Relyze Plugin Framework
Plugin Keyboard Shortcuts
Relyze::Plugin::Analysis plugins may be invoked at any time via keyboard shortcuts. See Relyze::Plugin::Analysis#shortcuts for how this works.
Plugin Persistent Data
All plugins may store persistent data which survives application restart. See Relyze::Plugin::Base#get_persistent_value and Relyze::Plugin::Base#set_persistent_value for how this works.
Running Plugins
Plugins can be run in a number of ways, depending on both the type of plugin and how the user wishes to plugin to function.
Analysis plugins may be run the following ways:
-
Via keyboard shortcuts.
-
Via the right click menu in either the code or diff view.
-
Manually selecting to run the plugin via the plugin view.
-
By opening the plugins source code in the plugin editor and selecting 'Run'.
-
Choosing to use an analysis plugin during the analysis of a file. This instantiates an instance of the plugin and performs callbacks to the plugin at different locations in the analysis pipeline.
-
Via the command line when analyzing a file via the /analyze switch. For example:
RelyzeCLI.exe /analyze "c:\samples\foo.dll" /plugin "{CF35EE83-6024-46E5-9F01-7C8731A16629}" /plugin_commandline "/virustotal_apikey=12345"
-
Directly via the command line via the /run switch. For example:
RelyzeCLI.exe /run /plugin "{19F5B074-2660-43D3-A6F1-BB596EDCB345}" /log c:\log.txt
Decoder plugins may be run when opening a file or in the structure view when some bytes are selected in the hex viewer.
Example Plugin
A simple Relyze::Plugin::Analysis plugin to highlight every CALL instruction when triggered via a keyboard shortcut.
require 'relyze/core'
class Plugin < Relyze::Plugin::Analysis
def initialize
super( {
:guid => '{D2E8CFF8-D026-4E90-9211-2685341C9FC3}',
:name => 'Call Highlight',
:description => 'Highlight every call instruction in the current function',
:authors => [ 'Relyze Software Limited' ],
:license => 'Relyze Plugin License',
:shortcuts => {
:call_highlight_set => 'Alt+H',
:call_highlight_clear => 'Shift+Alt+H'
},
:require => {
:arch => [ :x86, :x64 ]
}
} )
end
def call_highlight_set
call_highlight( @relyze.rgb( 140, 140, 240 ) )
end
def call_highlight_clear
call_highlight( nil )
end
def call_highlight( color )
# hold the current models write lock while we run this
success = cm.synchronize_write do
success = false
# pull out the current function being displayed in the gui
func = cm.function( @relyze.tab_current_function_rva( cm ) )
# test if a function is not being displayed
if( not func.nil? )
# iterate over every block in the function
func.blocks do | block |
# iterate over every instruction in the current block
block.instructions do | inst |
# test if this instruction is a call and if so
# either set of clear the color.
if( inst.to_raw[:mnemonic] == :call )
inst.color = color
success = true
end
end
end
end
success
end
# refresh the gui if we succeeded in highlighting at least one instruction
if( success and @relyze.gui? and @relyze.active_tab == cm )
@relyze.update_gui
end
end
end
Using External Ruby Libraries
To add a third party Ruby library for use with the Relyze Ruby installation, use the a Application Options dialog and from the plugin tab and select to add a folder to the Additional Lib Paths list.
After restarting the application you can require the Ruby library as normal.
Custom Ruby Installation
By default Relyze ships with a Ruby installation which can be found in the Relyze application folder. You may configure Relyze to use a Ruby installation other than the default one shipped with the application. In the Plugins tab in the Application Options dialog, you can specify a Custom Ruby Installation by providing the path to a valid Ruby Dll, e.g. C:\Ruby26-x64\bin\x64-msvcrt-ruby260.dll
. After restarting the application, the given Ruby installation will be used.
This is useful if you want to install and use custom Gems for your plugins.
Note: Ruby version 2.4 or greater must be used. Pre built Ruby binaries may be found at rubyinstaller.org.