Relyze Plugin Framework

Plugin Keyboard Shortcuts

Relyze::Plugin::Analysis plugins may be invoked at any time via keyboard shortcuts. See Relyze::Plugin::Analysis#shortcuts for how this works.

Plugin Persistent Data

All plugins may store persistent data which survives application restart. See Relyze::Plugin::Base#get_persistent_value and Relyze::Plugin::Base#set_persistent_value for how this works.

Running Plugins

Plugins can be run in a number of ways, depending on both the type of plugin and how the user wishes to plugin to function.

Analysis plugins may be run the following ways:

  • Via keyboard shortcuts.

  • Via the right click menu in either the code or diff view.

  • Manually selecting to run the plugin via the plugin view.

  • By opening the plugins source code in the plugin editor and selecting 'Run'.

  • Choosing to use an analysis plugin during the analysis of a file. This instantiates an instance of the plugin and performs callbacks to the plugin at different locations in the analysis pipeline.

  • Via the command line when analyzing a file via the /analyze switch. For example: RelyzeCLI.exe /analyze "c:\samples\foo.dll" /plugin "{CF35EE83-6024-46E5-9F01-7C8731A16629}" /plugin_commandline "/virustotal_apikey=12345"

  • Directly via the command line via the /run switch. For example: RelyzeCLI.exe /run /plugin "{19F5B074-2660-43D3-A6F1-BB596EDCB345}" /log c:\log.txt

Decoder plugins may be run when opening a file or in the structure view when some bytes are selected in the hex viewer.

Example Plugin

A simple Relyze::Plugin::Analysis plugin to highlight every CALL instruction when triggered via a keyboard shortcut.

require 'relyze/core'

class Plugin < Relyze::Plugin::Analysis

    def initialize
        super( {
            :guid                     => '{D2E8CFF8-D026-4E90-9211-2685341C9FC3}',
            :name                     => 'Call Highlight',
            :description              => 'Highlight every call instruction in the current function',
            :authors                  => [ 'Relyze Software Limited' ],
            :license                  => 'Relyze Plugin License',  
            :shortcuts                => { 
                :call_highlight_set   => 'Alt+H',                                 
                :call_highlight_clear => 'Shift+Alt+H'
            :require                  => {
                :arch                 => [ :x86, :x64 ]
        } )

    def call_highlight_set
        call_highlight( @relyze.rgb( 140, 140, 240 ) )

    def call_highlight_clear
        call_highlight( nil )

    def call_highlight( color )    
        # hold the current models write lock while we run this
        success = cm.synchronize_write do
            success = false
            # pull out the current function being displayed in the gui
            func = cm.function( @relyze.tab_current_function_rva( cm ) )
            # test if a function is not being displayed
            if( not func.nil? )                       
                # iterate over every block in the function
                func.blocks do | block |      
                    # iterate over every instruction in the current block
                    block.instructions do | inst | 
                        # test if this instruction is a call and if so
                        # either set of clear the color.
                        if( inst.to_raw[:mnemonic] == :call ) 
                            inst.color = color 
                            success    = true
        # refresh the gui if we succeeded in highlighting at least one instruction  
        if( success and @relyze.gui? and @relyze.active_tab == cm )

Using External Ruby Libraries

To add a third party Ruby library for use with the Relyze Ruby installation, use the a Application Options dialog and from the plugin tab and select to add a folder to the Additional Lib Paths list.

After restarting the application you can require the Ruby library as normal.

Custom Ruby Installation

By default Relyze ships with a Ruby installation which can be found in the Relyze application folder. You may configure Relyze to use a Ruby installation other than the default one shipped with the application. In the Plugins tab in the Application Options dialog, you can specify a Custom Ruby Installation by providing the path to a valid Ruby Dll, e.g. C:\Ruby26-x64\bin\x64-msvcrt-ruby260.dll. After restarting the application, the given Ruby installation will be used.

This is useful if you want to install and use custom Gems for your plugins.

Note: Ruby version 2.4 or greater must be used. Pre built Ruby binaries may be found at