Monthly Archives: April 2013

Rich Text Format support (including OLE extraction)

The work on the upcoming 0.9.4 version of the Profiler has just begun, but there’s already an addition worth mentioning in depth: the support for RTF files. In particular there are two things which are quite useful: the preview of … Continue reading

Posted in Profiler, RTF | Tagged | Comments Off on Rich Text Format support (including OLE extraction)

News for version 0.9.3

The new version is out with the following news: – subdivided the Python SDK into modules – exposed many core and file format classes to Python (part 2) – exposed filters to Python – introduced Python hooks – introduced Python … Continue reading

Posted in Profiler | Tagged | Comments Off on News for version 0.9.3

Detect broken PE manifests

In the previous post we’ve seen a brief introduction of how hooks work. If you haven’t read that post, you’re encouraged to do so in order to understand this one. What we’re going to do in this post is something … Continue reading

Posted in Hooks, PE, Profiler, Python, SDK | Tagged , | Comments Off on Detect broken PE manifests

Exposing the Core (part 4, Hooks)

Hooks are an extremely powerful extension to the scanning engine of the Profiler. They allow the user to do customize scans and do all sorts of things. Because there’s basically no limit to the applications, I’ll just try to give … Continue reading

Posted in Hooks, Profiler, Python, SDK | Tagged | Comments Off on Exposing the Core (part 4, Hooks)

Exposing the Core (part 3, Key Providers)

This post will be about key providers, which are the first kind of extension to the scan engine we’re going to see. Key providers are nothing else than a convenient way to provide keys through scripting to files which require … Continue reading

Posted in Profiler, Python, SDK | Tagged , , | Comments Off on Exposing the Core (part 3, Key Providers)