Update Windows SDK up to 10.0.26100.0 and platform toolset up to v143 (Support: Linux Wine Compile)
Thanks to @eldarkg

• Fixed wrong calculation when adding comments larger than 512 chars which caused a BoF ( closes #53 )
• Added two new entries to the ntdll.api definition file

Changes:

• Fixed "small buffer" issue (crash) on large modules with long instructions. ( closes #43 and #47 )
• Fixed huge amount of ram usage for extended analysis on modules with a big number of functions/parameters ( closes #44 )

File Size: 7 MB
Plattform: x86
Comments: ~350.000
RAM Usage Before: 2.346 GB
RAM Usage After: 163 MB

File Size: 36 MB
Plattform: x64
Comments: ~250.000
RAM Usage Before: 7.570 GB
RAM Usage After: 324 MB

v2.5.4

• Updated project to VS2017
• Fixed issues when processing argument instructions involving the stack pointer (x64 version). Closes #39
• Fixed incorrect arguments order involving the stack pointer (x64 version). Closes #42
• Fixed bug on undefined functions' arguments recognition that duplicated registers as different arguments (x64 version)
• Changed undefined call args recognition, it will only predict up to 4 undefined args by default (x86 version)
• Some code refactoring

Fix for newer x64dbg versions

[+] Detection of function names in newer versions of x64dbg fixed
[+] Version number updated

-Fixed crash on mov instructions variations

NOTE: In case of an update from a previous version of xAnalyzer, it is recommended to completely replace the previous apis_def folder with the new one (delete all the content from the old folder and replace with this release content)

• Removed [EBP+/-] instructions as possible function caller arguments
• Removed prefix "0x" of all function arguments values since hexadecimal is inferred
• Fixed arguments where pointer variables wouldn't show correctly as pointers but as base data type instead
• Added recognition of stack pointer usage (ESP) as possible argument for function calls (x86)
• Added use of accurate data type name in arguments instead of generic/base data type name
• Added name of function pointers as parameters (the entire function name, if detected, will be used instead of just the address)
• Added function smart tracking feature (Smart prediction and recognition of indirect function calls like: CALL {REGISTER}, CALL {POINTER})

• Added recognition of MOV instructions on x86 ( thanks to @Herz3h ).
• Added recognition of functions with "Stub" suffix ( thanks to @Herz3h ).
• Fixed bug on "auto analysis" (added more EP check conditions).
• Clear Auto Comments/Auto Labels options checked now by default.