Category Archives: Python

Scan Providers

Version 2.5.0 is close to being released and comes with the last type of extension exposed to Python: scan providers. Scan providers extensions are not only the most complex type of extensions, but also the most powerful ones as they … Continue reading

Posted in Profiler, Python, SDK | Comments Off on Scan Providers

PDB support (including export of types)

The main feature of the upcoming 2.4 version of Profiler is the initial support for the PDB format. Our code doesn’t rely on the Microsoft DIA SDK and thus works also on OS X and Linux. Since the PDB format … Continue reading

Posted in PDB, Profiler, Python | Tagged , , , | Comments Off on PDB support (including export of types)

YARA 3.2.0 support

The upcoming 2.3 version of Profiler includes support for the latest YARA engine. This new release is scheduled for the first week of January and it will include YARA on all supported platforms. One inherent technical advantage of having YARA … Continue reading

Posted in Action, Hooks, Profiler, Python, SDK | Tagged , | Comments Off on YARA 3.2.0 support

Stripping symbols from an ELF

Just as the previous post about stripping symbols from a Mach-O binary, here’s one about stripping them from an ELF binary. The syntax to execute the script is the same as in the previous post, only the called function changes: … Continue reading

Posted in ELF, Profiler, Python, SDK | Tagged , , , | Comments Off on Stripping symbols from an ELF

Stripping symbols from a Mach-O

A common mistake many developers do is to leave names of local symbols inside applications built on OS X. Using the strip utility combined with the compiler visibility flags is, unfortunately, not enough. So I wrote a small script for … Continue reading

Posted in MachO, Profiler, Python, SDK | Tagged , , , | Comments Off on Stripping symbols from a Mach-O

Command-line scripting

The upcoming 2.1 version of Profiler adds support for command-line scripting. This is extremely useful as it enables users to create small (or big) utilities using the SDK and also to integrate those utilities in their existing tool-chain. The syntax … Continue reading

Posted in Profiler, Python, SDK | Tagged , , | Comments Off on Command-line scripting

Raw File System Analysis (FAT32 File Recovery)

This post isn’t about upcoming features, it’s about things you can already do with Profiler. What we’ll see is how to import structures used for file system analysis from C/C++ sources, use them to analyze raw hex data, create a … Continue reading

Posted in Forensics, Headers, Hooks, Layouts, Logic Providers, Profiler, Python | Tagged , | Comments Off on Raw File System Analysis (FAT32 File Recovery)

Logic Providers

The main feature of the 1.0.0 version of the Profiler is ready and thus it won’t take long for the new version to be released. This post serves as introduction to the topic of logic providers and can in no … Continue reading

Posted in Logic Providers, Profiler, Python | Tagged , | Comments Off on Logic Providers

EML attachment detection and inspection

The upcoming 0.9.9 version of the Profiler includes some very useful SDK additions. Among these, the addEmbeddedObject method (to add embedded objects) and a new hook notification called ‘scanning’. The scanning notification should be used for long operations and/or to … Continue reading

Posted in Hooks, Profiler, Python, SDK | Tagged , , | Comments Off on EML attachment detection and inspection

Format quota calculator

In the upcoming 0.9.9 version of the Profiler it will be possible to create docked views even in the context of the main window. This feature combined with custom views is extremely useful if we want to create custom reports … Continue reading

Posted in Hooks, Profiler, Python | Tagged , | Comments Off on Format quota calculator