Class: Relyze::FileModel

Inherits:
Object
  • Object
show all
Defined in:
C:/Program Files/Relyze/lib/relyze/core/file_model.rb

Direct Known Subclasses

ExecutableFileModel

Defined Under Namespace

Classes: Array, Information, Structure, Value

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeFileModel

Returns a new instance of FileModel.



238
239
240
241
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 238

def initialize
    # a frozen string
    @buffer = ''
end

Instance Attribute Details

#bufferObject (readonly)

A frozen String of this files data. To modify the buffer, use the #write_buffer method.



236
237
238
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 236

def buffer
  @buffer
end

Instance Method Details

#abortObject

If this model is currently being analyzed, abort and terminate analysis.



439
440
441
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 439

def abort
    return nil
end

#add_auxiliary_text(title, text) ⇒ true, false

Add a blob of text to the model, which is displayed in the Overview section.

Parameters:

  • title (String)

    The auxiliary text title.

  • text (String)

    The auxiliary text.

Returns:

  • (true, false)


376
377
378
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 376

def add_auxiliary_text( title, text )
    return false
end

#add_entropy_marker(name, offset, length) ⇒ true, false

Add a new entropy marker to the model.

Parameters:

  • name (String)

    The name of the new marker.

  • offset (Integer)

    The offset in the models #@buffer the new marker will begin at.

  • length (Integer)

    The byte length the new marker will span.

Returns:

  • (true, false)


394
395
396
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 394

def add_entropy_marker( name, offset, length )
    return false
end

#add_information(info) ⇒ Relyze::FileModel::Information?

Add a new Information object to the model.

Examples:

Add a new Information object to the model.

def run
    cm.synchronize_write do
        cm.add_information(
            Relyze::FileModel::Information.new( {
                :group => :general,
                :title => 'Testing',
                :data  => 'Visit us online!',
                :view  => :internet,
                :url   => 'https://www.relyze.com/'
            } )
        )
    end
    if( @relyze.gui? and @relyze.active_tab == cm )
        @relyze.update_gui
    end
end

Parameters:

Returns:



359
360
361
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 359

def add_information( info )
    return info
end

#current_file_nameInteger

Returns The current file name for this model which may be different from the original if this model was saved to an archive.

Returns:

  • (Integer)

    The current file name for this model which may be different from the original if this model was saved to an archive.



314
315
316
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 314

def current_file_name
    return ''
end

#current_file_pathInteger

Returns The current file path for this model which may be different from the original if this model was saved to an archive.

Returns:

  • (Integer)

    The current file path for this model which may be different from the original if this model was saved to an archive.



319
320
321
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 319

def current_file_path
    return ''
end

#entropy_markers {|info| ... } ⇒ Array<Array>?

Get all the entropy markers for this model.

Examples:

Print this models entropy markers

cm.entropy_markers.each do | name, offset, length |
    print_message( name )
end

Yields:

  • (info)

    yields the entropy marker to the block.

Yield Parameters:

  • info (Array)

    The entropy marker information in an array.

Returns:

  • (Array<Array>, nil)

    An array of entropy marker information.



408
409
410
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 408

def entropy_markers
    return nil
end

#file_sizeInteger

Returns The file size.

Returns:



282
283
284
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 282

def file_size
    return 0
end

#file_typeString

Returns A description of the file type.

Returns:

  • (String)

    A description of the file type.



287
288
289
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 287

def file_type
    return ''
end

#get_entropy(offset) ⇒ Float

Get the entropy at a specific offset.

Parameters:

  • offset (Integer)

    The offset in the #@buffer to get the entropy for.

Returns:

  • (Float)

    The entropy value at this offset.



384
385
386
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 384

def get_entropy( offset )
    return 0.0
end

#information {|info| ... } ⇒ Array<Relyze::FileModel::Information>?

Get all the Information object for this model.

Examples:

Print this models information

cm.information do | info |
    print_message( "%-25s - %s" % [ info.title, info.data ] )
end

Yields:

  • (info)

    yields the info object to the block.

Yield Parameters:

Returns:



333
334
335
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 333

def information
    return []
end

#origional_file_nameInteger

Returns The original file name when this model was first analyzed.

Returns:

  • (Integer)

    The original file name when this model was first analyzed.



304
305
306
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 304

def origional_file_name
    return ''
end

#origional_file_pathInteger

Returns The original file path when this model was first analyzed.

Returns:

  • (Integer)

    The original file path when this model was first analyzed.



309
310
311
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 309

def origional_file_path
    return ''
end

#read_buffer(offset, length) ⇒ String?

Read some data from the models buffer.

Parameters:

  • offset (Integer)

    The offset into buffer to read from.

  • length (Integer)

    The length of data to read.

Returns:

  • (String, nil)

    Returns the read data or nil if failure.



248
249
250
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 248

def read_buffer( offset, length )
    return nil
end

#realloc_buffer(size) ⇒ true, false

Reallocate the model buffer to hold a new size (in bytes) which may be greater or smaller than the original size, preserving as much of the original contents of the buffer as will fit.

Parameters:

  • size (Integer)

    The new size of the buffer in bytes.

Returns:

  • (true, false)

    Returns true upon successful reallocation.



267
268
269
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 267

def realloc_buffer( size )
    return false
end

#remove_information(info) ⇒ true, false

Remove an Information object from the model.

Parameters:

Returns:

  • (true, false)


367
368
369
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 367

def remove_information( info )
    return false
end

#restartObject

If this model is currently being analyzed, restart the analysis from the beginning of the pipeline. Only the models buffer will be preserved.



446
447
448
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 446

def restart
    return nil
end

#run_plugin(guid, commandline = nil) ⇒ true, false

Run a plugin against a model. The plugin will run in the current thread so you may hold the models read/write lock if needed. The plugins run method will be called.

Examples:

model = @relyze.analyze_file( "C:\\samples\\foo.dll" )   
guid  = @relyze.get_plugin_guid( "My Great Plugin" )
if( not guid.nil? )
    model.run_plugin( guid, "/option1=some_value" )
end

Parameters:

  • guid (String)

    The guid of the plugin you want to run.

  • commandline (String, nil) (defaults to: nil)

    Optional command line to pass to the plugin.

Returns:

  • (true, false)

    Returns true if successful.



464
465
466
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 464

def run_plugin( guid, commandline=nil )
    return false
end

#structureRelyze::FileModel::Structure

Get this models Structure.

Examples:

Dump the structure of the model in the GUI's active tab

def dump( parent, indent=1 )
    parent.items do | value |
        print_message( "%#{indent * 4}s%s - %s" % [ '', value.name, value.to_s ] )
        if( value.class == Relyze::FileModel::Structure || value.class == Relyze::FileModel::Array )
            dump( value, indent + 1 )
        end
    end
end

def run
    dump( cm.structure )
end

Print the ImageBase of a PE file via its structure.

def run
    print_message( cm.structure['NT Header']['Optional Header']['ImageBase'].to_s )
end

Returns:



434
435
436
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 434

def structure
    return nil
end

#synchronize_readObject

Hold the models read lock while executing the supplied block.



272
273
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 272

def synchronize_read
end

#synchronize_writeObject Also known as: synchronize

Hold the models write lock while executing the supplied block.



276
277
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 276

def synchronize_write
end

#to_sString

Returns:



299
300
301
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 299

def to_s
    return "FileModel: %s (%s)" % [ self.current_file_path, self.file_type ]
end

#typeSymbol?

Get the type of FileModel

Returns:

  • (Symbol, nil)

    This models type, either :ar



294
295
296
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 294

def type
    return nil
end

#write_buffer(offset, buffer) ⇒ Integer?

Write some data to the models buffer.

Parameters:

  • offset (Integer)

    The offset into buffer to write to.

  • buffer (String)

    The data to write.

Returns:

  • (Integer, nil)

    The number of bytes written, or nil on failure.



257
258
259
# File 'C:/Program Files/Relyze/lib/relyze/core/file_model.rb', line 257

def write_buffer( offset, buffer )
    return nil
end