Category Archives: Python

Custom Views

The upcoming 0.9.9 version of the Profiler will partially expose the use of custom views. These views are used internally by the Profiler to create complex graphical UIs using short XML strings. While at the moment extensions can use PySide … Continue reading

Posted in Profiler, Python | Tagged | Comments Off on Custom Views

Dissecting an ELF with C++ Types

While there are more interesting targets which could be manually analyzed with the new features provided in the Profiler, I decided to write a small post about ELF, also because official support for ELF will be added sooner or later. … Continue reading

Posted in Headers, Layouts, Profiler, Python | Tagged , , | Comments Off on Dissecting an ELF with C++ Types

Disasm options & filters

The upcoming version 0.9.4 of the Profiler introduces improvements to several disasm engines: ActionScript3, Dalvik, Java, MSIL. In particular it adds options, so that the user can decide whether to include file offsets and opcodes in the output. The code … Continue reading

Posted in Filters, Profiler, Python, SDK | Tagged , , , , , , | Comments Off on Disasm options & filters

Detect broken PE manifests

In the previous post we’ve seen a brief introduction of how hooks work. If you haven’t read that post, you’re encouraged to do so in order to understand this one. What we’re going to do in this post is something … Continue reading

Posted in Hooks, PE, Profiler, Python, SDK | Tagged , | Comments Off on Detect broken PE manifests

Exposing the Core (part 4, Hooks)

Hooks are an extremely powerful extension to the scanning engine of the Profiler. They allow the user to do customize scans and do all sorts of things. Because there’s basically no limit to the applications, I’ll just try to give … Continue reading

Posted in Hooks, Profiler, Python, SDK | Tagged | Comments Off on Exposing the Core (part 4, Hooks)

Exposing the Core (part 3, Key Providers)

This post will be about key providers, which are the first kind of extension to the scan engine we’re going to see. Key providers are nothing else than a convenient way to provide keys through scripting to files which require … Continue reading

Posted in Profiler, Python, SDK | Tagged , , | Comments Off on Exposing the Core (part 3, Key Providers)

Exposing the Core (part 2)

The release date of the upcoming 0.9.3 version is drawing nearer. Several format classes have already been exposed to Python and in this post I’m going to show you some code snippets. Since it’s impossible to demonstrate all format classes … Continue reading

Posted in Profiler, Python, SDK | Comments Off on Exposing the Core (part 2)

Exposing the Core (part 1)

The main feature of the upcoming 0.9.3 version of the Profiler is the expansion of the public SDK. This basically means that a consistent subset of the internal classes will be exposed. Although it’s a subset, there’s no way to … Continue reading

Posted in Filters, Profiler, Python, SDK | Tagged , | Comments Off on Exposing the Core (part 1)

Widgets and Views

The last release of the Profiler featured some significant improvements. So while it also included initial PySide support, there wasn’t much time to make it really nice. One of the missing things was the ability to mix internal Profiler views … Continue reading

Posted in Profiler, PySide, Python | Tagged , | Comments Off on Widgets and Views

PySide support

This is really a small addition which took just a couple of hours of work, but since it can come very handy, it’s worth dedicating a post to it. The upcoming 0.9.1 version of the Profiler adds explicit support for … Continue reading

Posted in Profiler, PySide, Python | Tagged , | 4 Comments