Stephen Fewer stephenfewer
stephenfewer
/ add_segment_example.rb
Created
October 18, 2016 14:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Hold the write lock and disable auto analysis until | |
| # we complete our synchronized operation. | |
| cm.synchronize_analyze do | |
| # Create a new segment | |
| segment = cm.add_segment( | |
| "test", # name | |
| cm.last_segment.last_rva + 4096, # rva | |
| 4096, # initialized length | |
| 1024, # uninitialized length | |
| true, # readable |
stephenfewer
/ gen_call_graph_dot.rb
Last active
October 22, 2015 17:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Run via the command line with the following command (Note: All paths must be absolute and plugin_commandline paths must be double slashed): | |
| # | |
| # "c:\Program Files\Relyze\relyze.exe" /run /plugin "{1BD45FB7-9907-4683-B2C4-B6AB8E15D510}" /log "C:\Testing\log.txt" /plugin_commandline "/infile=C:\\Testing\\Samples\\foo.exe /outdot=C:\\Testing\\Samples\\foo.dot" | |
| # | |
| require 'relyze/core' | |
| class Plugin < Relyze::Plugin::Analysis | |
| def initialize |
stephenfewer
/ patch_nonexec_section.rb
Created
July 7, 2015 09:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To use this plugin: | |
| # * Copy this plugin file to your Relyze Plugins folder (e.g. C:\Users\<username>\Documents\Relyze\Plugins\) | |
| # * Either restart Relyze.exe or right click in the Plugins view and select 'Reload all Plugins' | |
| # * Open the file you want to analyze and tick this plugin in the loader options | |
| require 'relyze/core' | |
| class Plugin < Relyze::Plugin::Analysis | |
| def initialize |
stephenfewer
/ diff_plugin_example.rb
Created
July 3, 2015 14:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| processed_names = ::Set.new | |
| processed_comments = ::Set.new | |
| # cm will be the current model (A Relyze::ExecutableFileModel object), we | |
| # hold the models read lock while we process the results... | |
| cm.synchronize_read do | |
| # First we pull out the existing differential analysis results that | |
| # are being displayed in the GUI. We could however create the diff | |
| # results programmatically by calling the models diff() method. | |
| dr = @relyze.tab_current_diff | |
| if( dr.nil? ) |
stephenfewer
/ test_entrypoints.rb
Created
May 6, 2015 16:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'relyze/core' | |
| class Plugin < Relyze::Plugin::Analysis | |
| def initialize | |
| super( { | |
| :guid => '{75A2197C-4A3C-4B29-A526-5DCE6BE63EFD}', | |
| :name => 'Test Plugin Entrypoints', | |
| :description => 'Test the various entrypoint', | |
| :authors => [ 'Relyze Software Limited' ], |
stephenfewer
/ gist:1d21f8acfac4637307b7
Created
April 30, 2015 09:55
Relyze Plugin - Test instruction flags access
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Simple example to color an instruction based on its EFLAGS access. | |
| def run | |
| result = cm.synchronize_write do | |
| # Pull out the RVA of the function the user has selected in the GUI | |
| func_rva = @relyze.tab_current_function_rva( cm ) || (break 'No function selected') | |
| # Pull out the corresponding function object | |
| func = cm.function( func_rva ) || (break 'Function not found') | |
| # Iterate over every block in the function | |
| func.blocks do | block | |
stephenfewer
/ gist:12df771275ee7860b48e
Last active
August 29, 2015 14:20
Relyze Plugin - Test instruction operand access
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Simple example to color every instruction in a function that writes to memory. | |
| def run | |
| result = cm.synchronize_write do | |
| # Pull out the RVA of the function the user has selected in the GUI | |
| func_rva = @relyze.tab_current_function_rva( cm ) || (break 'No function selected') | |
| # Pull out the corresponding function object | |
| func = cm.function( func_rva ) || (break 'Function not found') | |
| # Iterate over every block in the function | |
| func.blocks do | block | |