xAnalyzer x86x64

@ThunderCls ThunderCls released this Apr 23, 2018

Changes to module analysis

- Used current selected disasm line for module analysis instead of cip
- Modified some typing in plugin entries
- Some code refactoring
- Modified command "xanal/xanalremove exe" to "xanal/xanalremove module"
- Closes #31

xAnalyzer x86x64

@ThunderCls ThunderCls released this Apr 7, 2018

NOTE: In case of an update from a previous version of xAnalyzer, it is recommended to completely replace the previous apis_def folder with the new one (delete all the content from the old folder and replace with this release content)

  • Removed [EBP+/-] instructions as possible function caller arguments
  • Removed prefix "0x" of all function arguments values since hexadecimal is inferred
  • Fixed arguments where pointer variables wouldn't show correctly as pointers but as base data type instead
  • Added recognition of stack pointer usage (ESP) as possible argument for function calls (x86)
  • Added use of accurate data type name in arguments instead of generic/base data type name
  • Added name of function pointers as parameters (the entire function name, if detected, will be used instead of just the address)
  • Added function smart tracking feature (Smart prediction and recognition of indirect function calls like: CALL {REGISTER}, CALL {POINTER})

funct_smart_tracking

xAnalyzer x86x64

@ThunderCls ThunderCls released this Jun 16, 2017

  • Added recognition of MOV instructions on x86 ( thanks to @Herz3h ).
  • Added recognition of functions with "Stub" suffix ( thanks to @Herz3h ).
  • Fixed bug on "auto analysis" (added more EP check conditions).
  • Clear Auto Comments/Auto Labels options checked now by default.

xAnalyzer x86x64

@ThunderCls ThunderCls released this Mar 28, 2017

Bug fixes

  • Fixed BoF when argument flags comment overpassed MAX_COMMENT_SIZE (thanks to @David-Reguera-Garcia-Dreg)
  • Fixed function name search bug when definition lies in a second .api file

xAnalyzer x86x64

@ThunderCls ThunderCls released this Mar 26, 2017

Changes in Update 2.4.1


  • Added a new hotkeys scheme

hotkeys

  • Added new options to control which previous analysis data should be erased. (This gives the user more control on what to keep and what to delete and also the possibility to work seamlessly with map loader plugins like SwissArmyKnife, etc).
  • Added new commands (old ones have been deprecated)
    xanal selection : Performs a selection analysis
    xanal function : Performs a function analysis
    xanal exe : Performs an entire executable analysis
    xanalremove selection : Removes a previous selection analysis
    xanalremove function : Removes a previous function analysis
    xanalremove exe : Removes a previous entire executable analysis
    xanal help : Brings up to the log window some help text
  • Fixed automatic analysis not launching on startup (Closes #18 )
  • Fixed various api definition files (Closes #17 ). It´s recommended to download this apis_def.zip down below file and overwrite the files with the ones already downloaded or just copy the whole new fresh folder and delete the older one.

xAnalyzer x86x64

@ThunderCls ThunderCls released this Feb 28, 2017 · 22 commits to master since this release

Some important features were added in this version, so be sure to check it out. Also a new API Definition File Scheme has been implemented hence you should delete the old folder and download the new one attached down below.

Changes xAnalyzer v2.4

- New and improved API definition files with a slightly modified scheme (13,000+ API’s from almost 200 DLL’s)
- Symbols recognition system for each API definition argument used (1000+ enums data types and 800+ flags)
- Recognition of params data types (BOOL, NUMERIC, NON-NUMERIC)
- VB "DllFunctionCall" stubs detection

xanalyzer v2 4_copy

- Strings passed as arguments are cleaner now (debugger comments now have the address part stripped)
- Execution Summary added to log window

execution_summ

- Hotkeys feature removed (will be incorporated in future revisions) due some conflicting with x64dbg
- Various bugs fixed

xAnalyzer x86x64

@ThunderCls ThunderCls released this Jan 18, 2017

  • Fixed bug when launching "Analyze Selection" menu with a single line
    selected, what caused an abrupt dbg exception (thanks to @blaquee)
  • Check if the definition files folder "apis_def" and definition files
    exist inside it before loading the plugin
  • Changed hot keys to Ctrl+Shift+X for selection and Ctrl+X for
    functions

xAnalyzer x86x64

@ThunderCls ThunderCls released this Dec 26, 2016 · 33 commits to master since this release

To install the plugin correctly, refer to:
https://github.com/ThunderCls/xAnalyzer#installation

For any issue you can go to:
https://github.com/ThunderCls/xAnalyzer/issues/new

Changelog v2.3

  • Added option "Analyze undefined functions". (OFF by default, anything that's not in definition files is not analyzed)
  • Added option "Automatic analysis" (OFF by default, make analysis on launch at EP of debugged executable)
  • Added feature "Analyze Selection" (Makes a selected instructions analysis, it supports multiple selected calls)

selection_analysis

  • Added feature "Analyze Function" (Makes an automatic discovery and analysis of the current function from the selected address)

function_analysis

  • Added feature "Remove Analysis" from Selection/Function/Executable
  • Added command shortcuts
  • Added new icons
  • Added saving configuration to .ini file
  • Added capitalization of hexadecimal argument values
  • Restructured feature "Analyze Executable" (Makes a full analysis of the current executable)
  • Restructured menus
  • New about dialog now shows the version number to keep track of updates
  • Some small bug fixes
  • Fixed and merged some API definition files
  • Speed and stability improvements

xAnalyzer x86x64

@ThunderCls ThunderCls released this Dec 6, 2016 · 40 commits to master since this release

  • Added analysis progress indicator
  • Added new analysis depth mode
  • Now automatic analysis is only executed if no backup database is present
  • Bugs fixed