What is the difference between "Strict" , "Heuristical" and "Fuzzy" "Procedure Recognition" (in Debugging options -> Analysis 1) ? Which one should i have ticked ?

noramlly let it at the default heuristics selection it works best

strict is one where the winmain message loop kind of procedure is not recognized

fuzzy recognizes some procedures extra but may not be reliable
100 %

here is a sample analysis with iexplorer.exe with all three options turned on one by one notice fuzzy recognises 9 more procedures than
strict and heuristics

Log data
Address Message
Analysing iexplore
14 strict procedures
58 calls to known, 11 calls to guessed functions
9 loops
Analysing iexplore
14 heuristical procedures
58 calls to known, 11 calls to guessed functions
9 loops
Analysing iexplore
23 fuzzy procedures
58 calls to known, 11 calls to guessed functions
9 loops


it has recognized this as a procedure

0040145B /. 8BC6 MOV EAX, ESI
0040145D |. 5E POP ESI
0040145E |. C9 LEAVE
0040145F \. C3 RETN

if you try to find referances for this procdure you wouldnt find none

neither will call stack (ctrl+k) show who calls it or what this calls

you can use ctrl+ + (plus) or ctrl+ - (minus to find the procedures after analysis

it all depends on what you like to do