Introducing JEB Extensions
JEB offers a rich API that can be used to develop:
- Python scripts can be used to automate simple tasks
- When run within the UI client, scripts can interact with GUI elements
Plugins (aka back-end extensions):
- Processor plugins such as disassemblers, file parsers, etc.
- Engines plugins such as second-pass code analyzers, working on results produced by other plugins, or helpers
- Decompiler plugins such as IR optimizer plugins for dexdec or gendec
- Other plugin types include code analysis extensions (to customize native code analysis), contributions (for information overlays), interpreter (command-line processors), etc.
Front-end clients, such as:
- The official UI client
- Headless clients for automation pipelines
Only professional licenses offer full API access. However, all licenses allow script and plugin execution from within the UI client:
|Licenses Type||UI client||Other Clients (e.g. command-line)|
|Pro||UI scripts + plugins||scripts + plugins|
Grasping the high-level concepts of how pieces fit together within JEB will make you a more efficient extensions developer.
At the highest-level, JEB is separated into back-end and front-end components:
- The back-end components are responsible for processing input artifacts. They provide an execution environment for native and third-party plugins, including processor plugins, such as file parsers.
- The front-end components are responsible for processing input commands and rendering back-end results. A variety of front-ends may be created using the API exposed by the back-end.
All JEB distributions ship with the UI client front-end that runs on all major desktop operating systems (Windows x86_64, Linux x86_64/aarch64, macOS x86_64/aarch64).
The diagram below shows the relationship between back-end and front-end components:
Depending on their license type, users may be able to develop third-party plugins and instruct the back-end to load them. This enables power users to craft input processors that cater to their specific needs (e.g., a disassembler for an exotic or virtual CPU).
You may verify your API usage capabilities by starting JEB with the
-c --license command line flag.
Application Programming Interfaces#
Clients and extensions (plugins, scripts) use the JEB API.
The API reference documentation is available online as well as offline, within your JEB software package (file
Scripts vs Plugins#
- Are called by users to achieve small tasks
- Example: modify some code, navigate somewhere, display some info, etc.
- Must be written in Python (they are run in a Jython VM)
- Ideal for rapid development and prototyping
- Are executed by JEB on-demand
- In the GUI client, can be executed via the File menu
- Implement a specialized sub-type of
- Can perform a variety of tasks, from input processing, disassembling, decompiling, adding functionality to other plugins, event-triggered actions, etc.
- May be compiled as jar; some plugin types may be written as scripts (Java or Python)
- Implement a specialized sub-type of
All versions of JEB can execute client scripts within the UI client.
Scripts should be dropped in your
scripts/ directory (or any other directory specified in your
.ScriptsFolder client option).
Use the File, Scripts, Script Selector... menu command to execute, edit, or create a script.
- Client scripts are written in Python, and are executed within a 2.7 Jython VM (a Java implementation of the Python VM)
- Scripts, like any extension, use the JEB API.
- Client scripts executed inside the UI client also have access to the UI-API, located in the package
com.pnfsoftware.jeb.client.ui. Classes of the UI-API allow graphical manipulation of views, fragments, items, etc. (This API is optionally implemented by clients; the desktop client implements it.)
You will find a large collection of sample scripts on our public GitHub repository.
Executing Engines Plugins#
Engines plugins live within the engines context of the JEB back-end. They may execute code continuously, be event-driven, or even be explicitly called by the user.
All third-party plugins must be dropped in your
coreplugins/ directory (or any other directory specified in your
.PluginsFolder back-end option). Use the File, Engines, Execute, ... menu command to execute an engines plugin.
Engines plugins are JEB plugins that implement the IEnginesPlugin interface.
The full list of engines plugins loaded within your JEB instance context can be seen by running the File, Engines, Plugins command. You may double-click a plugin to execute it.
A collection of open-source plugins can be found on our public GitHub repository.