Releases: ThunderCls/xAnalyzer
xAnalyzer x86x64
Some important features were added in this version, so be sure to check it out. Also a new API Definition File Scheme has been implemented hence you should delete the old folder and download the new one attached down below.
Changes xAnalyzer v2.4
- New and improved API definition files with a slightly modified scheme (13,000+ API’s from almost 200 DLL’s)
- Symbols recognition system for each API definition argument used (1000+ enums data types and 800+ flags)
- Recognition of params data types (BOOL, NUMERIC, NON-NUMERIC)
- VB "DllFunctionCall" stubs detection
- Strings passed as arguments are cleaner now (debugger comments now have the address part stripped)
- Execution Summary added to log window
- Hotkeys feature removed (will be incorporated in future revisions) due some conflicting with x64dbg
- Various bugs fixed
xAnalyzer x86x64
- Fixed bug when launching "Analyze Selection" menu with a single line
selected, what caused an abrupt dbg exception (thanks to @blaquee) - Check if the definition files folder "apis_def" and definition files
exist inside it before loading the plugin - Changed hot keys to Ctrl+Shift+X for selection and Ctrl+X for
functions
xAnalyzer x86x64
To install the plugin correctly, refer to:
https://github.com/ThunderCls/xAnalyzer#installation
For any issue you can go to:
https://github.com/ThunderCls/xAnalyzer/issues/new
Changelog v2.3
- Added option "Analyze undefined functions". (OFF by default, anything that's not in definition files is not analyzed)
- Added option "Automatic analysis" (OFF by default, make analysis on launch at EP of debugged executable)
- Added feature "Analyze Selection" (Makes a selected instructions analysis, it supports multiple selected calls)
- Added feature "Analyze Function" (Makes an automatic discovery and analysis of the current function from the selected address)
- Added feature "Remove Analysis" from Selection/Function/Executable
- Added command shortcuts
- Added new icons
- Added saving configuration to .ini file
- Added capitalization of hexadecimal argument values
- Restructured feature "Analyze Executable" (Makes a full analysis of the current executable)
- Restructured menus
- New about dialog now shows the version number to keep track of updates
- Some small bug fixes
- Fixed and merged some API definition files
- Speed and stability improvements
xAnalyzer x86x64
- Added analysis progress indicator
- Added new analysis depth mode
- Now automatic analysis is only executed if no backup database is present
- Bugs fixed
xAnalyzer x86x64
Some additions and improvements have been made to this version:
[+] Generic arguments for undefined functions and internal subs
[+] Smart function comments and arguments (only functions with arguments on stack are being processed). This allows xAnalyzer to give a cleaner sight of the code by just processing and commenting those functions with actual arguments.
[+] Detection of indirect function calls with scheme CALL -> DYNAMIC_MEMORY -> API
[+] Detection of indirect function calls with scheme CALL -> REGISTER/REGISTER + DISPLACEMENT -> API
[+] Detection of indirect function calls with scheme CALL -> JMP -> JMP -> API
[+] Automatic loops detection
[+] Fixed minors bugs.
[+] Code rearrangements.
xAnalyzer x86x64
- Support for x64 bits
- Support API call arguments order changes in x64 bits
- Support PDB files extra info in API calls
- Support of direct/indirect API calls
- Support of static API functions calls to main module code
- Fixed several wrong API calls arguments order in definition files. More calls can now be detected and commented properly
- Some improvements and better written code
- Various bugs solved
xAnalyzer_x86
- Updated the API's definition files
- Added support to vc6+ executables
xAnalyzer_x86
- Fixed issue that didn't show API's info on VC++ executables due to not properly cleaning BASIC_INSTRUCTION_INFO structures before/after using them in a loop
- Added/Updated the API's definition files
xAnalyzer_x86
x86 version of the plugin xAnalyzer