Skip to main content

Overview

The Analyze Function feature performs a comprehensive analysis of an entire function based on your current position in the disassembly window. xAnalyzer automatically detects the function boundaries (from prolog to return) and processes all instructions within that function.
This is the recommended analysis mode when you’re working within a specific function and want complete context without analyzing the entire module.

How to Analyze a Function

There are three ways to analyze a function:

Method 1: Using the Context Menu

1

Position your cursor

Click on any instruction within the function you want to analyze. You don’t need to be at the function start.
2

Open the context menu

Right-click to open the context menu in the disassembly window.
3

Select the analysis option

Navigate to PluginsxAnalyzerAnalyze Function.
4

Review results

xAnalyzer will automatically detect function boundaries and analyze all instructions from the function prolog to its return statements.

Method 2: Using the Command

Execute the function analysis command directly in the x64dbg command line: 
xanal function
This command analyzes the function containing the currently selected instruction.

Method 3: Using Hotkeys

Set up custom keyboard shortcuts for faster access:
1

Access preferences

In x64dbg, navigate to OptionsPreferencesShortcuts.
2

Locate the command

Find the xAnalyzer function analysis command in the list.
3

Configure hotkey

Assign your preferred keyboard shortcut (e.g., Ctrl+X).
4

Save and use

Apply the settings and use your hotkey anytime you’re inside a function.

Function Boundary Detection

xAnalyzer automatically detects function boundaries by identifying: Function Prologs: Standard entry sequences like:
  • push ebp / mov ebp, esp (x86)
  • push rbp / mov rbp, rsp (x64)
  • Other common prolog patterns
Function Epilogs: Exit points including:
  • ret instructions
  • retn with immediate values
  • Function return patterns
If a function contains a RET instruction in the middle of its code, xAnalyzer may detect it as the function end. This is a known limitation for functions with early return statements.

What Gets Analyzed

Function analysis provides comprehensive information:

API Function Calls

  • Complete function prototypes
  • Argument names and data types
  • Return value information
  • Calling convention details

Loop Detection

  • Automatic detection of loop structures
  • Loop entry and exit points
  • Nested loop recognition

Undefined Functions

  • Generic analysis for undefined calls (if enabled in settings)
  • Argument prediction for unknown functions
  • Smart function tracking for indirect calls

Code Flow

  • Jump destinations
  • Conditional branch analysis
  • Call chains and relationships

Example Analysis

Before function analysis: 
sub_401000:
push ebp
mov ebp, esp
push 0
call <GetLastError>
test eax, eax
jne short loc_401020
push 0
push 0
push 403000
push 0
call <user32.MessageBoxA>
loc_401020:
mov esp, ebp
pop ebp
ret
After running Analyze Function: 
sub_401000:
push ebp
mov ebp, esp
push 0
call <kernel32.GetLastError>  ; DWORD GetLastError()
test eax, eax                  ; Check error code
jne short loc_401020           ; Jump if error exists
push 0                         ; uType = MB_OK
push 0                         ; lpCaption = NULL
push 403000                    ; lpText = "Success"
push 0                         ; hWnd = NULL
call <user32.MessageBoxA>      ; MessageBoxA(hWnd, lpText, lpCaption, uType)
loc_401020:                    ; [LOOP END]
mov esp, ebp
pop ebp
ret
Function analysis strikes a perfect balance between speed and comprehensiveness. It’s ideal for understanding a specific function’s behavior without the overhead of analyzing the entire module.

Configuration Options

Function analysis respects your xAnalyzer configuration settings: Analyze Undefined Functions: Controls whether to analyze calls not defined in API definition files. Clear Auto Comments/Labels: Determines if previous analysis data should be cleared before new analysis. Track Undefined Functions: Enables smart prediction for indirect function calls like CALL {REGISTER}.

Configuration Options

Learn more about xAnalyzer configuration settings

Use Cases

Reverse engineering: When analyzing a specific algorithm or function behavior. Malware analysis: Understanding what a suspicious function does without analyzing the entire binary. Debugging preparation: Adding context to a function before stepping through it. Code documentation: Generating detailed comments for a specific function in your analysis. Performance optimization: Focusing analysis resources on functions of interest.

Limitations

Function analysis works best with standard function patterns. Some edge cases may not be detected correctly:
  • Functions with multiple return points may be truncated at the first RET
  • Uncommon function prologs might not be recognized
  • Functions with inline assembly tricks may confuse boundary detection
  • Tail call optimizations might affect detection

Analyze Selection

Analyze only selected instructions

Analyze Module

Perform full module analysis

Remove Analysis

Remove analysis from a function

Loop Detection

Learn about automatic loop detection

Build docs developers (and LLMs) love

Get started for freeTalk to us