Code Dynamic Analysis

by Geoff McDonald and Zelimir Bozic

CDA (previously known as Function Hacker) is a dynamic code analysis process instrumentation tool for x86 targets that is easy to use. It records both inter-modular and intra-modular calls, allows for easy filtering of recorded data, and allows visualization of the resulting data. It is particularly useful for quickly analyzing the observed functionality of malware and locating difficult to find code regions.

CDA works on a start/stop recording approach. After attaching to the target process, clicking on Start Recording results in recording all the function calls until Stop Recording is clicked.


CDA v1.0 runs on both Windows x86 and x64, but can only attach to processes running in 32-bit mode.



CDA Puttygen
Fig. 1 - The main user interface of CDA used to record function calls.
CDA Puttygen Listcalls
Fig. 2 - All function internal function calls are recorded along with their arguments.
CDA Puttygen Filter
Fig. 3 - Function calls can be searched through based on arguments, how many times the funciton was called in the recording, or many more options.
Back to top