Category Archives: SDK

Scan Providers

Version 2.5.0 is close to being released and comes with the last type of extension exposed to Python: scan providers. Scan providers extensions are not only the most complex type of extensions, but also the most powerful ones as they … Continue reading

Posted in Profiler, Python, SDK | Comments Off on Scan Providers

YARA 3.2.0 support

The upcoming 2.3 version of Profiler includes support for the latest YARA engine. This new release is scheduled for the first week of January and it will include YARA on all supported platforms. One inherent technical advantage of having YARA … Continue reading

Posted in Action, Hooks, Profiler, Python, SDK | Tagged , | Comments Off on YARA 3.2.0 support

Stripping symbols from an ELF

Just as the previous post about stripping symbols from a Mach-O binary, here’s one about stripping them from an ELF binary. The syntax to execute the script is the same as in the previous post, only the called function changes: … Continue reading

Posted in ELF, Profiler, Python, SDK | Tagged , , , | Comments Off on Stripping symbols from an ELF

Stripping symbols from a Mach-O

A common mistake many developers do is to leave names of local symbols inside applications built on OS X. Using the strip utility combined with the compiler visibility flags is, unfortunately, not enough. So I wrote a small script for … Continue reading

Posted in MachO, Profiler, Python, SDK | Tagged , , , | Comments Off on Stripping symbols from a Mach-O

Command-line scripting

The upcoming 2.1 version of Profiler adds support for command-line scripting. This is extremely useful as it enables users to create small (or big) utilities using the SDK and also to integrate those utilities in their existing tool-chain. The syntax … Continue reading

Posted in Profiler, Python, SDK | Tagged , , | Comments Off on Command-line scripting

EML attachment detection and inspection

The upcoming 0.9.9 version of the Profiler includes some very useful SDK additions. Among these, the addEmbeddedObject method (to add embedded objects) and a new hook notification called ‘scanning’. The scanning notification should be used for long operations and/or to … Continue reading

Posted in Hooks, Profiler, Python, SDK | Tagged , , | Comments Off on EML attachment detection and inspection

Disasm options & filters

The upcoming version 0.9.4 of the Profiler introduces improvements to several disasm engines: ActionScript3, Dalvik, Java, MSIL. In particular it adds options, so that the user can decide whether to include file offsets and opcodes in the output. The code … Continue reading

Posted in Filters, Profiler, Python, SDK | Tagged , , , , , , | Comments Off on Disasm options & filters

Detect broken PE manifests

In the previous post we’ve seen a brief introduction of how hooks work. If you haven’t read that post, you’re encouraged to do so in order to understand this one. What we’re going to do in this post is something … Continue reading

Posted in Hooks, PE, Profiler, Python, SDK | Tagged , | Comments Off on Detect broken PE manifests

Exposing the Core (part 4, Hooks)

Hooks are an extremely powerful extension to the scanning engine of the Profiler. They allow the user to do customize scans and do all sorts of things. Because there’s basically no limit to the applications, I’ll just try to give … Continue reading

Posted in Hooks, Profiler, Python, SDK | Tagged | Comments Off on Exposing the Core (part 4, Hooks)

Exposing the Core (part 3, Key Providers)

This post will be about key providers, which are the first kind of extension to the scan engine we’re going to see. Key providers are nothing else than a convenient way to provide keys through scripting to files which require … Continue reading

Posted in Profiler, Python, SDK | Tagged , , | Comments Off on Exposing the Core (part 3, Key Providers)