Class: Relyze::Plugin::Decoder

Inherits:

Base

• Object
• Base
• Relyze::Plugin::Decoder

Defined in:

C:/Program Files/Relyze/lib/relyze/core/plugin.rb

Overview

Decoder plugins are used to decode blobs of data. Decoders are available before analysis to decode an input source before analysis begins. Decoders are also available in the GUI hex editor to decode a hex selection.

Examples:

An simple decoder plugin which performs a bitwise NOT on the input buffer.

require 'relyze/core'

class Plugin < Relyze::Plugin::Decoder

    def initialize
        super( {
            :guid        => '{DD57F16E-BD33-4DDE-9F29-ED308612677B}',
            :name        => 'Bitwise Not',
            :description => 'Bitwise Not a buffers bytes',
            :authors     => [ 'Relyze Software Limited' ],
            :license     => 'Relyze Plugin License'
        } )
    end

    def decode( buffer )
        result = ''
        buffer.each_byte do | b |
            result << [ ~b ].pack( 'C' )
        end
        return result
    end
end

Instance Attribute Summary

Attributes inherited from Base

#autorun_model, #information, #relyze

Instance Method Summary

• #decode(buffer) ⇒ String, NilClass

  Decode a buffer and return the decoded result.

• #initialize(_information) ⇒ Decoder constructor

  A new instance of Decoder.

• #main(buffer) ⇒ String, NilClass

  The decoder plugins main method, automatically called by the application.

• #type ⇒ Object

  Get this plugin type.

Methods inherited from Base

#abort_analysis, #authors, #can_run?, #current_model, #description, #get_persistent_value, #guid, #license, #name, #options, #origin, #print_error, #print_exception, #print_message, #print_warning, #references, #remove_task, #require_files, #restart_analysis, #set_persistent_value, #task_status, #version, #version_major, #version_minor

Constructor Details

#initialize(_information) ⇒ Decoder

Returns a new instance of Decoder

# File 'C:/Program Files/Relyze/lib/relyze/core/plugin.rb', line 630

def initialize( _information )
    _information.merge!( { 
        :decoder_min_peek_size => 512 
    } ) do | key, value_old, value_new | 
        value_old
    end
    super( _information )
end

Instance Method Details

#decode(buffer) ⇒ String, NilClass

Decode a buffer and return the decoded result. Override #decode to implement a custom decoder.

Parameters:

• buffer (String) —

  The input buffer to decode.

Returns:

• (String, NilClass) —

  The final decoded output buffer.

# File 'C:/Program Files/Relyze/lib/relyze/core/plugin.rb', line 648

def decode( buffer )
    return nil
end

#main(buffer) ⇒ String, NilClass

The decoder plugins main method, automatically called by the application.

Parameters:

• buffer (String) —

  The input buffer to decode.

Returns:

• (String, NilClass) —

  The final decoded output buffer.

# File 'C:/Program Files/Relyze/lib/relyze/core/plugin.rb', line 656

def main( buffer )
    result = nil
    if( self.can_run? )
        begin
            result = self.decode( buffer )
        rescue Relyze::AbortException
            print_warning( "Plugin '#{self.name}' aborting." )
            result = nil
        rescue Relyze::RestartException
            print_warning( "Plugin '#{self.name}' forcing restart." )
            result = nil
        rescue ::Exception => e
            print_exception( e )
            result = nil
        end
    end
    self.remove_task
    return result
end

#type ⇒ Object

Get this plugin type.

# File 'C:/Program Files/Relyze/lib/relyze/core/plugin.rb', line 640

def type
    return :decoder
end