 months ago)
• Default Branch: main
• Last Pushed: 2026-01-21T02:36:28.000Z (4 months ago)
• Last Synced: 2026-01-21T13:48:36.543Z (4 months ago)
• Topics: direct-memory-access, dma, leechcore, memprocfs
• Language: C++
• Homepage:
• Size: 8.38 MB
• Stars: 0
• Watchers: 0
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          


  





  DMA-based memory analysis framework with MCP support for AI-assisted reverse engineering.





  

  

  



## Features

### Core Analysis

- **DMA Memory Access** - Read/write process memory via FPGA DMA hardware

- **Pattern & String Scanning** - Fast signature scanning with wildcard support, async with progress

- **x86-64 Disassembler** - Capstone-powered instruction decoding with control flow analysis

- **Ghidra Decompiler** - Full C pseudocode generation with CS2 schema type injection

- **Function Recovery** - Automatic discovery via prologue, call targets, pdata, and RTTI

- **CFG Analysis** - Control flow graphs with loop detection and visualization layout

- **RTTI Analysis** - Parse MSVC runtime type information, discover class hierarchies

- **CPU Emulation** - Unicorn-based code emulation for decryption stubs

### CS2 Integration

- **Schema Dumper** - Extract all classes, fields, and offsets from Source 2

- **Entity System** - Live player enumeration, local player, entity inspection

- **Radar Panel** - Real-time minimap with player positions

- **Dashboard** - Match state, player health bars, team info

### AI Integration

- **MCP Server** - 40+ REST API endpoints for Claude/LLM integration

- **Expression Evaluator** - Parse `client.dll+0x1234`, `[[base]+0x10]+0x20`

- **Bookmarks** - Persistent, categorized address annotations

## Screenshots



  

  





  Process list with live refresh  •  Module browser with base addresses





  

  





  Hex editor with ASCII view  •  x86-64 disassembly





  

  





  MCP server configuration  •  MCPinstaller auto-detects clients





  





  Status bar with detected FPGA device



## Requirements

### Windows

- Windows 10/11 (64-bit)

- Visual Studio 2022 with C++20 support

- CMake 3.20+

- DMA hardware (PCILeech-compatible FPGA)

### Linux

- Ubuntu 22.04+ / Debian 12+ (or equivalent)

- GCC 12+ or Clang 15+

- CMake 3.20+

- OpenGL 3.3+ capable GPU

- USB permissions for DMA device (see below)

## Building

### Windows

```bash

mkdir build && cd build

cmake ..

cmake --build . --config Release

```

### Linux

```bash

# Install dependencies (Ubuntu/Debian)

sudo apt install build-essential cmake libglfw3-dev libgl1-mesa-dev

# Build

mkdir build && cd build

cmake ..

cmake --build . -j$(nproc)

# USB permissions for DMA device

sudo cp ../resources/99-fpga.rules /etc/udev/rules.d/

sudo udevadm control --reload-rules

sudo udevadm trigger

```

### Output

- `build/bin/Release/orpheus` - Main application

- `build/bin/Release/MCPinstaller` - MCP client configuration tool

## Usage

```bash

# Launch GUI

./orpheus

# Auto-connect to DMA device

./orpheus --connect

```

### MCP Integration

#### Quick Setup (Recommended)

Use **MCPinstaller** to automatically configure all your MCP clients:

1. Start Orpheus and enable MCP server in settings

2. Copy the API key from Orpheus (Settings > MCP > Copy API Key)

3. Run `MCPinstaller` (included in releases)

4. Enter your Orpheus server URL and API key

5. Select which clients to configure (Claude Desktop, Cursor, VS Code, etc.)

6. Click Install - restart your MCP clients to apply

MCPinstaller auto-detects and configures: Claude Desktop, Cursor, Claude Code, Windsurf, VS Code, Cline, Roo Code, LM Studio, Zed, Amazon Q, Warp, and more.

#### Manual Configuration

Alternatively, manually add to your MCP client config (e.g., `~/.claude/claude_desktop_config.json`):

```json

{

  "mcpServers": {

    "orpheus": {

      "command": "node",

      "args": ["C:/path/to/mcp_bridge.js"],

      "env": {

        "ORPHEUS_MCP_URL": "http://192.168.1.100:8765",

        "ORPHEUS_API_KEY": "oph_your_key_here"

      }

    }

  }

}

```

**Notes:**

- `ORPHEUS_MCP_URL`: Use `localhost` if on the same machine, otherwise use the Orpheus server IP

- `ORPHEUS_API_KEY`: Required - copy from Orpheus GUI

### MCP Tools

Orpheus exposes 40+ tools through the MCP API:

| Category | Tools |

|----------|-------|

| Memory | `read_memory`, `write_memory`, `scan_pattern`, `scan_strings`, `resolve_pointer` |

| Analysis | `disassemble`, `decompile`, `find_xrefs`, `memory_regions` |

| Functions | `recover_functions`, `get_function_at`, `get_function_containing`, `build_cfg` |

| RTTI | `rtti_parse_vtable`, `rtti_scan`, `rtti_scan_module`, `rtti_cache_*` |

| Emulation | `emu_create`, `emu_run`, `emu_set_registers`, `emu_map_module` |

| CS2 | `cs2_init`, `cs2_inspect`, `cs2_list_players`, `cs2_get_game_state` |

| Utilities | `evaluate_expression`, `bookmark_*`, `task_*` |

## Project Structure

```

orpheus/

├── src/

│   ├── core/          # DMA interface, runtime management

│   ├── analysis/      # Disassembler, pattern scanner, RTTI, function recovery

│   ├── decompiler/    # Ghidra integration, type injection

│   ├── emulation/     # Unicorn CPU emulator

│   ├── dumper/        # CS2 schema dumper

│   ├── mcp/           # MCP server (40+ handlers)

│   ├── installer/     # MCPinstaller standalone tool

│   ├── ui/            # ImGui application, CS2 panels

│   └── utils/         # Cache, bookmarks, expression evaluator

├── cmake/             # CMake modules (dependencies, resource embedding)

├── resources/

│   ├── dlls/          # VMM/LeechCore DLLs

│   ├── fonts/         # JetBrains Mono

│   └── maps/          # CS2 radar minimaps

├── sleigh/            # Ghidra SLEIGH processor specs

└── mcp_bridge.js      # MCP stdio-to-HTTP adapter

```

## Dependencies

Fetched automatically via CMake FetchContent:

- GLFW 3.3.9

- Dear ImGui 1.90.1 (docking branch)

- spdlog 1.13.0

- Capstone 5.0

- Unicorn Engine 2.1.4

- cpp-httplib 0.15.3

- nlohmann/json 3.11.3

- Ghidra Decompiler (libdecomp)

## License

Copyright (C) 2025 super2xl

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

See [LICENSE](LICENSE) for details.