Provide the list of all loaded plugins.

The returned value is a tuple of PluginModule instances.

Provide the list of all loaded plugins suitable for a given action.

The action has to be one of the PluginAction values.

The returned value is a tuple of matching PluginModule instances.

Find a given plugin from the list of loaded plugins.

The name string define the target to find.

The returned value is a tuple of the found PluginModule instance and its value, or None in case of search failure.

Abstract method called when a debugger is attached to a binary format.

The expected action is a PluginAction value and the provided format is a ExeFormat instance.

This method has to be defined in order to handle action such as FORMAT_ATTACH_DEBUG.

Abstract method called when a detection of tools used the build the analyzed content is required.

The expected action is a PluginAction value and the content is a LoadedContent instance. The version parameter is a boolean value indicating if some extra details about the tools version are wished.

The expected result is a list of strings.

This method has to be defined in order to handle action such as DETECTION_OBFUSCATORS.

(Abstract) method providing the raw module name of the plugin.

loaded.

The result should be a short string value.

A default implementation builds the module name from the Python script filename.

Abstract method used to explore a binary content (and possibly to add new contents to explore) or to load a recognized binary content into a LoadedContent instance.

The expected action is a PluginAction value and the initial binary content is a BinContent instance. A tracking identifier is provided and is aimed to be used with methods from ContentExplorer and ContentResolver. A reference to the main status bar may also be provided, as a StatusStack instance if running in graphical mode or None otherwise.

This method has to be defined in order to handle actions such as CONTENT_EXPLORER or CONTENT_RESOLVER.

Abstract method run at several different steps of a binary format analysis:

• at the beginning and at the end of the main analysis pass;
• at the beginning and at the end of the extra final pass.

The expected action is a PluginAction value and the provided format is a KnownFormat instance. The identifier refers to the working queue used to process the analysis. A reference to the main status bar may also be provided, as a StatusStack instance if running in graphical mode or None otherwise.

This method has to be defined in order to handle actions such as FORMAT_ANALYSIS_STARTED, FORMAT_ANALYSIS_ENDED, FORMAT_POST_ANALYSIS_STARTED or FORMAT_POST_ANALYSIS_ENDED.

Abstract method run once a loaded binary has been analyzed with success.

The expected action is a PluginAction value and the analyzed content is a LoadedContent instance. The identifier refers to the working queue used to process the analysis. A reference to the main status bar may also be provided, as a StatusStack instance if running in graphical mode or None otherwise.

This method has to be defined in order to handle action such as CONTENT_ANALYZED.

Abstract method called to react to several steps of the plugin life.

The expected action is a PluginAction value.

This method has to be defined in order to handle actions such as PLUGIN_LOADED.

Abstract method called once all the (native?) plugins are loaded.

The expected action is a PluginAction value.

This method has to be defined in order to handle actions such as NATIVE_PLUGINS_LOADED or PLUGINS_LOADED.

Abstract method which is an opportunity to setup instructions or comments ahead of the disassembling process.

Format fields do not need to get disassembled and may be annotated for instance.

The expected action is a PluginAction value and the provided format is a BinFormat instance. The information holder to fill is a PreloadInfo instance. A reference to the main status bar may also be provided, as a StatusStack instance if running in graphical mode or None otherwise.

This method has to be defined in order to handle action such as FORMAT_PRELOAD.

Abstract method run at several different steps of a binary analysis.

The expected action is a PluginAction value and the provided format is a ExeFormat instance.

This method has to be defined in order to handle actions such as DISASSEMBLY_STARTED, DISASSEMBLY_RAW, DISASSEMBLY_HOOKED_LINK, DISASSEMBLY_HOOKED_POST, DISASSEMBLY_LIMITED, DISASSEMBLY_LOOPS, DISASSEMBLY_LINKED, DISASSEMBLY_GROUPED, DISASSEMBLY_RANKED, DISASSEMBLY_ENDED.

Build a filename suitable for the plugin configuration, ending with the final suffix.

If the create parameter is set, the path to this filename is created.

The result is a string or None on failure.

Display a message in the log window, in graphical mode, or in the console output if none.

The type of the message has to be a LogMessageType value.

The only difference with the main log_message() function is that messages are automatically prefixed with the plugin name here.

Dedicated configuration for the plugin.

The value is a GenConfig instance or None if the configuration is not yet created.

As configuration storage path depends on the plugin name, all plugin properties have to get fully loaded by the core before the configuration can be setup.automatically

Filename of the plugin.

Interface exported by the plugin..

This property is a StructObject instance.

The provided information is composed of the following properties :

• gtp_name;
• name;
• desc;
• version;
• url;
• container;
• required;
• actions.

The gtp_name value may be None for non-native plugin. All other fields carry a string value except:

• container: a boolean status indicating if the plugin can embed other plugins;
• required: a tuple of depedencies names;
• actions: a tuple of available features from the plugin coded as PluginAction values.

Raw module name of the plugin.

Features with which plugins can extend the core of Chrysalide.