Engines plugins, just like any JEB extension (parser, script, etc.) use the JEB API.

They are loaded when JEB starts. Unlike parsers, their role is not to process input data to produce units; they are meant to perform pointed tasks. They react to events issued by units (an IUnit is an IEventSource). They can also be called on-demand by clients.

From a programmer's standpoint, engines plugins extend the IEnginesPlugin (whereas processor plugins extend the IUnitIdentifier interface).

Sample Plugins#

Sample plugins can be found on our GitHub account. Examples:

  • Andhook: Android Cryptographic Primitives Hooking using the JEB Debuggers API
  • Androsig: Android library code signing and matching (no longer maintained)
  • VTPlugin: pulls sample information from VirusTotal information

Skeleton Plugin#

Full source code: Sample plugin skeleton on GitHub

public class SampleEnginesPlugin implements IEnginesPlugin {
    private static final ILogger logger = GlobalLog.getLogger(SampleEnginesPlugin.class);

    @Override
    public IPluginInformation getPluginInformation() {
        return new PluginInformation("Sample Plugin", "A sample JEB plugin", "PNF Software", Version.create(1, 0));
    }

    @Override
    public List<? extends IOptionDefinition> getExecutionOptionDefinitions() {
        return null;
    }

    @Override
    public void execute(IEnginesContext context) {
        execute(context, null);
    }

    @Override
    public void execute(IEnginesContext engctx, Map<String, String> executionOptions) {
        logger.info("Executing sample plugin");
    }

    @Override
    public void dispose() {
    }
}