Releases: ThunderCls/xAnalyzer
Releases · ThunderCls/xAnalyzer
xAnalyzer x86x64
- Fixed wrong calculation when adding comments larger than 512 chars which caused a BoF ( closes #53 )
- Added two new entries to the ntdll.api definition file
xAnalyzer x86x64
Changes:
- Fixed "small buffer" issue (crash) on large modules with long instructions. ( closes #43 and #47 )
- Fixed huge amount of ram usage for extended analysis on modules with a big number of functions/parameters ( closes #44 )
File Size: 7 MB
Plattform: x86
Comments: ~350.000
RAM Usage Before: 2.346 GB
RAM Usage After: 163 MB
File Size: 36 MB
Plattform: x64
Comments: ~250.000
RAM Usage Before: 7.570 GB
RAM Usage After: 324 MB
xAnalyzer x86x64
v2.5.4
- Updated project to VS2017
- Fixed issues when processing argument instructions involving the stack pointer (x64 version). Closes #39
- Fixed incorrect arguments order involving the stack pointer (x64 version). Closes #42
- Fixed bug on undefined functions' arguments recognition that duplicated registers as different arguments (x64 version)
- Changed undefined call args recognition, it will only predict up to 4 undefined args by default (x86 version)
- Some code refactoring
xAnalyzer x86x64
Fix for newer x64dbg versions
[+] Detection of function names in newer versions of x64dbg fixed
[+] Version number updated
xAnalyzer x86x64
Changes to module analysis - Used current selected disasm line for module analysis instead of cip - Modified some typing in plugin entries - Some code refactoring - Modified command "xanal/xanalremove exe" to "xanal/xanalremove module" - Closes #31
xAnalyzer x86x64
-Fixed crash on mov instructions variations
xAnalyzer x86x64
NOTE: In case of an update from a previous version of xAnalyzer, it is recommended to completely replace the previous apis_def folder with the new one (delete all the content from the old folder and replace with this release content)
- Removed [EBP+/-] instructions as possible function caller arguments
- Removed prefix "0x" of all function arguments values since hexadecimal is inferred
- Fixed arguments where pointer variables wouldn't show correctly as pointers but as base data type instead
- Added recognition of stack pointer usage (ESP) as possible argument for function calls (x86)
- Added use of accurate data type name in arguments instead of generic/base data type name
- Added name of function pointers as parameters (the entire function name, if detected, will be used instead of just the address)
- Added function smart tracking feature (Smart prediction and recognition of indirect function calls like: CALL {REGISTER}, CALL {POINTER})
xAnalyzer x86x64
xAnalyzer x86x64
Bug fixes
- Fixed BoF when argument flags comment overpassed MAX_COMMENT_SIZE (thanks to @David-Reguera-Garcia-Dreg)
- Fixed function name search bug when definition lies in a second .api file
xAnalyzer x86x64
Changes in Update 2.4.1
- Added a new hotkeys scheme
- Added new options to control which previous analysis data should be erased. (This gives the user more control on what to keep and what to delete and also the possibility to work seamlessly with map loader plugins like SwissArmyKnife, etc).
- Added new commands (old ones have been deprecated)
xanal selection : Performs a selection analysis
xanal function : Performs a function analysis
xanal exe : Performs an entire executable analysis
xanalremove selection : Removes a previous selection analysis
xanalremove function : Removes a previous function analysis
xanalremove exe : Removes a previous entire executable analysis
xanal help : Brings up to the log window some help text - Fixed automatic analysis not launching on startup (Closes #18 )
- Fixed various api definition files (Closes #17 ). It´s recommended to download this apis_def.zip down below file and overwrite the files with the ones already downloaded or just copy the whole new fresh folder and delete the older one.