Category Archives: Hooks

YARA 3.2.0 support

The upcoming 2.3 version of Profiler includes support for the latest YARA engine. This new release is scheduled for the first week of January and it will include YARA on all supported platforms. One inherent technical advantage of having YARA … Continue reading

Posted in Action, Hooks, Profiler, Python, SDK | Tagged , | Comments Off on YARA 3.2.0 support

Raw File System Analysis (FAT32 File Recovery)

This post isn’t about upcoming features, it’s about things you can already do with Profiler. What we’ll see is how to import structures used for file system analysis from C/C++ sources, use them to analyze raw hex data, create a … Continue reading

Posted in Forensics, Headers, Hooks, Layouts, Logic Providers, Profiler, Python | Tagged , | Comments Off on Raw File System Analysis (FAT32 File Recovery)

EML attachment detection and inspection

The upcoming 0.9.9 version of the Profiler includes some very useful SDK additions. Among these, the addEmbeddedObject method (to add embedded objects) and a new hook notification called ‘scanning’. The scanning notification should be used for long operations and/or to … Continue reading

Posted in Hooks, Profiler, Python, SDK | Tagged , , | Comments Off on EML attachment detection and inspection

Format quota calculator

In the upcoming 0.9.9 version of the Profiler it will be possible to create docked views even in the context of the main window. This feature combined with custom views is extremely useful if we want to create custom reports … Continue reading

Posted in Hooks, Profiler, Python | Tagged , | Comments Off on Format quota calculator

Detect broken PE manifests

In the previous post we’ve seen a brief introduction of how hooks work. If you haven’t read that post, you’re encouraged to do so in order to understand this one. What we’re going to do in this post is something … Continue reading

Posted in Hooks, PE, Profiler, Python, SDK | Tagged , | Comments Off on Detect broken PE manifests

Exposing the Core (part 4, Hooks)

Hooks are an extremely powerful extension to the scanning engine of the Profiler. They allow the user to do customize scans and do all sorts of things. Because there’s basically no limit to the applications, I’ll just try to give … Continue reading

Posted in Hooks, Profiler, Python, SDK | Tagged | Comments Off on Exposing the Core (part 4, Hooks)