Analysis Options

    Description: The Analysis dialog allows setting some Rizin’s analysis options. The supported options are described below.

    Clicking on the “Analyze Program” button will trigger an analysis of the current binary with Rizin’s aaa command, taking into account the configured values of the analysis options.

    Steps to open: Edit -> Preferences -> Analysis

    Select the boundaries in which the analyis will be performed. The different options are:

    • All maps (io.maps)

    • Current map (io.map)

    • Raw (raw)

    • All mapped sections (bin.sections)

    Configuration variable: analysis.in

    Speculatively set a name for the functions

    Try to name functions without symbols by using artifacts in the functions such as API calls and strings.

    Configuration variable: analysis.autoname

    Search for new functions following already defined functions

    Cutter will check if there is a candidate for a new function following an already defined one, as the compiler usually state them together. This option is taking the advantages of both Recursive Analysis and Linear Sweep into some kind of a hybrid mode. For each discovered function, the analysis will try to check for a function-prologue, usually following a gap of null bytes or cc bytes. This will help with discovering functions which are not referenced in the program. As such, it will make the analysis slower and prone to false-positives.

    Configuration variable: analysis.hasnext

    When encountering unconditional jumps during the analysis, Cutter will add a code-reference even if it is not guaranteed that the jump will take place.

    Configuration variable: analysis.jmp.ref

    Analyze jump tables in switch statements

    When encountering switch statements during analysis, continue and analyze the target blocks of the jump tables.

    Analyze push + as jmp

    When performing analysis of a function, treat the sequence of push followed by ret instruction as a jmp. This can help Cutter to continue the analysis to target of the jmp.

    Configuration variable: analysis.pushret

    When enabled, Cutter will print warnings it encountered while preforming analysis. These warnings can help the user understand if anything went wrong in the analysis. This function is not only helpful when trying to perform a full analysis of the program, but also when trying to analyze and define new functions.

    Configuration variable: analysis.verbose

    Verbose output from type analysis

    Print warnings encountered while preforming type analysis. These warnings can help the user understand if anything went wrong in the analysis.

    Configuration variable: analysis.types.verbose

    Pointer depth

    The maximum number of nested pointers to follow in analysis.

    Configuration variable:

    Hex value that represents certain opcodes that will be used to identify functions.