Extended Analysis creating way too many comments

[Kelebek1]

Every called function found is added as a regular comment, so much so that (64-bit) x64dbg straight up crashes when trying to look at your comment list after analysing any average commercial-sized binary.

Why are they added as comments? I rely on comments for things I find during reversing, Seeing literally thousands of "sub_xxxxxxxx," or even Windows APIs, doesn't help me at all. If you wanted just known API calls, you can use the built-in Search For -> Intermodular Calls. If you wanted to know what calls something, you have xrefs. Currently xAnalyzer is really destructive if you run it on a pre-commented file as it floods your comment list. I'm curious what this feature was intended for though?

I think they should be added as Auto Comments rather than normal Comments as the arguments are, as they're hidden from your comment list. It's easily done by changing https://github.com/ThunderCls/xAnalyzer/blob/master/xAnalyzer/xanalyzer.cpp#L1213 to use DbgSetAutoCommentAt(). If the current behaviour is needed, can it be added as a config option, preferably disabled by default?

Also as a random extra, could we have a "custom_def" folder alongside "apis_def," because adding a bunch of APIs into that huge folder is a bit of a pain. You don't always know what's yours and can be hard to find what you've done later on, there's 202 files in there currently as-is. Maybe nest the OS APIs a level deeper or something. Would be nice to use a clean folder for your own custom stuff.

I only recently found xAnalyzer and it's amazing, keep up the great work!

[ThunderCls]

Every called function found is added as a regular comment, so much so that (64-bit) x64dbg straight up crashes when trying to look at your comment list after analysing any average commercial-sized binary.

This was a concern from the very beginning given that xAnalyzer can add thousands of new comments. A workaround for this would be to avoid analyzing undefined functions by unchecking this option in the menu of the plugin. That should avoid "sub_xxxxxxxx" comments altogether

Why are they added as comments? I rely on comments for things I find during reversing, Seeing literally thousands of "sub_xxxxxxxx," or even Windows APIs, doesn't help me at all. If you wanted just known API calls, you can use the built-in Search For -> Intermodular Calls. If you wanted to know what calls something, you have xrefs. Currently xAnalyzer is really destructive if you run it on a pre-commented file as it floods your comment list. I'm curious what this feature was intended for though?

The choice of having the function names showing up as regular comments was driven by:
1- Aesthetics. I wanted to highlight and differentiate the function name from the parameters list (different color in config and also a different comment type)
2- Autocomments can't be searched on, whereas comments can. Intermodular Calls can only show statically resolved api calls, other scenarios like for instance this one would stay under the radar, but if it is commented you could easily spot it in the comments search bar.

Also, if you are going to use xAnalyzer in a pre-commented file as you mention, be sure you uncheck these options so you don't get some of your custom comments overwritten.

I think they should be added as Auto Comments rather than normal Comments as the arguments are, as they're hidden from your comment list. It's easily done by changing https://github.com/ThunderCls/xAnalyzer/blob/master/xAnalyzer/xanalyzer.cpp#L1213 to use DbgSetAutoCommentAt(). If the current behaviour is needed, can it be added as a config option, preferably disabled by default?

On the other hand, yeah I agree xAnalyzer can bloat your comments list and that indeed is kind of a bummer, although for now there's no other way around for getting the two previous perks I mentioned without having these compromises. I guess that as you mentioned an option could be implemented to let the user select whether to use regular or auto comments instead

Also as a random extra, could we have a "custom_def" folder alongside "apis_def," because adding a bunch of APIs into that huge folder is a bit of a pain. You don't always know what's yours and can be hard to find what you've done later on, there's 202 files in there currently as-is. Maybe nest the OS APIs a level deeper or something. Would be nice to use a clean folder for your own custom stuff.

That could be a very good feature indeed, although as I mentioned in another post, so far and due my lack of time, I'm only pushing critical fixes to the plugin. An entirely new version of the plugin is on the works (at least it was started) and it should be rewritten from the ground up with some new added features and bug fixes since the current code was written in a hurry and is really messy and insecure. The thing is that it needs a lot of work and hence it will take me some time to finish. Code contributions are always welcomed tho

I only recently found xAnalyzer and it's amazing, keep up the great work!

Thanks, I'm glad it can be useful