Class: Relyze::Plugin::Analysis

Inherits:
Base
  • Object
show all
Defined in:
C:/Program Files/Relyze/lib/relyze/core/plugin.rb

Overview

An Analysis plugin may run manually when the user invokes it or automatically against a specific model in that models analysis pipeline.

Examples:

A simple Analysis plugin to highlight every CALL instruction.


require 'relyze/core'

class Plugin < Relyze::Plugin::Analysis

    def initialize
        super( {
            :guid                     => '{D2E8CFF8-D026-4E90-9211-2685341C9FC3}',
            :name                     => 'Call Highlight',
            :description              => 'Highlight every call instruction in the current function',
            :authors                  => [ 'Relyze Software Limited' ],
            :license                  => 'Relyze Plugin License',  
            :shortcuts                => { 
                :call_highlight_set   => 'Alt+H',                                 
                :call_highlight_clear => 'Shift+Alt+H'
            },
            :require                  => {
                :arch                 => [ :x86, :x64 ]
            }
        } )
    end

    def call_highlight_set
        call_highlight( @relyze.rgb( 140, 140, 240 ) )
    end

    def call_highlight_clear
        call_highlight( nil )
    end

    def call_highlight( color )    
        # hold the current models write lock while we run this
        success = cm.synchronize_write do
            success = false
            # pull out the current function being displayed in the gui
            func = cm.function( @relyze.tab_current_function_rva )
            # test if a function is not being displayed
            if( not func.nil? )                       
                # iterate over every block in the function
                func.blocks do | block |      
                    # iterate over every instruction in the current block
                    block.instructions do | inst | 
                        # test if this instruction is a call and if so
                        # either set of clear the color.
                        if( inst.to_raw[:mnemonic] == :call ) 
                            inst.color = color 
                            success    = true
                        end
                    end
                end  
            end
            success
        end    
        # refresh the gui if we succeeded in highlighting at least one instruction  
        if( success and @relyze.gui? and @relyze.active_tab == cm )
            @relyze.update_gui
        end
    end
end

Hook into the pre structure analysis stage of the analysis pipeline and abort analysis if the model is for the x86 arch. Could be used for batch analysis to reduce the files processed.


require 'relyze/core'

class Plugin < Relyze::Plugin::Analysis

    def initialize
        super( {
            :guid        => '{493B97B1-1677-48FB-ADE5-D758AC2AE148}',
            :name        => 'Skip x86',
            :description => 'Skip analysis of x86 files',
            :authors     => [ 'Relyze Software Limited' ],
            :license     => 'Relyze Plugin License'
        } )
    end

    def pre_structure_analyze  
        if( cm.arch == :x86 )
            cm.abort()
        end
    end   

end

Instance Attribute Summary

Attributes inherited from Base

#autorun_model, #information, #relyze

Instance Method Summary collapse

Methods inherited from Base

#abort_analysis, #authors, #can_run?, #current_model, #description, #get_persistent_value, #guid, #license, #name, #options, #origin, #print_error, #print_exception, #print_message, #print_warning, #references, #remove_task, #require_files, #restart_analysis, #set_persistent_value, #task_status, #version, #version_major, #version_minor

Constructor Details

#initialize(_information) ⇒ Analysis

Returns a new instance of Analysis

[View source]

477
478
479
# File 'C:/Program Files/Relyze/lib/relyze/core/plugin.rb', line 477

def initialize( _information )
    super( _information )
end

Instance Method Details

#main(commandline = nil, action = nil, block = false) ⇒ Object

The main method is called by the application. The plugins functionality is implemented via the #run method.

[View source]

525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
# File 'C:/Program Files/Relyze/lib/relyze/core/plugin.rb', line 525

def main( commandline=nil, action=nil, block=false )

    if( not commandline.nil? )
        args = ::Shellwords.split( commandline )
        args.each do | arg |
            opt_val = arg.partition( '=' )
            @information[:options][ opt_val[0] ] = opt_val[2].empty? ? nil : opt_val[2]
        end
    end

    if( self.can_run?( action ) )
        
        do_run = lambda do
            begin
                if( action.nil? )
                    self.run
                elsif( action.class == ::Symbol and self.respond_to?( action, false ) )
                    self.send( action )
                end
            rescue ::Relyze::AbortException
                print_warning( "Plugin '#{self.name}' aborting." )
                result = nil
            rescue ::Relyze::RestartException
                print_warning( "Plugin '#{self.name}' forcing restart." )
                result = nil
            rescue ::Exception => e
                print_exception( e )
            end
            self.remove_task
        end
    
        if( block )
            do_run.call
        else
            @relyze.add_plugin_thread( 
                self,
                ::Thread.new do
                    do_run.call
                    @relyze.remove_plugin_thread( ::Thread.current )
                end
            )
        end
    else
        self.remove_task
        return false
    end

    return true
end

#post_code_analyzeObject (protected)

Override this method to hook into the analysis pipeline at the post code analysis stage.

[View source]

593
594
595
# File 'C:/Program Files/Relyze/lib/relyze/core/plugin.rb', line 593

def post_code_analyze
    return false
end

#post_structure_analyzeObject (protected)

Override this method to hook into the analysis pipeline at the post structure analysis stage.

[View source]

583
584
585
# File 'C:/Program Files/Relyze/lib/relyze/core/plugin.rb', line 583

def post_structure_analyze
    return false
end

#pre_code_analyzeObject (protected)

Override this method to hook into the analysis pipeline at the pre code analysis stage.

[View source]

588
589
590
# File 'C:/Program Files/Relyze/lib/relyze/core/plugin.rb', line 588

def pre_code_analyze
    return false
end

#pre_structure_analyzeObject (protected)

Override this method to hook into the analysis pipeline at the pre structure analysis stage.

[View source]

578
579
580
# File 'C:/Program Files/Relyze/lib/relyze/core/plugin.rb', line 578

def pre_structure_analyze
    return false
end

#runObject

Override this method to implement your plugin.

[View source]

519
520
521
# File 'C:/Program Files/Relyze/lib/relyze/core/plugin.rb', line 519

def run
    return false
end

#shortcutsHash

Get this plugins keyboard shortcuts, if any. Shortcuts are registered during plugin initialization via the :shortcuts key in the plugins information hash. The :shortcuts value is a hash of shortcuts. Each key is a symbol for the shortcut name which corresponds to a method that is called when the shortcut is invoked. Each value is a string describing the keyboard shortcut value used to trigger the shortcut. While a default keyboard shortcut value must be given, the user can configure keyboard shortcuts via the application options in the GUI.

Examples:

def initialize               
    super( {
        :guid        => '{8660CF7B-3AB3-41A4-B10A-89C6F64BFB1C}',
        :name        => 'Your Plugin Name',
        :description => 'Your Plugin Description',
        :authors     => [ 'Your Name' ],
        :license     => 'Your License',
        :references  => [ 'www.your.website' ]
        :shortcuts   => { 
            :my_shortcut => 'Alt+Q' 
        }
   } )
end

def my_shortcut
    # implement the shortcut logic here...
end

Returns:

  • (Hash)

    The shortcuts hash, each key is a shortcut name and each value is a keyboard shortcut value.

[View source]

514
515
516
# File 'C:/Program Files/Relyze/lib/relyze/core/plugin.rb', line 514

def shortcuts
    return @information[:shortcuts] || {}
end

#typeObject

Get this plugins type.

[View source]

482
483
484
# File 'C:/Program Files/Relyze/lib/relyze/core/plugin.rb', line 482

def type
    return :analysis
end
">yard 0.9.20 (ruby-2.6.5).