Welcome

Analysis plugin entry points

There are several ways to callback into an analysis plugin.

  • Manually running the plugin either via the plugin editor (E.g. pressing F5 to run) or by right clicking on this plugin in the application Plugins view and selecting to run it.
  • Via the right click menu in either the code or diff view of the GUI.
  • Through a configured keyboard shortcut.
  • Through the different stages of the analysis pipeline.
  • Via the command line when analysing a file via the /analyze switch. For example: RelyzeCLI.exe /analyze "c:\samples\foo.dll" /plugin "{CF35EE83-6024-46E5-9F01-7C8731A16629}" /plugin_commandline "/virustotal_apikey=12345"
  • Directly via the command line via the /run switch. For example: RelyzeCLI.exe /run /plugin "{19F5B074-2660-43D3-A6F1-BB596EDCB345}" /log c:\log.txt

The simple example below shows how you implement this in code:

require 'relyze/core'

class Plugin < Relyze::Plugin::Analysis

    def initialize
        super( {
            :guid        => '{75A2197C-4A3C-4B29-A526-5DCE6BE63EFD}',
            :name        => 'Test Plugin Entrypoints',
            :description => 'Test the various entrypoint',
            :authors     => [ 'Relyze Software Limited' ],
            :license     => 'Relyze Plugin License',
            :references  => [ 'www.relyze.com' ],
            :shortcuts                => { 
                :my_plugin_shortcut   => 'Alt+X',
            },
        } )
    end

    # Run this method when the plugin is manually run, either via the plugin 
    # editor (E.g. pressing F5 to run) or by right clicking on this plugin in 
    # the application Plugins view and selecting to run it.
    def run
        print_message( "Hello via run" )
    end
    
    # Run this method when the user presses 'Alt+X'
    def my_plugin_shortcut
        print_message( "Hello via my_plugin_shortcut" )
    end
    
    # Hook into the analysis pipeline at the pre structure analysis stage.
    def pre_structure_analyze
        print_message( "Hello via pre_structure_analyze" )
        return true
    end

    # Hook into the analysis pipeline at the post structure analysis stage.
    def post_structure_analyze
        print_message( "Hello via post_structure_analyze" )
        return true
    end

    # Hook into the analysis pipeline at the pre code analysis stage.
    def pre_code_analyze
        print_message( "Hello via pre_code_analyze" )
        return true
    end

    # Hook into the analysis pipeline at the post code analysis stage.
    def post_code_analyze
        print_message( "Hello via post_code_analyze" )
        return true
    end

end

More plugin Articles

Other Articles