Skip to content

Introducing JEB Extensions

JEB offers a rich API that can be used to develop:

  • Front-end clients, such as:
    • The official UI client
    • Headless clients for automation pipelines
  • Plugins (aka back-end modules):
    • Processor plugins such as disassemblers, decompilers, debuggers, or any other type of analyzer
      • Many processor plugins fall in the category of parsers and are sometimes referred as such
    • Engines plugins such as second-pass code analyzers, working on results produced by other plugins, or helpers
  • Scripts:
    • Python scripts for automating simple tasks
    • Python scripts that can interact with graphical clients that implement the UI-API (the UI client does)

Capabilities#

Only professional licenses offer full API access. However, all licenses allow script execution from within the UI client:

Licenses Type UI client Other Clients (e.g. command-line)
Non-Pro UI scripts no
Pro UI scripts + plugins scripts + plugins

High-level Architecture#

Grasping the high-level concepts of how pieces fit together within JEB will make you a more efficient extensions developer.

At the highest-level, JEB is separated into back-end and front-end components:

  • The back-end components are responsible for processing input artifacts. They provide an execution environment for native and third-party plugins, including input artifact processor plugins, such as file parsers.
  • The front-end components are responsible for processing input commands and rendering back-end results. A variety of front-ends may be created using the API exposed by the back-end.

Note

All JEB distributions ship with the UI client front-end that runs on all major desktop operating systems.

The diagram below shows the relationship between back-end and front-end components:

High-level architecture diagram

Depending on their license type, users may be able to develop third-party plugins and instruct the back-end to load them. This enables power users to craft input processors that cater to their specific needs (e.g., a disassembler for an exotic or virtual CPU).

You may verify your API usage capabilities by starting JEB with the -c --license command line flag.

Application Programming Interfaces#

The JEB API offers power-users ways to:

  • write clients such as command-line processors (headless)
  • write extensions, from simple scripts in Python to advanced analysis modules in Java

The JEB API reference documentation is available online as well as offline, within your JEB software package (file doc/apidoc.zip).

Scripts vs Plugins#

  • Scripts...
    • Implement IScript
    • Are called by users to achieve small tasks
      • Example: modify some code, navigate somewhere, display some info, etc.
    • Have to to be written in Python (and are run within a Jython VM)
      • Ideal for rapid development and prototyping
    • Are executed by JEB on-demand
      • In UI client, can be executed via the File menu
  • Plugins...
    • Implement IPlugin (IUnitIdentifier for processor plugins, IEnginesPlugin for engines plugins)
    • Are designed to process input (for processor plugins) or do other tasks (for engines plugins)
      • Example: disassemble or decompile code, do complex file parsing, etc.
    • Must be written in Java
      • Ideal for complex, large code bases
    • Are loaded by JEB at start-up time
      • List of loaded plugins can be seen in the File menu

Executing Scripts#

All versions of JEB can execute client scripts within the UI client.

Scripts should be dropped in your scripts/ directory (or any other directory specified in your .ScriptsFolder client option). Use the File, Script, Run Script... menu command to execute a script. The last run script can be executed again by pressing the F2 key.

  • Client scripts are written in Python, and are executed within a 2.7 Jython VM (a Java implementation of the Python VM)
  • Scripts, like any extension, use the JEB API.
  • Client scripts executed inside the UI client also have access to the UI-API, located in the package com.pnfsoftware.jeb.client.ui. Classes of the UI-API allow graphical manipulation of views, fragments, items, etc. (This API is optionally implemented by clients; the desktop client implements it.)

You will find a large collection of sample scripts on our public GitHub repository.

Executing Engines Plugins#

All third-party plugins must be dropped in your coreplugins/ directory (or any other directory specified in your .PluginsFolder back-end option). Use the File, Engines, Execute, ... menu command to execute an engines plugin.

Note

Engines plugins are JEB plugins that implement the IEnginesPlugin interface.

The full list of engines plugins loaded within your JEB instance context can be seen by running the File, Engines, Plugins command. You may double-click a plugin to execute it.

A collection of open-source plugins can be found on our public GitHub repository.