IDA Changelog

What's new in IDA 8.3.230608

Jun 12, 2023
  • IDA Teams and Lumina:
  • lumina: add a UI action to inspect a function's metadata history
  • lumina: allow specifying up to two Lumina servers (public or private, in any order)
  • lumina: metadata history can now be browsed on private Lumina servers
  • Teams: use licenses from vault server on IDA side (no more need for ida.key files on the client)
  • Procesor modules:
  • ARM: ARM64 system registers are now displayed using symbolic names
  • ARM: set offsets/xrefs for LDRD/STRD if the base register is known
  • Dalvik: support for const-method-handle and const-method-type bytecode instructions (DEX 039/Android 10)
  • MIPS: improved analysis of functions with large stack frames for MIPS16
  • MIPS: improved the regtracker
  • PPC: added Power ISA 3.0C Ultravisor-related instructions
  • PPC: support LSP (Lightweight Signal Processing) extension instructions, available in some MPC57xx cores
  • PPC: support Power ISA 3.1, including prefixed instructions
  • RISCV: register tracker can now be configured via settings in ida.cfg
  • File formats:
  • DEX: annotate hidden API section (DEX 039)
  • ELF: ppc: parse and use .gnu.attributes and .PPC.EMB.apuinfo sections to detect the used ISA extension
  • ESP: new loader for the Espressif images, supporting images from ESP8266 (Xtensa) to ESP32-C6 (RISC-V)
  • FLIRT / TILS / IDS:
  • TIL: added type library for Android ARM64
  • TIL: suppport __attribute__((flag_enum)) or __bitmask attribute on enums
  • Standard plugins:
  • DWARF: improve handling of unsigned 'char' types; now they're mapped to 'char' on IDA's side (instead of 'unsigned __int8')
  • DWARF: significantly speed up importing of type information
  • golang: added "detect and parse golang metadata" command
  • golang: annotate funcInfo's funcFlag field
  • golang: handle different functions with the same name in pclntab
  • golang: use full package prefix for functions dirtree
  • goomba: new plugin for optimizing mixed boolean expressions (MBA) in pseudocode
  • idaclang: added presets of predefined arguments for common platforms
  • idaclang: updated libclang to 16.0.0
  • OBJC: set prototypes for some widely used objc methods (e.g. objc_alloc_init)
  • OBJC: support iOS16 optimized objc_retain_xY/objc_release_xY stubs
  • OBJC: support objc_msgSend$... stubs
  • Kernel/Misc:
  • installer: Missing dependencies on Linux are now checked and reported at install time
  • kernel: properly support operand types for 3rd to 8th operands
  • licensing: the EULA has been updated and unified across all IDA editions and license types
  • network: added ability to use an HTTP CONNECT-style proxy
  • network: added support for HTTP CONNECT proxy basic authentication
  • Scripting & SDK:
  • IDAPython: added an example showing how to paint over an existing graph's edges
  • IDAPython: added support for Python 3.12
  • IDAPython: enable access to the global debug variable+
  • IDAPython: improve doc for str2ea (use text from the SDK header)
  • SDK/Python: added get_config_value for retrieving arbitrary JSON values in config files
  • SDK/Python: notepad APIs (get_ida_notepad_text/set_ida_notepad_text) now synchronize the database/UI state
  • SDK/UI: added ability to dynamically change values in combobox in forms
  • SDK: added functions validate_idb(), move_privrange()
  • SDK: added methods edit_named_type_details()/edit_numbered_type_details() to edit local type enum/udt details
  • SDK: added parse_decl_ex()
  • UI:
  • UI: "Color instruction" action now also colorizes undefined items in the selection (previously they were skipped)
  • UI: Added support for Unicode 15.0, now more string literals are detected and displayed correctly
  • UI: allow editing struct.enum comments in the type editor
  • UI: during autoanalysis, mark choosers with a filter and/or sorting as outdated instead of updating immediately
  • UI: improved performance for refreshing choosers when there is no sorting or filtering
  • UI: provide the ability to specify icons for actions through CSS themes
  • UI: show comments for strlits or mangled names on each member of a string array in the disassembly listing
  • UI: the graph options are now saved in the desktop
  • UI: teams: Allow picking a chunk to use from the context menu in addition to the toolbar button/hotkey
  • UI: teams: save desktop layout in the database using user's name so that each user's desktop is not overridden by others
  • Decompilers:
  • decompiler: added a new API function change_hexrays_config() to update the hexrays configuration, e.g. to set the analysis options or disable warnings after IDA start
  • decompiler: added the option to disable some optimizations
  • decompiler: arm: detect usage of X8 for reurning structures on ARM64 and add a hidden 'retptr' argument when callee prototypes is guessed by IDA
  • decompiler: enable IDAPython API for the cloud decompiler (IDA Home, IDA Educational)
  • decompiler: exported set_lvar_name() which can be used to rename local variables
  • decompiler: improve callee type guessing (detect arguments passed by reference)
  • decompiler: improve fastcall/thiscall callee detection
  • decompiler: improved guessing of call types (detect more fastcall/thiscall calls without stack arguments)
  • decompiler: improved propagation of zero values
  • Bugfixes:
  • BUGFIX: decompiler: assignment to a stack variable used by reference in a syscall could be erroneously removed
  • BUGFIX: decompiler: corrupted info in the database could lead to crashes during decompilation
  • BUGFIX: decompiler: decompiler could cause IDA to crash if an error happened during plugin initialization
  • BUGFIX: decompiler: fixed a crash that could occur when deleting a function in the presence of outlined functions
  • BUGFIX: decompiler: fixed numerous interrs
  • BUGFIX: decompiler: indirect jumps in outlined code were handled incorrectly
  • BUGFIX: decompiler: jumps to outlined functions were handled incorrectly
  • BUGFIX: decompiler: the "select union member" action (Alt-Y) could fail in some cases
  • BUGFIX: ELF: Android ARM64 JNI files would incorrectly use 32-bit type library
  • BUGFIX: formatting golang metadata could fail for some 64-bit binaries if they used addresses above 32-bit address space
  • BUGFIX: IDA on Linux would not start if libsecret-1 or libglib-2.0 were not present
  • BUGFIX: idapyswitch would accept buggy Anaconda 2022 distributions which would later cause IDA to crash
  • BUGFIX: IDAPython: ida_dbg.get_dbg_byte() was not usable
  • BUGFIX: IDAPython: non-modal Python forms (using class Form) could cause crashes on the ARM macOS build of IDA
  • BUGFIX: IDAPython: the bookmarks_t object was not usable from IDAPython
  • BUGFIX: kernel: fixed printing of opcode bytes for processors which use two-byte grouping (PR_WORD_INS flag)
  • BUGFIX: kernel: idat64 would try to load picture_search plugin, although it only works in GUI version
  • BUGFIX: Lumina: fixed interr 1512 which could occur on wrong directives in lumina.conf
  • BUGFIX: MACHO: IDA 8.2 would fail to recover tagged pointers in arm64e dyld caches
  • BUGFIX: MACHO: iOS16+ branch mappings/stubs regions were not loaded in "complete" and "dependencies" modes, leading to missing symbols
  • BUGFIX: MACHO: when loading a complete dyld cache for iOS16, authenticated pointers would retain tagged values
  • BUGFIX: MIPS: TX19A-only MIPS16 BAL does not have a delay slot
  • BUGFIX: PDB: IDA would fail to load PDBs with page size 8192 (e.g. from recent Chrome builds)
  • BUGFIX: PE: Load Config Directory comments for ProcessHeapFlags and ProcessAffinityMask fields were swapped in 32-bit files
  • BUGFIX: PE: some files using EH4 metadata (__CxxFrameHandler4) could produce bogus "DATABASE IS CORRUPTED" warnings on load
  • BUGFIX: Teams: IDA would crash silently on start if the license was expired but within the grace period
  • BUGFIX: teams: IDA would sometime fail to save the login credentials
  • BUGFIX: Teams: Vault server no longer refuses to work when there are not enough licenses
  • BUGFIX: ui/qt: get_viewer_graph wouldn't return the mutable_graph_t instance for proximity views
  • BUGFIX: UI: binary search with selection would fail if cursor was at the end of selection
  • BUGFIX: UI: fixed an accelerator clash in the Cross-references tab of the Options dialog box
  • BUGFIX: UI: graph printing did not work on Windows and macOS
  • BUGFIX: UI: license agreement dialog was mis-interpreting UTF-8 text for Latin-1
  • BUGFIX: UI: renaming a structure (or an enum) from the listing, could result in the left-hand list being outdated
  • BUGFIX: UI: some of the search actions were not respecting user selection

New in IDA 8.2.230124 (Jan 24, 2023)

  • Improvements:
  • RISCV: added all currently ratified extensions (cryptography, wait on reservation, pause, cache managment, state enable, hypervisor etc.)
  • RISCV: improve handling of lui + auipc or addi pairs
  • UI: allow the user to specify a not currently available Lumina server
  • UI: make the caret (cursor) color configurable
  • Bugfixes
  • BUGFIX: decompiler: changing variable types could cause the decompiler to crash
  • BUGFIX: eh_parse: x64 PE binaries compiled with recent llvm-based compilers (15.x) could have numerous off-by-one disassembly errors
  • BUGFIX: fixed internal error 1112 which could occur when disassembling some Motorola 68K instructions
  • BUGFIX: IDAPython: added workaround for Python 3.11.1 on Windows failing to import ctypes and other standard native modules
  • BUGFIX: IDAPython: PyQt5 was not working with Python 3.11
  • BUGFIX: IDAPython: upon failure, ida_hexrays.decompile() now always returns None instead of either throwing a ida_hexrays.DecompilationFailure or returning None.
  • BUGFIX: RISCV : fixed decoding of floating-point conversion and comparison instructions
  • BUGFIX: ui/qt: "List cross-references to..." would not be in the context menu anymore even when some Xrefs are codesent
  • BUGFIX: ui/qt: some informational wait dialogs wouldn't show anymore

New in IDA 8.1.221215 (Dec 15, 2022)

  • Processor module improvements:
  • Xtensa module has been extensively reworked with the addition of various optional and macro instructions (number of supported instructions almost tripled) Most common switch patterns are recognized and marked up.
  • Xtensa switch and options:
  • Stack variables are now tracked and created in functions.
  • Xtensa stack vars:
  • RISC-V module can now disassemble vector extension instructions.
  • RISC-V Vector instructions:
  • Swift:
  • Metadata structures generated by the Swift compiler are parsed, fomatted and labeled. Some of the simple types which can be represented in IDA are imported into Local Types.
  • SWIFT formatted metadata SWIFT formatted metadata 2t SWIFT imported type SWIFT imported struct
  • A new plugin which can search for and display images(pictures) embedded in the current binary.
  • UI candy:
  • CSS-based IDA themes now support background images in many of IDA's views
  • IDA Teams and Lumina:
  • lumina: added support for recent MySQL versions which default to TLS connection
  • teams: the password for Vault is now saved securely in the OS-specific keychain
  • vault/lumina: allow any local MAC address to match the one specified in .lic file
  • Procesor modules:
  • XTENSA: added support for many additional instructions, registers, stack variables
  • XTENSA: added support for many standard switch patterns
  • XTENSA: detect used ABI (CALL0 or windowed)
  • RISC-V: added support for vector extension instructions
  • TRICORE: decode FTOHP and HPTOF instructions from TC1.6.2
  • File formats:
  • macho: added USE_SEG_PREFIXES option to macho.cfg, which instructs IDA to use the Mach-O segment name as a prefix for IDA segment names, e.g. "__TEXT:__text"
  • FLIRT / TILS / IDS:
  • FLIRT: added signatures for vc1434 (Visual Studio 16.11)
  • FLIRT: added MFC signatures for vc1434 (Visual Studio 16.11)
  • FLIRT: added signatures for icl 222 (Intel C++ 2021.2)
  • FLIRT: added signatures for icl 2221 (Intel C++ 2021.2.1)
  • TIL: added a type library for Aarch64 (ARM64) UEFI 2.5
  • idaclang: added "--idaclang-mangle-format" switch. it works similarly to the -G option for tilib when the user wants to set a custom name mangling format
  • Standard plugins:
  • PDB: on Windows, enabled fallback mode by default so that MSDIA is used to load legacy PDB files
  • picture_search: new plugin for finding and displaying raster images embedded in the binary
  • svdimport: added support for cluster, derivedFrom and dim/dimIncrement peripheral attributes
  • svdimport: use a folder-based tree for the plugin's UI
  • swift: parse and format Swift metadata
  • swift: import simple types (enums, structs) into Local Types
  • Kernel:
  • kernel: added a new flag REFINFO_SELFREF for offsets (base is equal to the address of the current element)
  • Scripting & SDK:
  • IDAPython: expose the C++ SDK's processor_t (as ida_idp._processor_t)
  • SDK: added capture_process_output() to capture output of an external program;
  • SDK: added support for lazy-loaded dirtree choosers. CH2_LAZY_LOADED flag can be used with dirtree-based choosers to load contents of a directory when it's expanded.
  • SDK: deprecated qerrcode() (errno can be accessed directly instead)
  • UI:
  • UI: added an easy way to take memory snapshot of current segment
  • UI: improved highlighting of matching registers on platforms which use various prefixes (e.g. @r1)
  • UI: in the disassembly, addresses in the line prefixes of structure or array members now increase with those members' offsets.
  • UI: it is now possible to attribute an image as background to the listings (IDA View, Pseudocode, ...) using CSS in themes
  • UI: jumping to an address in the middle of a struct or an array now positions cursor on the correct line of the disassembly listing
  • UI: the "Wait" dialog now only shows after a certain timeout (thereby reducing the number of interfering popping dialogs)
  • Decompilers:
  • decompiler: added an action to jump to a new pseudocode windows with 'alt+enter' shortcut
  • decompiler: enabled decompiling of 32-bit files in IDA64 if a corresponding 32-bit decompiler license is available
  • Bugfixes:
  • BUGFIX: arm: "set callee" (Alt-F11) failed to create cross-references for BLR instructions
  • BUGFIX: alpha: 'lda' instructions could cause wrong sized stack variables to be created
  • BUGFIX: DWARF: Debug information present in .dwz companion files (pointed to by .gnu_debugaltlink) would be skipped when the link is absolute
  • BUGFIX: FLAIR: The pelf utility could crash when used with incorrect 'pelf.rtb' files
  • BUGFIX: IDA could crash if an array typedef was replaced by a structure of the same size
  • BUGFIX: IDA could fail to detect dyld (and any loaded modules) after attaching to a process on macOS 13.
  • BUGFIX: IDA could fail to parse Objective-C method data during debugging.
  • BUGFIX: IDAPython: cfunc_t.arguments array could have function arguments in wrong order
  • BUGFIX: IDAPython: documentation for ida_kernwin.Choose callbacks was missing
  • BUGFIX: IDAPython: get_reg_vals() was not usable
  • BUGFIX: IDAPython: using values in the range [128,255) as 'tag' for ida_netnode functions, would fail
  • BUGFIX: ios_deploy "symbols" phase would fail on iOS 14-16.
  • BUGFIX: lumina: private lumina server could fail starting with certain MySQL setups, due to case sensitivity in INFORMATION_SCHEMA.COLUMNS fields
  • BUGFIX: PC: callee target was not printed for some call instructions
  • BUGFIX: svdimport: fixed problem with odd (+1) start addresses in segments
  • BUGFIX: ui/qt: IDA could crash when passed the wrong widget to ida_kernwin.get_highlight()
  • BUGFIX: ui: "size" expressions in 'Structure offset' context menu differed from 'T' hotkey
  • BUGFIX: ui: exporting data from hex view with non-default item width could produce wrong output
  • BUGFIX: UI: IDA on Windows would hang if the accessibilty option "Use text cursor indicator" was enabled
  • BUGFIX: ui: improvements for accessibility under Windows for "Text Cursor Indicator" on "Output" widget
  • BUGFIX: vault: 'hv purge' command was not usable
  • BUGFIX: xtensa: write acccesses for stack variables were not shown properly

New in IDA 8.1.221006 (Nov 29, 2022)

  • Private Lumina server:
  • Our public Lumina database has been available for several years now and is full of useful information. However, not all organizations can use it due to confidentiality requirements, so now we offer an option of a private server which can be used to share functions metadata inside the organization.
  • New icons:
  • We have designed a brand new icon set for IDA.
  • Sunsetting IDA for 32-bit binaries (IDA32):
  • The world is moving to 64 bits (in fact, IDA itself is a 64-bit executable since 7.0), so the 32-bit IDA gets used less and less. Due to implementation details, it was still necessary to use it for decompiling 32-bit executables, but now we are gradually lifting this limitation, so that in the future 32-bit files will be analyzed and decompiled in IDA64. Eventually we plan to completely deprecate 32-bit IDA and only keep it around for working with legacy .idb files.
  • Golang regabi support:
  • Recent Go versions have enabled register-based calling convention (ABIInternal) instead of the original stack-based one for several architectures. While it was possible to describe it manually using __usercall in IDA, now it automatically allocates registers for the standard __golang convention based on the detected Go version and architecture of the binary.
  • IDA Teams and Lumina:
  • Lumina: private Lumina server is now available
  • Lumina: got rid of LUMINA_HOST and LUMINA_PORT configuration parameters (those values are saved/retrieved in the registry instead)
  • Teams: switched to PBKDF2 hash for the password storage in the vault server
  • Procesor modules:
  • ARM: improved recognition of A32 switch patterns produced by Android NDK 19 toolchain
  • XTENSA: added decoding of the nop.n instruction
  • XTENSA: print a1 register as 'sp'
  • File formats:
  • ELF: ARM: added support for the R_AARCH64_IRELATIVE relocation
  • FLIRT / TILS / IDS:
  • FLIRT: added signatures for icl 221 (Intel C++ 2022.1)
  • FLIRT: added signatures for ucrt 22621
  • FLIRT: VC: added signatures for vc1431 (Visual Studio 16.11.10) 64bit
  • FLIRT: VC: added signatures for vc1432 (Visual Studio 16.11)
  • Standard plugins:
  • golang: added support for the regabi calling convention
  • Kernel:
  • noret.cfg: added more __noreturn function names
  • Scripting & SDK:
  • SDK: changing the application bitness (e.g. inf_set_64bit()) now also adjusts the basic type sizes
  • SDK: now the processor modules that support 64-bit mode must have PR_USE64 set; previously this was not enforced
  • UI:
  • UI: IDA now uses new icons specific to the edition (Pro/Home/Free/Teams)
  • Decompilers:
  • decompiler: x86: improved detection of __fascall functions with stack arguments
  • Bugfixes:
  • BUGFIX: ARM: fixed decoding of T32 UMAAL instruction (wrong operands)
  • BUGFIX: debugger: pressing F8 on jXcx might resume the application and let it run freely
  • BUGFIX: decompiler: during debugging, hovering over stack variables could show wrong data
  • BUGFIX: decompiler: tail calls in outlined functions could lead to truncated pseudocode
  • BUGFIX: idapyswitch could fail to create the libpython symlink on arm64 macOS.
  • BUGFIX: interr 1784 could be produced when loading databases which were rebased multiple times
  • BUGFIX: PC: improved the analysis speed in presence of thunk functions
  • BUGFIX: SDK: get_db_byte() would return bytes from process memory instead of IDB
  • BUGFIX: some debugger plugins would fail with an error message about the 'dbg' variable
  • BUGFIX: teams: merging was not implemented for manual memory regions
  • BUGFIX: tilib could not open files with double extension (file.ext.til)
  • BUGFIX: UI: IDA could crash when using the "New instance" action on macOS
  • BUGFIX: UI: IDA could incorrectly highlight non-ascii characters during filtering in list views
  • BUGFIX: UI: it was impossible to set COMMENTS_INDENTION or INDENTION to more than 132 in the config file (the UI allows up to 255)
  • BUGFIX: UI: some menu actions could be erroneously disabled during auto-analysis
  • BUGFIX: UI: current item focus in the Functions window kept jumping during autoanalysis
  • BUGFIX: vault: multiple IDA instances run by the same user on the same host would consume multiple licenses

New in IDA 8.0.221006 (Oct 6, 2022)

  • IDA Teams and Lumina:
  • Lumina: private Lumina server is now available
  • Lumina: got rid of LUMINA_HOST and LUMINA_PORT configuration parameters (those values are saved/retrieved in the registry instead)
  • Teams: switched to PBKDF2 hash for the password storage in the vault server
  • Procesor modules:
  • ARM: improved recognition of A32 switch patterns produced by Android NDK 19 toolchain
  • XTENSA: added decoding of the nop.n instruction
  • XTENSA: print a1 register as 'sp'
  • File formats:
  • ELF: ARM: added support for the R_AARCH64_IRELATIVE relocation
  • FLIRT / TILS / IDS:
  • FLIRT: added signatures for icl 221 (Intel C++ 2022.1)
  • FLIRT: added signatures for ucrt 22621
  • FLIRT: VC: added signatures for vc1431 (Visual Studio 16.11.10) 64bit
  • FLIRT: VC: added signatures for vc1432 (Visual Studio 16.11)
  • Standard plugins:
  • golang: added support for the regabi calling convention
  • Kernel:
  • noret.cfg: added more __noreturn function names
  • Scripting & SDK:
  • SDK: changing the application bitness (e.g. inf_set_64bit()) now also adjusts the basic type sizes
  • SDK: now the processor modules that support 64-bit mode must have PR_USE64 set; previously this was not enforced
  • UI:
  • UI: IDA now uses new icons specific to the edition (Pro/Home/Free/Teams)
  • Decompilers:
  • decompiler: x86: improved detection of __fascall functions with stack arguments
  • Bugfixes:
  • BUGFIX: ARM: fixed decoding of T32 UMAAL instruction (wrong operands)
  • BUGFIX: debugger: pressing F8 on jXcx might resume the application and let it run freely
  • BUGFIX: decompiler: during debugging, hovering over stack variables could show wrong data
  • BUGFIX: decompiler: tail calls in outlined functions could lead to truncated pseudocode
  • BUGFIX: idapyswitch could fail to create the libpython symlink on arm64 macOS.
  • BUGFIX: interr 1784 could be produced when loading databases which were rebased multiple times
  • BUGFIX: PC: improved the analysis speed in presence of thunk functions
  • BUGFIX: SDK: get_db_byte() would return bytes from process memory instead of IDB
  • BUGFIX: some debugger plugins would fail with an error message about the 'dbg' variable
  • BUGFIX: teams: merging was not implemented for manual memory regions
  • BUGFIX: tilib could not open files with double extension (file.ext.til)
  • BUGFIX: UI: IDA could crash when using the "New instance" action on macOS
  • BUGFIX: UI: IDA could incorrectly highlight non-ascii characters during filtering in list views
  • BUGFIX: UI: it was impossible to set COMMENTS_INDENTION or INDENTION to more than 132 in the config file (the UI allows up to 255)
  • BUGFIX: UI: some menu actions could be erroneously disabled during auto-analysis
  • BUGFIX: UI: current item focus in the Functions window kept jumping during autoanalysis
  • BUGFIX: vault: multiple IDA instances run by the same user on the same host would consume multiple licenses

New in IDA 8.0.220829 (Aug 30, 2022)

  • Procesor modules:
  • 68K: support switches which use cmpa for the range check
  • ARM: improve handling of manual setting of ARM/Thumb mode via the T pseudo-register
  • AVR: added config for ATmega640
  • PC: improve function recognition
  • Debuggers:
  • PIN: support PIN 3.22-98547
  • File formats:
  • COFF: support ARM64 and ARMv7 object files compiled with /bigobj option
  • DWARF: upgrade libdwarf to version 20220625 (aka 0.4.1)
  • MACHO: improve symbolication of branch mappings in iOS16+ dyldcaches
  • MACHO: support for iOS16 dyld caches
  • MACHO: when loading a dyld shared cache, make "single module" option the default choice
  • FLIRT / TILS / IDS:
  • FLIRT: GO: increased coverage of golang signatures
  • FLIRT: MFC: added signatures for vc1431 (Visual Studio 16.11.10)
  • FLIRT: VC: added signatures for vc1431 32bit(Visual Studio 16.11.10)
  • idaclang: added "--idaclang-parse-static" option to the cmdline tool
  • idaclang: introduced the "--idaclang-extra-c-mangling" option for building type libs for mixed-language inputs (e.g. C++, C, and Objective-C)
  • idaclang: try to pre-set a default target configuration that corresponds to the currently loaded file
  • Standard plugins:
  • DSCU: support loading (and symbolicating) global offset tables from iOS16
  • dyldcaches
  • golang: support for go1.18 (function names, types)
  • OBJC: improved decompilation of functions that use objc_alloc_init() to initialize Objective-C objects
  • OBJC: improved decompilation of Objective-C binaries by creating artificial imports for to methods not present in the idb
  • patfind: new plugin to discover code patterns in otherwise unmarked binaries
  • Scripting & SDK:
  • IDAPython: removed Python 2 support
  • SDK: added a new method qstring::rtrim() to trim whitespaces
  • SDK: added get_stdact_descs() for choosers for customizing the standard actions (Insert, Delete, Edit, Refresh)
  • SDK: added wildcard_path_match(), that can match entire paths against a pattern following the same rules as a shell (e.g. ** and ranges like [a-z])
  • SDK: improved comment for has_external_refs()
  • SDK: support usage of qstring in hashed STL containers
  • UI:
  • UI: the command-line arguments in the Debugger>Process options... dialog are no longer limited to 1024 characters
  • Decompilers:
  • Added option HO_PROP_VOLATILE_LDX to propagate load instructions without checking for volatile memory access
  • Added support for outlined functions
  • arm: recognize thunk functions with suffixes _from_thumb, _from_arm, _veneer
  • Improve handling of scattered return values (=using mutiple registers/stack locations)
  • New decompiler: HEXARC (for the ARC processor family)
  • Pc: control register maniplation intrinsics (e.g __writecr0) work with 32-bit values in 32-bit mode
  • Support WCHAR, wchar16_t, wchar32_t as character element types
  • Bugfixes:
  • BUFGIX: IDC: definitions of SN_CHECK/SN_NOCHECK (flags for set_name()) were wrong
  • BUGFIX: ARM: fixed an endless loop which could occur when analyzing code switching between ARM/Thumb modes
  • BUGFIX: ARM: IDA could display a "bad instruction decoding" warning when trying to decode an undefined instruction
  • BUGFIX: ARM: some undefined A64 instructions were wrongly decoded as FCMEQ
  • BUGFIX: ARM: arm64 function arguments with wrong attributes could crash ida
  • BUGFIX: automatically created string literal names would have repeating symbols in place of embedded zeroes in the string
  • BUGFIX: dbg: IDA could produce an internal error when undo was used during debugging
  • BUGFIX: decompiler: do not crash if nullptr is passed to various save_.. functions
  • BUGFIX: decompiler: do not optimize away successive volatile memory reads
  • BUGFIX: decompiler: fix sometimes wrong decompilation when loading values from memory in big-endian mode
  • BUGFIX: decompiler: fixed multiple interrs
  • BUGFIX: decompiler: modifies_d() was incorrectly returning true for instructions without the 'd' operand
  • BUGFIX: DWARF: during source-level debugging, location of some items wouldn't be properly resolved
  • BUGFIX: DWARF: The plugin could INTERR because of how duplicate types were handled
  • BUGFIX: golang: IDA could hang when parisng metadata in some Go binaries
  • BUGFIX: IDA could crash when loading PE files if IDS debugging was enabled (-z40 switch)
  • BUGFIX: IDA could fail to load bytes from modules in iOS 15 dyldcaches for older iphones (iphone X and earlier)
  • BUGFIX: IDA could fail to load symbols for some modules in iOS 15 dyldcaches
  • BUGFIX: idaclang could create invalid types after parsing a "using" declaration that has the same name as an existing type
  • BUGFIX: idaclang could fail to parse c++ type declarations that use the "auto" keyword
  • BUGFIX: idaclang would fail to parse function prototypes that have an unspecified number of arguments
  • BUGFIX: IDAPython: fixed multiple crashes and infinite loops when wrong arguments are passed to IDA APIs
  • BUGFIX: IDAPython: IDA could crash if 'has_insn_feature' was called with improper data
  • BUGFIX: IDAPython: internal errors in IDA API wrappers which are called bypassing IDA UI (e.g. from alternative IDAPython shells) are now caught and reported properly
  • BUGFIX: IDAPython: when trying to create a too big segment, produce a warning instead of fatal error
  • BUGFIX: IDC: calling get_tev_reg() with wrong data could produce "No error" message instead of showing the correct error
  • BUGFIX: installer: PIN debugger plugin was not shipped with Mac builds of IDA by mistake
  • BUGFIX: kernel: compact_numbered_types() was mishandling aliased types
  • BUGFIX: kernel: fixed an endless loop which could occur during application of startup signatures
  • BUGFIX: kernel: fixed interr 641 that could occur when parsing a bad function prototype
  • BUGFIX: kernel: get_strlit_contents() could loop very long time even when maxcps was set to a reasonable value
  • BUGFIX: kernel: IDA could produce "database corrupted" when undoing some operations
  • BUGFIX: MACHO: some ARM64e binaries could have wrong pointer values, leading to wrong parsing of Objective-C metadata
  • BUGFIX: MIPS: bltzal and bgezal were not handled as call instructions
  • BUGFIX: OBJC: "Run until message received" action could fail on macOS 12
  • BUGFIX: PC: some 64-bit functions would lose offsets when Lumina metadata was applied
  • BUGFIX: PC: ud1 instruction was decoded incorrectly (the mod r/m byte was not parsed)
  • BUGFIX: PDB: fixed interr 984 which could occur when loading PDBs with types from recent Windows builds
  • BUGFIX: PDB: the PDB file download could be cancelled unexpectedly when using symsrv.dll from WinDbg Preview
  • BUGFIX: PPC: functions using 'ba' for tail calls to noret functions were not marked as noret
  • BUGFIX: SDK: get_name_ea() would return non-BADADDR results for structure or enum names
  • BUGFIX: svdimport: plugin could crash when processing certain SVD files
  • BUGFIX: tilib: fixed interr 157 that could occur when listing til contents in the presence of type aliases
  • BUGFIX: UI: database snapshots were added to the recent files list and could fill it completely
  • BUGFIX: UI: IDA could produce internal errror 40225 after some user manipulations with the function graphs
  • BUGFIX: UI: IDA would not display shortcuts for actions in context menus on macOS
  • BUGFIX: UI: strings containing rn could be printed as empty in the Output window and the log file
  • BUGFIX: UI: TOOL_CLOSED_BY_ESC in idagui.cfg did not work
  • BUGFIX: windbg: IDA could crash if a breakpoint it added became invalid (e.g. by user's actions bypassing IDA's UI)

New in IDA 8.0.220729 (Aug 10, 2022)

  • Procesor modules:
  • 68K: support switches which use cmpa for the range check
  • ARM: improve handling of manual setting of ARM/Thumb mode via the T pseudo-register
  • AVR: added config for ATmega640
  • PC: improve function recognition
  • Debuggers:
  • PIN: support PIN 3.22-98547
  • File formats:
  • COFF: support ARM64 and ARMv7 object files compiled with /bigobj option
  • DWARF: upgrade libdwarf to version 20220625 (aka 0.4.1)
  • MACHO: improve symbolication of branch mappings in iOS16+ dyldcaches
  • MACHO: support for iOS16 dyld caches
  • MACHO: when loading a dyld shared cache, make "single module" option the default choice
  • FLIRT / TILS / IDS:
  • FLIRT: GO: increased coverage of golang signatures
  • FLIRT: MFC: added signatures for vc1431 (Visual Studio 16.11.10)
  • FLIRT: VC: added signatures for vc1431 32bit(Visual Studio 16.11.10)
  • idaclang: added "--idaclang-parse-static" option to the cmdline tool
  • idaclang: introduced the "--idaclang-extra-c-mangling" option for building type libs for mixed-language inputs (e.g. C++, C, and Objective-C)
  • idaclang: try to pre-set a default target configuration that corresponds to the currently loaded file
  • Standard plugins
  • DSCU: support loading (and symbolicating) global offset tables from iOS16
  • dyldcaches
  • golang: support for go1.18 (function names, types)
  • OBJC: improved decompilation of functions that use objc_alloc_init() to initialize Objective-C objects
  • OBJC: improved decompilation of Objective-C binaries by creating artificial imports for to methods not present in the idb
  • patfind: new plugin to discover code patterns in otherwise unmarked binaries
  • Scripting & SDK
  • IDAPython: removed Python 2 support
  • SDK: added a new method qstring::rtrim() to trim whitespaces
  • SDK: added get_stdact_descs() for choosers for customizing the standard actions (Insert, Delete, Edit, Refresh)
  • SDK: added wildcard_path_match(), that can match entire paths against a pattern following the same rules as a shell (e.g. ** and ranges like [a-z])
  • SDK: improved comment for has_external_refs()
  • SDK: support usage of qstring in hashed STL containers
  • UI:
  • UI: the command-line arguments in the Debugger>Process options... dialog are no longer limited to 1024 characters
  • Decompilers:
  • added option HO_PROP_VOLATILE_LDX to propagate load instructions without checking for volatile memory access
  • added support for outlined functions
  • arm: recognize thunk functions with suffixes _from_thumb, _from_arm, _veneer
  • improve handling of scattered return values (=using mutiple registers/stack locations)
  • new decompiler: HEXARC (for the ARC processor family)
  • pc: control register maniplation intrinsics (e.g __writecr0) work with 32-bit values in 32-bit mode
  • support WCHAR, wchar16_t, wchar32_t as character element types
  • Bugfixes:
  • BUFGIX: IDC: definitions of SN_CHECK/SN_NOCHECK (flags for set_name()) were wrong
  • BUGFIX: ARM: fixed an endless loop which could occur when analyzing code switching between ARM/Thumb modes
  • BUGFIX: ARM: IDA could display a "bad instruction decoding" warning when trying to decode an undefined instruction
  • BUGFIX: ARM: some undefined A64 instructions were wrongly decoded as FCMEQ
  • BUGFIX: ARM: arm64 function arguments with wrong attributes could crash ida
  • BUGFIX: automatically created string literal names would have repeating symbols in place of embedded zeroes in the string
  • BUGFIX: dbg: IDA could produce an internal error when undo was used during debugging
  • BUGFIX: decompiler: do not crash if nullptr is passed to various save_.. functions
  • BUGFIX: decompiler: do not optimize away successive volatile memory reads
  • BUGFIX: decompiler: fix sometimes wrong decompilation when loading values from memory in big-endian mode
  • BUGFIX: decompiler: fixed multiple interrs
  • BUGFIX: decompiler: modifies_d() was incorrectly returning true for instructions without the 'd' operand
  • BUGFIX: DWARF: during source-level debugging, location of some items wouldn't be properly resolved
  • BUGFIX: DWARF: The plugin could INTERR because of how duplicate types were handled
  • BUGFIX: golang: IDA could hang when parisng metadata in some Go binaries
  • BUGFIX: IDA could crash when loading PE files if IDS debugging was enabled (-z40 switch)
  • BUGFIX: IDA could fail to load bytes from modules in iOS 15 dyldcaches for older iphones (iphone X and earlier)
  • BUGFIX: IDA could fail to load symbols for some modules in iOS 15 dyldcaches
  • BUGFIX: idaclang could create invalid types after parsing a "using" declaration that has the same name as an existing type
  • BUGFIX: idaclang could fail to parse c++ type declarations that use the "auto" keyword
  • BUGFIX: idaclang would fail to parse function prototypes that have an unspecified number of arguments
  • BUGFIX: IDAPython: fixed multiple crashes and infinite loops when wrong arguments are passed to IDA APIs
  • BUGFIX: IDAPython: IDA could crash if 'has_insn_feature' was called with improper data
  • BUGFIX: IDAPython: internal errors in IDA API wrappers which are called bypassing IDA UI (e.g. from alternative IDAPython shells) are now caught and reported properly
  • BUGFIX: IDAPython: when trying to create a too big segment, produce a warning instead of fatal error
  • BUGFIX: IDC: calling get_tev_reg() with wrong data could produce "No error" message instead of showing the correct error
  • BUGFIX: installer: PIN debugger plugin was not shipped with Mac builds of IDA by mistake
  • BUGFIX: kernel: compact_numbered_types() was mishandling aliased types
  • BUGFIX: kernel: fixed an endless loop which could occur during application of startup signatures
  • BUGFIX: kernel: fixed interr 641 that could occur when parsing a bad function prototype
  • BUGFIX: kernel: get_strlit_contents() could loop very long time even when maxcps was set to a reasonable value
  • BUGFIX: kernel: IDA could produce "database corrupted" when undoing some operations
  • BUGFIX: MACHO: some ARM64e binaries could have wrong pointer values, leading to wrong parsing of Objective-C metadata
  • BUGFIX: MIPS: bltzal and bgezal were not handled as call instructions
  • BUGFIX: OBJC: "Run until message received" action could fail on macOS 12
  • BUGFIX: PC: some 64-bit functions would lose offsets when Lumina metadata was applied
  • BUGFIX: PC: ud1 instruction was decoded incorrectly (the mod r/m byte was not parsed)
  • BUGFIX: PDB: fixed interr 984 which could occur when loading PDBs with types from recent Windows builds
  • BUGFIX: PDB: the PDB file download could be cancelled unexpectedly when using symsrv.dll from WinDbg Preview
  • BUGFIX: PPC: functions using 'ba' for tail calls to noret functions were not marked as noret
  • BUGFIX: SDK: get_name_ea() would return non-BADADDR results for structure or enum names
  • BUGFIX: svdimport: plugin could crash when processing certain SVD files
  • BUGFIX: tilib: fixed interr 157 that could occur when listing til contents in the presence of type aliases
  • BUGFIX: UI: database snapshots were added to the recent files list and could fill it completely
  • BUGFIX: UI: IDA could produce internal errror 40225 after some user manipulations with the function graphs
  • BUGFIX: UI: IDA would not display shortcuts for actions in context menus on macOS
  • BUGFIX: UI: strings containing rn could be printed as empty in the Output window and the log file
  • BUGFIX: UI: TOOL_CLOSED_BY_ESC in idagui.cfg did not work
  • BUGFIX: windbg: IDA could crash if a breakpoint it added became invalid (e.g. by user's actions bypassing IDA's UI)

New in IDA 7.7.220218 (SP1) (Jul 29, 2022)

  • Improvements:
  • + decompiler: improve handling of volatile reads (some were incorrectly propagated)
  • + golang: apply reflection function prototypes to methods when available
  • + golang: create function types from reflection metadata
  • + PDB: support SP-relative local variables
  • + UI: speed up Home/End/Digits navigation in sorted choosers
  • Bugfixes:
  • BUGFIX: debugger: IDA could lock up if the remote debug server stopped responding
  • BUGFIX: decompiler: fix interrs when decompiling functions with >64 arguments
  • BUGFIX: decompiler: fixed infinite loop while analyzing some golang binaries
  • BUGFIX: decompiler: fixed multiple interrs
  • BUGFIX: disassembly: parentheses could be missing in complex offset expressions like "target-(base+N)"
  • BUGFIX: golang: fixed an interr caused by slice types with circular dependencies
  • BUGFIX: golang: remove unnecessary BUILTIN_SLICE type
  • BUGFIX: idaclang would fail to store mangled symbols in the TIL, which means the prototypes would not be detected when loading the TIL with the "Load type library" action)
  • BUGFIX: idapython: IDA could crash if None was passed to some API calls
  • BUGFIX: kernel: fixed interr 1007 that could occur when processing types with bitfields
  • BUGFIX: kernel: get_item_size(BADADDR) could return huge values in some situations (should be 1)
  • BUGFIX: UI: on Windows, IDA could produce a fatal error "CreateDIBSection failed" when trying to display a very wide hint
  • BUGFIX: UI: Options>Compiler>Arguments setting was not saved in the database

New in IDA 7.7.220218 (SP1) (Jul 29, 2022)

  • Improvements:
  • + decompiler: improve handling of volatile reads (some were incorrectly propagated)
  • + golang: apply reflection function prototypes to methods when available
  • + golang: create function types from reflection metadata
  • + PDB: support SP-relative local variables
  • + UI: speed up Home/End/Digits navigation in sorted choosers
  • Bugfixes:
  • BUGFIX: debugger: IDA could lock up if the remote debug server stopped responding
  • BUGFIX: decompiler: fix interrs when decompiling functions with >64 arguments
  • BUGFIX: decompiler: fixed infinite loop while analyzing some golang binaries
  • BUGFIX: decompiler: fixed multiple interrs
  • BUGFIX: disassembly: parentheses could be missing in complex offset expressions like "target-(base+N)"
  • BUGFIX: golang: fixed an interr caused by slice types with circular dependencies
  • BUGFIX: golang: remove unnecessary BUILTIN_SLICE type
  • BUGFIX: idaclang would fail to store mangled symbols in the TIL, which means the prototypes would not be detected when loading the TIL with the "Load type library" action)
  • BUGFIX: idapython: IDA could crash if None was passed to some API calls
  • BUGFIX: kernel: fixed interr 1007 that could occur when processing types with bitfields
  • BUGFIX: kernel: get_item_size(BADADDR) could return huge values in some situations (should be 1)
  • BUGFIX: UI: on Windows, IDA could produce a fatal error "CreateDIBSection failed" when trying to display a very wide hint
  • BUGFIX: UI: Options>Compiler>Arguments setting was not saved in the database

New in IDA 7.7.220118 (Jan 18, 2022)

  • Complete changelist:
  • Decompiler:
  • Improve return value recognition in golang functions
  • PPC:
  • Improved the analysis speed of arrays filled with 0xFF bytes
  • Bugfixes:
  • BUGFIX: ARM Mac debugger could fail to launch a universal binary when run in instant debugging mode
  • BUGFIX: decompiler: fix decompilation of switches when the switch register is reused between range check and indirect jump
  • BUGFIX: decompiler: fixed multiple interrs
  • BUGFIX: decompiler: fixed wrong warning about lvar allocation failure for functions with scattered return value
  • BUGFIX: golang: fix annotation of rtype methods in 64 bit binaries
  • BUGFIX: launching the Mac debugger with an empty database could cause the debugged application to behave erratically
  • BUGFIX: Local ARM Mac OS debugger was missing from the Run/Attach menus when starting IDA with an empty idb
  • BUGFIX: MACHO: IDA would fail to properly load modules from some iOS15 dyldcaches (iPhone X and earlier)
  • BUGFIX: PC: movdir64b with wrong operands would be erroneously decoded and cause a crash
  • BUGFIX: the Debugger menu could disappear when using IDA Home
  • BUGFIX: ui/qt: IDA could fail to display certain unicode codepoints correctly
  • BUGFIX: UI: filter dropdown in “Modify filters” dialog could grow too wide if long filter strings were added
  • BUGFIX: Windbg: breakpoints were not restored correctly in databases created from DMP files
  • BUGFIX: windbg: IDA could loop infinitely when debugging Windows startup on machine with multiple processors
  • BUGFIX: XTENSA: label operands for loop instructions were decoded as immediates

New in IDA 7.7.220117 (Jan 17, 2022)

  • BUGFIX: 8051: it was not possible to select a different Intel 51 subtype after double-clicking one in the Load a new file dialog
  • BUGFIX: ARM: fixed high memory consumption in regtracker for some files
  • BUGFIX: ARM: some ARM files could cause IDA to consume too much memory during analysis
  • BUGFIX: choosers/dirtrees with big selections could slow down IDA significantly after certain operations.
  • BUGFIX: databases with more than 5000 selectors (e.g. from a file many small segments) would be restored incorrectly after saving
  • BUGFIX: debugger: IDA could produce internal error 40201 in case of connection problems during a remote debugging session. Now it terminates the debugging session gracefully
  • BUGFIX: debugger: Locals view would fail to display variables stored in registers when debugging MIPS programs
  • BUGFIX: debugger: android: IDA could fail to display some processes on Android 10
  • BUGFIX: debugger: bochs: it was impossible to suspend execution by clicking on "Cancel"
  • BUGFIX: debugger: mac debugger would fail to detect loaded dylibs on macOS12
  • BUGFIX: debugger: windbg: debugger could fail to pause when clicking on "Suspend"
  • BUGFIX: debugger: windbg: fixed interr 40038, which could happen when modifying breakpoints immediately after continuing execution
  • BUGFIX: debugger: windbg: reattaching a kernel debbuging session now initialize all kernel event for all cores instead of one core and show all cores in 'Threads' widget
  • BUGFIX: debugger: windbg: switching a CPU core via windbg command line or Threads window was not always handled correctly
  • BUGFIX: debugger: windbg: clicking "Suspend" could fail to pause debugging on the first try
  • BUGFIX: DOS: when rebasing a DOS executable using full rebase (MSF_NETNODES), segment register change points were not properly updated to the new segment bases
  • BUGFIX: DWARF: The DWARF plugin could fail to apply relocations to certain sections that were, in fact, loaded
  • BUGFIX: fixed interr 40036 whch could happen while moving breakpoints during rebasing
  • BUGFIX: flowchart graphing functions (from "View > Graph" menu) would fail to consider tail calls (jumps to functions)
  • BUGFIX: garbage pixels could be present in the graph view on OSX.
  • BUGFIX: gdb: it was impossible to use -rgdb+pid for instant debugging
  • BUGFIX: golang: allow utf8 (non standard ascii) characters in function names retrieved from pclntab
  • BUGFIX: IDA could crash at the exit time after collecting a trace info in the debugger
  • BUGFIX: IDA could crash when deleting function tails with multiple parents (e.g. when using Help > Extract function...)
  • BUGFIX: IDA could INTERR(40408) during editing in hexview
  • BUGFIX: IDA would die with "out of memory" if the same name (with a numeric suffix) was used in more than 2^15 locations
  • BUGFIX: IDA would exit with internal error 86 if the __spoils keyword was specified twice in a function prototype.
  • BUGFIX: IDA would exit with "Fatal error before kernel init" instead of a proper error message if the ida.reg file was corrupted.
  • BUGFIX: IDA would still try to set the processor even if the loader had no flag LDRF_REQ_PROC
  • BUGFIX: IDAPython was missing ida_idp.CF_USE7/8 and ida_idp.CF_CHG7/8.
  • BUGFIX: IDAPython: fix the run_plugin() wrapper (argument should be size_t, not int)
  • BUGFIX: IDAPython: func_item_iterator_t::next/prev couldn't be used
  • BUGFIX: IDAPython: IDA could crash if ida_kernwin.twinpos_t.place was called for an invalid selection
  • BUGFIX: IDAPython: IDA could INTERR(918) when ida_hexrays.udc_filter_t subclasses were used in the same IDA session, but across multiple databases
  • BUGFIX: IDAPython: ida_kernwin.Form() could crash IDA on arm64 macOS
  • BUGFIX: IDAPython: some legacy properies from the 6.95 API were still available by mistake. Now accessing them produces a one-time deprecation warning
  • BUGFIX: installer: fixed black window issue on Apple Silicon macOS Monterey.
  • BUGFIX: kernel: reject function types with more than 32766 arguments instead of storing wrong information
  • BUGFIX: macho loader could INTERR(20005) on dyldcahce files.
  • BUGFIX: MACHO: ARM64 (not ARM64E) binaries that used chained fixups for imports (e.g. on iOS15) were processed incorrectly
  • BUGFIX: MIPS: don't try to detect GOT address in non-ELF files(it could lead to incorrect disassembly)
  • BUGFIX: PC: fixed an endless loop during stack analysis
  • BUGFIX: PC: prolog could be detected incorrectly in functions, which use SSE instructions
  • BUGFIX: PC: sometimes functions could be incorrectly split at the push rbp; mov rbp, rsp sequence
  • BUGFIX: PCF: parsing of COFF files without a string table (only short, inline symbol names) would fail
  • BUGFIX: PDB: unions with sparse bit fields were imported incorrectly
  • BUGFIX: pelf: pelf could crash in per-function mode (-f).
  • BUGFIX: PIC: references to memory using bank 4 and above were decoded incorrectly for the PIC16F series
  • BUGFIX: PIC: registers with addresses above 0x200 were not present in the DATA area
  • BUGFIX: Python & IDC: get_fchunk_referer() could return garbage or crash IDA if called with an address belonging to an entry function chunk
  • BUGFIX: Python: calling append_func_tail() from the CLI could cause INTERR 1733
  • BUGFIX: RISCV: change assembly directives to riscv-asm-manual recommendation
  • BUGFIX: SDK: qdirname() would return empty path for the root directory
  • BUGFIX: Some older IDBs could cause IDA to INTERR at upgrade-time
  • BUGFIX: TXT: idat could crash if started in a directory with > 8000 files
  • BUGFIX: UI/qt: "Copy" in choosers/trees would respect the internal selection ordering, rather than the ordering as it is visible on the screen
  • BUGFIX: UI/qt: "Copy/Copy all" in choosers/trees would also retrieve text from hidden columns
  • BUGFIX: UI/qt: it was possible to create the same bookmark in multiple places within the tree structure
  • BUGFIX: UI/qt: when the permanent bookmarks chooser is opened, selecting a folder and adding a bookmark from the disassembly, will add it to the end of the tree, not in the expected folder
  • BUGFIX: UI: "copy struct type" command could fail showing the freshly-created structure
  • BUGFIX: UI: deleting a 'manual memory region' from within the debugger-specific options's modal widget, could lead to a crash later
  • BUGFIX: UI: deleting or enabling/disabling a huge number of breakpoints would appear to hang IDA
  • BUGFIX: UI: double-clicking on a stack frame variable whose frame view is already opened, wouldn't jump to that variable
  • BUGFIX: UI: IDA could appear to hang trying to display a watch item pointing into a middle of a defined item such as a struct instance
  • BUGFIX: UI: IDA could be killed silently if it was blocked by a network firewall on macOS; now it displays an error message
  • BUGFIX: UI: IDA could crash when loading a database with empty saved strings list
  • BUGFIX: ui: in the "Structures" widget, 'Create before current structure' checkbox was not honored
  • BUGFIX: UI: it was impossible to delete a bookmark from the modal list that was opened using Ctrl+M
  • BUGFIX: UI: selecting multiple entries in the "Functions", triggering editing, and canceling editing would still prompt for all remaining functions
  • BUGFIX: UI: some valid config parameters were not accepted if bit 31 was set
  • BUGFIX: UI: the "Arguments" column in the Functions list could show wrong value for functions that do not use any stack for passing arguments (e.g. on ARM)
  • BUGFIX: UI: when debugging, modifying bit registers (e.g., ZF, OF, ...) would modify the aggregating register (e.g., EFL), but not the bit register itself
  • BUGFIX: UI: when debugging, toggle/edit/increment/decrement of bit registers (e.g., ZF, OF, ...) wouldn't always work
  • BUGFIX: decompiler: 'remove return value' could spoil the __userpurge calling convention
  • BUGFIX: decompiler: "Send database..." could crash IDA with fresh binary files, if 'Edit notes' was clicked
  • BUGFIX: decompiler: clicking on a variable would not offer to create a new forced variable for it if it was already forced somewhere else.
  • BUGFIX: decompiler: combination of m_and and m_shift could be optimized incorrectly
  • BUGFIX: decompiler: decompiler rejected function types with explicit stack argument locations
  • BUGFIX: decompiler: fixed dozens of internal errrors (thanks to our users for bug reports!)
  • BUGFIX: decompiler: fixed wrong decompilation if the switch input register was overwritten before the indirect jump;
  • BUGFIX: decompiler: if GENERATE_EMPTY_LINES=YES in hexrays.cfg, xrefs to local items would sometimes show empty lines
  • BUGFIX: decompiler: jumping to a name in the comment displayed at the function header would not work
  • BUGFIX: decompiler: PPC: memory accesses with 0 base (e.g. lwz r11, addr(0) ) could be decompiled incorrectly (using r0 value instead of zero)
  • BUGFIX: decompiler: ppc: wrong intrinsic function was generated for PPC_sc in case of little endian
  • BUGFIX: decompiler: printing a chain_t object could cause a crash when invoking chain_t::print|dstr
  • BUGFIX: decompiler: programmatically jumping to an address in pseudocode (e.g., using 'ida_hexrays.open_pseudocode') could fail to save the current position
  • BUGFIX: decompiler: specifying explicit unaligned stack argument locations was sometimes not accepted by the decompiler
  • BUGFIX: decompiler: switching to pseudocode window could lead to unexpected refresh (e.g. if a struct was modified via Structures window)
  • BUGFIX: decompiler: xrefs to __vftable of base classes could be missed in some cases
  • BUGFIX: decompiler: ARM: zero out the top 32bits of the destination in ARM64 intrinsic function calls that modify a 32bit register
  • BUGIX: PC: when performing a full rebase (MSF_NETNODES), information about skipped instructions(prolog/epilog/switch) was not moved correctly
  • BUGIX: SDK: fix idp.hpp comment for PR_DELAYED (has_delay_slot does not exist)

New in IDA 7.7.211224 (Dec 24, 2021)

  • Procesor modules:
  • 8051: added configuration for the R8051XC2 core in M5 FPGA by Capital Microelectronics (thanks to Zak Escano)
  • 8051: allow loading binary files without a device selection (thanks to Zak Escano)
  • ARM: improved function recognition
  • ARM: improved thunk function detection
  • ARM: added decoding of ARMv8.4-CondM and ARMv8.5-CondM instructions (RMIF, SETF8, SETF16, CFINV, XAFlag, AXFlag)
  • ARM: added decoding of ARMv8.5-FRINT instructions (FRINT32Z/FRINT32X/FRINT64Z/FRINT64X)
  • PC: improved speed in analysis of big x86 PE files
  • PC: recognize switches with BTI notrack prefix (3Eh) on the indirect jump
  • PIC16: allow 8-bit addressing in data segments for the PIC24/PIC33 series
  • PPC: improved ppc64 thunk function detection
  • RISCV: added support for switch patterns
  • RL78: added RL78S3 core instruction decoding
  • RL78: added support 32-bit and 64-bit data items and 32-bit segments
  • RX: new processor module (Renesas RX series)
  • SPARC: improved detection of functions that use a stack frame
  • XTENSA: new processor module (Tensilica Xtensa)
  • Debuggers:
  • bochs: added a config parameter HIDE_CONSOLE in dbg_bochs.cfg
  • bochs: inform the user about the presence of a .lock file, instead of launching bochs that would complain about the wrong img file
  • debugger: improve stack walking for macos x64
  • debugger: improve stack walking for windows x64
  • debugger: ios: improve debugging on iOS15
  • debugger: linux: improve call stack recovery on Linux x86_64 (also use libunwind if present)
  • debugger: report the precise address that caused a page breakpoint to trigger (win32, windbg)
  • PIN: support PIN 3.21
  • File formats:
  • MACHO: support new format of the dyld shared cache split into subcaches (iOS 15, macOS12)
  • MACHO: disable ASLR slide detection in dyld cshared cache by default (use IDA_DYLD_SHARED_CACHE_SLIDE environment variable to set it manually)
  • PE, COFF: parse and format new FH4 (CxxFrameHandler4) C++ exception tables
  • PE: speed up loading of files with a huge number of imports.
  • DWARF: support for DWARF 5 debug information
  • DWARF: added DWARF_ENABLE config option, as well as an ‘off’ command-line option, to disable the plugin
  • DWARF: add a dialog for fine-grained selection of debug information to import (e.g. do not import types for speed)
  • FLIRT / TILS / IDS:
  • FLAIR: go2pat: go obj file to .pat converter for generating Go function signatures
  • FLAIR: sigmake: added support for signatures with names > 1024 characters
  • FLIRT: GO: added signatures for the major standard libraries for golang 1.10-1.16 (x64 only)
  • FLIRT: Updated VC and MFC signatures up to Visual Studio 2019 16.11
  • FLIRT: BC: added signatures for xe104 (RAD Studio 10.4)
  • FLIRT: BC: added signatures for xe11 (RAD Studio 11)
  • FLIRT: ICL: added signatures for icl213 (intel c++ 2021.3)
  • FLIRT: ICL: added signatures for icl214 (intel c++ 2021.4)
  • IDS: update coredll ordinal mappings for SH3/SH4 to WinCE 6.0
  • TIL: idaclang: new command-line utility for creating type libraries using clang C++ parser
  • Standard plugins:
  • golang: add a numerical suffix when a type name already exists (this can happen due to different import paths)
  • golang: add definitions of some builtin types (string, array, interface, slice)
  • golang: annotate interface (itab) table
  • golang: annotate the full reflect.name (possible presence of field tag and import path)
  • golang: improved detection of prologs in x86/x64 bnaries
  • golang: provide the ability to turn off(/on) deriving a function’s end from pclntab (GOLANG_FUNC_END_FROM_PCVAL_TABS in golang.cfg)
  • golang: show unprocessed (original) function name as function comment if the name was sanitized.
  • golang: startup signatures allow detection of golang binaries (currently x86 ELF, PE and Mach-O)
  • swift: updated libSwiftDemangle to 5.5.1 to enable recent Swift symbols demangling
  • Core / Misc:
  • goodname.cfg: simplify names of STL classes in __cxx11 namespace (libstdc++)
  • ida.cfg: added DEVICE parameter to specify the target device (e.g. ida -pavr -DDEVICE=”AT90C8534” firmware.hex)
  • ida.cfg: added PRIVRANGE parameter to specify the default private address interval (addresses for internal usage) for new databases
  • idaclang: added support for libclang-based C++ parser (can be enabled in Options > Compiler…)
  • installer: allow running of x64 installers on Apple Silicon (under Rosetta)
  • installer: Installers for Apple Silicon are fully native and do not require Rosetta
  • kernel: enabled type system for all processors; the processors that do not define the necessary callbacks will still have limited support (e.g. the argument locations won’t be calculated, among other things)
  • kernel: improved function recognition in binary files
  • Scripting & SDK:
  • IDAPython: added colorize_disassembly_on_the_fly.py example to demonstrate dynamically coloring listing lines (w/o touching the IDB)
  • IDAPython: added example print_call_stack.py
  • IDAPython: added IDAPYTHON_IDAUSR_SYSPATH parameter to idapython.cfg to automatically add $IDAUSR/python/[2|3]/ directories to sys.path (enabled by default)
  • IDAPython: added list_function_items.py sample to demonstrate usage of func_t iterators
  • IDAPython: examples directory now has an index with the listing of examples and functions used in them
  • IDAPython: functions returning multiple values or structures, now return tuples instead of lists
  • IDAPython: idalines_generate_disassembly now returns (int, [line, line, …]) instead of (int, (line, line, …))
  • IDAPython: improve return type information shown in docstrings
  • IDAPython: improved online API documentation
  • IDAPython: the xrefblk_t class now provides functions for iterating the cross-references using generator expressions (for … in)
  • SDK: added enable_bptgrp() function
  • SDK: added dirtree_t::find_entry()
  • SDK: added get_user_input_event() to retrieve information about the event that triggered a certain notification (e.g., view_curpos, hxe_curpos, …)
  • SDK: added qstring::split() & qstring::join()
  • SDK: added REFINFO_NO_ZEROS/REFINFO_NO_ONES flags for refinfo_t to handle special cases of offset values
  • SDK: added the new ALOPT_ONLYTERM option for get_max_strlit_length() to allow invalid characters inside string literals
  • SDK: clarify documentation for show_wait_box() about HIDECANCEL
  • SDK: idb_event::segm_deleted notification now provides the flags that were used for deletion
  • SDK: introduced functions to convert UTC time to struct tm and back (qgmtime/qtimegm)
  • SDK: moved qfsize() from diskio.hpp to fpro.h
  • SDK: renamed inf.comment -> inf.cmt_indent
  • SDK: APIs working with breakpoint groups (e.g. set_bpt_group) now accept a path instead of a simple name
  • UI:
  • UI: add the shortcut number to the tabs’ titles if Alt is pressed for 1 second
  • UI: added checks in the floating license borrow/retun forms to avoid a problem with decompiler licenses not being returned
  • UI: added ymmword and zmmword data types to “Setup data dialog” (for processors that support them)
  • UI: enable Command+F for QuickFilter actions on macOS
  • UI: improved speed when manipulating large numbers of breakpoints
  • UI: improved UI responsiveness when manipulating huge structures
  • UI: messages in Output window can now be timestamped by enabling the option from the context menu
  • UI: multiple lockable highlights are now available in listings
  • UI: show collapse/expand icons to the left of disassembly items when the corresponding action is available
  • UI: support for relative (i.e., ‘+N’, ‘-N’) jumps in structures window
  • UI: when a widget is reopened with WOPN_RESTORE, IDA will attempt to place it where it was previously located, instead of next to the currently active widget
  • UI: the breakpoints view now uses a standard folder view for breakpoint groups
  • Decompilers:
  • decompiler: add the “Copy” action in the context menu when it’s available
  • decompiler: added PSEUDOCODE_SYNC_XPOS option, to prevent synchronized Pseudocode-* views from scrolling horizontally when navigating in the other view
  • decompiler: optimize complex conditions by removing useless parts. E.g. x==3 || x!=4 is replaced by x!=4
  • decompiler: print the decompiler version when writing a C file output
  • decompiler: recognize more magic division sequences
  • decompiler: transform memcpy calls into memset when all source bytes are the same
  • decompiler: transform two shifts in opposite directions into a corresponding division or multiplication
  • decompiler: disable actions ‘Set call type’, ‘Remove function argument’ for helper calls generated by the decompiler
  • decompiler: improved comments in hexrays.cfg
  • decompiler: support for the Extended Flow Guard helper (guard_xfg_dispatch)
  • decompiler: ARM: intrinsic functions swapXX, __rbitXX now use 32/64 suffix to show the underlying operation size
  • decompiler: MIPS: added support of n64 ABI (MIPS64 decompiler)
  • decompiler: MIPS: added support for Cavium-specific instructions
  • decompiler: x86/x64: decompile prefetchnta instruction
  • decompiler: PPC: CR and CR32..CR63 bits can be specified as argument/return locations in __usercall functions, e.g. bool __usercall sub_610ACA@<cr34>(int *a1@<r5>)
  • Bugfixes:
  • BUGFIX: 8051: it was not possible to select a different Intel 51 subtype after double-clicking one in the Load a new file dialog
  • BUGFIX: ARM: fixed high memory consumption in regtracker for some files
  • BUGFIX: ARM: some ARM files could cause IDA to consume too much memory during analysis
  • BUGFIX: choosers/dirtrees with big selections could slow down IDA significantly after certain operations.
  • BUGFIX: databases with more than 5000 selectors (e.g. from a file many small segments) would be restored incorrectly after saving
  • BUGFIX: debugger: IDA could produce internal error 40201 in case of connection problems during a remote debugging session. Now it terminates the debugging session gracefully
  • BUGFIX: debugger: Locals view would fail to display variables stored in registers when debugging MIPS programs
  • BUGFIX: debugger: android: IDA could fail to display some processes on Android 10
  • BUGFIX: debugger: bochs: it was impossible to suspend execution by clicking on "Cancel"
  • BUGFIX: debugger: mac debugger would fail to detect loaded dylibs on macOS12
  • BUGFIX: debugger: windbg: debugger could fail to pause when clicking on "Suspend"
  • BUGFIX: debugger: windbg: fixed interr 40038, which could happen when modifying breakpoints immediately after continuing execution
  • BUGFIX: debugger: windbg: reattaching a kernel debbuging session now initialize all kernel event for all cores instead of one core and show all cores in 'Threads' widget
  • BUGFIX: debugger: windbg: switching a CPU core via windbg command line or Threads window was not always handled correctly
  • BUGFIX: debugger: windbg: clicking "Suspend" could fail to pause debugging on the first try
  • BUGFIX: DOS: when rebasing a DOS executable using full rebase (MSF_NETNODES), segment register change points were not properly updated to the new segment bases
  • BUGFIX: DWARF: The DWARF plugin could fail to apply relocations to certain sections that were, in fact, loaded
  • BUGFIX: fixed interr 40036 whch could happen while moving breakpoints during rebasing
  • BUGFIX: flowchart graphing functions (from "View > Graph" menu) would fail to consider tail calls (jumps to functions)
  • BUGFIX: garbage pixels could be present in the graph view on OSX.
  • BUGFIX: gdb: it was impossible to use -rgdb+pid for instant debugging
  • BUGFIX: golang: allow utf8 (non standard ascii) characters in function names retrieved from pclntab
  • BUGFIX: IDA could crash at the exit time after collecting a trace info in the debugger
  • BUGFIX: IDA could crash when deleting function tails with multiple parents (e.g. when using Help > Extract function...)
  • BUGFIX: IDA could INTERR(40408) during editing in hexview
  • BUGFIX: IDA would die with "out of memory" if the same name (with a numeric suffix) was used in more than 2^15 locations
  • BUGFIX: IDA would exit with internal error 86 if the __spoils keyword was specified twice in a function prototype.
  • BUGFIX: IDA would exit with "Fatal error before kernel init" instead of a proper error message if the ida.reg file was corrupted.
  • BUGFIX: IDA would still try to set the processor even if the loader had no flag LDRF_REQ_PROC
  • BUGFIX: IDAPython was missing ida_idp.CF_USE7/8 and ida_idp.CF_CHG7/8.
  • BUGFIX: IDAPython: fix the run_plugin() wrapper (argument should be size_t, not int)
  • BUGFIX: IDAPython: func_item_iterator_t::next/prev couldn't be used
  • BUGFIX: IDAPython: IDA could crash if ida_kernwin.twinpos_t.place was called for an invalid selection
  • BUGFIX: IDAPython: IDA could INTERR(918) when ida_hexrays.udc_filter_t subclasses were used in the same IDA session, but across multiple databases
  • BUGFIX: IDAPython: ida_kernwin.Form() could crash IDA on arm64 macOS
  • BUGFIX: IDAPython: some legacy properies from the 6.95 API were still available by mistake. Now accessing them produces a one-time deprecation warning
  • BUGFIX: installer: fixed black window issue on Apple Silicon macOS Monterey.
  • BUGFIX: kernel: reject function types with more than 32766 arguments instead of storing wrong information
  • BUGFIX: macho loader could INTERR(20005) on dyldcahce files.
  • BUGFIX: MACHO: ARM64 (not ARM64E) binaries that used chained fixups for imports (e.g. on iOS15) were processed incorrectly
  • BUGFIX: MIPS: don't try to detect GOT address in non-ELF files(it could lead to incorrect disassembly)
  • BUGFIX: PC: fixed an endless loop during stack analysis
  • BUGFIX: PC: prolog could be detected incorrectly in functions, which use SSE instructions
  • BUGFIX: PC: sometimes functions could be incorrectly split at the push rbp; mov rbp, rsp sequence
  • BUGFIX: PCF: parsing of COFF files without a string table (only short, inline symbol names) would fail
  • BUGFIX: PDB: unions with sparse bit fields were imported incorrectly
  • BUGFIX: pelf: pelf could crash in per-function mode (-f).
  • BUGFIX: PIC: references to memory using bank 4 and above were decoded incorrectly for the PIC16F series
  • BUGFIX: PIC: registers with addresses above 0x200 were not present in the DATA area
  • BUGFIX: Python & IDC: get_fchunk_referer() could return garbage or crash IDA if called with an address belonging to an entry function chunk
  • BUGFIX: Python: calling append_func_tail() from the CLI could cause INTERR 1733
  • BUGFIX: RISCV: change assembly directives to riscv-asm-manual recommendation
  • BUGFIX: SDK: qdirname() would return empty path for the root directory
  • BUGFIX: Some older IDBs could cause IDA to INTERR at upgrade-time
  • BUGFIX: TXT: idat could crash if started in a directory with > 8000 files
  • BUGFIX: UI/qt: "Copy" in choosers/trees would respect the internal selection ordering, rather than the ordering as it is visible on the screen
  • BUGFIX: UI/qt: "Copy/Copy all" in choosers/trees would also retrieve text from hidden columns
  • BUGFIX: UI/qt: it was possible to create the same bookmark in multiple places within the tree structure
  • BUGFIX: UI/qt: when the permanent bookmarks chooser is opened, selecting a folder and adding a bookmark from the disassembly, will add it to the end of the tree, not in the expected folder
  • BUGFIX: UI: "copy struct type" command could fail showing the freshly-created structure
  • BUGFIX: UI: deleting a 'manual memory region' from within the debugger-specific options's modal widget, could lead to a crash later
  • BUGFIX: UI: deleting or enabling/disabling a huge number of breakpoints would appear to hang IDA
  • BUGFIX: UI: double-clicking on a stack frame variable whose frame view is already opened, wouldn't jump to that variable
  • BUGFIX: UI: IDA could appear to hang trying to display a watch item pointing into a middle of a defined item such as a struct instance
  • BUGFIX: UI: IDA could be killed silently if it was blocked by a network firewall on macOS; now it displays an error message
  • BUGFIX: UI: IDA could crash when loading a database with empty saved strings list
  • BUGFIX: ui: in the "Structures" widget, 'Create before current structure' checkbox was not honored
  • BUGFIX: UI: it was impossible to delete a bookmark from the modal list that was opened using Ctrl+M
  • BUGFIX: UI: selecting multiple entries in the "Functions", triggering editing, and canceling editing would still prompt for all remaining functions
  • BUGFIX: UI: some valid config parameters were not accepted if bit 31 was set
  • BUGFIX: UI: the "Arguments" column in the Functions list could show wrong value for functions that do not use any stack for passing arguments (e.g. on ARM)
  • BUGFIX: UI: when debugging, modifying bit registers (e.g., ZF, OF, ...) would modify the aggregating register (e.g., EFL), but not the bit register itself
  • BUGFIX: UI: when debugging, toggle/edit/increment/decrement of bit registers (e.g., ZF, OF, ...) wouldn't always work
  • BUGFIX: decompiler: 'remove return value' could spoil the __userpurge calling convention
  • BUGFIX: decompiler: "Send database..." could crash IDA with fresh binary files, if 'Edit notes' was clicked
  • BUGFIX: decompiler: clicking on a variable would not offer to create a new forced variable for it if it was already forced somewhere else.
  • BUGFIX: decompiler: combination of m_and and m_shift could be optimized incorrectly
  • BUGFIX: decompiler: decompiler rejected function types with explicit stack argument locations
  • BUGFIX: decompiler: fixed dozens of internal errrors (thanks to our users for bug reports!)
  • BUGFIX: decompiler: fixed wrong decompilation if the switch input register was overwritten before the indirect jump;
  • BUGFIX: decompiler: if GENERATE_EMPTY_LINES=YES in hexrays.cfg, xrefs to local items would sometimes show empty lines
  • BUGFIX: decompiler: jumping to a name in the comment displayed at the function header would not work
  • BUGFIX: decompiler: PPC: memory accesses with 0 base (e.g. lwz r11, addr(0) ) could be decompiled incorrectly (using r0 value instead of zero)
  • BUGFIX: decompiler: ppc: wrong intrinsic function was generated for PPC_sc in case of little endian
  • BUGFIX: decompiler: printing a chain_t object could cause a crash when invoking chain_t::print|dstr
  • BUGFIX: decompiler: programmatically jumping to an address in pseudocode (e.g., using 'ida_hexrays.open_pseudocode') could fail to save the current position
  • BUGFIX: decompiler: specifying explicit unaligned stack argument locations was sometimes not accepted by the decompiler
  • BUGFIX: decompiler: switching to pseudocode window could lead to unexpected refresh (e.g. if a struct was modified via Structures window)
  • BUGFIX: decompiler: xrefs to __vftable of base classes could be missed in some cases
  • BUGFIX: decompiler: ARM: zero out the top 32bits of the destination in ARM64 intrinsic function calls that modify a 32bit register
  • BUGIX: PC: when performing a full rebase (MSF_NETNODES), information about skipped instructions(prolog/epilog/switch) was not moved correctly
  • BUGIX: SDK: fix idp.hpp comment for PR_DELAYED (has_delay_slot does not exist)

New in IDA 7.6.210506 (SP1) (Dec 23, 2021)

  • Installer:
  • IDA Installers for Apple Silicon (arm64) don’t require Rosetta2 anymore and refuse to install on Intel Macs
  • golang:
  • verify correctness of function boundary metadata before using it
  • Bugfixes:
  • UI: QTreeWidget elements created from PyQt could fail to show any content
  • Decompiler: in some cases IDA crashed on right-click in the pseudocode window
  • UI: the string list cache was not restored in ida64
  • DOS: when rebasing a DOS executable using full rebase (MSF_NETNODES), segment register change points were not properly updated to the new segment bases
  • IDAPython: IDA could crash if ida_kernwin.twinpos_t.place was called for an invalid selection
  • Decompiler: ‘remove return value’ command could spoil the __userpurge calling convention
  • UI: In the “Structures” widget, ‘Create before current structure’ option wouldn’t be honored anymore
  • ARM: some CSNEG instructions were incorrectly simplified to CINV or CSETM instead of CNEG
  • DWARF: When processing global variables, the DWARF plugin could erroneously delete items it shouldn’t
  • UI: IDA could crash instead of showing a proper error when it detected too many copies running on the local network
  • iOS debugger could interr when querying the list of loaded dylibs
  • UI: IDA could crash when using full screen mode (F11) without a loaded database
  • UI: pressing Tab from the decompiler, to switch to a freshly-deleted disassembly view, could crash IDA
  • UI: IDA could crash when opening the shortcuts editor on macOS when some window-managing programs were running
  • UI: editing floating-point values in the hex view could fail
  • IDAPython: ida_graph.abstract_graph_t.get_edge() could crash IDA
  • UI: change accelerator for the “Optimize single stepping” option (‘O’ was already taken)
  • kernel: some event_listener_t hooks would not be unregistered on plugin unload which could lead to a crash later on
  • Decompiler: fixed interr 50464
  • Decompiler: fixed interr 50194
  • Decompiler: fixed interr 52379
  • Decompiler: fixed interr 50873
  • Decompiler: fixed interr 52369
  • Decompiler: fixed interr 50659
  • An explicitly specified calling convention of a virtual function would be ignored when the compiler was set to Visual Studio
  • IDA could hang on startup when running under Windows 10 Subsystem for Linux (WSL)
  • Decompiler: IDA 7.6 could crash when using 7.5 decompilers
  • UI: revert to the behavior of “create struct from data” to that of IDA 7.5 (use mangled names for struct members)
  • IDA raised interr 1827 for fixed (i.e. having PLUGIN_FIX flag) plugins with postponed init
  • golang: handle go1.16 filenames and linenumbers metadata
  • source-level debugging was broken on arm64 macOS
  • UI: the navigator wouldn’t remain hidden across IDB loads
  • UI: in the “Structures” window, jumping to a type (e.g., through xref) that’s not currently visible because it’s not part of the selection in the left-hand list, could fail to make it visible
  • UI: if no disassembly view is available at IDB load-time, some actions (e.g., UnHide) could be unavailable in certain widgets such as “Structures”

New in IDA 7.6.210427 (SP1) (May 1, 2021)

  • Installer:
  • IDA Installers for Apple Silicon (arm64) don’t require Rosetta2 anymore and refuse to install on Intel Macs
  • Golang:
  • Verify correctness of function boundary metadata before using it
  • Bugfixes:
  • UI: QTreeWidget elements created from PyQt could fail to show any content
  • Decompiler: in some cases IDA crashed on right-click in the pseudocode window
  • UI: the string list cache was not restored in ida64
  • DOS: when rebasing a DOS executable using full rebase (MSF_NETNODES), segment register change points were not properly updated to the new segment bases
  • IDAPython: IDA could crash if ida_kernwin.twinpos_t.place was called for an invalid selection
  • Decompiler: ‘remove return value’ command could spoil the __userpurge calling convention
  • UI: In the “Structures” widget, ‘Create before current structure’ option wouldn’t be honored anymore
  • ARM: some CSNEG instructions were incorrectly simplified to CINV or CSETM instead of CNEG
  • DWARF: When processing global variables, the DWARF plugin could erroneously delete items it shouldn’t
  • UI: IDA could crash instead of showing a proper error when it detected too many copies running on the local network
  • iOS debugger could interr when querying the list of loaded dylibs
  • UI: IDA could crash when using full screen mode (F11) without a loaded database
  • UI: pressing Tab from the decompiler, to switch to a freshly-deleted disassembly view, could crash IDA
  • UI: IDA could crash when opening the shortcuts editor on macOS when some window-managing programs were running
  • UI: editing floating-point values in the hex view could fail
  • IDAPython: ida_graph.abstract_graph_t.get_edge() could crash IDA
  • UI: change accelerator for the “Optimize single stepping” option (‘O’ was already taken)
  • kernel: some event_listener_t hooks would not be unregistered on plugin unload which could lead to a crash later on
  • Decompiler: fixed interr 50464
  • Decompiler: fixed interr 50194
  • Decompiler: fixed interr 52379
  • Decompiler: fixed interr 50873
  • Decompiler: fixed interr 52369
  • Decompiler: fixed interr 50659
  • An explicitly specified calling convention of a virtual function would be ignored when the compiler was set to Visual Studio
  • IDA could hang on startup when running under Windows 10 Subsystem for Linux (WSL)
  • Decompiler: IDA 7.6 could crash when using 7.5 decompilers
  • UI: revert to the behavior of “create struct from data” to that of IDA 7.5 (use mangled names for struct members)
  • IDA raised interr 1827 for fixed (i.e. having PLUGIN_FIX flag) plugins with postponed init
  • golang: handle go1.16 filenames and linenumbers metadata
  • source-level debugging was broken on arm64 macOS
  • UI: the navigator wouldn’t remain hidden across IDB loads
  • UI: in the “Structures” window, jumping to a type (e.g., through xref) that’s not currently visible because it’s not part of the selection in the left-hand list, could fail to make it visible
  • UI: if no disassembly view is available at IDB load-time, some actions (e.g., UnHide) could be unavailable in certain widgets such as “Structures”

New in IDA 7.6.210428 (SP1) (Apr 28, 2021)

  • Complete changelist:
  • Installer:
  • IDA Installers for Apple Silicon (arm64) don’t require Rosetta2 anymore and refuse to install on Intel Macs
  • golang:
  • Verify correctness of function boundaries metadata before using it
  • Bugfixes:
  • UI: QTreeWidget elements created from PyQt could fail to show any content
  • Decompiler: in some cases IDA crashed on right-click in the pseudocode window
  • UI: the string list cache was not restored in ida64
  • DOS: when rebasing a DOS executable using full rebase (MSF_NETNODES), segment register change points were not properly updated to the new segment bases
  • IDAPython: IDA could crash if ida_kernwin.twinpos_t.place was called for an invalid selection
  • Decompiler: ‘remove return value’ command could spoil the __userpurge calling convention
  • UI: In the “Structures” widget, ‘Create before current structure’ option wouldn’t be honored anymore
  • ARM: some CSNEG instructions were incorrectly simplified to CINV or CSETM instead of CNEG
  • DWARF: When processing global variables, the DWARF plugin could erroneously delete items it shouldn’t
  • UI: IDA could crash instead of showing a proper error when it detected too many copies running on the local network
  • iOS debugger could interr when querying the list of loaded dylibs
  • UI: IDA could crash when using full screen mode (F11) without a loaded database
  • UI: pressing Tab from the decompiler, to switch to a freshly-deleted disassembly view, could crash IDA
  • UI: IDA could crash when opening the shortcuts editor on macOS when some window-managing programs were running
  • UI: editing floating-point values in the hex view could fail
  • IDAPython: ida_graph.abstract_graph_t.get_edge() could crash IDA
  • UI: change accelerator for the “Optimize single stepping” option (‘O’ was already taken)
  • kernel: some event_listener_t hooks would not be unregistered on plugin unload which could lead to a crash later on
  • Decompiler: fixed interr 50464
  • Decompiler: fixed interr 50194
  • Decompiler: fixed interr 52379
  • Decompiler: fixed interr 50873
  • Decompiler: fixed interr 52369
  • Decompiler: fixed interr 50659
  • An explicitly specified calling convention of a virtual function would be ignored when the compiler was set to Visual Studio
  • IDA could hang on startup when running under Windows 10 Subsystem for Linux (WSL)
  • Decompiler: IDA 7.6 could crash when using 7.5 decompilers
  • UI: revert to the behavior of “create struct from data” to that of IDA 7.5 (use mangled names for struct members)
  • IDA raised interr 1827 for fixed (i.e. having PLUGIN_FIX flag) plugins with postponed in it
  • golang: handle go1.16 filenames and linenumbers metadata
  • source-level debugging was broken on arm64 macOS
  • UI: the navigator wouldn’t remain hidden across IDB loads
  • UI: in the “Structures” window, jumping to a type (e.g., through xref) that’s not currently visible because it’s not part of the selection in the left-hand list, could fail to make it visible
  • UI: if no disassembly view is available at IDB load-time, some actions (e.g., UnHide) could be unavailable in certain widgets such as “Structures”

New in IDA 7.5.200728 (Jul 30, 2020)

  • This release fixes some immediate issues with the new macOS11/iOS14 binaries and focuses principally on enhancing the static analysis for new file formats.
  • Highlights:
  • MH_FILESET kernelcache format - The new MH_FILESET kernelcache format from macOS 11 is now fully supported.
  • Analysis of dyldcache files from macOS11/iOS14 - IDA 7.5 Service pack 2 improves the analysis of dyldcache files from macOS11/iOS14
  • Objective-C - SP2 also improves the analysis of Objective-C metadata in binaries compiled with XCode 12 (specifically __objc_methlist sections)
  • Also:
  • We added a workaround for slowdowns when loading dyldcache modules on macOS Catalina.
  • We added type libraries for MacOSX11.0.sdk and iPhoneOS14.0.sdk.
  • Minor improvements to debugging on macOS11/iOS14 were provided (no ARM64 macOS11 debugging support yet).
  • ARM:
  • Decode ARMv8.5-A BTI instruction
  • Support ARMv8.4-RCPC instructions (LDAPUR, STLUR)
  • Support ARMv8.5-A Memory Tagging Extension (MTE) instructions
  • Decompiler:
  • Improved recognition of signed divisions via multiplication by magic constant
  • MACHO:
  • Handle dyld slide info v4 (used in WatchOS dyld_shared_cache_arm64_32)
  • Handle LC_DYLD_EXPORTS_TRIE in macOS11/iOS14 binaries
  • Improve analysis of dyldcache files from macOS11/iOS14
  • Parse LC_DYLD_CHAINED_FIXUPS for arm64e binaries
  • Support new MH_FILESET kernelcache format from macOS 11
  • OBJC:
  • Improve Objective-C metadata parsing for macOS11/iOS14 (specifically __objc_methlist structures)
  • TIL:
  • Introduce type libraries for MacOSX11.0.sdk and iPhoneOS14.0.sdk
  • Bugfixes
  • Decompiler: global xref cache might become stale after a user action that was changing only the line numbers (like adding a comment)
  • Decompiler: the decompiler could crash when displaying the global xref list if the cache was stale
  • Decompiler: wrmsr instruction could be decompiled wrongly (value of edx was unused)
  • IDA could crash when using undo in Local Types editor
  • IDA would create many useless *_hidden segments when loading kernelcaches/dyldcaches
  • IDAPython: ‘coding: ‘ comments were not respected when loading a script file
  • Loading single modules from a dyldcache was unusually slow on macOS Catalina
  • Mac debugger would show “Input file is missing” error when debugging a dyldcache lib on macOS11
  • Types could be duplicated in the folder view of ‘Local types’ window
  • UI/QT: when in folders mode, fast jumping by row number wouldn’t work
  • UI/QT: while debugging, detaching an unsynchronized & invisible “Pseudocode-A” tab could crash IDA
  • UI: “fast searches” in a folder view, could cause IDA to freeze, or crash in certain cases
  • UI: a long, unbreakable line in the “Output window” would cause other long (but breakable) lines to not be laid out according to the viewport size, and thus require scrolling
  • UI: Hex View’s in databases using certain encodings (typically UTF-8), could show a glitch in the rendering of ‘combining’ unicode codepoints
  • UI: in the “Output window”, if a long line had to be broken up into multiple ‘physical’ lines, clicking in the middle of one of those physical lines would place the cursor to its beginning
  • UI: scrolling in the navigation band could jitter with very segmented address spaces
  • UI: when folders were enabled on certain widgets, and the IDB was saved (e.g., by clicking on the ‘save’ icon), but then not saved again when closing, the widget would show up in no-folders mode
  • UI: zooming in the navigation band could lose current position

New in IDA 7.5.200619 (Jul 30, 2020)

  • Decompilers:
  • MIPS: added support of indexed instructions such as ‘luxc1’ or ‘lwxs’
  • MIPS: improve decompilation of references to MIPS16/microMIPS functions
  • MIPS: improve decompilation of MIPS16 position-independent code
  • MIPS: improve recognition of arguments passed to function calls
  • IDAPython:
  • Added Anaconda 2020.02 to the list of ignored Python installs on Windows to prevent silent exits
  • Installer:
  • Desktop shortcuts now include the IDA version, so the uninstaller won’t delete shortcuts of a different version
  • UI:
  • It is now possible to expand/collapse multiple folders at once, using Ctrl+Numpad+/Ctrl+Numpad-
  • ELF:
  • Handle files with MIPS16 or microMIPS code at the entry point
  • Kernel:
  • Better detection of MIPS16 code in the main() function
  • Bugfixes:
  • Decompiler could crash with division overflow when optimizing some expressions
  • Decompiler could hang due to an endless loop
  • Decompiler could produce an error on unrecognized Thumb or microMIPS switches
  • Decompiler could produce an error when restoring cached microcode from the database
  • Decompiler: shifted pointers with negative offsets were not always applicable
  • Huge functions could cause simplex algorithm failure
  • IDA could crash at the end of debugging if certain manipulations were performed on functions while folders were enabled in Functions list
  • IDA could produce internal error 1237 when importing certain type from DWARF or PDB debug info
  • IDA Home could incorrectly impose 1MB limitation on input files (when multiple IDA Home licenses were purchased)
  • IDA Home for PPC would display a warning due to missing xml files for GDB debugger
  • IDAPython: using ida_kernwin.set_nav_colorizer() could cause IDA to crash at the exit-time
  • Macho: loader could fail to pick the correct SDK til in some cases
  • Macho: rebasing a dyldcache idb could break the analysis because relocations were not applied to pointers in the slide info
  • DSCU: rebasing a dyldcache database would break the dscu plugin
  • MIPS: ‘search for register access’ could cause IDA to hang
  • Objc plugin could trigger “invalid cref” warning during decompilation
  • Objc plugin could fail to create structures in the database after a rebase operation.
  • Objc analysis could fail due to arm64e tagged pointers.
  • PPC: e_ori. with the condition record bit was wrongly simplified to e_nop
  • SDK: IDAPython 7.5 could fail to build from source
  • UI: calling delete_menu() could cause IDA to crash at the exit-time
  • UI: in “Structures” and “Enums”, creating a new type when the tree selection is not a folder, would create the type at the toplevel instead of in the folder in which the current selection is set
  • UI: in folders view, triggering a rename, but not actually renaming (by e.g., leaving the name untouched, or clicking somewhere else), would cause an annoying message in the “Output window”
  • UI: in the “Structures” or “Enums” widget, jumping to a structure or enum that’s currently not selected, could either fail, or cause the companion folder tree to be out-of-sync
  • UI: in the “Structures” or “Enums” widget, selecting a folder containing items, and deleting that folder, wouldn’t properly update the listing contents
  • UI: In the “Structures” or “Enums” widget, the listing could be missing types after an undo operation
  • UI: incremental search (i.e., typing beginning of a string) in tabular/tree views would select wrong rows
  • UI: rebasing (manual or during debugging) could cause IDA to show empty entries in views with enabled folders
  • UI: sorting folders would only sort folders contents, but not the folders themselves
  • UI: the “Current line” message could fail to display in some views, when folders were enabled
  • UI: “undo” wouldn’t cause previously-rebased ‘Imports’ to get their original address back
  • UI: when folders are enabled in tabular views, ‘Copy/Copy all’ could fail to work as expected
  • Undoing after rebase could cause empty entries to appear in the name list

New in IDA 7.5.200519 (May 20, 2020)

  • Processor modules:
  • ARC: added support for ARCv2 EM instruction set
  • ARM: added an option to control detection of 32-bit constants loaded by scattered pairs of MOVW+MOVT instructions
  • ARM: improved detection of functions with delayed prolog setup
  • MIPS: added support for multi-GOT binaries ($gp can have different values in different parts of the binary)
  • V850/RH850: don’t create functions for PIC calls (to next address)
  • PPC: added many new instructions from e200 cores (NXP MPC57xx, ST SPC58xx):
  • Cache Bypass Storage (lbdcbx lhdcbx lwdcbx stbdcbx sthdcbx stwdcbx dsncb)
  • e200z490 (AIOP) instructions (e_lqw e_stqw e_ldwcb e_ldbrw e_byterevw and more)
  • MPU instructions (mpure, mpuwe, mpusync)
  • PC: added support for endbr instruction in prolog analysis
  • PC: added decoding of WAITPKG instructions (TPAUSE, UMONITOR, and UMWAIT)
  • PC: added decoding of TSX instructions (XRESLDTRK and XSUSLDTRK)
  • PC: added decoding of instructions CLDEMOTE, ENCLV, SERIALIZE
  • PC: added decoding of Direct Store instructions (MOVDIRI and MOVDIR64B)
  • PC: added decoding of MCOMMIT and RDPRU instructions (AMD Zen2)
  • File Formats:
  • AMIGA: implement rebasing for Amiga hunk file loader (contributed by Vladimir Kononovich)
  • ELF: ignore internal compiler symbol gcc2_compiled
  • ELF: pc: handle PLT stubs in binaries compiled with Intel CET support (-fcf-protection)
  • ELF: accept files with PT_LOAD segments running over end of file
  • ELF: MIPS: implemented relocations R_MIPS_GOT_PAGE, R_MIPS_GOT_OFST
  • ELF: MIPS: add support for MIPS64 complex relocations
  • MACHO: allow the user to configure the type libraries loaded for new macho files. see TIL_CONFIG in macho.cfg
  • TDS: added support for tds files concatenated with the exe file
  • Installer:
  • default to Python 3; bundle Python 3.8.2 with Windows installer
  • Debugger:
  • debugger: added support for Bochs 2.6.10
  • debugger: added debugging support for Zilog Z80 processors
  • debugger: gdb: improve debugging of multi-thread programs
  • debugger: ios: added iPhone SE 2 to list of known devices/li>
  • debugger: PIN: support building pintool with pin 3.13
  • debugger: xnu: improved ktrw support. breakpoints/watchpoints/registers now work as expected with ktrw, using the “Corellium-ARM64” configuration. no other manual setup is needed.
  • Kernel / Misc.:
  • demangler: add c++20 spaceship and co_await operators for VC++ and GCC
  • KERNEL: add std::_Xlength_error() to the list of no-returning functions
  • Lumina: Lumina functionality is available for MIPS and PPC binaries
  • FLIRT / TILS / IDS:
  • TIL: introduced new macosx type libraries, built directly from headers in MacOSX.sdk/iPhoneOS.sdk (including all Objective-C and C++ Frameworks). see macosx_sdk*.til/iphoneos_sdk*.til
  • TIL: introduced new type libraries specifically for XNU kernel and KEXT binaries, built directly from the XNU source code. see xnu.til/xnu_arm.til
  • FLIRT: Added MFC signatures for vc1424 (Visual Studio 2019.4)
  • FLIRT: Added MFC signatures for vc1425 (Visual Studio 2019.5)
  • FLIRT: ICL: Added signatures for icl200 (Intel C++ 20.0
  • FLIRT: ICL: Added signatures for icl201 (Intel C++ 20.1)
  • FLIRT: VC: Added signatures for vc1424 (Visual Studio 2019.4)
  • FLIRT: VC: Added signatures for vc1425 (Visual Studio 2019.5)
  • User Interface:
  • UI: many IDA views now provide an alternative, tree-like folder view
  • UI: added actions to search for register definition or register use (Shift+Alt+Up, Shift+Alt+Down)
  • UI: it is now possible to add, delete, enable & disable breakpoints from the ‘Function calls’ widget
  • UI: The “Breakpoints” chooser now also reports the state (Enabled/Disabled/Unresolved) in a column, instead of only through the icon.
  • UI: within a session, IDA will by default remember and restore dialogs positions & sizes (configurable through RESTORE_DIALOGS_GEOMETRIES)
  • UI: debugger: the current thread is now shown in bold
  • UI: debugger: include the hostname and port number in the error message about failed connection
  • UI: removed the limitation on syncing similar views (e.g. now it’s possible to sync 2 idaviews)
  • UI: show filename of the file being loaded during the loading process
  • UI: “create struct from data”: when used inside a struct, ignore dummy field names like “field_xxx”
  • UI: added get_synced_group(), to retrieve information about what widgets are synchronized.
  • Plugins:
  • pdb: speed up loaing types from big PDBs
  • dscu: introduce a submenu for dyldcache handling (File>Load file>DYLD Shared Cache Utils)
  • dscu: allow branch islands to be loaded from the ui (File>Load file>DYLD Shared Cache Utils>Load branch island)
  • dscu: allow loading one or more modules from a given module’s dependency list (File>Load file>DYLD Shared Cache Utils>Load dependency)
  • dscu: allow module headers to be loaded individually from the dyldcache
  • dscu: allow the formatted dyld header to be loaded manually
  • dscu: allow the user to load single sections from any module individually
  • dscu: convert the module chooser to a multi-chooser. now multiple dyldcache modules can be loaded at once (File>Load file>DYLD Shared Cache Utils>Load module)
  • export data: allow user to change the variable name when exporting data as a C array
  • export data: when exporting an item as a C array, use the array variable name as the filename
  • objc: improve decompilation of objc_msgSendSuper() call sites
  • svdimport: new plugin to load and apply ARM CMSIS compliant SVD files with memory register definitions
  • Decompilers:
  • hexrays: added actions “Remove function argument”, “Remove return value” (default hotkey Shift-Del)
  • hexrays: added a variable annotation: BYREF, for the variables whose address is taken
  • hexrays: added action AddRemoveReturn (Ctrl-Shift-R)
  • hexrays: added an option to correctly handle _readflags(); since the results are not really readable, this option is off by default
  • hexrays: added mbl_array_t::save_snapshot() to be used by third-party plugins
  • hexrays: changed the default hotkey of “jump to global xref” to Ctrl-Alt-X. (Ctrl-X was not working in the struct view on macOS)
  • hexrays: arm: support atomic intrinsic instructions from ARMv8.1-A (LDADDAL, CASAL etc.)
  • hexrays: added logic to find enum members in switch cases
  • hexrays: added config option DISABLE_USERCALL to disable automatic generation of usercall prototypes
  • hexrays: improved recognition of CONTAINING_RECORD for structures with one pointer member
  • hexrays: improved recognition of struct member references
  • hexrays: open_pseudocode() now accepts a set of flags for finer control over how to open pseudocode views
  • hexrays: pc: added support for endbr instructions
  • hexrays: ppc: improve handling of soft float compiler helpers
  • hexrays: support some inlined string/memory operations for wide (16-bit) characters
  • hexrays: use standard “Rename address” dialog in pseudocode view to rename global names
  • Scripts & SDK:
  • SDK: extend processor modules, plugins and loader API to be able to use a C++ class for internal implementation
  • SDK: added enumerate_files2() to enumerate files using a visitor class
  • SDK: added FC_CALL_ENDS flag for qflow_chart_t() to return basic blocks terminated by call instructions
  • SDK: added register_cfgopts() which can be used to enable third-party config parameters in process_config_line()
  • SDK: added the ‘adding_segm’ event
  • SDK: added the ‘func_deleted’ event
  • SDK: added find_reg_access()
  • SDK: qflow_chart_t now computes graph predecessors by default. FC_NOPREDS flag can be used to skip this computation if necessary
  • SDK: renamed bitrange_t::combine() -> bitrange_t::apply_mask()
  • SDK: exported alloc_kreg/free_kreg functions for decompiler API
  • SDK: exported process_config_directive; also renamed process_config_line in idc/python to process_config_directive
  • SDK: simplified handling of custom refinfo types; now refinfo_t::type() returns a type with the REFINFO_CUSTOM bit for custom refinfos and refinfo_t::set_type() sets both the type and the REFINFO_CUSTOM bit;
  • IDC: added clear_selection()
  • IDC: added convenience macros to set the application bitness (inf_set_64bit(), inf_set_32bit())
  • idc: added stristr(), tolower(), toupper()
  • IDAPython: added an example showing how to retrieve register information from the context menu
  • IDAPython: ida_bitrange is now available
  • Bugfixes:
  • BUGFIX: "bad event during undo" could occur in some cases
  • BUGFIX: "find next error" could crash IDA
  • BUGFIX: "ida -I1" was modifying a wrong registry key when trying to set itself as the systemwide just-in-time debugger
  • BUGFIX: ARM: A64 LDARP instruction was printed with an incorrectly duplicated operand
  • BUGFIX: ARM: IDA could show wrong values if instruction simplification was enabled and instrucions with shifted immediate values were present
  • BUGFIX: ARM: The A64 instruction CRC32W was printed with an unnecessary .W suffix
  • BUGFIX: compile_idc_snippet() could fail if the snippet was ending with a comment and no newline
  • BUGFIX: cursor position in the list of xrefs to stkvars was not preserved
  • BUGFIX: debugger: a malicious client could invoke commands on a password-protected debug server without a password
  • BUGFIX: debugger: IDA could crash with interr 40052 when exiting while process is suspended with tracing enabled
  • BUGFIX: debugger: IDA could exit with internal error 40038 if erasing a breakpoint from the process failed unexpectedly
  • BUGFIX: debugger: IDA could fail to attach through GDB to a running instance of QEMU
  • BUGFIX: debugger: IDA could INTERR with 64-bit GDB flags register
  • BUGFIX: debugger: in rare cases IDA could crash when using Appcall in win32 debugger
  • BUGFIX: debugger: ios debugger could fail to handle read/write breakpoints in multithreaded situations.
  • BUGFIX: debugger: linux: the base of segment registers was calculated incorrectly in x86_64
  • BUGFIX: debugger: PPC: when debugging VLE code, IDA could put breakpoints at wrong locations
  • BUGFIX: debugger: values of Dn registers on ARM32 platform would not be available
  • BUGFIX: debugger: when attaching to some Windows 10 systems using Windbg backend, IDA would appear to hang
  • BUGFIX: debugger: win32: On Windows 7, IDA could incorrectly rebase the database if the executable was mapped into the address space a second time (can happen e.g. when displaying the icon in a File Open dialog)
  • BUGFIX: decompiler: assigning to a part of a variable could be erroneously translated as assigning to the whole variable
  • BUGFIX: decompiler: changed the hotkey for "global xrefs" to Ctrl-X because Shift-X does not work well in all contexts (for example, in choosers)
  • BUGFIX: decompiler: decompiler could lose instructions which modified its operands
  • BUGFIX: decompiler: fixed a crash on decompilation failure when COLLAPSE_LVARS=YES in hexrays.cfg
  • BUGFIX: decompiler: fixed interr 52329, which could occur if a enum type was renamed after its application in the decompiler
  • BUGFIX: decompiler: fixed numerous internal errors
  • BUGFIX: decompiler: IDA could crash with unhandled exception on opening a database which was saved after using the decompiler
  • BUGFIX: decompiler: in some cases "Cancel" button did not stop the decompilation
  • BUGFIX: decompiler: interr could occur if a parenthesis was used in a variable name
  • BUGFIX: decompiler: it could be required to press 'Escape' twice in order to cancel a decompilation requested by jumping to an address
  • BUGFIX: decompiler: it was impossible to input the negative number for the shifted value in the "convert to struct*" dialog
  • BUGFIX: decompiler: ppc instruction mulhd was decompiled incorrectly
  • BUGFIX: decompiler: pressing enter at the end of the very first line of the function body would not add an empty line as it should
  • BUGFIX: decompiler: renaming the same variable twice from two different pseudocode windows could cause an erroneous warning
  • BUGFIX: decompiler: some forced variables were not applied correctly
  • BUGFIX: decompiler: some lvar mappings would be ignored by the decompiler
  • BUGFIX: decompiler: some SSE2 instructions were decompiled to wrong intrinsics
  • BUGFIX: decompiler: when canceling a jump from "Pseudocode-A" to a new function, canceling decompilation could cause IDA to switch to "IDA View-A"
  • BUGFIX: demangler: for old borland mode (v < 5.5) some types in template arguments were demangled incorrectly
  • BUGFIX: DWARF: The DWARF plugin could complain about invalid data for some Golang binaries
  • BUGFIX: DWARF: The DWARF plugin could enter an inconsistent state and bail out upon certain constructs
  • BUGFIX: DWARF: The DWARF plugin could fail to parse certain constructs involving similarly-named typedefs, to various templates instantiations
  • BUGFIX: DWARF: The plugin could create the same parameter multiple times, if certain (GCC) constructs were used to specify their const value
  • BUGFIX: ELF: MIPS: improve handling of the special symbol "_gp_disp"
  • BUGFIX: ELF: PLT stubs could be truncated and marked as no-return in some MIPS files, resulting in bad analysis
  • BUGFIX: ELF: some ARM shared objects could fail to resolve external symbols (imports)
  • BUGFIX: enum radix was not immediately propagated from the enum view to the local types
  • BUGFIX: fixed a random interr 30143 that was occurring when attaching to a WoW64 application that was generating lots of exceptions
  • BUGFIX: fixed erroneous internal error 1544 that could occur after a debugger session
  • BUGFIX: gdb debuggers could interr 30044 in multithreaded situations.
  • BUGFIX: GDB would not mask exceptions even if configured to do so
  • BUGFIX: GDB would not respect the user's request when manually resuming after exceptions
  • BUGFIX: GDB: LR was incorrectly set as instruction pointer for PPC configurations (correct register is PC)
  • BUGFIX: hexview: editing undefined byte and setting its value to 0xFF, could fail to show the value properly
  • BUGFIX: IDA analysis could loop indefinitely when analyzing some switch patterns produced by clang (e.g. in chrome.dll)
  • BUGFIX: IDA could crash in case of a network error or if a remote GDB target did not support/report threads
  • BUGFIX: IDA could crash on exit when cleaning the leaked type objects (e.g. after a decompiler error)
  • BUGFIX: IDA could crash when debugger flag names were used as variables in IDC scripts
  • BUGFIX: IDA could crash when loading a new database with autoanalysis in progress
  • BUGFIX: IDA could crash when using watches during debugging
  • BUGFIX: IDA could fail to restore some segment register areas
  • BUGFIX: IDA could INTERR(40662) with C++ plugins that provide a PCF_EA_CAPABLE place_t implementation
  • BUGFIX: IDA could produce a fatal error when applying a function prototype with __spoils list which included ARM64 Xnn registers
  • BUGFIX: IDA would exit without any error message if a wrong -r switch was provided in the command line (for example, if the remote server was not reachable)
  • BUGFIX: idapyswitch on Windows could not distingush separate Python installs with the same version
  • BUGFIX: idapyswitch would not handle Python versions installed by macports
  • BUGFIX: IDAPython: after showing forms (or simply calling 'set_script_timeout()'), it could happen that the "Running Python script" wait dialog wouldn't show anymore for long operations
  • BUGFIX: IDAPython: calling add_segm_ex with a None segment, could crash IDA
  • BUGFIX: IDAPython: func_t.referers array was not usable from Python
  • BUGFIX: IDAPython: ida_dbg.get_current_source_file() was not usable
  • BUGFIX: IDAPython: ida_dbg.get_process_options() was not usable
  • BUGFIX: IDAPython: ida_funcs.func_t.points was unusable (and could cause IDA to crash)
  • BUGFIX: IDAPython: ida_funcs.func_t.regargs was not usable
  • BUGFIX: IDAPython: ida_idp.IDP_Hooks::ev_set_idp_options (and thus ida_idp.processor_t::ev_set_idp_options) was unusable
  • BUGFIX: IDAPython: ida_kernwin.Form instances could raise exceptions when using GetFieldValue on certain non-input fields
  • BUGFIX: IDAPython: ida_struct.struc_t.get_member() could return pointer to invalid data
  • BUGFIX: IDAPython: ida_struct.struc_t.members was not usable as it only ever allowed accessing the first member
  • BUGFIX: IDAPython: idapyswitch on linux could fail to be used again after being used to set target library to 'libpython3.so'
  • BUGFIX: IDAPython: idapyswitch would fail to link on Windows when using public source tree with the IDA SDK
  • BUGFIX: IDAPython: idc.get_inf_attr() could raise an exception due to improper type comparison with scripts showing a wait dialog
  • BUGFIX: IDAPython: idc.GetLocalType() could report a UnicodeDecodeError
  • BUGFIX: IDAPython: idc.py: "is not ''" is not valid in Python 3.8.1
  • BUGFIX: IDAPython: in some circumstances, building a GraphViewer could cause a very cryptic "AttributeError: 'Graph' object has no attribute 'id'" error
  • BUGFIX: IDAPython: insn_t.auxpref was limited to 16 bits, instead of correct 32
  • BUGFIX: IDAPython: issuing a 'ida_search.find_binary' call while debugging and if ida_kernwin.UI_Hooks were hooked, could cause IDA to hang
  • BUGFIX: IDAPython: performing an ida_idd.Appcall on a function that takes an 'int *', and in order to do so using a construct of Appcall.int64() + Appcall.byref() to construct the argument, could yield incorrect results
  • BUGFIX: IDAPython: processor modules, loaders & plugins should have their '__file__' properly set, since they are not using the '__main__' namespace
  • BUGFIX: idc: it was impossible to call a function through a pointer stored in a class member: obj.funcptr = func; obj.funcptr()
  • BUGFIX: installer: idapyswitch would incorrectly ignore valid Python installs as "unusable AppStore Python" on Windows 7
  • BUGFIX: M16C: addresses were not truncated to 32 bits when using IDA64
  • BUGFIX: M740: bra and jmp must stop the execution flow
  • BUGFIX: MACHO: load commands with ids larger than LC_DYLD_ENVIRONMENT were formatted incorrectly in the header segment
  • BUGFIX: mips: fixed decoding of the 'break' insn;
  • BUGFIX: mips: fixed decoding of the 'trunc.w/l' for microMIPS;
  • BUGFIX: mips: fixed endless loop if a call delay slot was changing $t9;
  • BUGFIX: mips: fixed the setting of initial $gp value
  • BUGFIX: mips: implemented support for get_reg_accesses
  • BUGFIX: MIPS: microMIPS 16-bit lw/st instructions were decoded incorrectly (with signed offset instead of unsigned)
  • BUGFIX: Objective-C step-into action could fail on MacOSX10.15/iOS13.
  • BUGFIX: On Windows, IDA could crash on some IDBs if the current codepage was changed to 65001
  • BUGFIX: PC: IDA would appear to hang if a very long sequence of nops was present in the middle of a function
  • BUGFIX: PDB: in some cases the types loaded from PDB file ("Types only") would be wrong and may cause interr
  • BUGFIX: PDB: the size of enum was set incorrectly
  • BUGFIX: PE: files with IAT lying outside of .idata could result in empty Imports list (even though actual import pointers were properly renamed)
  • BUGFIX: PE: when loading a mixed .NET file as native PE, imports list would be empty when using default options
  • BUGFIX: PIN: in some cases IDA did not refresh memoty layout
  • BUGFIX: SDK: during debugging, opening the context menu on the register label wouldn't provide the register name to the action_update_ctx_t, as it would on the register value
  • BUGFIX: SDK: http_get() was buggy and not reporting a failure if the connection was not established
  • BUGFIX: the 16-bit counter that was used for the number of function tail parents could overflow for some huge idbs
  • BUGFIX: the iOS debugger could fail to handle a watchpoint after it was hit frequently (100+ times in the same session).
  • BUGFIX: ui/qt: Canceling editing of a type in the "Local types" view, could cause it to be reverted to a different state than it was before
  • BUGFIX: ui/qt: double-clicking in the "Output window", could fail to jump in the right place, if a very large number of lines was present in the output
  • BUGFIX: ui/qt: set_viewer_graph() was not working
  • BUGFIX: ui/qt: Some messages in the "Output window" could be truncated in case very long scripts were run
  • BUGFIX: ui/qt: when holding the left mouse button down, scrolling with the mouse wheel would clear the selection (if it existed.)
  • BUGFIX: ui: 'make array' was not preserving the operand representation
  • BUGFIX: ui: A synced pseudocode view could in certain situations fail to show up-to-date contents
  • BUGFIX: ui: calling 'unregister_action' for some core IDA actions, could cause IDA to crash
  • BUGFIX: ui: current function was not always reanalyzed after manually editing a stack change point which could result in unbalanced stack
  • BUGFIX: ui: IDA would crash if "attach to process" dialog was cancelled when working without a database
  • BUGFIX: ui: In "Hex View-1", partially editing a byte, then calling "Undo", and then entering edit mode again (by pressing F2), woild cause the partial edit to show again
  • BUGFIX: ui: list of patched bytes would be empty when patching a rebased program (e.g. during or after debugging)
  • BUGFIX: ui: Rejecting the "String window"'s "Setup" dialog would cause the list of strings to be recomputed anyway
  • BUGFIX: ui: the forms change callback was not called for color button changes
  • BUGFIX: UI: using "quadro word" in context menu would create a float
  • BUGFIX: ui: when in the "Enums" view, pressing <Enter> with cursor on an 'XREF: <function name>" wouldn't jump
  • BUGFIX: ui: when re-creating a chooser with a different number of columns, it could happen that some columns were invisible
  • BUGFIX: ui: when starting with '-A' (i.e., batch mode), IDA would only show the "Output window" on the desktop
  • BUGFIX: Under certain (very rare) circumstances, IDA could freeze while calculating a hint
  • BUGFIX: undo: fixed a bug when undoing the debugger segment, added the recording of dbgmem_config
  • BUGFIX: windbg: ordinary breakpoints located in the same memory page as page breakpoints would be handled incorrectly

New in IDA 7.4.191112 (Jan 3, 2020)

  • Processor Modules:
  • M16C: improved jumptable recognition for M32C and R32C
  • Installer:
  • Installer: improved support for HiDPI displays in installers
  • Installer: ignore known unusable/buggy Python 3.x installs on Windows
  • Debugger:
  • DEBUGGER: android: introduced IDA_LIBC_PATH envvar to specify the path of libc.in a nonstandard location (e.g. in Android 10)
  • Plugins:
  • DSCU: allow __auth_stubs sections to be loaded individually from the dyldcache
  • Kernel/Misc:
  • goodname.cfg: improved std::basic_string patterns
  • BUGFIXES:
  • BUGFIX: 6502: cross-references to 16-bit addresses could be truncated to 8 bits
  • BUGFIX: debugger: IDA could appear to hang when deleting debugger segments after terminating a debugged process.
  • BUGFIX: debugger: mac, linux debug servers could crash when using --on-broken-connection-keep-session (-k) switch.
  • BUGFIX: DOS: IDA could crash after rebasing databases created for DOS .SYS files
  • BUGFIX: DSCU: "load libname.dylib" context menu item could be unavailable for some valid addresses
  • BUGFIX: hexrays: 32-bit magic divisions could be incorrectly recognized on arm64 and ppc64
  • BUGFIX: hexrays: fixed interr 50340
  • BUGFIX: hexrays: IDA could crash if no type was selected in "Convert to struct *" dialog, but OK was clicked
  • BUGFIX: hexrays: it was impossible to change the representation of some constants
  • BUGFIX: hexrays: op_uses_x() was returning false for 'cot_sizeof'
  • BUGFIX: hexrays: some switch cases would be wrongly printed as unsigned values
  • BUGFIX: hexrays: UDT return type could cause INTERR and __spoil<...> attribute was not supported for user-defined calls
  • BUGFIX: hexrays: wrong handling of big register arglocs on BE plaftorm: valid fastcall functions could be erroneously converted to usercall
  • BUGFIX: IDA could crash when trying to use license borrowing functionality without opening a file first
  • BUGFIX: IDA could fail with "out of memory" if something was wrong with the list of trusted idbs
  • BUGFIX: IDAPython could crash at startup on OSX when used with Python 3.6.
  • BUGFIX: IDAPython: ida_hexrays.cblock_t.insert() was unusable
  • BUGFIX: IDAPython: ida_kernwin.UI_Hooks.preprocess_action() wouldn't allow inhibiting the action
  • BUGFIX: IDAPython: ida_nalt.retrieve_input_file_md5() & ida_nalt.retrieve_input_file_sha256() were returning invalid data
  • BUGFIX: IDAPython: inspect.stack() could fail on recent versions of Python3 (e.g., Python 3.7.4)
  • BUGFIX: IDAPython: re-instantiating a chooser a second time could cause some context menu items to appear twice
  • BUGFIX: IDAPython: when returning an inappropriate type for ida_kernwin.Chooser2.OnGetLine() (e.g., returning a 'map()' in Python3, which produces a map iterable object and not a list), we would receive a cryptic message.
  • BUGFIX: installer: Python 2.7 installation could fail if path to temp directory contained non-latin characters.
  • BUGFIX: Lumina: IDA could submit the "File Name:" comment at the beginning of the IDB, as part of the first function's comments.
  • BUGFIX: M16C: ADD.L #imm, SP instructions could update SP with wrong value
  • BUGFIX: M16C: added missing DIV?.L and MUL?.L M32C instructions
  • BUGFIX: pc: sysret was not marked as an instruction that stops execution
  • BUGFIX: PPC: some VLE switches were not recognized if they used a register other than r0 for loading jump table elements
  • BUGFIX: Pressing F5 could cause a confusing "conflicting shortcuts" message to be printed in some situations
  • BUGFIX: ui/qt: it was impossible to change the font for the new type editor
  • BUGFIX: ui/qt: navigating some forms containing a text area using <Tab> and <Shift+Tab>, was broken
  • BUGFIX: ui/qt: the "Output window" was not understanding the 'r' (carriage return) character, making Python's 'tqdm' unusable
  • BUGFIX: UI: it was impossible to add the same file in "Recent scripts" in two IDA instances running simultaneously
  • BUGFIX: UI: IDA's UI could be sluggish on OSX when using an external display.
  • BUGFIX: UI: list of patched bytes would be empty when patching a rebased program
  • BUGFIX: ui: the script snippets could fail highlighting properly when Unicode was involved
  • BUGFIX: unnamed types could not be imported in structure/enum views

New in IDA 7.3.190702 (Nov 13, 2019)

  • Processor Modules:
  • M16C: improved jumptable recognition for M32C and R32C
  • Installer:
  • Installer: improved support for HiDPI displays in installers
  • Installer: ignore known unusable/buggy Python 3.x installs on Windows
  • Debugger:
  • DEBUGGER: android: introduced IDA_LIBC_PATH envvar to specify the path of libc.in a nonstandard location (e.g. in Android 10)
  • Plugins:
  • DSCU: allow __auth_stubs sections to be loaded individually from the dyldcache
  • Kernel/Misc:
  • Goodname.cfg: improved std::basic_string patterns
  • BUGFIXES:
  • BUGFIX: 6502: cross-references to 16-bit addresses could be truncated to 8 bits
  • BUGFIX: debugger: IDA could appear to hang when deleting debugger segments after terminating a debugged process.
  • BUGFIX: debugger: mac, linux debug servers could crash when using --on-broken-connection-keep-session (-k) switch.
  • BUGFIX: DOS: IDA could crash after rebasing databases created for DOS .SYS files
  • BUGFIX: DSCU: "load libname.dylib" context menu item could be unavailable for some valid addresses
  • BUGFIX: hexrays: 32-bit magic divisions could be incorrectly recognized on arm64 and ppc64
  • BUGFIX: hexrays: fixed interr 50340
  • BUGFIX: hexrays: IDA could crash if no type was selected in "Convert to struct *" dialog, but OK was clicked
  • BUGFIX: hexrays: it was impossible to change the representation of some constants
  • BUGFIX: hexrays: op_uses_x() was returning false for 'cot_sizeof'
  • BUGFIX: hexrays: some switch cases would be wrongly printed as unsigned values
  • BUGFIX: hexrays: UDT return type could cause INTERR and __spoil<...> attribute was not supported for user-defined calls
  • BUGFIX: hexrays: wrong handling of big register arglocs on BE plaftorm: valid fastcall functions could be erroneously converted to usercall
  • BUGFIX: IDA could crash when trying to use license borrowing functionality without opening a file first
  • BUGFIX: IDA could fail with "out of memory" if something was wrong with the list of trusted idbs
  • BUGFIX: IDAPython could crash at startup on OSX when used with Python 3.6.
  • BUGFIX: IDAPython: ida_hexrays.cblock_t.insert() was unusable
  • BUGFIX: IDAPython: ida_kernwin.UI_Hooks.preprocess_action() wouldn't allow inhibiting the action
  • BUGFIX: IDAPython: ida_nalt.retrieve_input_file_md5() & ida_nalt.retrieve_input_file_sha256() were returning invalid data
  • BUGFIX: IDAPython: inspect.stack() could fail on recent versions of Python3 (e.g., Python 3.7.4)
  • BUGFIX: IDAPython: re-instantiating a chooser a second time could cause some context menu items to appear twice
  • BUGFIX: IDAPython: when returning an inappropriate type for ida_kernwin.Chooser2.OnGetLine() (e.g., returning a 'map()' in Python3, which produces a map iterable object and not a list), we would receive a cryptic message.
  • BUGFIX: installer: Python 2.7 installation could fail if path to temp directory contained non-latin characters.
  • BUGFIX: Lumina: IDA could submit the "File Name:" comment at the beginning of the IDB, as part of the first function's comments.
  • BUGFIX: M16C: ADD.L #imm, SP instructions could update SP with wrong value
  • BUGFIX: M16C: added missing DIV?.L and MUL?.L M32C instructions
  • BUGFIX: pc: sysret was not marked as an instruction that stops execution
  • BUGFIX: PPC: some VLE switches were not recognized if they used a register other than r0 for loading jump table elements
  • BUGFIX: Pressing F5 could cause a confusing "conflicting shortcuts" message to be printed in some situations
  • BUGFIX: ui/qt: it was impossible to change the font for the new type editor
  • BUGFIX: ui/qt: navigating some forms containing a text area using <Tab> and <Shift+Tab>, was broken
  • BUGFIX: ui/qt: the "Output window" was not understanding the 'r' (carriage return) character, making Python's 'tqdm' unusable
  • BUGFIX: UI: it was impossible to add the same file in "Recent scripts" in two IDA instances running simultaneously
  • BUGFIX: UI: IDA's UI could be sluggish on OSX when using an external display.
  • BUGFIX: UI: list of patched bytes would be empty when patching a rebased program
  • BUGFIX: ui: the script snippets could fail highlighting properly when Unicode was involved
  • BUGFIX: unnamed types could not be imported in structure/enum views

New in IDA 6.9.151221 (May 31, 2016)

  • Processor Modules:
  • 65816: many improvements
  • ARM: implemented reading of vfp registers for arm remote servers
  • ARM: implemented calculation of function argument locations for aarch64
  • ARM: improved register tracking
  • ARM: added support for security_push/pop_cookie functions (thumb mode)
  • ARM64: added support for varargs in non-framed function
  • PC: improved detection of function boundaries in PE+ files with unwinding metadata (.pdata section)
  • PC: added AVX comparison pseudo-ops
  • PC: added decoding of AVX-512 extensions
  • PC: added decoding of MPX extensions
  • PC: added decoding of SGX extensions
  • PC: added decoding of SHA extensions
  • PC: added decoding of XOP extensions
  • PC: added decoding of CLFLUSHOPT, CLWB, and PCOMMIT instructions
  • PC: added decoding of PREFETCHWT1 instruction
  • PC: added decoding of RDPKRU and WRPKRU instructions
  • PC: added decoding of XRSTORS, XSAVEC, and XSAVES instructions
  • PC: added support for switch patterns from more recent versions of clang
  • PC: added support for switch patterns from llvm-gcc
  • PC: improved prolog analysis
  • PIC18: added support for PIC18F2682/2685/4682/4685 devices
  • PPC: added support for PPC SystemV EABI and PPC64 AIX and SystemV ABIs
  • PPC: improved handling of function arguments
  • PPC: improved naming of stack variables
  • PPC: improved tracking of SP register
  • PPC: added support for memory mapping
  • MIPS64: convert standard sequences (lui, ori, li, etc) to dli macros
  • SH4: improved switch recognition
  • SNES: improved loader, and included snes's spc loader.
  • SPC700: new processor module for super nintendo spc700.
  • avr.cfg: added description of ATmega644p
  • File Formats:
  • DWARF: Environment variable IDA_NORELOC will be honored by the plugin, and no relocations will be performed in the DWARF sections (can be useful for VxWorks-produced binaries.)
  • ELF: added AArch64 relocations
  • ELF: improved detection of truncated files
  • ELF: tweaked a bit analysis options (added AF_PURDAT)
  • MACHO: small improvement for parsing Swift metadata
  • PE: improved parsing of CFGuard function tables (additional flag bytes are now recognized and skipped)
  • PE: unnamed export entries are no longer given a dummy name in the Exports window
  • PE: when using manual loading, it is now possible to use the "don't show again" checkbox to load (or skip) all subsequent sections at once
  • PE: print the PE timestamp in the file's info comment
  • net: we use our own file parser on all platforms, including windows too
  • uimage: add support for images that use gzip compression
  • Debugger:
  • added support for ARM64 Android binaries (android_server64)
  • mac_server now supports codesigning to avoid having to run it as root. it can be codesigned just like gdb
  • GDB: allow for additional features in the XML sent by the remote stub
  • GDB: allow the user to specify additional/custom register layouts using the config file and XML target descriptions
  • GDB: added support for x64 targets
  • Kernel/Misc:
  • IDS: MS Windows IDS files have been updated to Windows XP SP3
  • IDS: added Windows 7 sp1 x64 IDS files
  • IDS: update wince/arm/coredll.idt with some missing ordinals
  • TIL: support for type definitions that have long names (> 512 characters)
  • added DEMNAME_FIRST config paramter (if both type and demangled name are present, it selects one of them)
  • added STORE_USER_INFO config parameter; if turned off, info about the database creator will not be stored in the database
  • added a config option XREF_CACHE_LIMIT to limit memory usage of the cross-references cache. This allows analyzing huge files in IDA at the cost of some slowdown
  • added signatures for ICL15
  • added signatures for VC12 (VS2013) and VC14 (VS2015)
  • added signatures for Embarcadero RAD Studio xe5 to xe10 Update 1
  • improved sigmake collision detection
  • improved sigmake speed
  • added support for Linux syscall-based system calls
  • any directives of any configuration files can overridden by user-specified files placed in %IDAUSR%/cfg/
  • IDA doesn't recognize the IDAPLG environment variable anymore: the more versatile IDAUSR should be used instead
  • IDAUSR environment variable can hold more than 1 path, which will be searched in order when looking for files
  • databases can be uploaded to Hex-Rays' web server in background
  • demangler: added support for __vectorcall, __clrcall
  • improved analysis speed of some obfuscated files
  • pelf: Added support for AARCH64 (ARM64)
  • added more noreturning function names
  • User Interface
  • ui: added functionality to synchronize between user-specified viewers
  • ui: added syntax highlighting for IDC and Python
  • ui: added support for multiple keyboard shortcuts per action
  • ui: "search all" can now be used in "Structures", "Enums", and any user-created viewer
  • ui: proximity view: double-clicking on an edge will take you to the node at the other end of the edge
  • ui: proximity view: it is now possible to see details about paths, and copy their information
  • ui: traced instructions are now highlighted in debug mode
  • ui: Ctrl+DblClick on name in idaview opens target in the new view
  • ui: Add syntax highlighting to Import/Export of colors + reset it when "Reset" button is pressed
  • ui: Listing views (IDA View-A, Structures, Enumerations, ...) can now be scrolled horizontally with 2-finger scrolling (e.g., on trackpads), or by using Alt+ on Windows.
  • Scripts & SDK:
  • IDC: added PrintLocalTypes()
  • SDK: added PR_OUTER that must be specified for processor modules that support outer operands
  • SDK: event hooks: changed the way new event listeners are registered. now new listeners are appeneded to the end of the list and therefore will receive events last. hopefully it will lead to better logic because usually it is the ui and the processor module who will get first hooked; and only then plugins. it means that the processor modules and ui will be first to react to the events
  • SDK: functions to retrieve the input file size
  • SDK: functions to calculate/retrieve the SHA256 hash of the input file
  • SDK: introduced the notion of 'ABI name' in IDA; it can be set using set_compiler2() function; processor modules are in general responsible for recognizing it and setting up various config bits in IDA accordingly
  • SDK: added new flag: SETMENU_FIRST: add item to the beginning of menu (to be used in attach_action_to_popup)
  • IDAPython: IDP_Hooks, IDB_Hooks, UI_Hooks & DBG_Hooks are now automatically generated from the list of notifications in the corresponding .hpp headers
  • switched from PySide to PyQt
  • BUGFIXES:
  • BUGFIX: 'user-defined offset' dialog was broken if custom offset types were present (for tricore, for example)
  • BUGFIX: 64-bit ARM branch addresses to missing addresses would be truncated to 32 bits in the output
  • BUGFIX: 64bit mach-o loader: incorrect hangling of PRELINK_INFO
  • BUGFIX: ARM: GCC Thumb1 compressed switches that used the __gnu_thumb1_case_si helper were handled incorrectly
  • BUGFIX: ARM: incorrect calculation of locations for some big function arguments caused interr 50904 in decompiler
  • BUGFIX: ARM: incorrect disassembling of instructions FMAXV, FMAXNMV
  • BUGFIX: Automatic snapshot flag was not stored in snapshots of newly created databases
  • BUGFIX: DOS loader would accept an input file simply because it had a .exe extension
  • BUGFIX: COFF: parsing files with empty string tables was broken
  • BUGFIX: DWARF could fail with some complex ARM ADS 6.x-generated DWARF files
  • BUGFIX: DWARF relocations to '.debug_*' sections were erroneously handled
  • BUGFIX: DWARF: badly-broken files with corrupt .debug_abbrev sections could cause the DWARF plugin to segfault (NULL-pointer dereference.)
  • BUGFIX: DWARF: GCC-produced DWARF type information whose name is "__int128 unsigned" wasn't properly sanitized
  • BUGFIX: DWARF: Unexpected structuring of complex types in ADS-produced binaries could get the DWARF plugin cause an INTERR
  • BUGFIX: DWARF: some llvm7-generated construct could cause the plugin to INTERR
  • BUGFIX: During auto-analysis, don't rename stack locations of function F, if those names would conflict with register aliases within function F
  • BUGFIX: During debugging, it was impossible to set flag registers individually
  • BUGFIX: During debugging, when the user is asked for a mapping path, and presses 'Esc' to set it as ignored, and 'Esc' again to dismiss the 'Mappings' dialog, the path that would be ignored was that of the file, not that of the directory containing the file
  • BUGFIX: During debugging, when the user is initially asked for a mapping, he/she couldn't add another right after that, before dismissing the 'mappings' dialog
  • BUGFIX: ELF: IDA would refuse to load files with non-PT_LOAD segments lying outside of the file
  • BUGFIX: Exporting module-relative breakpoints to IDC wouldn't properly escape '\' path elements separators
  • BUGFIX: FLIRT: parsing of Watcom OMF libraries was broken
  • BUGFIX: Fixed binary search. Now this dialog can be used also for search of any input values up to uint64 size both for big/little endianness for any size of byte (8-, 16-, 24-, 32-bit)
  • BUGFIX: For 64-bit binaries, IDA could display truncated values in special segments (e.g., 'extern', 'abs', ...)
  • BUGFIX: IDA could abort with interr 1226 when repairing a corrupted database
  • BUGFIX: IDA could corrupt old databases when upgrading pages containing long (size>255) keys
  • BUGFIX: IDA could crash during debugging, when asked for a binary path mapping, and if the user choses to add yet another mapping but leaves it empty
  • BUGFIX: IDA could crash on osx when trying to clear the message window while the focus is in the script snippet window
  • BUGFIX: IDA could crash when zooming out of proximity view
  • BUGFIX: IDA could erroneously report 'database bitness differs from debugged application bitness' when attaching to a process in batch mode
  • BUGFIX: IDA could interr when passing 0 as the bufsize parameter to tag_remove()
  • BUGFIX: IDA could not create a 32-bit flat offset inside of a 16-bit segment in some cases (by default IDA creates seg:off pairs for 16bit segments)
  • BUGFIX: IDA could not load dwarf debug info for a module when remote debugging
  • BUGFIX: IDA could show in hints wrong value of a FPU/XMM register operand
  • BUGFIX: IDA was not able to jump to a secondary IDA View, Hex View or Pseudocode window from search results, in case the last-visited view was closed
  • BUGFIX: IDA was unnecessarily retrieving the python GIL in a callback called by the kernel, resulting in a significant slowdown on mac
  • BUGFIX: IDA would fail to load PDB symbols for .pdb files selected via the file browser
  • BUGFIX: IDA would reject the names of some types from newer windows executables
  • BUGFIX: IDAPython couldn't set the language of a breakpoint condition, and thus couldn't express conditions in other languages than IDC
  • BUGFIX: IDAPython's get_idasgn_desc() doesn't return the number of matches. Added get_idasgn_desc_with_matches()
  • BUGFIX: IDAPython's get_member_by_fullname() was not usable, and only 1 variation of get_member_by_id() was usable
  • BUGFIX: If the IDA View was in graph mode before starting a debugging session, it wouldn't be restored to graph mode after the debugging session ends
  • BUGFIX: In 64-bit IDA, IDAPython would fail to generate proper wrappers for the objects returned by calc_switch_cases()
  • BUGFIX: In case a "Fat" Mach-O file had 2 versions of the _same_ architecture (e.g., ARMv7 & ARM64), the DWARF plugin could attempt loading the wrong one
  • BUGFIX: In the "Function calls:" window's "callers" part, the address of the call instruction would be printed twice, instead of having the address only once and then the function name
  • BUGFIX: JumpOpXref was not working on a name with forbidden (non-identifier) characters if pressed on the name at the beginning of the disassembly listing
  • BUGFIX: LX: loader could return garbage data for packed pages
  • BUGFIX: Leaving a mark, and then right-clicking on the address of an instruction could cause IDA to INTERR with the code 520
  • BUGFIX: Loading an additional non-IDS/IDT file could cause IDA to INTERR
  • BUGFIX: PC: fixed VSIB index registers
  • BUGFIX: PC: fixed operand size for scalar FMA instructions
  • BUGFIX: PDB: Remote PDB could return garbage data on unix
  • BUGFIX: PIN, instant debugging mode: module could report incorrect process bitness after attaching
  • BUGFIX: PIN: in some cases IDA could not suspend running process
  • BUGFIX: PIN: pintool could hang on a multithreaded windows application (race condition)
  • BUGFIX: PIN: pintool did not suspend application before reporting PROCESS_ATTACH event to IDA
  • BUGFIX: PIN: pintool reported broken module name with PROCESS_ATTACH event
  • BUGFIX: PPC ddedpd, ddedpdq, denbcd, denbcdq opcodes were not properly supported
  • BUGFIX: PPC: IDA did not display the function stack frame correctly
  • BUGFIX: Pressing Home,End when in the "quick filter" of a chooser will move the cursor to the beginning or to the end of the filter line, instead of scrolling the list of items to the beginning or the end
  • BUGFIX: RVCT-produced DWARF info with duplicate typedefs could cause the DWARF plugins some issues
  • BUGFIX: Selecting an area, pressing 't' to choose between matching structs (or almost-matching structs), and requesting to "Add missing fields" to a struct that would otherwise match, could crash IDA
  • BUGFIX: Setting NLSPATH to a very large value could cause IDA to crash at startup
  • BUGFIX: Setting a module-relative breakpoint, without specifying the module name, could crash IDA at database-save time
  • BUGFIX: Shift+Up/Down/PageUp/PageDown when modifying the quick filter of a chooser wouldn't add rows to the selection but rather clear the selection, and select only 1 item
  • BUGFIX: Some ARM ELF relocations (R_ARM_CALL, R_ARM_JUMP24, ...) could be incorrect
  • BUGFIX: Some PPC opcodes were causing IDA to exit with interr 10185
  • BUGFIX: The DWARF plugin could fail loading GCC 3.3.3-produced UDTs with declared-only inherited types
  • BUGFIX: The DWARF plugin could fail spotting colliding typedefs in clang-produced DWARF information
  • BUGFIX: When exporting types, IDA could crash after trying to forward declare a non-local type
  • BUGFIX: When failing to updating a breakpoint's size/type through update_bpt(), IDA could leave the breakpoint in a state preventing it from being usable anymore
  • BUGFIX: When making code, if segments had to be adjusted, IDA could crash because of recursive calls to generate_disassembly()
  • BUGFIX: When selecting negative "standard constant" enumerators, IDA could display the operand as a faulty number, instead of as that symbolic constant
  • BUGFIX: When the start address of function with chunks was changed, the "owner" and "referers" field of function tails were not updated and could hold the address of non-function area. In this case any modification of function using screanEA from tails range fails. The problem is solved by fixing "owner" and "referers" of tails using new start ea of the function
  • BUGFIX: Win32 debugging: could leave EIP in the middle of an instruction, in some cases a step over/into an x86/x86_64 callgate was requested (i.e., system call), and if that callgate called us back, hitting a breakpoint in user code
  • BUGFIX: __declspec(align(x)) was parsed incorrectly in some cases
  • BUGFIX: alignment for complex situations like "void (***func[])() was not parsed/printed correctly
  • BUGFIX: aloc_visitor_t could not be fully utilized from idapython
  • BUGFIX: area_visitor2_t could not be fully utilized from idapython
  • BUGFIX: c166: Fixed ida crash if bad cc code for jmpr, jmpa, calla, jmpi, calli instructions is stored in the database
  • BUGFIX: calling QTime::elapsed() from idleEvent() would significantly slow down analysis time on mac
  • BUGFIX: checking for the new versions the second time could fail
  • BUGFIX: coldfire: ida was decoding illegal addressing modes for the move instruction
  • BUGFIX: copying from customer views to clipboard was broken
  • BUGFIX: dbg: dalvik: the unregistered request for deferred breakpoint prevented the debugger detach
  • BUGFIX: dbg: fixed wrong 64-bit address truncation to 32-bit
  • BUGFIX: dbg: win32: dirty memory block was returned in memory info
  • BUGFIX: debugger: fixed interr 1203 which could happen in presence of DLLs with very long (>1024 bytes) export names
  • BUGFIX: defining a new structure oe enum in the presence of a forward declaration would change the ordinal number of the forward declaration
  • BUGFIX: ebc: fixed some wrong references and exceptions
  • BUGFIX: error color was printed as blue when generating html files
  • BUGFIX: exception code was displayed incorrectly in the 'edit exception' dialog
  • BUGFIX: fixed handling of empty structs: ida was considering them to be 1-byte size while gcc treats them as 0-byte size
  • BUGFIX: fixed interr 1060 which could occur if the target compiler was not set
  • BUGFIX: fixed interr 40178
  • BUGFIX: fixed interr 50295
  • BUGFIX: fixed interr 984 which could occur during importing pdb files
  • BUGFIX: fixed memory corruption (seemingly without any consequences) made by askstr()
  • BUGFIX: floating point operands of data items would be printed incorrectly for big endian processors
  • BUGFIX: gdb: 64-bit debuggers were using 32-bit register layouts
  • BUGFIX: hcs12x: Fixed instruction opcodes for xgate instruction set (sub and sbc instructions and their aliases were swapped)
  • BUGFIX: highlighting and scrolling could be sluggish in the disassembly views, especially on osx
  • BUGFIX: ida could crash if the user closed the database and terminated the debugger session at once (only in some rare circumstances)
  • BUGFIX: ida could crash on some corrupted 64-bit PE files
  • BUGFIX: ida could crash when deleting a segment
  • BUGFIX: ida could fail with "rpc timeout" if the debugger server was trying to print while ida was waiting for debug events
  • BUGFIX: ida could hang trying to display nested varsize structs in the middle of a struct (where they do not make sense)
  • BUGFIX: ida could interr with code 1006 when deleting local types
  • BUGFIX: ida could not parse some nested types (like type1::type2 inside a struct)
  • BUGFIX: ida was not using the default calling convention for validating function types; if it was set to something wrong, interrs could occur in the decompiler
  • BUGFIX: ida would fail to launch debugger after copying the dll to debug to the remote computer (only if debugging dll, not exe)
  • BUGFIX: idal/idaw couldn't generating valid GDL graphs when run in batch mode
  • BUGFIX: idapython: ui/qt: docking: ida could crash if the dock wich is active is moved using set_dock_pos
  • BUGFIX: idaw could sometimes reset the window size to 80x24 even if not asked to do so
  • BUGFIX: idc: ParseTypes could not parse a enum if some of its members were already used in other types
  • BUGFIX: idc: sizeof() function was broken
  • BUGFIX: in linux text version of IDA, it was impossible to cancel a long-running operation
  • BUGFIX: in some cases IDA could abort with mesage "page allocation error"
  • BUGFIX: in the 'Structures' view, removing fields from aggregated structure (leading to gaps appearing in aggregating structure), and then re-defining those fields wouldn't reclaim those bytes
  • BUGFIX: interr 50913 could occur if a previously valid type was rendered invalid
  • BUGFIX: interr 543 was occurring at the exit time
  • BUGFIX: interr 814 could occur when deleting local types
  • BUGFIX: interr 973 could be displayed by mistake in some rare cases
  • BUGFIX: it was impossible to create a usable instance of enum_member_visitor_t from idapython
  • BUGFIX: it was impossible using ui to add sp change point to express changes between function chunks
  • BUGFIX: ldr: elf: preserved patch_mode noform bits during "Local options" dialog; option "Create base for debugging" setting cannot be changed, fixed
  • BUGFIX: ldr: elf_x64: callback x64_patch() used patch_mode from the wrong place
  • BUGFIX: linux_server: fallback to accept() if accept4() is not implemented
  • BUGFIX: mc68k module was not generating xrefs to struct members
  • BUGFIX: mc68k: address bus width for mc68000, mc68010, cpu32 reduced to 24 bits
  • BUGFIX: name color for references into the middle of a struct/array was wrong
  • BUGFIX: offset expressions for wide-byte processors were truncated
  • BUGFIX: osx: once idaq was launched, double clicking on idaq64 would not launch idaq64 but simply switch to idaq
  • BUGFIX: pc: when deleting segments basereg info was still retained
  • BUGFIX: replacing a enum with another enum that had fewer member could lead to interr 1263
  • BUGFIX: sdk: tinfo_t::get_final_type_name() would return wrong names for typedefs to forward declarations
  • BUGFIX: searching for binary patterns would fail in some cases for processors with non-standard byte size
  • BUGFIX: sh3: "bad optype" message could be displayed if the user changed an operand type when staying after comma inside an operand like this: (h'XX, rY)
  • BUGFIX: sh3: ida would not detect that after indirect calls to non-returning functions the execution flow stops
  • BUGFIX: sigmake could interr with code 577
  • BUGFIX: sigmake would output corrupt data with pattern lengths greater than 255
  • BUGFIX: some data cross references would not be deleted when deleting the corresponding data item
  • BUGFIX: srec output was broken (markers in format strings were not replaced properly.)
  • BUGFIX: stack analysis could cause an internal error in some very rare cases
  • BUGFIX: struct_field_visitor_t and related functions could not be fully utilized from idapython
  • BUGFIX: the string window was missing some strings when the debugger was active
  • BUGFIX: tinfo_visitor_t could crash on yet unresolved tinfo objects
  • BUGFIX: tinfo_visitor_t could not be fully utilized from idapython
  • BUGFIX: tricore would print empty @HIS() if the target address of the HIGHA16 offset was wrong (it should print the operand as a number in this case)
  • BUGFIX: ui/qt: display_tform() could still place the widget back into the main window, in case that widget had a title with ',' in it (amends 59726, really.)
  • BUGFIX: ui: Fixed broken layout of "Enter reference information" dialog if custom reference info is used
  • BUGFIX: ui: forms: "Change segment attributes" dialog set wrong attribute alignments
  • BUGFIX: ui: local variable type cast in "Watch View" was broken, added test cases
  • BUGFIX: ui: qt: Fixed the behavior of display_tform ( or ui_show_form or form.Show() in python). If the form already exists then its position is not changed
  • BUGFIX: ui: qt: Removed displaying of empty popup menus for IdaCustomMemos
  • BUGFIX: ui: qt: set AutoFillBackground property to true for TMyDialog. Overwise in some cases background is not painted
  • BUGFIX: user graph nodes could be rendered too small on osx
  • BUGFIX: v850: Fixed decoding of ld.hu instruction
  • BUGFIX: watches could not be deleted from the watch list via the Debugger menu
  • BUGFIX: windbg debugger could fail with interr 520
  • BUGFIX: windbg, kernel mode: in some cases ida failed to resume execution after a breakpoint
  • BUGFIX: windbg: in some cases DETACH request could return incorrect code (FAIL instead of SUCCESS)
  • BUGFIX: windmp: dump loader would incorrrectly try to continue if the debugging engine initialization failed, leading to a crash
  • BUGFIX: PE: some sections with valid data were skipped by default because the discardable flag was set
  • BUGFIX: PE: intentionally corrupted .NET PE files could corrupt heap or could trigger a static buffer overwrite
  • BUGFIX: PE: it was not possible to manually load a section which is skipped by default
  • BUGFIX: ntapi.til: definition of ULONGLONG was wrong (it was defined as "double")
  • BUGFIX: sdk: function addresss iterator might return a wrong address for some special cases;
  • BUGFIX: the 'xrefs to' view would duplicate the list for every refresh
  • BUGFIX: ui: Fixed graph printing. Added the menu item "print graph" to the popup menu
  • BUGFIX: ui: IDA would crash when clicking "Compile" in breakpoint's condition editor and the condition was empty.
  • BUGFIXES in the SERVICE PACK
  • BUGFIX: After performing a search with "Find all occurrences" checked, jumping by double-clicking on a result in the list wouldn't reset the cursor's Y position to the 5th line from the top of the screen
  • BUGFIX: Badly-damaged unpacked databases could cause IDA to crash at startup (while repairing.)
  • BUGFIX: CLI: stack buffer overrun could happen when disassembling .net files with very long method prototypes
  • BUGFIX: Color options dialog could be too tall for the screen, making it impossible to click 'Ok'
  • BUGFIX: DWARF plugin could be very slow to process DWARF debug information with huge type graphs
  • BUGFIX: Deleting a structure could cause the view to jump to an unexpected position
  • BUGFIX: Don't activate/raise IDA View-? when selecting a thread
  • BUGFIX: Double-clicking an edge in the graph view, would correctly move to the target node, but wouldn't create a new location history entry
  • BUGFIX: Double-clicking on a 'Caller' or 'Callee' in the "Function calls" window could crash IDA
  • BUGFIX: EA-capable views would store their bookmarks in a per-view-type-specialized storage space, which wouldn't allow sharing them between "IDA View-?", "Hex View-?" & "Pseudocode-?" views
  • BUGFIX: ELF 'extern' segment could be misaligned for 64-bit files
  • BUGFIX: GDB: software breakpoint bytes were swapped for big-endiand and little-endian MIPS, leading to bogus exceptions during debuggging
  • BUGFIX: IDA could crash at exit-time if some events happened in a very short amount of time
  • BUGFIX: IDA could crash when moved from screen to screen, if a widget had an empty area (https://bugreports.qt.io/browse/QTBUG-43489)
  • BUGFIX: IDA could fail loading configuration from files included by "#softinclude" (e.g., 'idausert.cfg')
  • BUGFIX: IDA on OS X could lose the ability to click to move the cursor in the listing after performing some navigation
  • BUGFIX: IDA would always load symbols when loading a PDB file, even if the 'Types only' option was specified
  • BUGFIX: IDA would freeze after opening a file via drag-and-drop while a file dialog was open
  • BUGFIX: IDA would often implicitly create a QString from a char *, leading to a number of encoding issues
  • BUGFIX: IDAPython on Linux would not honor $PYTHONHOME when using the system's python
  • BUGFIX: IDAPython's IDC emulation of idc.GetTevRegMem() was not working
  • BUGFIX: IDAPython's choose.choose() was broken
  • BUGFIX: IDAPython/IDC: del_hotkey() failed to unregister the corresponding action
  • BUGFIX: IDAPython: execute_ui_requests() could crash IDA
  • BUGFIX: IDAPython: on linux, some form-related controls could fail to show, because of pointer conversion issues
  • BUGFIX: IDAPython: retrieve_exceptions()/store_exceptions() was not usable because of unknown vector type
  • BUGFIX: It was impossible to override a core action's shortcut(s) to "no shortcuts"
  • BUGFIX: It was impossible to place breakpoints in source-level debugging with actual source files (i.e., not pseudocode provided by Hex-Rays)
  • BUGFIX: Jumping to 'linked node' (by pressing Ctrl+Up/Down) in the graph view, would correctly move to the target node, but wouldn't create a new location history entry
  • BUGFIX: Jumping to end of "Structures" view could fail to display the members of the last structure (if it is expanded.)
  • BUGFIX: Menus & toolbars were created after the PLUGIN_FIX plugins were initialized, and thus it was impossible to, e.g., attach_action_to_menu() from idapythonrc.py
  • BUGFIX: Moving left/right on a line where a search result was found, could lead IDA to fail subsequent "search again" operations (i.e., Ctrl+T)
  • BUGFIX: Navigating back & forth in a view that has a corrupt history could cause INTERR 40464 or 40465
  • BUGFIX: Opening an IDA 6.8 IDB with empty bookmarks in IDA 6.9, could cause INTERR 1312
  • BUGFIX: PE: intentionally corrupted .NET files could trigger invalid memory reads
  • BUGFIX: Pressing in the "Select file to disassemble" could, in some cases, crash IDA
  • BUGFIX: Pressing Alt+L wouldn't provide visual feedback as it did before
  • BUGFIX: Separators in menus could, on some platforms, be prepended by '(...)'
  • BUGFIX: THREAD_EXIT event during appcall would cause problems
  • BUGFIX: The title of the Xrefs dialog that shows when pressing 'x', could be erroneous
  • BUGFIX: When loading an IDB and/or starting/stopping a debugging session, the main window could be maximized, but the widgets would remain in the top-left corner
  • BUGFIX: When pressing 'Down' in the "Structures" window, it might happen that the last line of a non-collapsed union would repeat multiple times
  • BUGFIX: calling idaapi.del_hotkey() twice with the same argument could crash IDA
  • BUGFIX: dwarf: be more resilient when saving a type to the TIL fails because of duplicate names
  • BUGFIX: fixed interr 40208 that could occur when closing the database after a fatal debugger error (disconnection from the remote host, for example)
  • BUGFIX: forms could not display filenames containing chinese characters
  • BUGFIX: non-ascii characters in the input file name would not be displayed correctly
  • BUGFIX: setting memory based variable values from the watch and locals view was broken
  • BUGFIX: spc700 processor data references could be missing
  • BUGFIX: structs with embedded arrays could be erroneously displayed in terse form even when it was not possible
  • BUGFIX: text IDA: pressing Ctrl+F4 to toggle to hex dump wouldn't refresh the screen right away
  • BUGFIX: text version of IDA could display the cursor in the wrong place if there was horizontal scrolling on the view
  • BUGFIX: text version of IDA could fail to draw the cursor after pressing 'End' to get to the end of a line of disassembly
  • BUGFIX: text version of IDA could fail to update the horizontal scrollbar upon cursor moves
  • BUGFIX: the wrong font might be selected when re-opening the font selection dialog
  • BUGFIX: win32 debugging: a hardware breakpoint located at an instruction right after another instruction that also has a breakpoint, could fail being triggered
  • BUGFIX: windbg could fail to load dbgeng.dll under Windows 7
  • BUGFIX: decompiler: arm64: in some cases condition flags could be calculated incorrectly
  • BUGFIX: decompiler: arm64: v8 was erroneously used to pass function arguments
  • BUGFIX: decompiler: arm: some conditional instructions could be translated without conditions
  • BUGFIX: decompiler: moving the mouse around could interfere with the "current location", and some actions could act in the wrong place (e.g., placing comments.)
  • BUGFIX: decompiler: stack arguments could not be recognized..., improved calculation of stack bytes used in a function call..
  • BUGFIX: decompiler: fixed numerous interrs (most of them very rarely occurring)

New in IDA 6.8.150413 (May 31, 2016)

  • Processor Modules:
  • ARM: Better tracking of registers, improved analysis
  • ARM: added support for scattered arguments (that are partially passed on the stack and partially in registers)
  • PC: improved prolog analysis
  • PPC: added support for a switch variation produced by the Green Hills compiler
  • PPC: support for Power ISA 2.07
  • File Formats:
  • COFF: added support for irix mips files (no support for relocations yet)
  • Dalvik: added support for OAT files
  • DWARF: basic support for clang-generated DWARF variable location
  • DWARF: very basic support for 'rustc'-produced DWARF information
  • Debugger:
  • PIN: add support for reading of FPU/XMM registers from internal exception tracing: can display addresses as raw, instead of using seg/func/offset representation
  • Kernel/Misc:
  • kernel: introduced the notion of ASM and C level types; IDA tries to preserve member offsets only for ASM types; C types may change their sizes because of the changes to other types they depend on
  • kernel: added support for long names: type, function, label, etc names can be up to 32767 bytes long
  • demangler: improved to recognize new mangled names
  • til: added type library for Windows 8.1 (user mode)
  • til: updated windows til files improved automatic recognition of ascii string by the autoanalyzer
  • User Interface:
  • UI: idaq dock menu on mac now features a list of recent files
  • UI/qt: It is now possible to navigate back & forward in location history with the mouse side navigation buttons (for mice that feature those) in graph & proximity view as well (it was already possible in listing view)
  • UI: display a warning if the user rebases program around 0xFF000000 (it may cause problems because these addresses are used for internal housekeeping)
  • UI: graph: Ctrl-Keypad-+ and Ctrl-Keypad-- can now be used to quickly collapse/reveal a node's contents
  • UI: GraphOverview: can optionally use a blank background (just like before 6.7)
  • UI: Proximity: added ability to have multiple paths, set their color, turn them on/off and delete them
  • Scripts & SDK:
  • IDC: added ExpandStruc()
  • IDC: improved SetLocalType: it accepts typeinfo object as the second argument in addition to declaration strings; added PT_REPLACE so that local types can be replaced
  • IDAPython: allow accessing a til_t's "base" til_t objects
  • IDAPython: in addition to AskUsingForm (that opens a dialog), it is now possible to call OpenForm (e.g., to open a form as a tab.)
  • IDAPython: added ExpandStruc()
  • IDAPython: USE_LOCAL_PYTHON config parameter is deprecated, IDA autodetects local Python installation now
  • SDK: added "segm_attrs_changed" event so that plugins can take appropriate actions if necessary
  • SDK: added print_decls(), allowing to print types from a type library (possibly including dependencies) in a format suitable for C(++) compilation
  • SDK: added support for default register bits of 64-bit debugger registers
  • SDK: added tinfo_t::clr_const,clr_volatile,clr_const_volatile functions
  • SDK: made the return codes of ph.notify() callbacks more plugin-friendly
  • SDK: netnode names can be of arbitrary length. for practical reason we limit them by 32KB
  • SDK: qstrncpy and similar functions will raise interr if the size argument is 0 or negative
  • SDK: replaced get_true_name() and similar functions by get_ea_name(), which accepts qstring as the output buffer; this allows for names of unlimited length, if necessary
  • SDK: segment names and classes use a separate namespace now and do not hinder functions or data labels with the same name
  • SDK: tinfo_t::get_unpadded_size() now works not only for c++ objects but for all structs
  • SDK: ui: forms: Added askqstr() - the kind of askstr() but with qstring argument
  • SDK: ui: new chooser_item_attrs_t::flags flag CHITEM_GRAY is added to show chooser item grayed out (like disabled). It is now used for the Local types choser to distinct guest types (syncronized from structure/enum views)
  • BUGFIXES:
  • BUGFIX: '-' was forbidden in type names but it can be encountered in template arguments
  • BUGFIX: ARM: A reference to SP (R13) in the register list of the LDMDB instruction (and similar ones) was not allowed by IDA, while some ARM devices can apparently execute it
  • BUGFIX: COFF: specially crafted COFF files could trigger invalid memory writes on OS X
  • BUGFIX: Calling refresh_chooser() on a chooser that's embedded in an AskUsingForm might fail calling the possible form callback with a possibly-updated rows selection
  • BUGFIX: Cmd+C was broken on OSX, and copying was only possible through Ctrl+C
  • BUGFIX: Creating 2 GraphRenderer with the same title could crash IDA
  • BUGFIX: Deprecated function add_menu_item() would place the item at the end of the menu if the path was of the form "Edit/Other/" (i.e., ending with an empty string), while it used to place the action on top before
  • BUGFIX: Deprecated function add_menu_item() wouldn't accept '-' as a separator anymore; only expecting '' (i.e., empty string) was allowed for separators
  • BUGFIX: Double-clicking on a thread in the list would jump to the wrong thread, if the list was sorted by a column
  • BUGFIX: During debugging, clicking on some strings containing format specifiers could cause IDA to display the wrong data
  • BUGFIX: Exporting structures to IDC could lose type information for their members
  • BUGFIX: File save dialog could have an empty/undefined file name on OSX (Issue 1232)
  • BUGFIX: Force switching to graph view on functions with huge number of nodes, might cause IDA to crash
  • BUGFIX: Global variable database_idb was not reset to the empty string after a database was closed
  • BUGFIX: Hex-View widgets had lost the ability to allow direct editing of the text in their rightmost area (since IDA 6.4)
  • BUGFIX: IDA could hang after not adequately handling a segment register change
  • BUGFIX: IDA could hang trying to coagulate unknown bytes within a code segment
  • BUGFIX: IDA could sometimes print garbage after cross references between structs
  • BUGFIX: IDA had no way to reset the background color of proximity view nodes that were highlighted by the 'Find path' action
  • BUGFIX: IDA was displaying split Unicode strings for big-endian processors incorrectly
  • BUGFIX: IDA would incorrectly report a circular dependency when trying to export a type containing a deleted type
  • BUGFIX: IDA would try to generate disassembly text for nodes that are unreasonably large
  • BUGFIX: IDAPython Hex-Rays bindings: could crash IDA because access to members of unions, while they didn't make sense, were allowed (and thus SWiG created buggy proxies around invalid pointers.)
  • BUGFIX: IDAPython was not exposing tinfo_t::get_named_type(), because SWiG rules in typeinf.i were too broad
  • BUGFIX: IDAPython's IDC-style ApplyType() wasn't working for structure members
  • BUGFIX: IDAPython: GetSegmentAttr/SetSegmentAttr would fail with segment registers
  • BUGFIX: IDAPython: Only the first 'long name' of python-based processor modules was considered
  • BUGFIX: IDAPython: build.py didn't trigger the patching of some directors methods calling convention, resulting in compilation failure with flag "--with-hexrays"
  • BUGFIX: IDAPython: expose ::get_named_type()
  • BUGFIX: IDAPython: idautils.DecodePreviousInstruction() was not checking for the right value returned from idaapi.decode_prev_insn()
  • BUGFIX: In IDAPython, re-using the same action description twice when registering dynamic context menu items could lead to a crash
  • BUGFIX: In some rare cases, IDA could crash when closing down & force-exiting a debugging session
  • BUGFIX: Installers couldn't be run in unattended mode, because the 'setEncryptionPassword' directive was specified in a '', which is not executed in unattended mode
  • BUGFIX: It was impossible to comment function stack variables in "Stack of " windows
  • BUGFIX: It was impossible to rename structure fields from IDA View-A anymore
  • BUGFIX: It was possible, through process_ui_action(), to invoke the code for an action that was disabled
  • BUGFIX: Mach-O DWARF source-level debugging could fail to find the source file
  • BUGFIX: Mach-O source-level debugging DWARF could fail finding shared libraries source files because it would miss some items (it wasn't taking ASLR into account)
  • BUGFIX: Manually loading a PE overlay could cause previous segments to be stretched, which would then conflict with later segments being loaded
  • BUGFIX: Not Free()ing a Compile()d idaapi.Form could cause IDA to crash at exit-time
  • BUGFIX: On OSX, opening the "About" dialog, then the "Addons" dialog, then closing the "Addons" and performing Ctrl+C could crash IDA
  • BUGFIX: PDB could fail on meaningless array descriptions, when those are packed into structures
  • BUGFIX: PDB was not properly parsing unnamed types of the form "SOME_NAMED_THING::__unnamed"
  • BUGFIX: PDB: improved responsivity of IDA while it's loading PDB information
  • BUGFIX: PIN: IDA could report incorrect address in an exception description
  • BUGFIX: PIN: pintool could crash when running with disabled ST_OVER... trace options
  • BUGFIX: PIN: pintool could report incorrect register values in case of internal exception
  • BUGFIX: Program rebasing could produce incorrect name records in the database
  • BUGFIX: Rebasing the program would lead to erroneous addresses in the "Imports" window, until that window is closed & re-opened
  • BUGFIX: Reloading some PE files could lead to an internal error
  • BUGFIX: Retina: When zooming in/out of the graph view, nodes contents could appear smaller
  • BUGFIX: Right-clicking on an identifier in a node wouldn't set the cursor position to that identifier before opening the context menu, resulting on context menu items irrelevant for the wanted identifier
  • BUGFIX: Saving the IDB would cause the history to be modified
  • BUGFIX: Selecting a node that is overlapping another node, and Ctrl+dragging (for selecting) from another node was sometimes producing an interr
  • BUGFIX: Selecting by rectangle in graph view was displaying the rectangle at its position * 2 on OSX retina displays
  • BUGFIX: Setting a widget's icon wouldn't be reflected in the UI
  • BUGFIX: Setting function prototypes to similar-looking prototypes, but whose arguments come from other type info libraries, could cause IDA to interr 1064
  • BUGFIX: Specifying an erroneous binary path mapping & then correcting it, could cause IDA to keep requesting for mappings
  • BUGFIX: When calling 'attach_action_to_menu' with a menu path starting with "Edit" from the "Recent scripts" window, the action could end up in the 'Recent scripts's own Edit menu, instead of in the global one
  • BUGFIX: When changing a variable/argument type in a function frame, 'Structures' xrefs might not be updated
  • BUGFIX: When debugging with WinDbg, stepping over some instructions that cause debugging events (e.g., a "call CreateProcess", causing library load events) might fail & let the program run freely
  • BUGFIX: When debugging, performing unaligned read_dbg_memory() on linux targets could return wrong data (and so could DbgRead() and idaapi.dbg_read_memory())
  • BUGFIX: When debugging, synchronizing a Hex View with a register, then later syncing with another register would lead the view to be synced with both registers
  • BUGFIX: When importing structures from an IDC strict, some dependencies were missing (if those dependencies were defined later in the file.)
  • BUGFIX: When in graph view, IDA had lost the ability to create groups with only one node (as some users sometimes desire.)
  • BUGFIX: When in graph view, pressing to follow an identifier that will cause the view to switch to listing view, then opening a dialog (e.g., renaming that identifier), and finally going back to graph view, could cause some actions to be unavailable (e.g., 'Hide group'.)
  • BUGFIX: When the DWARF information for "well-known types" (e.g., __m128d) was erroneous, the DWARF plugin was creating erroneously-sized structures, causing the decompiler to fail
  • BUGFIX: When the graph layout is locked, clicking within nodes of user-provided graphs wouldn't change the cursor & update the highlight
  • BUGFIX: add_menu_item() backward compatibility was broken when the path didn't contain any slash. E.g., "Options"
  • BUGFIX: an expression like sizeof(struct) was creating an xref to the first struct member; changed it to create an xref to the entire structure
  • BUGFIX: autoanalysis could hang on some wrong code sequences or corrupted files
  • BUGFIX: better distinction between the code/data conversions done automatically by ida and by the user
  • BUGFIX: btree: IDA could abort in rare cases when removing a subtree from a database
  • BUGFIX: cli: IDA could crash trying to print strings coming from very corrupted (i.e., fuzzed) input files with corrupted signatures
  • BUGFIX: compacting a type library in the presence of aliased types could lead to interr
  • BUGFIX: corrupted codeview info could crash ida
  • BUGFIX: corrupted epoc files could crash ida
  • BUGFIX: corrupted xcoff files could crash ida
  • BUGFIX: corrupted database (idb/i64) could lead to memory corruption
  • BUGFIX: dalvik: added "green arrow", which points to the next executed instruction in the debugger
  • BUGFIX: dbg: dalvik: slot coinciding with "retval" was erroneously ignored when the locals are collected
  • BUGFIX: dbg: gdbserver: reinitialize the registers information when the target architecture is detected
  • BUGFIX: dbg: linux_server: signals from the different threads may arise simultaneously without special order, so in the interr 30057 we must weaken the condition
  • BUGFIX: dbg_read_memory()/DbgRead() could return garbage data for unmapped regions
  • BUGFIX: debugger: request_step_into() could cause interr 40396
  • BUGFIX: debugging with gdbserver was impossible for mips executables starting at 0x80000000
  • BUGFIX: defining the same standard structure twice could lead to a crash
  • BUGFIX: deleting structures could break navigation in the structures window
  • BUGFIX: dump typeinfo to idc: in some cases EndTypeUpdating(UTP_ENUM) was missing in the generated file
  • BUGFIX: dumy typeinfo to idc: structures alignments were missing
  • BUGFIX: editing a enum type from the local types view to a wrong definition (for example, reusing a symbol that was used elsewhere) would lead to desynchronization with the enum view; fixed other similar problems
  • BUGFIX: editing a local type would desynchronize it from idb types
  • BUGFIX: export types: anoonymous nested struct/union types were referred by a generated name; this was leading to an incorrect c declaration
  • BUGFIX: fixed internal error in the instruction decoder for mips (opcode 78787878 was causing it)
  • BUGFIX: fixed interr 40208 that could occur when terminating the debugger
  • BUGFIX: fixed interr 518
  • BUGFIX: fixed interr 599 (the value of a 6-byte pointer could not be printed as a c declaration)
  • BUGFIX: fixed interr 608
  • BUGFIX: fixed multiple vulnerabilities in the rpc protocol between ida and debuggser servers
  • BUGFIX: fixed some idc nuisances reported on the forum
  • BUGFIX: gdbserver: disabling single-step support could render the debugger module unusable, ida would complain about wrong RESMOD bits
  • BUGFIX: ida could crash after calling StartProcess("","","") from the python command line while using a remote GDB debugger
  • BUGFIX: ida could crash during analysis
  • BUGFIX: ida could crash or hang on corrupted cli files
  • BUGFIX: ida could crash when stopping the debugger
  • BUGFIX: ida could crash while analyzing a file (if a function tail was deleted during enumerating function tails)
  • BUGFIX: ida could crash with stack overflow while analyzing borland template data
  • BUGFIX: ida could hang trying to load a corrupted pe file
  • BUGFIX: ida could hang trying to load corrupted aout file
  • BUGFIX: ida could hang when analyzing some files
  • BUGFIX: ida could interr when compacting a type library
  • BUGFIX: ida would hang trying to display huge (>2GB) arrays
  • BUGFIX: ida64 would interr trying to calculate arglocs for some functions
  • BUGFIX: idapython: fixed idx.savefile. Previous implementation has failed to open new file
  • BUGFIX: idaw would not accept non-ascii file names from the command line
  • BUGFIX: if an address was marked as 'notcode', it would lead to odd situation when the user would define an instruction but ida would immediately delete it
  • BUGFIX: if idb was saved before any planned signatures had been applied, autoIsOk would never return true
  • BUGFIX: if sending a bug report failed, ida would simply tell the user about it; now we show the dialog box once more so that the user can copy the bug report out of ida
  • BUGFIX: if the last thing we do before saving the idb to the disk is to define a big item that uses both STT_VA and STT_MM storage methods, the sparse flags would not be saved correctly to the disk (they would not be marked as dirty)
  • BUGFIX: if the struct indexes got corrupted, some of struct types were permanently missing from the list
  • BUGFIX: importing a struct type from the local types window to the struct view could crash ida
  • BUGFIX: instant debugging: gdb module was not configuring its registers correctly if the target processor was changed at the last moment
  • BUGFIX: mac_server would make one processor core 100% busy after debugging an application
  • BUGFIX: mc16c: ida could crash trying to display an bad instruction
  • BUGFIX: parsing of argument locations in a register with an offset was broken (e.g. rdx^4.2)
  • BUGFIX: pe: ida could complain about truncated input file in some rare cases
  • BUGFIX: pe: ida could hang trying to load a corrupted file
  • BUGFIX: pe: replaced interr 20064 with a silent failure because it may occur on corrupted input files
  • BUGFIX: pe: validation of the number of exported addresses was wrong
  • BUGFIX: ppc: dquai and dquaiq instructions could not be decoded
  • BUGFIX: read-access hardware breakpoints on win64 were broken
  • BUGFIX: setting a new target compiler must lead to recalculation of argument locations (especially for x64 where gcc and ms behave differently)
  • BUGFIX: some type names were displayed as #N (where N is the type number)
  • BUGFIX: symbol addresses in 32-bit map files were relative to the segment start, not to the segment base (pe files were not affected by this bug)
  • BUGFIX: the struct/enum views were not automatically refreshed after idc/python scripts that modify them
  • BUGFIX: tilib was not accepting enum redefinitions if a constant with the high bit set was present (for example, 0x80000000)
  • BUGFIX: tinfo validation could erroneously fail for aliased types
  • BUGFIX: tls callbacks in pe+ files were handled incorrectly
  • BUGFIX: tms320c6: some insns were disassembled incorrectly or not at all
  • BUGFIX: type validation was too strict: an internal type alias may differ from its target in the type modifiers (const/volatile). they are one of the reasons why we have internal aliases after all
  • BUGFIX: types entered by the user were not lowered; it is safer to try to lower them in order to get rid of arrays as function arguments, for example
  • BUGFIX: ui: docks: Prevented creation of empty areas
  • BUGFIX: ui: qt: Fixed disappearing of persistent dock if "Float" button in the dock header is clicked
  • BUGFIX: when debugging, double-clicking on an address in the stack view wouldn't jump anymore
  • BUGFIX: when exporting types, ida could fail to define a structure that was previously used in a typedef
  • BUGFIX: xrefs to the structure members would disappear after renaming a structure/enum or other manipulations with it
  • BUGFIX: IDA would fail to delete the last history item from the QuickStart dialog.
  • BUGFIX: IDAPython Choose2 instances that were self.Close()ing as a part of an OnCommand() callback could crash IDA.
  • BUGFIX: IDAPython Choose2-based choosers could not be notified of selection changes (through their 'OnSelectionChange' callback.)
  • BUGFIX: IDAPython calling 'term_database' could leave some windows opened that still need a database, leading to a crash.
  • BUGFIX: Painting widgets from PySide in IDAPython could cause IDA to crash.
  • BUGFIX: When toggling (with ) between Hex-Rays & IDA View-A, hex-rays could cause IDA View-A to move the cursor.
  • BUGFIX: clicking on opcode bytes AF, CF and DF would result in no highlighting whatsoever.
  • BUGFIX: fixed interr 40208 which could occur if the network connection to the remote debugger was broken
  • BUGFIX: interr 820 could occur when loading dwarf debug info
  • BUGFIX: pc: register tracking was leading to wrong results in omf files
  • BUGFIX: pc: some instructions were erroneously marked as belonging to the function epilog; this would lead to wrong decompilation
  • BUGFIX: read-only page breakpoints would be missed if added into an executable page

New in IDA 6.7.141229 (May 31, 2016)

  • Processor Modules:
  • 6809: added support for data page segment register (DP)
  • ARM: detect several additional variations of the __rt_switch8 helper in binaries produced by the ARM compiler (armcc)
  • ARM: improve no-ret analysis for calls performed using BX and BLX instructions
  • Dalvik: 'T' can be used to apply structure offsets to odex "quick" instruction operands
  • Dalvik: decode return-void-barrier (opcode 0xf1) instruction
  • f2mc: Added PCB to the list of segment registers
  • m740: added I/O port definitions for m3804x
  • Mach-O: add init pointers as entrypoints (similar to PE's TLS callbacks)
  • Mach-O: improve the loader to handle unusual and deliberately modified files
  • Mach-O: use the LC_MAIN command, if present, to determine the program entrypoint
  • MIPS: added support for Cavium Octeon II instructions
  • MIPS: added DSP ASE support
  • MIPS: added MSA ASE support
  • MIPS: added microMIPS instruction set support
  • MIPS: provide auto-comment for floating point and dword-sized stack args
  • MIPS: resolve gp-relative references on N64 ABI
  • MIPS: simplify some instruction sequences to dla/dli on N32/N64 ABIs
  • MIPS: Support for R_MIPS_TLS_TPREL relocations
  • PC/PE/kernel: define entrypoint prototype for UEFI files NB: DXE entrypoint is used for all UEFI files, since it's impossible to distingish PEI and DXE files by the header flags
  • PC: decode FMA4 instructions
  • PC: handle switches produced by the Sun C compiler
  • PC: improve recognition of GCC switches in non-PIC x64 binaries
  • PC: improve switch analysis (again)
  • PC: improved frame analysis (some 'lea ebp' insns were recognized as part of prolog while they were not)
  • PC: improved prolog recognition
  • PE: handle unwind info version 2 in x64 .pdata sections
  • PE: support ARM64 files
  • PE: when applying relocations, mark relocations which apply to code as such (improves autoanalysis)
  • PPC: PPC_TOC, PPC_SDA_BASE, PPC_MMIO_BASE can now be set from IDC scripts
  • PPC: support for SPE 2.0 instructions
  • Tricore: apply mapping to offsets recognized in standard instruction sequences
  • File Formats:
  • IDA automatically uses sparse storage for uninitialized segments
  • ELF: add support for R_MIPS_64 reloc
  • ELF: DT_MIPS_LOCAL_GOTNO-declared relocations in MIPS shared libraries will now be properly handled on rebasing/segment move
  • ELF: handle x86/x64 files with bogus EI_CLASS and EI_DATA values (these fields are ignored by Linux kernel)
  • ELF: if a dynamic shared object file has ".interp" section, do not mark it as DLL (it's a position-independent executable)
  • ELF: MIPS: detect microMIPS functions
  • ELF: MIPS: try to find initial gp value even when DT_MIPS_GP_VALUE is missing
  • ELF: PPC: handle R_PPC_ADDR24 relocation
  • ELF: support files that use bogus R_ARM_REL32 relocations for self-decryption
  • ELF: Support for R_386_TLS_TPOFF32 relocation
  • HEX: split the file being loaded into several segments if there are big gaps in addressing
  • Java: support loading of .class files produced by Java 8
  • CLI: IDA on Windows can now make use of the built-in CLI metadata loader, if the environment variable 'PE_CLI_FORCE_RAW' is set
  • TE: added support for TE (Terse Executable) file format, used in UEFI firmwares
  • Debugger:
  • BOCHS: enabled manual memory regions in disk image mode
  • BOCHS: support for Bochs 2.6.6
  • debugger: Android: added a position-independent build of the debugging server (android_server_pie); necessary for Android Lollipop
  • Debugger: Dalvik: added an ability to preset breakpoints at methods of Activity to start with, controlled by Debug specific options
  • Debugger: linux: try to detect if the dynamic interpreter (ld.so) is loaded at runtime and start reporting shared libraries at that time This helps with debugging of compressed programs
  • DWARF: Don't try and use DWARF info from files that have a .gnu_debugaltlink companion file
  • DWARF: Golang: Better handling of some poorly-defined arrays dimensions
  • DWARF: Initial support for CFA(Call Frame Activation)-based stack arguments
  • DWARF: Moved to libdwarf 20140805, which provides much better DWARF V4 support
  • DWARF: Support for decimal floating point values
  • DWARF: Support for ELF files with a companion 'DWZ' file (i.e., "compressed" DWARF information.)
  • DWARF: Support for Free Pascal-style UDT-member-as-subroutine (lacks a '*' DIE)
  • PIN: implemented write memory request
  • PIN: print PIN toolkit version when starting pintool
  • PIN: provide access to FPU/XMM registers
  • PIN: support PIN toolkin version 2.14
  • PIN: support register modification
  • Kernel/Misc:
  • demangler: added support for the .eh suffix
  • demangler: handle rvalue reference and nullptr_t in VC++ mangled names
  • generate a xref to the target struct type when 'struct offset' applied to a struct member
  • installer: enable SEHOP and Force ASLR mitigations on Windows at install time
  • kernel: reimplemented storage of segment register changepoints. Now ARM files with many ARM-Thumb changepoints consume much less memory
  • Linux installer will warn the user about missing 32-bit support instead of failing silently on pure x64 distros
  • show string tail as a comment if cross-refence points into the middle of the string
  • sync all imported types from loaded tils to the local til file; we need this to ensure that an imported type does not suddently change because of til manipulations
  • PELF: add support for ARCompact relocations
  • TIL: added a type library for UEFI (x86 and x64, version 2.4)
  • kernel: virtual array was flushing pages to the disk every time we changed its size; removed that
  • User Interface:
  • UI/QT: When holding Shift or Ctrl while mouse wheel scrolling, entire pages are scrolled at once. When doing so in hint windows, they are grown/reduced faster, too
  • UI: add 'Undefine operand', and 'Alignment' to the context menu, when applicable
  • UI: Added "Copy to clipboard" functionality to "Export Data"
  • UI: added a setting for the number of xrefs for structs/enums in the Options dialog
  • UI: distinguish the main entrypoint in the list of exports/entry points
  • UI: double-clicking on a register value during debugging allows to edit it
  • UI: force randomization of Python DLLs load addresses, to reduce the risk of vulnerabilities; also enable Force ASLR if available (Windows 8 or later)
  • UI: handle gracefully lack of disk space when trying to save the database - allow the user to retry saving
  • UI: if one of the recent file entries in the File menu is selected while Shift key is held down, the file is opened in a new IDA instance
  • UI: improved the "Edit Segment" form; segment access permissions can be edited now
  • UI: on Windows, offer to create a minidump in case of an internal error
  • UI: options dialog: added a "graph" or "nongraph" suffix to the settings which are mode-specific
  • UI: print detailed function argument information when the user presses 'F'
  • UI: QT: remove requirement for compatible screen resolution when loading desktop from IDB. If some floating windows do not fit into the screen, they're resized
  • UI: remember the last used directory for the "Script file..." dialog (if OPEN_DEFAULT_IDC_PATH is not set)
  • Scripts & SDK:
  • IDAPython: add idaapi.get_kernel_version()
  • IDAPython: added ability to build IDAPython with Hex-Rays bindings by specifying a path to a directory where to find the 'hexrays.hpp' file
  • IDAPython: added APIs for accessing the registry
  • IDAPython: added APIs for working with breakpoint groups
  • IDAPython: added umsg() for printing UTF-8 text into the Output Window
  • IDAPython: construct_macro() is now available to IDAPython processor modules
  • IDAPython: export get_custom_viewer_place(), and allow place_t clone() & related functions
  • IDAPython: expose QueueDel(qtype_t, ea_t), to complete APIs for manipulating entries from the "known list of problems"
  • IDAPython: get_tform_type()/get_tform_title(), & current_tform_changed callback
  • IDAPython: give users the ability to access the underlying TForm/TCutsomControl objects that back higher-level Pythony wrappers, so that the rest of the SDK API can be used as well
  • IDAPython: improve stability and error reporting for Python processor modules
  • IDAPython: Scripts can use OnViewMouseMoved() callback to be notified of mouse movement on views (both user-created, as well as core IDA views)
  • IDAPython: User graphs: double-clicking on a graph edge, will (by default) jump to the node on the other side of that edge
  • IDC: Added UMessage(), to print UTF-8 strings
  • IDC: 'Dump Database to IDC' now exports function comments too
  • IDC: SetType/ApplyType can be used with struct member IDs
  • SDK: Added 'umsg', which is in all aspects similar to 'msg', except that it works exclusively with UTF-8 strings
  • SDK: added build_stkvar_xrefs(), to get a list of all the xrefs in a function for a given argument/variable in that function's stack frame
  • SDK: added function to retrieve action attributes
  • SDK: added lower_type2(), that accepts a helper capable of providing additional information about the function, that lower_type2() itself doesn't know about
  • SDK: Added patch_qword(), (and PatchQword for IDC.)
  • SDK: added qfindclose64() to the destructor of qffblk64_t; there is no need to call it explicitly anymore
  • SDK: added qfstat64()
  • SDK: added unpack_xleb128() to read sleb/uleb128 values
  • SDK: attach_action_to_popup()/detach_action_from_popup() can now be used to register and remove 'permanent' popup actions
  • SDK: deprecated 32-bit findfirst/findnext functions and qstat()
  • SDK: deprecated guess_func_tinfo2 (use guess_tinfo2)
  • SDK: deprecated ui_showauto and ui_setstate
  • SDK: extend APIs for working with breakpoint groups
  • SDK: extended set_dock_pos usage. Now it can be applied for the complex widgets by specifying the window title, f.e. "IDA View-B, Enums, Exports"
  • SDK: extensive reworking of comments in the headers (converted to Doxygen format). HTML documentation is avilable for
  • SDK: introduced debugger_t::set_resume_mode to be able to specify various resuming kinds (it replaces 'thread_set_step')
  • SDK: new set of functions for dealing with user-provided actions
  • SDK: qfileexist() now returns false if the specified path is a directory (use qisdir() for directories)
  • SDK: since the return value of malloc/calloc with zero size is implementation dependent, the qalloc/qcalloc functions check for zero and return NULL
  • SDK: added qgetcwd()
  • BUGFIXES:
  • BUGFIX: IDAPython: made 'extract_name' available again
  • BUGFIX: 32bit offsets in 16-bit segments were interpreted as seg:off pairs for all processors (should happen only for x86)
  • BUGFIX: 64bit windows debugger: read/write of FPU/MMX was handled incorrectly
  • BUGFIX: 6809: low/high offset expressions were displayed incorrectly
  • BUGFIX: a signed comparison was used to validate the 'maxord' field of .til files; this is a vulnerability that can be exploited by creating a specially crafted .idb file, at least in theory
  • BUGFIX: AOF: AOF loader could access out-of-bounds memory
  • BUGFIX: AOUT: IDA could crash trying to load a corrupted a.out file
  • BUGFIX: ARC: ARC4 ld/st were incorrectly treated as having delay slots
  • BUGFIX: ARC: brCC and bbitX instructions were printed incorrectly (no delay slot and unnecessary period)
  • BUGFIX: ARC: some ARCompact instructions were missing flag-setting bits
  • BUGFIX: ARM: IDA could hang if there were three or more thunk functions calling each other in a loop
  • BUGFIX: ARM: IDA could loop endlessly on some files (if the byte sequence would be resemble valid code but still had many inconsistencies)
  • BUGFIX: ARM: instructions belonging to TBH/TBB switches were not properly marked
  • BUGFIX: ARM: instructions inside IT blocks would lose their condition suffixes on rebasing
  • BUGFIX: ARM: single stepping inside IT blocks was broken
  • BUGFIX: autoanalysis could endlessly loop in some (rare) cases
  • BUGFIX: BOCHS: IDA could fail to start debugging in snippet mode (IDB mode) if there was a big .bss segment at the end of address space in the database
  • BUGFIX: BOCHS: IDB mode would work incorrectly with files that have many small, non-page-aligned segments (e.g. many ELF files)
  • BUGFIX: BOCHS: in protected mode (disk image mode), mappping of segment selectors that use LDT (and not GDT) was done incorrectly
  • BUGFIX: check_process_exit() could not handle the processes that were terminated by a signal (unix)
  • BUGFIX: choose2() in batch mode could return wrong answer (if the default answer was wrong)
  • BUGFIX: CLI: IDA could crash when loading a corrupted .NET file on Linux/OS X (double free)
  • BUGFIX: CLI: IDA could hang on some corrupted .net files
  • BUGFIX: CLI: IDA could spend enormous amount of time trying to load some corrupted .net files
  • BUGFIX: CLI: Incorrect .net metadata could cause IDA to quit on Linux & OSX
  • BUGFIX: CLI: specially crafted .net file could crash IDA on unix
  • BUGFIX: Closing the IDB and calling 'get_import_module_name()' (e.g., through a PLUGIN_FIX plugin) would crash IDA
  • BUGFIX: COFF: corrupted file could crash IDA
  • BUGFIX: COFF: IDA could crash on some corrupted files
  • BUGFIX: COFF: truncated string tables could lead to memory corruption
  • BUGFIX: Dalvik debugger could crash when switching to the debugger desktop
  • BUGFIX: Dalvik: move/16 and move-object/16 instructions were decoded incorrectly
  • BUGFIX: DBG/COFF: IDA could crash when parsing a COFF symbol with bogus count of aux records
  • BUGFIX: debugger: Android debugger could miss some memory areas (if the same starting address was listed twice in 'maps')
  • BUGFIX: debugger: in some cases debugger could not continue execution after suspending on 'start process' event
  • BUGFIX: debugger: it was impossible to read MMX registers from 64bit linux debugger
  • BUGFIX: debugger: mac: IDA would fail to read debuggee's memory at or close to address 0 even when it was valid
  • BUGFIX: Debugger: some debugger modules could still send BREAKPOINT events after receiving the termination request; IDA should ignore them
  • BUGFIX: DEX: a specially crafted DEX could crash ida
  • BUGFIX: DEX: fixed a buffer overflow in the DEX loader
  • BUGFIX: DEX: IDA could crash trying to load a corrupted DEX file
  • BUGFIX: DOS: MZ EXE relocations with values >0x8000 were processed incorrectly
  • BUGFIX: DWARF: could fail recognizing some types as being equivalent, and end up in an INTERR
  • BUGFIX: DWARF: could crash when generating some variations of a type, to make its size suitable for inheritance
  • BUGFIX: DWARF: some badly corrupted DWARF data could cause IDA to quit
  • BUGFIX: ELF: bogus PT_NOTE entries could cause IDA to hang for a long time
  • BUGFIX: ELF: could crash on corrupted elf files
  • BUGFIX: ELF: IDA could crash when loading a specially crafted ELF file
  • BUGFIX: ELF: MIPS HI16 RELA relocations were incorrectly applied
  • BUGFIX: ELF: specially crafted file could result in stack buffer overrun
  • BUGFIX: ELF: STB_WEAK symbols were not listed in the 'exports' window
  • BUGFIX: EPOC: handcrafted EPOC files could cause an endless recursion and eventual crash (but IDA would ask for a confirmation at each iteration)
  • BUGFIX: EPOC: IDA could crash trying to load corrupted EPOC files
  • BUGFIX: EPOC: malicious deflate-compressed EPOC files could crash IDA
  • BUGFIX: EPOC: specially crafted .sis file may cause memory corruption
  • BUGFIX: fixed behavior of highlight + scrolling to be like IDA pre-6.6
  • BUGFIX: Fixed exporting to C header file of types with fileds of referenced by name type
  • BUGFIX: GDB: the "Use CS:IP in real mode" option was treated as always active, leading to incorrect EIP values in real mode in some stubs (e.g. VMWare)
  • BUGFIX: HPSOM: HP-UX SOM loader could access out-of-boundary memory
  • BUGFIX: IDA could crash at the exit time if tinfo_t objects were leaked by a plugin or script
  • BUGFIX: IDA could crash if an attempt to match a jump table instruction sequence was made on an ea without a segment
  • BUGFIX: IDA could crash on specially crafted DEX file (trying to allocate a huge segment)
  • BUGFIX: IDA could crash trying to guess a function type (stack overflow)
  • BUGFIX: IDA could crash trying to load corrupted PharLap extender files
  • BUGFIX: IDA could hang trying to move a segment from the top of the addressing space
  • BUGFIX: IDA could interr if the program was rebased in the presence of orphan bytes (bytes that do not belong to any segment)
  • BUGFIX: IDA could not parse 'static int inline x;'
  • BUGFIX: IDAPython Decompiler bindings could abort IDA because of some uncaught C++ exception
  • BUGFIX: IDAPython processor modules' outop-produced op_t references were leaked
  • BUGFIX: IDAPython: Activate() callback was not functional
  • BUGFIX: IDAPython: Exceptions in GraphViewer.OnRefresh() were silently ignored
  • BUGFIX: IDAPython: exceptions thrown inside the code called by SWIG wrappers must be caught, or IDA might abort
  • BUGFIX: IDAPython: Form.Close() was not working in most cases
  • BUGFIX: IDAPython: gen_disasm_text() was expecting a 'text_t' instance, which is not exposed
  • BUGFIX: IDAPython: get_ascii_contents2() was not honoring the possible output encoding request
  • BUGFIX: IDAPython: GetLocalType() could produce errors with some local types
  • BUGFIX: IDAPython: GraphViewer would not allow grouping of nodes, unless OnCreatingGroup was implemented
  • BUGFIX: IDAPython: GraphViewer.Select() method was always selecting node 0 regardless of the argument
  • BUGFIX: IDAPython: It was not possible to use 'tag' and 'reg' functions of a segreg_t instance returned by get_srarea()
  • BUGFIX: IDAPython: Some char arrays-derived Python strings could contain garbage in some cases
  • BUGFIX: IDAPython: some functions which returned a ssize_t, were wrapped incorrectly and were unusable
  • BUGFIX: IDAPython: udt_type_data_t was not exposed as a qvector, and thus couldn't be iterated on
  • BUGFIX: IDAPython: When using the Strings() class, bytes could be erroneously retrieved
  • BUGFIX: IDC's SetShortPrm(INF_BINPREF, gt;) would not properly change the current renderer's amount of displayed bytes
  • BUGFIX: IDC: GetLocalTinfo() would return a non-zero number upon failure (must return 0)
  • BUGFIX: IDC: IDA could interr if an IDC function was called with wrong number of arguments
  • BUGFIX: IDC: SetMemberType() with struct offset would use wrong struct offset delta
  • BUGFIX: IDC: the function SetRegValue() could set incorrect value for FPU registers
  • BUGFIX: it was possible to create an item across function chunk boundaries (only in some cases)
  • BUGFIX: kernel: instruction emulator could destroy the current insn in some cases and this would cause an interr later
  • BUGFIX: LE: LE files without the MZ header could not be loaded
  • BUGFIX: linux debmod could interr on low-level conditions
  • BUGFIX: Mach-O: __stubs section was processed incorrectly for x64 files
  • BUGFIX: Mach-O: corrupted export data could cause buffer overflow and crash IDA
  • BUGFIX: Mach-O: Fixed crash in Mach-O loader (endless recursion)
  • BUGFIX: Mach-O: fixed off-by-one bug in many places; efd was crashing on the sample files we received today; probably IDA too
  • BUGFIX: Mach-O: Fixed potential endless recursion
  • BUGFIX: Mach-O: IDA could crash on some corrupted Mach-O files the number of sections or section boundaries are bad
  • BUGFIX: Mach-O: IDA could crash when loading Mach-O files with malformed LC_LOAD_DYLIB commands
  • BUGFIX: Mach-O: IDA could not load files with over-sized sections
  • BUGFIX: MIPS: building mips16 macro instructions could consume too many bytes, preventing some following instructions from being decoded
  • BUGFIX: MIPS: registers could be tracked incorrectly for mips16 code
  • BUGFIX: MIPS: some references to local symbols loaded from the GOT could not be converted to offsets
  • BUGFIX: msp430: was using 16-bit segments by default
  • BUGFIX: MSP430: some BRA instructions were decoded incorrectly
  • BUGFIX: NE: IDA could crash on specially crafted NE file (zero pointer dereference)
  • BUGFIX: on Linux some of concurrently started instances of IDA could fail to load the registry
  • BUGFIX: our C parser was supporting only "ui64" suffix for 64-bit constants; the 'll' prefix was silently skipped
  • BUGFIX: Patched bytes are now reverted before the segment and its data are deleted
  • BUGFIX: PC: 'ymmword' keyword was not defined for PC module which caused 32-byte data items to be displayed with (null) prefix
  • BUGFIX: PC: AVX instructions that refer to r8..r15 should not be decoded in 32-bit mode
  • BUGFIX: PC: some instructions using repeated 66 and 67 prefixes (operand/address size override) were not decoded correctly
  • BUGFIX: PDB: IDA could fail to load a PDB file when using File->gt;Load additional file->gt;PDB file... dialog
  • BUGFIX: PE: files with corrupted CodeView debug info could trigger a double free
  • BUGFIX: PE: heap overwrite in processing of x64 .pdata entries
  • BUGFIX: PE: IDA could access invalid memory when a corrupted COFF symbol table was present
  • BUGFIX: PE: IDA could take a very long time loading a file with bad debug directory
  • BUGFIX: PE: specially crafted PE file could lead to memory corruption
  • BUGFIX: PEF: fixed multiple vulnerabilities
  • BUGFIX: PEF: specially crafted PEF files could crash IDA
  • BUGFIX: PIN: get rid of duplicates in trace buffer (basic block tracing mode)
  • BUGFIX: PIN: in some cases IDA tried to launch pintool even if 'autolaunch' option was disabled by the user
  • BUGFIX: PIN: in some cases pintool could provide incorrect memory configuration
  • BUGFIX: PIN: incorrect tooltips for memory operands in the disassembly window
  • BUGFIX: PIN: not all threads appeared in IDA after initial attach to a process
  • BUGFIX: PIN: register values/threads could be lost when debugger stops on "Process start"/"Library loaded" events (in case 'Suspend on debugging start' or "Suspend on library load/unload' option is enabled)
  • BUGFIX: PIN: take into account actual flags of segments/function when enabled options 'Trace over debugger segments', 'Trace over library functions'
  • BUGFIX: PPC: undecorating a name could yield an empty name and that could cause a crash
  • BUGFIX: PPC: VLE instruction se_addi was incorrectly simplified into se_li when r0 was used as a source operand
  • BUGFIX: Producing files with only structures/enums gave erroneous feedback on the line count
  • BUGFIX: Proximity view could crash when asked to expand/collapse multiple nodes, when some of those are "(+)" nodes
  • BUGFIX: qrealloc() with BADMEMSIZE could succeed on some flavors of linux64 (it should fail)
  • BUGFIX: qwingraph: could crash on some huge graphs; now we nicely display a message and exit
  • BUGFIX: references to unexisting types would be saved with explicit struct/union/enum keywords even if the reference was simply by name; the keyword would be derived on the fly from the forward declaration, if it existed
  • BUGFIX: renaming a struct/enum would break references to it because IDA was using references by name instead of by ordinal
  • BUGFIX: SDK: tinfo_t::is_forward_decl() could incorrectly return false in some cases
  • BUGFIX: searching for the next unknown byte in sparse storage was buggy
  • BUGFIX: some -D command line options could be effectively ignored because IDA could load a new processor module immediately after applying them; now we apply -D switches after loading the input file
  • BUGFIX: some anonymous unions of bitfields could be handled incorrectly in pdb files
  • BUGFIX: some register names were duplicated by some debugger backends
  • BUGFIX: SPARC: IDA would miss delay slots in little endian mode
  • BUGFIX: structure alignment was incorrectly calculated when copying from the struct window to the local types;
  • BUGFIX: switch idioms that had the default jump target inside (but unmarked) would still be decompiled incorrectly
  • BUGFIX: Syncing a Hex-View to the value of a register would cause an interr
  • BUGFIX: the 'local types' window was not refreshed after importing some types to the IDB
  • BUGFIX: tilib: could interr when trying to calculate the alignment of a 'long double' type when the compiler is set to 'Borland' (long double is 10 bytes but has alignment of 8)
  • BUGFIX: tinfo_t::print() could crash if PRTYPE_DEF was passed for a trivial type
  • BUGFIX: tracing, basic block tracing mode: broken order of instructions in the trace buffer
  • BUGFIX: Tricore: some ld16/st16 instructions were decoded incorrectly
  • BUGFIX: UI: after switching Hex View to one-column it was not displaying anything
  • BUGFIX: UI: IDA could confuse structs with members when renaming in the structures view
  • BUGFIX: UI: IDA could crash when showing proximity graph coming from a trace
  • BUGFIX: UI: IDA could crash when trying to display a proximity view graph for a newly opened file, if that graph exceeded the max node limit
  • BUGFIX: UI: IDA could show "undefined type" message when loading some PE files into IDB
  • BUGFIX: UI: IDA was generating bogus idb_event::op_type_changed when showing the context menu
  • BUGFIX: UI: in some cases picking a standard numeric constants (enum) for the value in the disassembly did not work
  • BUGFIX: UI: load-time warnings could be shown again even if the user checked "Don't show again in current session"
  • BUGFIX: UI: Pressing '.' when in the "Output window"'s messages widget wouldn't switch control to the CLI widget
  • BUGFIX: ui: qt: Changed meaning of 'width' field parameter in forms descriptions. Now it is buffer size -1 for text fields and the number of characters for digital fields
  • BUGFIX: UI: QT: Open... file dialog was displaying only "All files(*)"; now extensions idagui.cfg are used
  • BUGFIX: UI: Right-clicking on a graph view, and then clicking on the "Zoom 100%" action could lead the view to zoom to the wrong place
  • BUGFIX: UI: Right-clicking on an edge, and requesting a grouping of nodes while none are selected could crash IDA
  • BUGFIX: UI: some IDBs created on Windows and used on Unix could have problems with the 'struct offset' command in the gui verion
  • BUGFIX: UI: switching from graph view to flat view and back would change the current disassembly position if the current node was a group node
  • BUGFIX: UI: the import window would display wrong library names if a new database was opened without quitting IDA
  • BUGFIX: UI: tracing actions (Instruction tracing etc.) were not enabled for some debuggers which do support tracing (e.g. Bochs)
  • BUGFIX: UI: TXT: Changed meaning of 'width' field parameter in forms descriptions. Now it is buffer size -1 for text fields and the number of characters for digital fields
  • BUGFIX: UI: Using IDA in a Windows 8 RDP session might cause a freeze of the session when dragging & dropping widgets
  • BUGFIX: UI: When animations were turned off, IDA could temporarily freeze
  • BUGFIX: UI: when creating 32-bit segments with base 0, a selector was not allocated for it, leading to various issues
  • BUGFIX: UI: when creating a new script snippet, the previous snippet text was not always cleared from text field
  • BUGFIX: UI: When double-clicking a result in a non-modal "Xrefs to ..." view, in order to jump in the (previously hidden) tabbed graph view, the graph view might center on an incorrect place
  • BUGFIX: uiswitch: it was impossible to specify a switch with zero elbase but nonzero shift
  • BUGFIX: unreachable meaningless fpu instructions could hinder fpu stack analysis
  • BUGFIX: User graphs: paint nodes background even when text is not painted (i.e., zoom level is too far away.)
  • BUGFIX: when a struct was deleted, the corresponding type was not always deleted from the local types
  • BUGFIX: When changing a variable/argument type in a function frame, 'Structures' xrefs might not be updated
  • BUGFIX: when debugging, the cursor could be positioned on a multiline comment line in the pseudocode view, instead of the line with the real code
  • BUGFIX: When horizontally scrolled, IDA View-A could fail to highlight the word on which the cursor is currently placed
  • BUGFIX: When in graph view, jumping to the current function's call sites through the node title's "Jump to xref" icon could focus on the wrong node in the calling function
  • BUGFIX: when opening an old IDB for a processor without the type system there could be a significant delay (a dozen of seconds or more)
  • BUGFIX: When performing some keyboard shortcut sequences very fast, and then moving up/down with the keyboard's line up/down, or page up/down, the disassembly listing could show a single line (or jump one page off)
  • BUGFIX: While grouping/ungrouping some nodes, IDA could freeze until 'Esc' is pressed
  • BUGFIX: WinDbg: windbg debugger could not write FPU register values
  • BUGFIX: 64bit linux debugger: Incorrect reading of FPU registers
  • BUGFIX: ARM: arm module would display 'LDR R0, =0xFFFFFFFF' or similar in case the LDR instruction was referrring to a non-existing or uninitialized memory address
  • BUGFIX: DWARF: Could misinterpret very large types (> 0x1fffffff bytes-large)
  • BUGFIX: GDB: a malicious GDB stub could cause heap memory overwrite in IDA during debugging
  • BUGFIX: IDA could abort with message "index file is bad" when compressing database
  • BUGFIX: IDA could crash at DWARF-loading time, because the DWARF plugin would try and retrieve too many bytes from the file
  • BUGFIX: IDA could crash/hang on corrupted databases
  • BUGFIX: IDA could hang trying to load corrupted input files
  • BUGFIX: IDA could hang trying to read symbols from an erroneously-large symbols table
  • BUGFIX: IDAPython: internal_get_sreg_base() wasn't usable
  • BUGFIX: IDAPython: set_nav_colorizer() was not accepting Python callables as implementation. Issue 1370
  • BUGFIX: PC: some FPU instructions were not decoded if they had a REX prefix
  • BUGFIX: Pressing 'p' to create a procedure, then keyboard-navigating to another piece of code and pressing 'p' again could not work (unless something caused the actions to be updated again; e.g., opening a dialog.)
  • BUGFIX: IDA could interr when guessing a function prototype if the stack was growing up for the current processor
  • BUGFIX: IDA could spend too much time generating the listing if there were too many lines in .net files
  • BUGFIX: kernel: handling of switches with SWI_JMP_INV flag set was broken
  • BUGFIX: specially crafted .sig files could crash IDA
  • BUGFIX: PPC: some simplified instruction forms were missed

New in IDA 6.6.140604 (May 31, 2016)

  • Processor Modules:
  • ARM: decode ARMv7 optional Virtualization Extension instructions (HVC, ERET, banked register MRS/MSR)
  • ARM: decode optional ARMv7-A instructions SDIV and UDIV
  • ARM: decode the stand-alone "second half of Thumb BL instruction" as "BL LR, #imm", if currently selected processor does not support Thumb-2
  • CLI/.NET: put user strings into a pseudo-segment (e.g. so that they can be deobfuscated)
  • CLI/.NET: use full names when naming methods; this reduces naming conflicts and makes the Function List more useful for .NET binaries
  • MIPS: added support for n32/n64 ABI
  • MIPS: when tracking registers, assume that $t9 is initialized with the function's address
  • PC: Added a GCC switch idiom.
  • PC: handle morte non-optimized GCC switch patterns
  • PC: handle non-PIC form of GCC x64 switch (jmp ds:table[reg*8])
  • PC: improve analysis of functions that use __EH_prolog3 helpers
  • PC: improved prolog analysis
  • PPC: support for additional instructions available in some Freescale e200z cores (Volatile Context Save/Restore APU and EFPU2)
  • Tricore: support for architecture V1.6
  • File Formats:
  • COFF: added support for EBC object files
  • COFF: recognize and load Visual C++ /GL files (link-time code generation). Note: since such files contain custom Microsoft bytecode, the code can't be disassembled.
  • DWARF: (basic) support for runtime GCC 4.8.2-produced DWARF4 information.
  • DWARF: Allow the plugin to mark function prototypes as being definitive (so e.g. the decompiler can rely on them).
  • DWARF: At load-time, it is now possible to fine-tune the DWARF plugin regarding calling conventions.
  • DWARF: Can now configure whether DWARF data should be loaded when in batch mode.
  • DWARF: Initial support for Golang-produced DWARF debugging information.
  • ELF: added support for some ARCompact relocations
  • ELF: MIPS: use DT_MIPS_GP_VALUE to determing the executable's gp register value
  • PE: better handling of files where .idata is merged into .rdata
  • PE: IA64: handle IMAGE_REL_BASED_IA64_IMM64 relocations
  • PE: improve debug directory formatting
  • PE: parse new fields in the Load Configuration Directory added in Windows 8.1 (control flow guard metadata)
  • PE: X64: parse .pdata section at load time and create function boundaries accordingly.
  • PDB: added support for annotations (e.g. NT_ASSERT macro in checked builds)
  • Kernel:
  • improved printing of unicode strings in the watch view, locals, and in the 'export data' command
  • argument locations in function prototypes are specified with @; the old syntax is accepted too for the moment; we will suppress it in the next release
  • Decompilers:
  • introduced is_mul_ok() helper function to represent multiplication overflows checks
  • introduced qmemcpy() which always copies byte by byte, from low to high addresses
  • added recognition of inlined bswap() function
  • double clicking on a label jumps to it
  • the decompiler may use __spoils keyword to specify registers that are not spoiled by the function
  • improved recognition of register save/restore patterns
  • volatile' keyword can be used to override constness of an individual item
  • if an int 2Ch instruction has NT_ASSERT() comment (e.g. extracted by the PDB plugin from PDB annotations), show it as NT_ASSERT() macro call instead of just __int2c()
  • FLIRT, TIL & IDS:
  • FLIRT: added EBC startup signature for PE (EFI) files
  • PCF: handle EBC object files
  • Scripts & SDK:
  • IDAPython: Don't intercept SIGPIPE, SIGXFZ, SIGXFSZ & SIGINT signals on Unix platforms; leave them for IDA to handle.
  • IDAPython: added the decompiler bindings
  • IDAPython: Expose simpleline_t type to IDAPython. That lets the user to set the bgcolor & text for each line in the decompilation.
  • IDC: added "elang" attribute to the Breakpoint class (scripting language for the breakpoint condition)
  • installer/Windows: check if Python actually works after installing; offer user to retry the installation
  • SDK: added askfile2() for extended open/save file dialog with support for file masks
  • SDK: added 'extlang_changed' IDP event
  • SDK: added qstring methods ltrim(), rtrim(), trim2()
  • SDK: added support for custom arglocs
  • SDK: check_process_exit() now has a 'timeout' argument
  • SDK: form_actions_t is extended with set/get methods for fields of different types to enable compile-time argument type checking
  • SDK: replaced addblanks() by a safer function add_spaces(), which accepts the buffer size
  • User Interface:
  • UI: scripting language for the condition field can be specified for every breakpoint separately
  • UI: breakpoint conditions can now be multi-line (use "..." button to open a multi-line editbox)
  • UI: Ctrl-C/Ctrl-Ins copies the currently highlighted text to clipboard (if there is no selection)
  • UI: export_data plugin will now offer to export the item under cursor if there is no selection
  • Debugger:
  • debugger: IDA reacts faster to the cancel button while searching for binary patterns
  • debugger: now it is possible to stop a long memory snapshot retreival
  • GDB: added an option to enable/disable the use of stub's single-stepping support for some broken systems (e.g. MIPS or ARM Linux)
  • Bugfixes:
  • BUGFIX: 78K0S: instruction "MOV [HL+byte], A" was decoded incorrectly (displacement was always zero)
  • BUGFIX: a reference to a wrongly defined type was considered to be equal to a valid reference (fortunately this occurs rarely)
  • BUGFIX: ARC: some instructions setting flags were decoded without the .f suffix
  • BUGFIX: arglocs for vc32 fastcall CC: only UDT pointers are passed on the stack, hidden arguments (e.g. 'this') distribute according to 'fastcall' policy
  • BUGFIX: ARM: arm64 instruction aliases BFI and BFXIL were decoded incorrectly
  • BUGFIX: ARM: autoanalysis could loop indefinitely in some rare situations when there was a bogus xref into the middle of a macro instruction
  • BUGFIX: bfltldr.py was not working anymore.
  • BUGFIX: btree compress could produce a corrupted base
  • BUGFIX: creating an array type with wrong array attributes could crash IDA or create wrong type
  • BUGFIX: debugger: when attaching to x64 process without an existing database, "IP" and "SP" special registers were detected incorrectly
  • BUGFIX: Debugging an ASLR-enabled binary (which will rebase the IDB) was not rebasing the navigation history.
  • BUGFIX: During breakpoints export operation always export hardware breakpoint sizes
  • BUGFIX: DWARF loading could crash IDA in certain circumstances involving complex graphs of objects with variations (i.e., whose padding bytes are re-used when inherited.)
  • BUGFIX: ELF: dynamic info could be parsed incorrectly for some uClibc files
  • BUGFIX: Fixed exporting of breakpoints with complex conditions, which contains quoted strings
  • BUGFIX: fixed internal error that could occur when loading a pdb file with unaligned bitfields
  • BUGFIX: fixed interr 603
  • BUGFIX: Fixed representation of the chooser filters in "Modify filter" dialog. The collumn was always shown as '*'
  • BUGFIX: fixed wrong direction of the floating point conversion
  • BUGFIX: function argument location could be calculated incorrectly for arguments containing unaligned union fields (gcc64)
  • BUGFIX: function argument location was calculated incorrectly for some structures containing arrays as members
  • BUGFIX: GDB: duplicate threads could appear in the thread list in some situations
  • BUGFIX: GDB: maximum packet size was not respected when doing memory writes
  • BUGFIX: GDB: SendDbgCommand() with PIN's GDB backend would take at least one second (value or of the GDB timeout setting)
  • BUGFIX: GDB: when single-stepping in some thread, IDA could issue a "continue" packet for another thread instead
  • BUGFIX: hexrays: "add pseudocode comments" was broken
  • BUGFIX: hexrays: an indirect call to a noret function in the middle of a function was not supported
  • BUGFIX: hexrays: ARM decompiler could generate references to wrong (unexisting) global variables in some cases
  • BUGFIX: hexrays: ARM decompiler could miss some return instructions and represent them as JUMPOUTs
  • BUGFIX: hexrays: (ARM) if the user turned off macros after analyzing the database, the decompiler could interr or generate wrong output
  • BUGFIX: hexrays: (ARM) big endian decompilation had constant halves swapped
  • BUGFIX: hexrays: decompiler could create overalpping input arguments and later interr
  • BUGFIX: hexrays: decompiler could erroneously optimize away some expressions like 'x*N & M' and replace them with zero
  • BUGFIX: hexrays: decompiler could interr if 32-byte enum type was defined (too wide)
  • BUGFIX: hexrays: decompiler could interr on a comma operator whose type is a bitfield
  • BUGFIX: hexrays: decompiler could interr on some variadic functions
  • BUGFIX: hexrays: decompiler was always moving register arguments to the beginning of the argument list in the pseudocode window
  • BUGFIX: hexrays: def-list for strcat() was sometimes calculated incorrectly
  • BUGFIX: hexrays: enabled negation of 128-bit values, apparently they can occur even in 32-bit programs
  • BUGFIX: hexrays: expression like "(x * N) < 0" could be optimized wrongly in some rare cases
  • BUGFIX: hexrays: fixed a couple of minor memory leaks
  • BUGFIX: hexrays: fixed interr 50375
  • BUGFIX: hexrays: fixed interr 50396
  • BUGFIX: hexrays: fixed interr 50513
  • BUGFIX: hexrays: fixed interr 50708
  • BUGFIX: hexrays: fixed interr 50715
  • BUGFIX: hexrays: fixed interr 50860
  • BUGFIX: hexrays: fixed interr 51049
  • BUGFIX: hexrays: ftst instruction was not decompiled
  • BUGFIX: hexrays: hints for union members were wrong (off=N; where N is the member number, not the offset)
  • BUGFIX: hexrays: if the return value of a function call was used but could not influence the logic of the program, the call could be optimized out, which is wrong
  • BUGFIX: hexrays: movd/movq insructions with a register destination were decompiled incorrectly
  • BUGFIX: hexrays: recursive patterns could be applied wrongly and lead to an interr
  • BUGFIX: hexrays: ScreenEA() would sometimes return BADADDR in the decompiler view because some pseudocode locations cannot be mapped to an address. Now it tries to return the closest EA, or the function's EA in the worst case.
  • BUGFIX: hexrays: the rule to recognize signed modulo by power2 could interr
  • BUGFIX: HT_VIEW example plugin could crash on non-graph views.
  • BUGFIX: IDA could crash trying to print a function declaration (a function returning a pointer to an array of pointers to arrays)
  • BUGFIX: IDA could interr when parsing "int func(int,void)"
  • BUGFIX: IDA could not attach to a remote PIN debugger - tried to launch a local pintool instance instead
  • BUGFIX: IDA could stop with internal error 498 when loading some pdb files
  • BUGFIX: IDA graphs could become corrupted, or even crash IDA, on some versions of linux.
  • BUGFIX: IDA now starts up in the foreground when run from the command line on mac (instead of hiding behind the terminal window)
  • BUGFIX: IDA would crash if the __FILE__ macro was used in a function prototype
  • BUGFIX: IDA would fail to import huge (>0x1FFFFFFF bytes) structures from pdb files
  • BUGFIX: IDA wouldn't display, in the 'Use standard symbolic constant', enum values that have bit 31 set to 1.
  • BUGFIX: IDA could behave incorrectly under Wine due to a bug exposed by the differences in Wine's MSVCRT implementation
  • BUGFIX: IDA could crash when loading big PE files with zero-filled areas
  • BUGFIX: idaw.exe could crash upon closing the database
  • BUGFIX: IDAPython: for non-code locations, idc.GetOpnd() would create instructions instead of returning empty result
  • BUGFIX: IDAPython: idb_event::area_cmt_changed was never received in IDB_Hooks (and descendants)
  • BUGFIX: IDAPython: idb_event::ti_changed, and idb_event::op_ti_changed notifications were not accessible in IDAPython
  • BUGFIX: IDAPython: op_t.value was truncated to 32 bits under IDA64.
  • BUGFIX: IDAPython: print_tinfo() wouldn't return a valid string.
  • BUGFIX: IDAPython: readsel2() was not usable.
  • BUGFIX: IDAPython: read_selection() was buggy for 64-bit programs.
  • BUGFIX: IDAPython: StructMembers() considered holes in structures, and didn't properly iterate through the whole structure definition.
  • BUGFIX: IDAPython: There was no way to call calc_switch_cases() from IDAPython.
  • BUGFIX: IDAPython: when using multi-select/multi-edit choosers, erroneous event codes could be sent at beginning & end of batch deletion of lines.
  • BUGFIX: IDAPython: When, in a PluginForm#OnCreate, the layout of IDA was requested to change (for example by starting a debugging session), that PluginForm could be deleted and create an access violation.
  • BUGFIX: IDC/Python: GetTinfo("") was causing an interr
  • BUGFIX: IDC/Python: SetType would work incorrectly if an invalid string was passed
  • BUGFIX: If closing of one of DockWidget causing the closing of other DockWidgets then changing (reset/load) of desktop layout crashed Ida.
  • BUGFIX: if the user renamed the segments to use dummy segment names like segXXX, IDA would be unable to find such segments by name
  • BUGFIX: In flat rendering mode, standing on a border line of an instruction (i.e., "-------") that is located right before data, and pressing 'C' to make code (in order to turn that data into code), could scroll the view by 1 line if the MakeCode command failed.
  • BUGFIX: In graph view, leaving the mouse on an edge wouldn't show "To:/From:" hints anymore.
  • BUGFIX: in graph view, we can now highlight text by dragging the mouse outside the boundary of a node.
  • BUGFIX: In some cases, switching from flat view to graph view could have the side-effect of moving the cursor down by one or more lines, which changes the EA.
  • BUGFIX: incorrect handling of argument location (gcc64) for some nested unions and unions containing big structures as members
  • BUGFIX: Instances of type tinfo_t couldn't be properly used when they were aggregated by other types.
  • BUGFIX: it was impossible to check out the IDA Pro floating license if both Starter and Pro licenses were present
  • BUGFIX: kernel: reloading a binary file would work incorrectly if extra segments were added before the file data
  • BUGFIX: kernel: user-defined offsets with "subtract" flag set were not working properly for processors that implement ph.translate callback (e.g. MIPS)
  • BUGFIX: M68K: ColdFire instructions REMU.L/REMS.L were decoded as DIVU.L/DIVS.L
  • BUGFIX: Mach-O loader's check for valid section index was not correct.
  • BUGFIX: MACHO: zeroed out symbols were incorrectly considered as imports with unknown names
  • BUGFIX: Middle-button clicking anywhere to the right of a rightmost tab would crash IDA.
  • BUGFIX: MIPS module was not marking switch instructions with a special mark (as it is done for x86 code, for example)
  • BUGFIX: MIPS: arguments in fpu registers were not properly commented in __usercall prototypes
  • BUGFIX: Moving the structures in the structures window didn't work as expected.
  • BUGFIX: Once pulled out from the main window, a PluginForm (or derivative) might not receive events properly anymore.
  • BUGFIX: opening a file with the name starting with @ would lead to a fatal error (instead of a nice error message)
  • BUGFIX: PC: register tracker could incorrectly use previous register values after a popad instruction, leading to wrong comments
  • BUGFIX: pdb with a union of bitfields would cause an internal error
  • BUGFIX: PE: IDA on Linux/OS X would crash when trying to load .NET filles without a User Strings stream
  • BUGFIX: PPC: "branch always" instruction had a hidden condition field operand, even though condition is ignored for it
  • BUGFIX: PPC: use/change operand flags were set incorrectly for some instructions
  • BUGFIX: PPC: IDA could crash due to stack overflow when analyzing some long functions
  • BUGFIX: Pulling the miniview out could cause a crash.
  • BUGFIX: Regex-based filters could be un-applied once the "Modify filters..." window was closed.
  • BUGFIX: reloading the input file with wrong PE file could lead to interr
  • BUGFIX: Renaming a group node by clicking on the 'rename' icon didn't repaint.
  • BUGFIX: Rewritten the wrong algorithm for the areas moving
  • BUGFIX: SDK: call_system() with NULL or empy string argument did not create an interactive shell as expected
  • BUGFIX: SDK: func_item_iterator_t() could stop enumeration prematurely if the starting address was in a tail chunk
  • BUGFIX: SDK: get_output_curline()/get_output_cursor() were returning wrong results if wrapped lines were present in output
  • BUGFIX: SDK: it was impossible to override default behavior of some output window events (msg_click, msg_dblclick, msg_keydown)
  • BUGFIX: SDK: next_unknown() could return wrong result for sparse storage
  • BUGFIX: size of an empty base class can be reported as 1 byte in some (rare) circumstances
  • BUGFIX: Some jmp instructions could create "function chunks" in some inappropriate places (e.g., .plt stubs.)
  • BUGFIX: Some proximity browser graphs could cause IDA to crash.
  • BUGFIX: the application bitness (32 or 64 bit) was not set in some cases
  • BUGFIX: The DWARF plugin could interr on some erroneous DWARF data for complex types.
  • BUGFIX: the type of a struct member would not be displayed when pressing 'F'
  • BUGFIX: tinfo_t objects created from IDAPython could cause an assertion failure at exit time.
  • BUGFIX: type comparison was not taking into account the pointer attributes
  • BUGFIX: Tricore: some xrefs were created with incorrect type
  • BUGFIX: TXT: the "OS Shell" command did not work
  • BUGFIX: UI: creating an array of structs in the struct window could fail
  • BUGFIX: UI: double-clicking on addresses when using WinDbg debugger did not always work as expected
  • BUGFIX: UI: exclude filters on '(any)' column could fail filtering the list of data.
  • BUGFIX: UI: in the message about insufficient disk space, "available" space could be displayed as zero.
  • BUGFIX: UI: it was impossible to stop the process of taking a memory snapshot while big segments were being processed
  • BUGFIX: UI: on OS X, IDA would report "Unknown C++ exception" instead of "Out of memory" error
  • BUGFIX: UI: if an overly long trace description was entered, IDA would crash (Thanks to Alberto Garcia Illera who reported this bug)
  • BUGFIX: Usage of IDAPython's DropdownListControl was broken.
  • BUGFIX: valid-position range information was missing when moving a structure around.
  • BUGFIX: When "recent files" history was set to more than 10, the entries past 10 in the "File" menu wouldn't be numbered.
  • BUGFIX: When debugging, variables of type '*' that were stored directly in a register were not properly printed in the "Locals" view.
  • BUGFIX: when importing PDB info, some bitfields would be imported incorrectly
  • BUGFIX: When in graph view, modifying a function so as to change its structure wouldn't always refresh the graph.
  • BUGFIX: When the program is rebased, the location history is rebased as well.
  • BUGFIX: When the user would pull the miniview out, move out of the graph view to the decompilation view, come back to the disassembly view, the floating window would take focus, and actions could be dispatched to the decompilation view instead of the graph view.
  • BUGFIX: When using a non-default color palette, re-setting a node to its default color could lead to glitchy rendering where node margins are white, & the rest of the node is colored.
  • BUGFIX: with some IDBs, IDA would start with an oversized arrows window, causing the disassembly view to be squeezed to the right and barely visible.

New in IDA 6.5.131217 (May 31, 2016)

  • Processor Modules:
  • 6808/HC(S)08: decode skip1 and skip2 pseudoinstructions
  • 68K: decode Mac OS toolbox traps with auto-pop flag set
  • 68K: added a few missing A-trap values (thanks to Doug Brown)
  • 8051: added support for 51MX extensions
  • ARC: disassemble MAC extension instructions
  • ARC: initial typeinfo support
  • ARM: added recognition of __gnu_mcount_nc
  • ARM: added support for Thumb switches that use GCC helpers __gnu_thumb1_case_
  • ARM: added support for ARM64 aka AArch64
  • ARM: handle another variation of Thumb-2 switch table
  • ARM: improve analysis speed for files with extremely long functions
  • ARM: improve handling of unoptimized GCC Thumb-2 epilogs (ADD R7, R7, #delta; MOV SP, R7)
  • ARM: improve stack tracing in the presence of conditional instructions
  • ARM: recognize 'ADD PC,PC,R' as return from subroutine
  • ARM: set default ARM architecture to "metaarm" (disassemble all instructions) in ida.cfg
  • ARM: support BE-8 images (big-endian data but little-endian code)
  • H8: added support for the Renesas H8SX family
  • H8: handle several switch patterns generated by Renesas High-performance Embedded Workshop (HEW).
  • H8: improved analysis, added rudimentary register tracking (thanks to Zak Escano)
  • MIPS: recognize new-ABI/System-V-ABI GCC PLT slots (see https://sourceware.org/ml/binutils/2009-06/msg00203.html)
  • PC: assume that "int 3" after calls stops execution (this is used by Visual C++ to guard calls to noret functions)
  • PC: decode LOCK MOV TO/FROM CR0 as MOV TO/FROM CR8D (AMD-specific)
  • PC: handle code sequences which load imagebase value into a temporary register (common in x64 Windows code)
  • PC: handle code which jumps over the lock prefix of instructions (e.g. Linux glibc)
  • PC: handle PIC helpers from Android/x86 binaries (__x86.get_pc_thunk.bx)
  • PC: improve analysis of functions with multiple "push ebp" instructions
  • PC: improved speed of stack analysis for long functions
  • PC: introduced PC_ANALYZE_MAX_SIMPLEX_SIZE: if the size of the simplex problem is greater, IDA will not use the simplex method
  • PPC: Recognize 'addis'/'lwz' pair for 32-bit offsets.
  • PPC: recognize switch constructs that use a GOT register
  • PPC: switch idiom recognition drastically improved.
  • TMS32028: new processor (Texas Instruments TMS320C28x). Includes C27 and C2xLP modes.
  • TMS320C55x: decode instructions that access deprecated registers MDP05 and MDP67
  • Tricore: added instruction auto-comments
  • Tricore: added new assembler for TASKING VX-toolset
  • Tricore: recognize some standard instruction sequences to load addresses and convert them to offsets
  • File Formats:
  • CLI: implemented renaming of .NET methods
  • COFF: ignore symbols for import fixup pointers generated by GCC ("__fu__") since they point into middle of instructions
  • COFF: ARM: support IMAGE_REL_ARM_MOV32T/IMAGE_REL_ARM_MOV32A relocations (used in WinRT targets)
  • DBG: added a workaround to handle non-compliant .dbg files produced by map2dbg
  • DEX: various dex loader improvements: format dex headers, methods descriptions, prototypes, strings, classes, annotations; parse and use debug info.
  • ELF: added minimal support for Tricore
  • ELF: added option to handle really huge segments (load them chunk by chunk). Thanks to Avi Cohen Stuart.
  • ELF: ARM: support R_ARM_THM_JUMP11 and R_ARM_THM_JUMP8 relocations
  • ELF: create a new, dummy segment for the .tbss section to avoid overwriting unrelated symbols
  • ELF: disable data coagulation by default (don't convert objects to byte arrays). Among other things, this improves display of vtables.
  • ELF: Handle Thumb entrypoints in files.
  • ELF: MIPS: support R_MIPS_TLS_GOTTPREL, MIPS_R_COPY and MIPS_R_JUMP_SLOT relocations
  • ELF: support for STT_GNU_IFUNC symbols
  • ELF: symbol value in RELA relocs against section symbols in dynamic files should be ignored (bug compatibility with binutils/ld.so)
  • DWARF: accept clang's non-DW_AT_declaration-based declaration (it uses an explicit DW_AT_byte_size of 0), and strip 'class ', 'struct ' and 'union ' from complex types names.
  • DWARF: basic support for Fortran-originating DWARF info.
  • DWARF: Declare function prototype even when params locations cannot be determined.
  • DWARF: Enable loading of DWARF information for shared libraries of a program being debugged.
  • DWARF: fixes and improvements to handle clang idiosyncrasies
  • DWARF: handle C++11 unspecified type: nullptr becomes a 'void*', and the rest becomes 'void'.
  • DWARF: Handle calling conventions that pass arguments in registers (e.g., __fastcall, __usercall, __thiscall)
  • DWARF: handle DW_AT_GNU_vector types, by packing them in a structure
  • DWARF: improved DWARFv4 handling
  • DWARF: support for DWARF info in PE files
  • DWARF: recognize DW_ATE_UTF8 for C++11 char16_t, char32_t, ...
  • DWARF: support for bitfields
  • DWARF: Support for complex float/double/longdouble.
  • DWARF: Support for DWARF V4-style, exprloc-based location lists.
  • DWARF: support for segmented addresses
  • DWARF: support for WATCOM-style, spec-incompatible, typeless global variables with no location descriptor (uses DW_AT_low_pc instead)
  • DWARF: too many other fixes and improvements to list
  • MACHO: rename pointers to ascii strings; this improves the listing
  • MACHO: symbols with names like "__dtrace_probe$..." were being interpreted as ARM symbols, which destroyed valid Thumb code
  • MACHO: when loading a dyld cache, ask about Objective-C parsing only once
  • PDB: improved handling of fragmented functions.
  • PDB: removed artificial limitation on the type names, it was leading to names clashes and interrs. NB: types with really long names can not be imported into the structure view anymore.
  • PDB: use class inheritance instead of inclusion
  • PE: display TimeDateStamp header field using UTC instead of local timezone
  • Kernel:
  • bTree/varray: raise implementation limits to handle big databases. Removed "max number of chunks" limit.
  • include paths and predefined macros are set for each compiler separately
  • added CC_PARMS in ida.cfg as a tagged collection of the parameters (with compiler abbreviations as tags)
  • added report_gsfailure, com_raise_error and com_issue_error to noret.cfg
  • added tinfo_t, an object to hold the type information
  • C parser: added support for __ptr32 and __ptr64 keywords
  • demangler: support of 'rvalue reference' gcc mangling
  • demangler: various updates for GCC 4.x/C++11
  • parameter tracking: do not propagate 'this' name to callers
  • security: IDA will ask for a confirmation if an unknown IDB (from a third-party) is used to launch a debugger
  • security: disallow IDC snippets in startup signatures; only external IDC scripts may be used
  • removed -C command line switch (the compiler can be set using a script function instead)
  • type parser: c++ names with class/namespace qualifiers can be parsed, like aaa::bbb
  • type system: added support for 64-bit enums (64-bit enums in the enum view are supported only in idaq64)
  • types: added local_types_changed event; it occurs on any change to type definitions or when the user loads/unloads type libraries
  • types: added support for class inheritance; currently the parser support one base class but other parts can handle multiple inheritance too (at least in theory)
  • types: added support for type attributes (introduced with __attribute__ or __declspec keywords).
  • types: added support for zero sized structs
  • types: IDA can parse structure definitions with bitfields and store this info in the type strings
  • types: introduced udt_type_info_t object to represent struct and union types and refactored the code to parse udt type strings (so we do not have the same code in 2 places)
  • types: added new type-related callbacks for processor modules; they are used if PR_TINFO bit is set in the processor module; it PR_TINFO is not set, then the old callback will be used
  • types: deprecated varloc_t and created argloc_t, it can express register relative and static (fixed memory address) locations; also implemented compatibility layer so that older plugins continue to work
  • types: do not propagate "this" and "retstr" variable names, they just clutter the output without adding any useful info
  • types: introduced the notion of 'type level'. Types usually encountered in source files are called 'high level' types.
  • FLIRT, TIL & IDS:
  • added win8_um.til and wdk8_km.til for Windows8 WDK (user and kernel mode headers)
  • FLAIR: all parsers now support > 0x8000 sections, offsets and fixups.
  • FLAIR: allow sigmake to process .pat files with Objective-C messages as function names (containing []+- and spaces).
  • Scripts & SDK:
  • IDAPython: don't del() modules that were created by user scripts; provide idaapi.require() to import/reload modules (see http://www.hexblog.com/?p=749).
  • IDAPython: Enable multi-threading
  • IDAPython: python.cfg: set REMOVE_CWD_SYS_PATH=1 by default (remove current directory from the import search path).
  • IDC: added Breakpoint.AddToGroup(bpt, group_name) method
  • IDC: added function ApplyType()
  • IDC: added GetDisasmEx() which allows generating disassembly for non-existing instructions or locations in the middle of other instructions
  • IDC: added GetLocalTinfo(): return a local type by ordinal
  • IDC: added IsInt64() and similar functions
  • IDC: added typeinfo.size(): return type size
  • SCRIPT: implemented additional processor notification callbacks for scripted processor modules
  • SDK: added custom popup menu callback support for all choosers. Implemented submenus for choosers popup menus
  • SDK: added a new assembler format for octal numbers (q'123, flag ASO_OCTF7)
  • SDK: added DOUNK_NOTRUNC flag for do_unknown[_range]()
  • SDK: added expand_argv()
  • SDK: added guess_func_cc(): a function to determine the calling convention from the types and locations of arguments
  • SDK: added notifications and new control APIs for the Output Window
  • SDK: added str2ea_ex()
  • SDK: added SWI2_STDTBL flag for switch_info_ex_t - to mark switch tables which use standard layout but non-standard target calculation
  • SDK: forms: support for user-defined menu items for choosers in forms
  • SDK: generate_disasm_line() with GENDSM_FORCE_CODE can be used to generate instruction text for any address; regardless of the existing instructions in the database
  • SDK: getting/setting/deleting node properties (grcode_[set|get|del]_node_info).
  • SDK: ht_output: a sample plugin to demonstrate receiving output window notification and using of new output window functions
  • SDK: IDA graphs can be controlled by plugins, including Python bindings (see graph.hpp).
  • SDK: navcolor: sample plugin to illustrate how to customize navigation band colors
  • SDK: plugins can add popup menu items using add_custom_viewer_popup in two ways:
  • 1) On ct_popup or view_popup notifications. Such items will be automatically removed after popup execution;
  • 2) In any other place - the added items will remain until set_custom_viewer_popup_menu(viewer, NULL) is called (previous behavior)
  • SDK: qctime_utc() uses Coordinated Universal Time (UTC), is equivalent to asctime(gmtime(t))
  • SDK: removed requirement for mkidp branding for processor modules. Instead, lnames/pnames arrays are used.
  • SDK: rename segment registers areas interface functions.
  • SDK: sample plugin ht_view to demonstrate usage of HT_VIEW notifications (view callbacks), different ways of adding user popup menu items get_viewer_name() APIs
  • SDK: support for UTF-8 strings in choosers (CH_UTF8)
  • SDK: tracing: added set_trace_platform(), get_trace_platform functions(), set_highlight_trace_options()
  • SDK: Change idp_desc_t struct to combine processor names. Set IDP 'family' name for UI purposes.
  • SDK: qflow_chart_t: added FC_CHKBREAK flag (so build_qflow_chart() may be aborted by user)
  • User Interface:
  • UI: add "synchronize" option to the Function list which keeps it synchronized with IDAviews.
  • UI: added "Create structure from data" functionality to the stack frame view and Structures window
  • UI: added breakpoint groups. They can be enabled/disabled at once.
  • UI: added experimental "Address details" info panel (see View ? Toolbars).
  • UI: added exporting of breakpoints (to an IDC script)
  • UI: allow specifying directories to ignore (both for source mappings and binaries mappings)
  • UI: Alt+T "search all" command result is now displayed in the output window (pattern not found, bad regular expression, search aborted)
  • UI: color buttons now allow resetting the color back to default
  • UI: debugger: added an explanatory dialog box for debuggers with manual memory regions
  • UI: display long processor descriptions in the "Load file" dialog
  • UI: improve rendering quality and speed of zoomed graphs
  • UI: improved scroll bar behavior if there are big gaps in addressing
  • UI: make the commandline Python/IDC switch button non-flat to make it more obvious
  • UI: marked location descriptions can be edited from the marked location chooser (Ctrl-M)
  • UI: mouse wheel can be used in the navigation bar for scrolling (and Ctrl+wheel for zooming)
  • UI: navbar: when current location is changed the navigation bar is shifted so that the whole pointing arrow is displayed.
  • UI: new command: Export Data (default hotkey Shift-E)
  • UI: properly display Unicode/custom codepage strings in the "Strings" window
  • UI: redesigned "Name representation" dialog
  • UI: rendering speed improvements, especially in graph view mode
  • UI: structure offset dialog (selection-T): added quick filter (Ctrl-F)
  • UI: structure offset dialog: "Add missing members" function; Show hints for list view
  • UI: Support for fine-grained scrolling (e.g. two-finger scrolling on Macs)
  • UI: support for HiDPI (Retina) displays on OS X
  • UI: when adding on-access breakpoint from the Segments list, deduce its type from the segment permissions (for example, for the code segment we set eXec bpt)
  • UI: when deleting multiple segments, ask for confirmation only once
  • UI: removed "Output window" from the View menu. (it still remains in "Windows" menu)
  • UI: TXT: added Tracing submenu
  • UI: TXT: Added "Switch debugger" to the "Debug" menu
  • Debugger:
  • debugger: Allow specifying which IP (v4) interface to bind to for remote debugger server
  • debugger: Allow the user to specify binary paths mappings, to be used by the debugger.
  • debugger: Android: support for debugging under Android 4.2.2
  • debugger: ARM: linux: added a workaround for syscalls made by jumping to the last page so we can single step them
  • debugger: win32: clarify the error message if getting debug privilege fails. Also, don't reset it if we didn't get it.
  • GDB: try to detect target architecture and bitness (qXfer:features:read)
  • GDB: use register layout from the feature info XML on ARM, if available
  • PIN: 'logging mode', 'only add new instructions', 'trace over debugger segments' flags may be changed when the application is running
  • PIN: allow 64-bit IDA to attach to a 32-bit process
  • PIN: check process bitness compatibility before attaching
  • PIN: function tracing mode: record call & return instructions
  • PIN: implemented attaching to a process
  • PIN: multiple fixes, improvements and speed-ups.
  • PIN: pass both 32- and 64-bit pintool DLLs when launching pin. So pin can choose appropriate tool itself
  • PIN: remove "Only add new instructions" option from tracer submenu as it is already present in the 'Tracing options' dialog.
  • PIN: support 'log return instructions' option
  • windbg: check if dbgsrv.exe is present in usual locations and offer it by default if so
  • Windbg: check the "WindowsDebuggersRoot" registry key to locate the debugging tools (WDK8)
  • windbg: complain if the user tries to debug 64-bit code with 32-bit IDA
  • Windbg: implemented jump by double-clicking on 64-bit addresses printed into the output window (delimited by the ` symbol).
  • WINDBG: when debugging or loading dumps for WoW64 processes, try to detect 32-bit vs 64-bit modules and mark segment bitness accordingly (IDA64 only)
  • WINDMP: when loading WoW64 dumps with 32-bit IDA, skip 64-bit segments instead of failing completely
  • Bugfixes:
  • BUGFIX: 'convert to dword' (hotkey D) was failing to delete a hindering name in some cases
  • BUGFIX: "create function" command could wrongly fail in some rare cases
  • BUGFIX: "Dump database to IDC" could create too long strings that could not be parsed back by IDA
  • BUGFIX: 16-bits offsets from the current segment were not displayed properly if the segment did not start at its base address
  • BUGFIX: accessible memory limits (inf.minEA/maxEA) could be wrong after starting instant debugging
  • BUGFIX: alpha: load osf.til only for non-PE files because it is for Unix
  • BUGFIX: ARC: jump instruction with long immediate operand were incorrectly marked as indirect
  • BUGFIX: ARC: some cross-references for ld instructions were missing
  • BUGFIX: argument propagation could fail inside function chunks
  • BUGFIX: ARM debuggers could not correctly single step IT,TBH,TBB instructions
  • BUGFIX: ARM: handling of some Thumb-2 switches resulted in wrong cross-references, hindering disassembly and decompilation (Thumb bit was not ignored)
  • BUGFIX: ARM: some comments in the listing were using ';' character even in GAS mode (which uses '@' instead)
  • BUGFIX: ARM: some NEON instructions with an immediate operand (e.g. VMOV , #imm) were decoded incorrectly in Thumb mode.
  • BUGFIX: autoanalysis could enter an endless loop creating and destroying a macro instruction
  • BUGFIX: AVR module was not displaying xrefs to i/o ports
  • BUGFIX: avr: even if the user did not select a device, IDA would use the default device settings (AT90S8515) until the database was reopened
  • BUGFIX: binary search dialog interpreted control characters as their literal values (e.g. newline would be interpreted as 0A)
  • BUGFIX: CLI: a specially crafted IDB file could lead to a buffer overflow and potential code execution
  • BUGFIX: CLI: IDA could crash on some corrupted .NET files because of bogus values returned by the metadata APIs on Windows
  • BUGFIX: dalvik: fixed DALVIK_MOVE_RESULT_OBJECT instruction handling
  • BUGFIX: DALVIK: names of overloaded functions could be wrong
  • BUGFIX: DbgDword() was failing if pin debugger backend was used
  • BUGFIX: DbgDword() was returning garbage for wrong addresses on WinXP instead of failing
  • BUGFIX: debugger: 'manual regions' menu item was never displayed to the user
  • BUGFIX: debugger: 64-bit appcall was failing for bochs debugger
  • BUGFIX: debugger: fixed some data race conditions in the windbg debugger module
  • BUGFIX: debugger: IDA could crash while trying to resolve a "reg:delta" expression if "reg" was a virtual register (e.g. a flag name)
  • BUGFIX: debugger: IDA could lose control while tracing ARM programs
  • BUGFIX: debugger: if breakpoint with condition 0 was used in the short loop, "Suspend execution" button was kept disabled
  • BUGFIX: debugger: it was impossible to correclty resume the application once we suspended inside a page read-write bpt
  • BUGFIX: debugger: linux: bpt-related signals were sometimes passed to the application even if the user masked them
  • BUGFIX: debugger: mac debugger could report wrong memory layout info
  • BUGFIX: debugger: pin (64bit architecture) did not trace instructions having addresses 0xffffffff and higher
  • BUGFIX: debugger: selecting "Suspend" from the "Unable to single step" dialog box would lead to resuming the application
  • BUGFIX: debugging an x64 application could crash IDA when stepping over a pushfq.
  • BUGFIX: DWARF in fat Mach-O files with 2+ architectures could not be read, because of an additional offset to the DWARF information stream.
  • BUGFIX: dwarf: avoid type duplication.
  • BUGFIX: dwarf: don't apply DWARF-provided-name when a mangled name is already present.
  • BUGFIX: DWARF: Don't fail on anonymous types that embed similarly-named types with different sizes.
  • BUGFIX: dwarf: DW_TAG_label DIEs produced by Apple's fork of GCC would be placed at wrong addresses.
  • BUGFIX: dwarf: empty types (1-byte wide) were erroneously saved as dummy. Therefore, any type depending on them would collapse into a dummy as well.
  • BUGFIX: dwarf: GCC-produced DWARF files can have negative bit offsets.
  • BUGFIX: dwarf: handle bogus bitfield length generated by RVCT
  • BUGFIX: dwarf: If the x86 processor was set to something other than "metapc", the plugin wouldn't load DWARF info.
  • BUGFIX: dwarf: In some cases, loading of additional modules could cause IDA to quit.
  • BUGFIX: dwarf: it was not possible to load a separate file with debug info manually
  • BUGFIX: dwarf: mangled names could be ignored, in case the didn't appear in the declaration of a function, but in its specification.
  • BUGFIX: dwarf: RVCT-produced files could have references cross-compile_units, which would lead to having duplicate types
  • BUGFIX: dwarf: RVCT 3.1 outputs erroneous 'DW_AT_sibling' information, that caused the plugin to loop endlessly.
  • BUGFIX: dwarf: some frame offsets were wrong.
  • BUGFIX: dwarf: some global variables could not be properly recognized when they are of a static member of a complex type
  • BUGFIX: dwarf: some structure names could conflict with defined functions ('stat64', 'sigaction', ...); rename them in that case.
  • BUGFIX: dwarf: support DW_TAG_unspecified_type when retrieving function prototype.
  • BUGFIX: dwarf: support RVCT-generated existing-but-empty names.
  • BUGFIX: dwarf: types with very members that are large arrays of declared-only types could fail being imported.
  • BUGFIX: dwarf: when DW_TAG_unspecified_parameters was specified as part of the function declaration (as opposed to its potential specification), it was ignored.
  • BUGFIX: dwarf: when multiple variables with the same name but different offsets are present in the stack frame, '_NN'-suffix them and declare them all.
  • BUGFIX: dwarf: with optimized code, source-level debugging could fail retrieving a valid size for the current block of code
  • BUGFIX: EBC: MOVI instruction with 64-bit immediate value was incorrectly disassembled.
  • BUGFIX: ELF: 'NOTE' sections/program headers would corrupt the program's end address, and prevent some items to be properly named/used.
  • BUGFIX: ELF: ARM loader would erroneously set the name of the symbol at the place of the relocation, for R_ARM_TLS_LE32.
  • BUGFIX: ELF: loader could sometimes mis-calculate the location of TLS variables
  • BUGFIX: ELF: relocations wouldn't be applied if no section headers were present, and no DT_REL[A] were present in the dynamic info but only a DT_PLTREL
  • BUGFIX: ELF: some PPC RELA relocations were applied incorrectly
  • BUGFIX: ELF: Wouldn't systematically consider symbols that point to SHN_UNDEF as externs.
  • BUGFIX: Enable PDB loading for modules of the program being debugged remotely.
  • BUGFIX: fixed a deadlock: if a script was modifying breakpoints while the debugged application was running, IDA could hang
  • BUGFIX: fixed interr 30141 that could occur when using the windbg backend
  • BUGFIX: Functions imported by ordinal could be erroneously labeled in 64-bit IDA (on Windows only).
  • BUGFIX: GDB: AddBpt() with size=0 did not work properly for PPC targets (while doing it from UI worked)
  • BUGFIX: IDA could crash when opening an old ST9 database
  • BUGFIX: IDA could crash when starting a remote debugging session without a database
  • BUGFIX: IDA could wrongly complain about failing to acquire debug priveledges
  • BUGFIX: IDA would use Borland type libraries for Windows even for OS/2 programs
  • BUGFIX: IDAPython could be leaking memory on some operations.
  • BUGFIX: IDAPython: asklong/askaddr/asksel (and corresponding idc.py functions) were returning results truncated to 32 bits in IDA64
  • BUGFIX: IDAPython: fix wrong documentation for idc.SizeOf
  • BUGFIX: IDAPython: GetFloat/GetDouble functions did not take into account endianness of the processor
  • BUGFIX: idapython: idaapi.NO_PROCESS was not defined, and was causing GetProcessPid() to fail
  • BUGFIX: IDAPython: idc.py: insert escape characters to string parameter when call Eval()
  • BUGFIX: IDAPython: idc.SaveFile/savefile were always overwriting an existing file instead of writing only the new data
  • BUGFIX: IDAPython: PluginForm.Close() wasn't passing its arguments to the delegate function, resulting in an error.
  • BUGFIX: IDC: FUNCATTR_OWNER and FUNCATTR_REFQTY were not usable with GetFunctionAttr
  • BUGFIX: IDC: setting condition using Breakpoint class didn't work
  • BUGFIX: In case a different process has an exclusive lock on a file (and thus IDA cannot open it for reading), "File > Load file > Additional binary file" would silently fail.
  • BUGFIX: it was impossible to edit very long type definitions because the buffer was limited to 10KBytes
  • BUGFIX: it was impossible to use Windbg for instant kernel debugging (without an existing idb file)
  • BUGFIX: MACHO: Objective-C metadata parser could not handle some incompletely specified types
  • BUGFIX: MIPS: cross-references from 'jalx' instructions were marked as jumps instead of calls
  • BUGFIX: network-related settings that were used for instant debugging were not handled correctly; (- the default settings were used instead of the ones specified for the current session - the default settings were not displayed in the instant debugging related dialogs but the settings used the last time)
  • BUGFIX: on Windows it was impossible to import some Python modules (for example, 'import zmq' would fail)
  • BUGFIX: opening idb file created from a windows dump file would automatically launch windbg; this could lead to unauthorized code execution
  • BUGFIX: pc module would mark 'lea reg, [esp+N]' in the gcc stack alignment code as a prolog instruction; in fact the value of 'reg' may be used in the function body so it should not be marked
  • BUGFIX: PC: code cross references from indirect jump instructions to external symbols were sometimes missing
  • BUGFIX: PC: Could INTERR in case some type names were unreasonably long.
  • BUGFIX: PC: could interr on invalid floating-point instructions
  • BUGFIX: PC: epilog analysis could erroneously mark too many instructions as epilog instructions, leading to bad decompilation results
  • BUGFIX: PC: epilog analysis could mark wrong instructions as belonging to the epilog
  • BUGFIX: PC: IDA could interr when applying a function prototype with an array argument
  • BUGFIX: PC: recognition of GCC-generated stack aligment prolog was broken and could interfere with the stack pointer analysis
  • BUGFIX: PC: some SSE instructions were decoded incorrectly if extra prefixes were present (e.g. both F2 and 66)
  • BUGFIX: PDB: msdia90.dll can crash on bogus data in the debug directory; added a workaround
  • BUGFIX: pdb: on rare occasions a wrong type could be created that would cause an internal error
  • BUGFIX: PDB: Use *.pdb file name instead of input file name in error and warning messages and dialogs during pdb loading
  • BUGFIX: PDB: variadic functions (printf, ...) wouldn't have their function type set properly.
  • BUGFIX: PDB: when using "browse for pdb" option, names from the PDB were not applied
  • BUGFIX: PE: relocation IMAGE_REL_BASED_ARM_MOV32T was not handled correctly
  • BUGFIX: PIN: auto-launching PIN on Windows could fail with "CreateProcess failed: The directory name is invalid."
  • BUGFIX: PIN: IDA could fail to connect to PIN running under XP
  • BUGFIX: PIN: IDA crash when trying to set "Autolaunch PIN" field in PIN debugger specific options on OS X
  • BUGFIX: PIN: PIN options dialog could not be opened in the text mode IDA
  • BUGFIX: PIN: the error message about the connection failure was wrong
  • BUGFIX: remote appcall for void functions would fail
  • BUGFIX: SDK: append_name() could create a wrong type string (with too long name)
  • BUGFIX: SDK: calling del_struct(some_func_frame) would cause IDA to exit and with an error message; now it simply returns failure
  • BUGFIX: SDK: execute_sync() could skip some requests and process them only when called again later
  • BUGFIX: SDK: fixed description of the idb_event::struc_cmt_changed notification ('repeatable_cmt' argument was not documented)
  • BUGFIX: SDK: get_enum_type_base() was broken
  • BUGFIX: SDK: get_min_spd_ea() could erroneously return BADADDR
  • BUGFIX: SDK: next_unknown() would work incorrectly if called with the address inside of the last element when sparse storage was used
  • BUGFIX: SDK: qexit() could deadlock if called from non-main thread
  • BUGFIX: SDK: register_timer() did not work when called from non-main thread in GUI version.
  • BUGFIX: SDK: removal of an IDC function could cause incorrect behaviour of other functions
  • BUGFIX: SDK: set_purged() was not reanalyzing all involved call instructions in some cases
  • BUGFIX: SDK: ui_set_nav_colorizer was broken
  • BUGFIX: SDK: when using choose3() function, the getl() callback was being called before initializer() under Qt UI.
  • BUGFIX: some bookmarks could become inaccessible after deleting other bookmarks
  • BUGFIX: srcdbg: IDA could crash trying to display a source view after suspending the debugged application because of a source code debugging event
  • BUGFIX: srcdbg: IDA could crash with a stack overflow when trying to display nested recursing structures in the Locals view
  • BUGFIX: srcdbg: watchview could fail to display some types if a member failed printing because of excessive size.
  • BUGFIX: strings from database could be interpreted as IDC expressions when showing hints, leading to possible malicious script execution
  • BUGFIX: Support for R_386_TLS_DTPOFF32 relocation.
  • BUGFIX: The ELF loader would fail loading an ET_REL file with no sections, even though those are sometimes used as containers for actual programs.
  • BUGFIX: UI: "List cross-references from..." was not always shown in the context menu even if the current address had xrefs
  • BUGFIX: UI: ask before overwriting exported script file
  • BUGFIX: UI: both lowercase and uppercase variants of the same letter could be used as hotkeys in the debugger menu
  • BUGFIX: UI: Canceling of "IDA is going to copy data from the debugged process to the database...." dialog (Take memory snapshot command) did not work.
  • BUGFIX: UI: chooser headers height could be too small for some letters
  • BUGFIX: UI: clicking to the right of disassembly line in IDA View could produce a small invisible selection. If using search after that, no hits would be found.
  • BUGFIX: UI: disassembly view could scroll to the right when opening other views
  • BUGFIX: UI: Enable renaming of any structure (even if its name contains bad characters)
  • BUGFIX: UI: Fix HexView text rendering issues with selection
  • BUGFIX: UI: Fix incorrect "Tracing" ending of window title during debugging
  • BUGFIX: UI: fix selection of several items in choosers using Shift + arrow keys
  • BUGFIX: UI: IDA could crash after deactivating the struct/enum view
  • BUGFIX: UI: IDA could crash if two dock widgets were packed together in 1 tab, and that tab was closed by clicking the 'x' button.
  • BUGFIX: UI: IDA could hang trying to delete multiple structures/enums if the very first struct/enum was being deleted too
  • BUGFIX: UI: IDA could hang trying to display a hint
  • BUGFIX: UI: IDA would crash if trying to "Add breakpoint" from the context menu of an empty stack backtrace
  • BUGFIX: UI: imported script was not saved in Script snippets dialog if it was not edited
  • BUGFIX: UI: it was not possible to convert a structure field to float.
  • BUGFIX: UI: it was not possible to go back using Esc in Hex View
  • BUGFIX: UI: it was not possible to output strings that start with '@' into the Output window (using msg(), Message() and similar functions)
  • BUGFIX: UI: main IDA window title was not updated when tracing is toggled
  • BUGFIX: UI: non-English text in hints could be corrupted
  • BUGFIX: UI: pop-up menus with items longer than screen size would expand the menu to the whole screen; now they're truncated
  • BUGFIX: UI: Under certain circumstances, when the debugger's registers window was being shown, it could be empty.
  • BUGFIX: UI: when converting a selection to code, IDA would try to undefine existing instructions even if the user chose "Analyze".
  • BUGFIX: UI: when editing segment boundaries, check that the new range intersects the old
  • BUGFIX: UI: When in multi-monitor mode on Linux and a monitor is placed above another, hints that should be displayed in the same monitor as IDA's window could end up showing on another monitor.
  • BUGFIX: UI: when quick filters are used together with common filters, always filter out results which do not match the quick filter
  • BUGFIX: UI: wrong actions could be triggered when using keyboard shortcuts in the "Execute script" window
  • BUGFIX: V850: autoanalysis could enter an endless loop if a function was immediately preceded by a JR instruction
  • BUGFIX: when adding a segment at the start of an existing one, all information from the existing segment was being deleted
  • BUGFIX: When creating a custom viewer from IDAPython, and then quitting IDA, IDA could hang.
  • BUGFIX: When debugging 64-bit applications (through, e.g., windbg), the "Function callers:" window wouldn't properly let users jump to call sites by double-clicking.
  • BUGFIX: when importing union types from the 'local types' to the 'structure view', the union field types were set incorrectly
  • BUGFIX: When saving & then restoring a desktop with more than 1 disassembly view, all views except the first will have a weird margin size.
  • BUGFIX: win32 debugger: page breakpoints with UPX-compressed programs could work incorrectly
  • BUGFIX: win32 debugger: with DEP disabled, execute-only page breakpoints could incorrectly trigger on reads or writes
  • BUGFIX: windbg: fixed interr 30143 that could occur when page breakpoints were used while debugging a multithread application
  • BUGFIX: windbg: if the process exited during an appcall, IDA would crash
  • BUGFIX: windbg: the main thread could be listed twice in the thread list for windbg in kernel mode
  • BUGFIX: xrefs to forced zero offset struct members were not created
  • Fixes published on 2014-01-16:
  • BUGFIX: Added support for bitfields within unions (in real world there are applications using them)
  • BUGFIX: ARM: some functions (e.g. some implementations of __gnu_mcount_nc) could be misdetected as no-returning
  • BUGFIX: Better handling of boundaries in flat renderer view: pressing pageUp/pageDown when window is at beginning/end of disassembly but cursor isn't, will properly move cursor at the right place.
  • BUGFIX: COFF: section addresses could be over-aligned when loading some PowerPC COFF/XCOFF files (e.g. for AIX), leading to incorrect addresses in some cases
  • BUGFIX: Do not print "Error" for forward declarations of types (it confuses some users)
  • BUGFIX: DWARF could fail on some ICCARM-generated files, because of multiple definitions of the same typedef, ending up in the graph at the same time.
  • BUGFIX: DWARF plugin didn't properly handle ICC-style, based-at-start-of-file DW_AT_FORM_ref_addr references.
  • BUGFIX: DWARF plugin was computing bitfield members offsets wrong for MSB architectures.
  • BUGFIX: Enable dragging of nodes in proximity view.
  • BUGFIX: Fixed crashes on some versions of OSX, when creating decompiler view.
  • BUGFIX: fixed a buffer overflow in mach-o loader
  • BUGFIX: Fixed crash in breakpoint list if "Move to group" is called when no breakpoints are selected.
  • BUGFIX: Fixed exporting of breakpoints with complex conditions
  • BUGFIX: Fixed IDA crash on calling "Run to cursor" from popup menu from non-debug desktop
  • BUGFIX: generating DIF file in IDA64 produced bad output
  • BUGFIX: IDA could crash computing the highlight length
  • BUGFIX: IDA could crash when deleting a huge amount of database entries (e.g. executing 'Extract function')
  • BUGFIX: IDA would never show "collapse parents" in proximity view.
  • BUGFIX: IDA wouldn't display, in the 'Use standard symbolic constant', enum values that have bit 31 set to 1.
  • BUGFIX: idaapi.add_hotkey() was broken.
  • BUGFIX: IDAPython, when used as primary expressions evaluator, would be in a bad state after any failed evaluation.
  • BUGFIX: IDAPython: idaapi.get_next_serial_enum_member was broken
  • BUGFIX: IDAPython: strpath_t was not properly exposing its IDs.
  • BUGFIX: it was impossible to attach to 64-bit processes on mac (process list was wrong because sizeof(kinfo_proc) was wrong)
  • BUGFIX: It was impossible to click, or select past the last character in graph view.
  • BUGFIX: MACHO: garbage in Objective-C metadata could crash IDA
  • BUGFIX: MACHO: some local relocations in x64 files were processed incorrectly, and the offsets were displayed as expressions instead of just the destination address
  • BUGFIX: mfc42* related ids files were wrong in ids/win.zip
  • BUGFIX: navigation band could be empty after loading a file in some cases
  • BUGFIX: repeating 'sync type to database' multiple times could spoil the struct definition
  • BUGFIX: Structure offsets in IMUL instruction were not displayed correctly
  • BUGFIX: SuperH: the selected device setting was not used on reopening the database
  • BUGFIX: There was wrong "typedef" keyword in the declaration of forward declarations for undefined types
  • BUGFIX: tinfo_t::get_size() was returning 0 for forward declarations of (yet) undefined types (the correct answer is BADSIZE)
  • BUGFIX: ui/qt: Escape strings in 'Strings window', so they don't span on multiple lines.
  • BUGFIX: ui/qt: In "Local Types" window, "Map to another type..." would always propose an empty chooser.
  • BUGFIX: ui/qt: Navigation through scrollbar was completely broken.
  • BUGFIX: ui/qt: Some actions were becoming unavailable after visiting the "Stack frame" window.
  • BUGFIX: UI: IDA was crashing while trying to show a hint in Structures view if the number of hint lines was set to 0
  • BUGFIX: UI: some actions selected from the context menu's submenus (such as "Use standard symbolic constant") were performed twice
  • BUGFIX: UI: when attaching to a debugger directly after starting IDA (without creating a database first), the navigation bar was not displayed
  • BUGFIX: XA: operands of 'fjmp' and 'fcall' instructions were printed without the segment part, if the destination address was not present in database
  • BUGFIX: XA51: fixed disassembling of JZ/JNZ and some MOV instructions

New in IDA 6.4.130306 (May 31, 2016)

  • Processor Modules:
  • ARM: improve iOS Thumb-2 code analysis (MOVW/MOVT pairs with position-independent code); this improved decompilation of such code.
  • File Formats:
  • DWARF: numerous improvements to handle DWARF info produced by ARM's ADS and RVCT.
  • Bugfixes:
  • BUGFIX: BOCHS: BOCHSRC variable in dbg_bochs.cfg was overwriting the value of BOCHSDBG
  • BUGFIX: BOCHS: VirtualProtect was not working if current extlang was set to Python (typo in bochs/startup.py)
  • BUGFIX: DWARF: IDA could fail on complex types with too many members (i.e., 4095+).
  • BUGFIX: DWARF: accept in-file DWARF information for Mach-O binaries as well.
  • BUGFIX: DWARF: arrays of [arrays of] const volatile types were not properly handled.
  • BUGFIX: DWARF: automatic loading of DWARF companion files for Mach-O binaries.
  • BUGFIX: DWARF: handle smaller memory models (e.g., 4-bytes pointers on 64-bit platforms).
  • BUGFIX: DWARF: plugin would force IDA to quit if the input file could not be read.
  • BUGFIX: DWARF: use proper register numbers for x64.
  • BUGFIX: DWARF: wouldn't properly recognize GCC with GIMPLE frontend
  • BUGFIX: Extracting a function could make IDA run out of memory.
  • BUGFIX: GDB: PPC: IDA could interr when trying to view values of registers r1 or r2 when connecting to target without a database
  • BUGFIX: IDA could interr because of wrong type information in the database instead of silently ignoring it
  • BUGFIX: IDAPython: CommentEx() was always returning None
  • BUGFIX: IDAPython: ph_get_operand_info() was broken
  • BUGFIX: IDAPython: SetBptCndEx() was setting the wrong low-level condition flag.
  • BUGFIX: PC: improper switch detection could destroy valid code in some x64 OS X binaries
  • BUGFIX: PIN: fixed some minor bugs
  • BUGFIX: SDK: askstr_c() with history = HIST_CMD displayed no edit field
  • BUGFIX: SDK: fix building of the PIN module in the SDK tree
  • BUGFIX: srcdbg: IDA could crash when debugging using both the decompiler, and PDB (or DWARF) plugin.
  • BUGFIX: srcdbg: locals/watches would crash IDA on structures with 100+ elements.
  • BUGFIX: srcdbg: when in source-level debugging, union fields were fetched with offsets, as if they were structure offsets.
  • BUGFIX: srcdbg: when multiple source-level debugging providers are in use (e.g., PDB + decompiler), fetch "Locals" items from the last-focused source view.
  • BUGFIX: SuperH: after turning off "Convert Immediate Loads", PC-relative expressions were not anymore converted to addresses
  • BUGFIX: UI: 'copy to clipboard' could prematurely truncate the copied data in some cases
  • BUGFIX: UI: default focus was wrong in some dialogs (e.g. User-defined offset or Rename)
  • BUGFIX: UI: double-clicking a number in the Output window without a database loaded would crash IDA
  • BUGFIX: UI: when dragging windows, show docking anchors in the same instance only
  • BUGFIX: UI: Fix fonts dialog behavior on Linux - in some cases the style selection was not updated when the font target was changed
  • BUGFIX: UI: Fixed crash on Alt+F4 in full screen mode
  • BUGFIX: UI: Horizontally-placed radio buttons did not work in forms
  • BUGFIX: UI: IDA could fail to extend an array even after asking the user to destroy hindering definitions
  • BUGFIX: UI: IDA could hang while saving bytes to a file from a hexview
  • BUGFIX: UI: IDA64 could crash when editing source viewer tab size
  • BUGFIX: UI: In "Script snippets" dialog the current script was always executed as IDC if using Ctrl+Enter to run it
  • BUGFIX: UI: opening Navigation Band color preferences would crash IDA
  • BUGFIX: upon closing a database, regular plugins were unloaded too early, before the ui_saving event was generated
  • BUGFIX: windbg: once set, the "MODE" parameter (user/kernel debugging mode) could not be changed programmatically

New in IDA 6.3 (May 31, 2016)

  • CHANGELIST:
  • Processor Modules:
  • 8051: added register definitions for 8032 variants
  • ARM: added recognition of R7 as the frame pointer in the thumb mode
  • AVR: added I/O port definitions for ATtiny2313 and ATtiny2313a (courtesy of Marcel Kilgus)
  • AVR: print immediate operands as unsigned by default (except for subi/sbci)
  • C166: added Tasking assembler style; added C166-specific SEG/@seg and SOF/@sof operators
  • C166: allow user to skip automatic creation of 64K chunks for binary code
  • CR16: added registers for CR16MCS9
  • H8: Added register definitions for H8S/2215R
  • I960: print memory-mapped register names in lda instructions
  • I960: relax memb operands decoding (apparently some assemblers do not produce completely correct instructions)
  • M16C: new processor module: Renesas (formerly Hitachi) M16C. Support for M16C/60, M16C/20 and M16C/Tiny models.
  • MIPS: added MIPS-MT, MIPS-3D, smartMIPS extensions
  • MIPS: added support for Toshiba TX19A instructions
  • PC: added support for "int 29h" (__fastfail call on win8)
  • PC: handle __alloca_probe_16 and __alloca_probe_8
  • PC: improved analysis of function frames that reuse ebp as a temporary register despite setting it up as a frame pointer
  • PC: improved analysis of function prologs
  • PC: improved recognition of import function thunks
  • PC: improved recognition of some jump tables generated by Mingw compiler
  • PC: recognize function prologs with inlined SEH setup (push offset __except_handler3) and parse SEH tables for them
  • PC: renamed some fields of the CPPEH_RECORD structure to match official names (e.g. "disabled" -> "TryLevel")
  • PC: decode RDRAND instruction
  • PC: improve recognition of SEH4 and GS/EH cookie set up in prologs
  • PPC: added support for device-specific SPRs, DPRs and memory-mapped registers; added definitions for mpc5xx
  • PPC: added support for paired single (Gekko) and VMX128 (Xbox360 Xenon) instructions
  • SuperH: handle switch patterns
  • TMS320C1: new processor module: Texas Instruments TMS320C1x series (contributed by Jeremy Cooper)
  • UNSP: new processor module: SunPlus unSP
  • V850: create stack variables in instructions like "movea N, sp, rX"
  • XA51: Philips XA51 (contributed by Petr Novak)
  • File Formats:
  • CLI: the loader for .NET files is now available in Linux and OS X
  • COFF: added support for ARM COFF modules in AR files produced by Microsoft VC
  • COFF: support TMS320C3x files
  • ELF: mark TLS-specific relocations in x64 .o files
  • ELF: PPC: add support for R_PPC_DTPMOD32, R_PPC_DTPREL32 relocations
  • ELF: support for 4 new ARM relocs (TLS offsets (GOT & non-GOT), thumb32 MOVT, thumb32 MOVW)
  • ELF: X64: properly handle R_X86_64_GOTPCREL
  • EPOC: added support for BYTEPAIR code compression
  • MACHO: added support for ARMv7-specific object relocations (ARM_RELOC_HALF, ARM_RELOC_HALF_SECTDIFF)
  • MACHO: format and comment Mach-O headers
  • MACHO: handle LC_FUNCTION_STARTS load command and create functions for the addresses in the list
  • MACHO: warn the user if the file being loaded is encrypted
  • PDB: improved detection of data versus code symbols
  • PDB: improved handling of unnamed types
  • PDB: improved PDB loading on Linux/OS X to make the results close to those of Windows
  • PDB: support remote fetching of PDB symbols under Linux/OS X for PE drivers (.sys files)
  • PDB: print detailed info about PDB matching attempts with -z10000
  • PE: all sections with the executable flag set are loaded by default regardless of their name
  • PE: handle self-modifying relocation blocks
  • PE: if the PE header was loaded into database, format and comment its fields
  • PE: PECPU_ARMI files sometimes use Thumb-2 instructions, so set the ARM architecture accordingly
  • PE: speed up loading of files with large number of exports
  • Kernel:
  • improved propagation of argument type info
  • avoid repeatedly calling simplex analysis by postponing the stack analysis until the final pass completely analyzes the function
  • FLIRT, TIL & IDS:
  • FLIRT: for new version ARM signatures, set the T segreg (Thumb/ARM mode) according to the matched lib function
  • FLIRT: many improvements in file parsers and sigmake; better resolving of collisions
  • FLIRT: pelf: supply "-f" to create one pattern per function, instead of one pattern per text section.
  • FLIRT: pelf: support 64-bit ELF files
  • FLIRT: pelf: support for R_ARM_XPC25 & R_ARM_THM_XPC22 relocation types.
  • FLIRT: pmacho: support for fat Mach-O archives with AR subfiles in them.
  • FLIRT: sigmake: accept 64-bytes patterns .pat files
  • FLIRT: sigmake: "-r" switch to ignore references to other functions when creating patterns
  • FLIRT: support for 64-bytes signatures in IDA
  • FLIRT: when pattern matching succeeds but xref matching fails, notify the user about functions that were candidates for a certain piece of code.
  • IDS: IDA now can load .idt files from .zip archives
  • vc32rtf.sig: better signature; more leaves, less collisions.
  • updated vcseh.sig; added patterns for _EH_prolog/epilog functions
  • loadint: added comments for I/O ports commonly used in BIOS code: 2E-2F,4E-4F,70-77,92,B2-B3,EB
  • Scripts & SDK:
  • IDAPython: added a configuration option (USE_LOCAL_PYTHON) to python.cfg to enable using a local library with Python modules (under IDADIR/python)
  • IDAPython: added missing IDC functions to idc.py
  • IDAPython: switched precompiled plugin on Windows and Linux to use Python 2.7
  • IDAPython: UI_Hooks class automatically unhooks itself when IDA quits, avoiding a crash otherwise
  • IDAPython: wrap more functions from nalt.hpp
  • IDC: added GetMemberId()
  • SDK: added 'changed_stkpnts' IDB event
  • SDK: added choose3() function to invoke the chooser that benefits from additional callbacks
  • SDK: added create_ea_viewer() and improved jumpto() with an additional argument
  • SDK: added DBG_FLAG_FAKE_MEMORY for debuggers without process memory
  • SDK: added for_all_bpts() function to iterate over breakpoints
  • SDK: added functions for the new tracing functionality
  • SDK: added get_name_of_named_type()
  • SDK: added hexview sample plugin
  • SDK: added processor_t::adjust_libfunc_ea
  • SDK: added qunlink() to remove a file
  • SDK: enabled the 'deprecated function' warning and marked the deprecated sdk functions so that the compiler complains about them
  • SDK: get_loader_name_from_dll(), get_loader_name() retain the file extension for scripted loaders
  • SDK: improved randomness in qtmpnam()
  • SDK: now it is possible to create an explicit code cross-reference to the next instruction (it will not get converted to a flow xref)
  • SDK: QueueSet, replacement for QueueMark, allowing for user-friendly messages.
  • SDK: removed FORM_MDI and added a warning that the next version of IDA won't support plugins with native windows
  • Installer:
  • installer: all debug servers are now collected in the "dbgsrv" subdirectory of IDA
  • User Interface:
  • UI: qt: added full screen mode. The default hotkey is F11 on Windows and Linux and Cmd-Shift-F on OS X.
  • UI: qt: it is now possible to configure the caret blinking interval
  • UI: qt: Numpad keys are treated correctly and don't conflict with normal keys
  • UI: qt: possibility to specify a hotkey for a chooser action
  • UI: for the "Don't display this message again" checkbox, add a comment if it applies only to current session or database (i.e. it's not global)
  • UI: switched to Qt 4.8.1
  • UI: replaced crash handler with Google Breakpad on Linux
  • UI: setting IDA_NOEH=1 disables IDA's crash handler on Linux/OS X (previously worked only on Windows)
  • UI: added "Break on access" to the segments popup menu if the currently selected debugger supports page breakpoints
  • UI: added Edit, Operand types, Set operand type command
  • UI: Do not show the 'copying huge amounts of data, continue?' dialog unless copying takes more than several seconds
  • UI: don't show edit/delete menu items in choosers when nothing is selected
  • UI: print xrefs to structures and members in the structures list (similar to xrefs in disassembly view)
  • Debugger:
  • BOCHS: added support for Bochs 2.5.x
  • BOCHS: warn if detected version is greater than expected
  • BOCHS: PE TLS callbacks with wrong calling convention could mess up the stack and cause a weird exception in bochsys.dll
  • debugger: added support for arbitrary-sized memory breakpoints (implemented using page permissions). First implementation available for Win32 and Linux.
  • debugger: added "warn", "log" and "silent" options for reaction to exceptions
  • debugger: debug traces can now be saved, loaded and compared
  • debugger: experimental source-level debugging feature. Currently available only on Windows and requires PDB files with line number info.
  • debugger: input/output redirection is now specified as part of the argument string, not the input file name
  • debugger: support loading of COFF debug info from PE files (used by Cygwin/MinGW compiler)
  • debugger: unlink, rename, mkdir functions are available in low level breakpoint conditions
  • debugger: Win32: when attaching, show full executable paths in the list and also label 32/64-bit processes if running on a 64-bit OS
  • debugger: WinCE: initial support for WinCE 6.0 debugging
  • debugger: WinCE: new debugger module and server for debugging WinCE devices over TCP/IP; now it's possible to debug WinCE devices from Linux (since ActiveSync is not required)
  • Bugfixes:
  • BUGFIX: 'produce exe' command was inviting the user to overwrite the current idb file
  • BUGFIX: .pdata section of PE files for ARMI architecture was not parsed correctly
  • BUGFIX: added a workaround for integer overlow in 'operator new []' if compiled with GCC
  • BUGFIX: AF2_STKARG option was ignored by the analysis engine
  • BUGFIX: an attempt to create a huge segment that can not be created could corrupt the database in some cases
  • BUGFIX: ARM: more correct frame setup in Thumb mode (local variables were lumped together with saved registers)
  • BUGFIX: automatic database snapshots were not working if no snapshots existed before
  • BUGFIX: C166: I/O registers with addresses above 64K were not handled
  • BUGFIX: C166: memory accesses to I/O registers did not use symbolic names if their address was not present in database
  • BUGFIX: C166: some instructions that used SFR encodings to access GPRs were decoded incorrectly
  • BUGFIX: C166: some invalid DSP instructions were accepted by the disassembler
  • BUGFIX: C166: the C166v2 instructions ENWDT and SBRK were not decoded
  • BUGFIX: calling get_member_name() with a NULL buffer would crash IDA
  • BUGFIX: CLI: array dimensions display was wrong
  • BUGFIX: clicking 'Cancel' while uploading a file was not working
  • BUGFIX: CR16: register pair operands were printed in wrong order
  • BUGFIX: CR16: some CR16B instructions were not decoded
  • BUGFIX: creating an enum for a processor with 32-bit wide bytes would lead to interr
  • BUGFIX: DBG: CodeView NB11 debug information embedded in PE files was not handled properly
  • BUGFIX: DbgByte() and similar functions could not be used in bpt conditions if the debugger backend was WinDbg
  • BUGFIX: debugger could crash if user requested to terminate the process but the process was already dying (occurs very rarely)
  • BUGFIX: debugger: in WinDbg kernel mode, sometimes it was impossible to continue after stopping at a breakpoint
  • BUGFIX: debugger: system properties were not available for the applications launched by IDA's remote debugger server
  • BUGFIX: debugger: the "Analyze module" command could put IDA into infinite loop in some cases
  • BUGFIX: do not allow handling debug events (i.e., calling GetDebuggerEvent) from a breakpoint condition
  • BUGFIX: EBP value reported by the windbg module was not always correct (e.g. at the function entry)
  • BUGFIX: ELF: handle files with bogus sh_info values for REL sections (produced by some versions of GNU gold linker)
  • BUGFIX: ELF: RELA relocs should ignore the original value and use just the addend
  • BUGFIX: ELF: some files from LynxOS could not be loaded
  • BUGFIX: ELF: some MIPS relocations were handled incorrectly
  • BUGFIX: empty strings in collapsed structures were printed incorrectly
  • BUGFIX: for collapsed items IDA was not considering the collapsed line as the most important line; breakpoints were displayed on a wrong line for such items
  • BUGFIX: forms: pressing Enter on a readonly combobox would crash IDA
  • BUGFIX: GDB: after continuing from a signal IDA kept sending the signal when continuing from next events
  • BUGFIX: GDB: debugging of big-endian ARM targets did not work correctly
  • BUGFIX: GDB: fixes for multi-thread debugging (resolves issue with VMWare 8.x multi-processor VMs)
  • BUGFIX: GDB: floating-point registers were displayed as integer ones
  • BUGFIX: H8: addresses of @aa:8 and @aa:16 operands were truncated on output
  • BUGFIX: IDA complained on first saving of database if CREATE_BACKUPS was set to YES
  • BUGFIX: IDA could crash if a function iterator was still alive at the exit time
  • BUGFIX: IDA could crash trying to save desktop if the connection to the remote debugger server was lost
  • BUGFIX: IDA could crash when refreshing an empty process list
  • BUGFIX: IDA could crash when starting debugging with Bochs
  • BUGFIX: IDA could interr when clicking inside text part of hex view in edit mode
  • BUGFIX: IDA was refusing to load relocatable ELF files with non-zero section bases
  • BUGFIX: IDA would crash if CleanupAppcall() was called while no Appcall was in progress
  • BUGFIX: IDAPython: Functions() could miss some functions if the specified range was starting with a function tail chunk
  • BUGFIX: IDAPython: op_t.is_reg() was broken
  • BUGFIX: IDAPython: scripts residing in directories with specific names next to the IDB could be executed automatically during IDA startup
  • BUGFIX: idaw/idal would display "internal error" while trying to show the commandline usage topic (-?,-h switch)
  • BUGFIX: IDC: #include "absolute_path" was not accepted by ida
  • BUGFIX: IDC: GetManyBytes() would interr if called while win32 debugger was active
  • BUGFIX: IDC: proper exception messages were not displayed in some cases (e.g. for breakpoint conditions)
  • BUGFIX: IDC: negation of floating point values was impossible
  • BUGFIX: if some TILs could not be loaded, the local TIL would not be loaded either
  • BUGFIX: in proximity view, some edges between functions may not be added if a function B references function A but function A was already visited before.
  • BUGFIX: instant debugger for OS X was not working
  • BUGFIX: it was impossible to save a temporary database using the menu command
  • BUGFIX: MACHO: fix some ObjC metadata parsing issues
  • BUGFIX: MACHO: relocations of type X86_64_RELOC_BRANCH were not correctly applied in final linked files
  • BUGFIX: MIPS: jalrc instruction was incorrectly marked as not returning
  • BUGFIX: MSP430: jc and jnc instructions were swapped
  • BUGFIX: PC: an interr could happen if code changed during debugging
  • BUGFIX: PC: instructions like 'pop [esp+N]' use the updated value of esp; IDA was not aware of that
  • BUGFIX: PC: it was impossible to assemble 'jmp short' in the presence of non-trivial segment selectors
  • BUGFIX: PDB: dbgeng.dll was freed too early in some cases
  • BUGFIX: PDB: fix "Parse error near: GUID" messages when loading PDBs during debugging
  • BUGFIX: PDB: recursive self-referencing type definitions in PDB files could result in interrs
  • BUGFIX: PDB: some structures involving unnamed unions could not be imported into IDB
  • BUGFIX: qsem_wait() could return too early on linux (because of EINTR)
  • BUGFIX: qt: "Script file..." Menu option was always defaulting to the IDC directory on Linux/OS X
  • BUGFIX: qt: changing the color of a graph node with shadows disabled would crash IDA
  • BUGFIX: qt: enabling accessibility on OSX could cause IDA to crash deep inside Qt
  • BUGFIX: qt: hotkeys set in idagui.cfg for switching between graph, flat and proximity views were ignored under some circumstances
  • BUGFIX: qt: in case of a wrong input in a form field the control didn't get focus
  • BUGFIX: qt: in IDA 6.2 Shift + double click was not selecting the current identifier
  • BUGFIX: qt: it was npt possible to cancel adding children/parents of selected nodes in proximity view
  • BUGFIX: qt: it was not possible to enter expressions in the structure offset dialog
  • BUGFIX: qt: message boxes could show up on the wrong screen in a multi-screen environment
  • BUGFIX: qt: not specifying the initial directory in askfile was resulting in a wrong one
  • BUGFIX: qt: proximity view code for handling shortcuts "+" and "-" was handling also the cases were Ctrl, Alt or Shift keys were pressed
  • BUGFIX: qt: setting the selection of multiple rows in the chooser was not behaving correctly and was also slow
  • BUGFIX: qt: the arrows in disasm views opened by the user were not correctly resized
  • BUGFIX: qt: the default shortcut context for local actions was wrong
  • BUGFIX: qt: the hex view wasn't saving its configuration
  • BUGFIX: qt: the native file dialog on OSX doesn't allow shortcuts such as copy and paste because of a bug in Qt, use the Qt file dialog instead
  • BUGFIX: qt: the waitdialog wasn't refreshing the label without a wasBreak call
  • BUGFIX: SDK: del_segm() was ignoring SEGMOD_SILENT; also pass on the silent flags when deleting or adding additional segments in add_segm_ex
  • BUGFIX: SDK: description of parameters for the 'b' form specifier (combobox) was incorrect
  • BUGFIX: SDK: qsem_create() could fail on OS X with ENAMETOOLONG; now we use MD5 of the name instead
  • BUGFIX: SDK: validate_name() could overwrite its input buffer by one byte
  • BUGFIX: SuperH: wrong cross-references could be created for @(,gbr) operands if delta was greater than 0x7F
  • BUGFIX: the screen was not always refreshed after changing an item color from a script
  • BUGFIX: the screen was not always refreshed after renaming a location from a script
  • BUGFIX: there was no error dialog box if the user entered erroneous declaration while inserting a new local type (however, detailed error messages were still printed in the output window)
  • BUGFIX: TIL: the time_t type was incorrectly defined as 64-bit in "mssdk" and related type libraries
  • BUGFIX: TMS320C3x: 16-bit immediate operands could not be converted to enums
  • BUGFIX: TMS320C3x: it was not possible to use custom offsets for operands with displacement
  • BUGFIX: TMS320C3x: register renaming did not work properly for operands with complex addressing modes
  • BUGFIX: Tricore: floating-point data items were not printed as such
  • BUGFIX: TXT: file timestamps were wrong in the text UI's file browser on Windows
  • BUGFIX: UI: accidentally pressing A in the struct view would spoil the current struct field
  • BUGFIX: UI: expanding collapsed segments did not always work
  • BUGFIX: UI: choosers that display contents from the database (e.g. instructions with comments) could be using wrong encoding
  • BUGFIX: UI: context menu was always shown at the mouse position, even if triggered from keyboard
  • BUGFIX: UI: copying strings with custom encoding (e.g. UTF-16LE) would copy incorrect data to clipboard
  • BUGFIX: UI: crash in hexview if user specified unsigned represention for floating values using keyboard shortcuts
  • BUGFIX: UI: IDA could lock up when calling up the "Structure Offsets" dialog
  • BUGFIX: UI: instruction comments could disappear in the find all occurrences retrieved list
  • BUGFIX: UI: it wasn't possible to effectively change the hotkey for proximity view
  • BUGFIX: UI: numeric keypad keys were not working in hex view's edit mode
  • BUGFIX: UI: plugin comments would not show up in the status bar
  • BUGFIX: UI: setting the default debugger did not work
  • BUGFIX: UI: Shift+Home, Shift+End were working incorrectly in choosers
  • BUGFIX: UI: some actions would print unnecessary "Command failed" in the Output window when cancelled by the user
  • BUGFIX: UI: status bar in choosers was not refreshed after some navigation events
  • BUGFIX: UI: the structure offsets dialog could be displayed even without selection
  • BUGFIX: UI: too many bookmarks could make the context menu unusable
  • BUGFIX: UI: ui_saved event was happening too early, before the database was fully saved
  • BUGFIX: using "Create EXE file" was incorrectly trying to load a DLL if the file was loaded with a scripted loader. Now a proper message is displayed (saving files with scripted loaders is not supported)
  • BUGFIX: when mapping a local type to another, the corresponding IDB structure or enum was not being deleted
  • BUGFIX: windmp: the check for 64-bit data in the dump file was not working properly
  • BUGFIX: wrong input values in the 'load binary file' dialog were silently preventing the user from closing the dialog and continuing; added a warning message

New in IDA 6.2 (May 31, 2016)

  • HIGHLIGHTS:
  • Proximity view
  • PE+ support for Bochs (64-bit PE files)
  • UI shortcut editor
  • UI filters in choosers
  • Database snapshots
  • Automatic new version check
  • Cross-references to structure members
  • ARM and iOS analysis improvements
  • IDAPython 1.5.3
  • Floating licenses
  • CHANGELIST:
  • Processor Modules:
  • 65816: A 65816 CPU module (used in SNES consoles)
  • ARM: better tracking of cross-references in code produced by LLVM compiler (MOVW+MOVT pairs)
  • Dalvik: decode instructions produced by dexopt (odex)
  • HCS12X: implemented extended direct addressing (using DIRECT Direct Page register)
  • PC: improve recognition of x64 switches produced by GCC
  • PC: most assemblers encode mov ds, ax and mov ds, eax differently; handle it in the same way
  • PC: some sparse switches produced by Visual C++ for x64 were not recognized
  • PC: __SEH_prolog and similar functions were not properly handled in debugged modules
  • PC: display "66 90" as "xchg ax, ax"
  • PPC: decode tlbie and tlbiel with an optional immediate operand
  • SuperH: track values loaded into the gbr register
  • Z8: added configuration file for device-specific registers, including the Extended Register File banks
  • Z8: detect the use of different register banks by tracking changes to the register pointer (RP) value
  • File Formats:
  • SMC: added a SNES rom loader
  • ELF: added support for MN10200 and MN10300 (AM33, AM34) files
  • ELF: added support for x64 TLS relocations in object files
  • ELF: ARM: added support for R_ARM_THM_PC8 relocation
  • LOD: added a loader for Motorola DSP56000 .LOD files
  • MACHO: entry point was not set properly for some packed files
  • MACHO: parse Objective-C 2.0 metadata, rename methods, create structures
  • MACHO: support dyld_shared_cache file format
  • MACHO: detect OS X/iOS kernelcache files and split the image into kext subfiles
  • PE: added support for ARMv7 relocations (MOV32T)
  • PE: create segments for gaps between sections when complete file is mapped to memory
  • PE: manually loading PE files will prompt before processing the export directory and the TLS entries
  • PE: overlays can now be loaded in manual mode
  • UImage: added a loader for U-Boot images
  • PDB: support PDBs for ARMv7 files
  • Kernel:
  • Improved display of self-modifying code which changes during debugging
  • Track cross-references to structure members
  • FLIRT & TILS:
  • TIL: tilib: added support the new constructs from VC10 header files
  • TIL: added VC10 TIL file
  • FLIRT: pelf: added R_ARM_THM_PC8 support
  • Scripts & SDK:
  • IDAPython: added add_hotkey and del_hotkey() to associate hotkeys with Python functions
  • IDAPython: added execute_sync() to insert a function call into the UI message queue
  • IDAPython: added execute_ui_requests()
  • IDAPython: added idatuils.ProcessUiActions() to process more than one UI action at a time
  • IDAPython: added IDC array functions in idc.py module
  • IDAPython: added IDC hash functions in idc.py module
  • IDAPython: Added MakeCustomData() (and related MakeCustomDataEx)
  • IDAPython: added ph_get_operand_info()
  • IDAPython: Added Structs() and StructMembers() generator functions
  • IDAPython: added support for multiline text input in the Form class
  • IDAPython: added the assemble callback
  • IDAPython: added timer functions
  • IDAPython: added ui_term/ui_save/ui_saved/ui_get_ea_hint UI notifications
  • IDAPython: added visit_patched_bytes()
  • IDAPython: better error reporting for plugin scripts, loaders and processor modules
  • IDAPython: introduced the '!' (shell command) and '?' (Python help) pseudo commands to the CLI
  • IDAPython: it is now possible to add/register new IDC functions from Python
  • IDC: added GetNsecStamp()
  • IDC: DecodeInstruction() now exposes the canonical feature and mnemonic
  • IDC: it is now possible to catch IDC script interruption (with a try/catch) and resume exection if needed
  • IDC: renimp.idc: added support for PE+
  • SDK: added ALOPT_IGNPRINT option for get_max_ascii_length()
  • SDK: added execute_ui_requests() to execute a list of UI requests asynchronously
  • SDK: added extlang->run_statements() callback
  • SDK: added find_extlang_by_name()
  • SDK: added gen_rand_buf() to generate random data
  • SDK: added get_ascii_contents2()
  • SDK: added LP_USE_SHELL bit to launch_process() to launch commands using a shell
  • SDK: added new breakpoint management functions to work with source and module relative breakpoints
  • SDK: added qcopyfile()
  • SDK: added qfsize() and deprecated efilelength()
  • SDK: added qtime64_t and supporting functions
  • SDK: added read/write_dbg_memory(), set_reg_vals() and get_dbg_memory_info()
  • SDK: added register_addon() to allow registration of plug-ins and other add-ons for the About box
  • SDK: added save_database_ex()
  • SDK: added snapshot management plugin sample
  • SDK: added snapshot manipulation functions
  • SDK: added ui_requests plugin sample
  • SDK: added visit_patched_bytes()
  • SDK: exec requests can now set code = 0 inside their execute method to delegate their destruction to handle_exec_request
  • SDK: exported base64_encode/base64_decode functions
  • SDK: introduced ASKBTN_XXX constants for askyn() and askbuttons() functions
  • SDK: moved debugger related functions to dbg.hpp (get_dbg_byte, etc)
  • SDK: updated the "uunp" plugin to support PE+ when used in manual reconstruction mode
  • SDK: Windbg: added debugger extension interface
  • SDK: removed support for create_flow_chart() and flow_chart_t. Please use qflow_chart_t instead.
  • SDK: UI: added a way to specify and retrieve user data in forms
  • SDK: UI: added the close() method to form actions
  • SDK: UI: added timers API for plugins
  • SDK: UI: qt: added the code viewer control
  • SDK: UI: qt: added the get_attrs callback to embedded choosers
  • User Interface:
  • UI: added the proximity browser view
  • UI: added IDA_NOEH environment variable to disable IDA exception handler on Windows
  • UI: setting IDA_MINIDUMP=NO disables minidump writing on Windows
  • UI: File/IDC command (Shift-F2) has been replaced with File/Script command to execute a statement with a selected extlang
  • UI: Edit/Patch functionality is now enabled by default
  • UI: added "Edit/Patch/Apply patches to input file" functionality to directly save the patches back to the input file
  • UI: added combobox and multi-line edit controls to forms (AskUsingForm())
  • UI: added a menu item "Report a bug or an issue..."
  • UI: added a status bar context menu item for quick access to processor-specific analysis options
  • UI: added an option to automatically check for new versions and request updates for IDA
  • UI: added database snapshots support
  • UI: added the 'select nodes of this color' right click menu command (available in the graph mode)
  • UI: AskUsingForm_c() no longer exits IDA in case of form syntax error. Very useful when building forms dynamically from IDAPython
  • UI: idag.exe and idau.exe are discontinued
  • UI: idaq now uses CHM (HTML Help) under Windows
  • UI: plugins can now be quickly executed using the "Quick plugin run" functionality (Ctrl-3)
  • UI: qt: added the MSG_DELAYED_UPDATE configuration option
  • UI: qt: added the shortcut editor
  • UI: qt: all Ctrl-Ins copy shortcuts were changed to Ctrl-C
  • Debugger:
  • Added the '-I' command line switch to install IDA as a just-in-time debugger
  • debugger: added "event condition" debugger option to allow breaking when a debug event matches a given criteria
  • debugger: huge zero filled arrays are displayed faster in the debugger (do not use the dup construct for them)
  • Bochs: added option to disable Activation context and SearchPath() usage (this allows loading libraries from current directory or search path w/o activating context applied)
  • Bochs: added support for PE+ (64-bit PE files)
  • PDB: handle MIPS16 and ARMv7 files (low bit of the symbol address specifies Thumb/MIPS16 bit)
  • Win32/Linux/Mac debuggers now support I/O redirection
  • Win32 debuggers now have a new window to show the SEH list
  • Windbg: added option to disable debugger auto launch for crash dump files
  • Bugfixes:
  • BUGFIX: 'edit breakpoints' dialog was still wrong in 6.1
  • BUGFIX: 'search for undefined address' (Ctrl-U) was not working correctly in debugger segments
  • BUGFIX: an exception in asynchronious execution request (execute_sync) could crash ida
  • BUGFIX: ARM: instructions combined into macros inside IT blocks could lead to wrong disassembly
  • BUGFIX: armuclinux server was probably broken (it was using a separate thread to listen to debugee events but uclinux seems to have issues with that)
  • BUGFIX: associating .idb extension with idaq was broken
  • BUGFIX: Bochs debugger in disk image mode would display wrong addresses sometimes (caused by optimizer bug in VS2010 compiler)
  • BUGFIX: bochs was not handling sections with vsize==0 properly
  • BUGFIX: bochsrc loader was failing to load the boot sector of the disk images if it was larger than 4GB
  • BUGFIX: choosing a device configuration in some processors could crash IDA on Windows
  • BUGFIX: clicking on the title of a group node could crash IDA
  • BUGFIX: debthread could not handle a hung remote server correctly
  • BUGFIX: debugger: long DNS lookup for the connected peer name could lead to failure of the remote debugging session
  • BUGFIX: demangler option "no return types of functions" had no effect for Borland mangled names
  • BUGFIX: DOS: programs with Borland overlays (FBOV) were loaded incorrectly
  • BUGFIX: EPOC: imports from hal.dll were not renamed
  • BUGFIX: Executing a script that could cause a desktop switch (start or stop debugger) from the recent scripts window would crash IDA
  • BUGFIX: find_binary() was crashing if radix of 0 was passed
  • BUGFIX: find_strmem2() with STRMEM_INDEX was broken
  • BUGFIX: get_next_struc_idx(-1) was not returning -1 as it should
  • BUGFIX: get_type_size() could return >0 value for some illegal types
  • BUGFIX: High 64 bit addresses were not being parsed properly by IDAPython in idaq64
  • BUGFIX: IDA could crash if starting the application the first time failed (e.g. application path was wrong)
  • BUGFIX: IDA could interr when trying to edit an address name in stack view
  • BUGFIX: ida was failing with interr 40419 while rendering some graphs
  • BUGFIX: IDAPython: Calling set_script_timeout() from callbacks may show the script wait box dialog with no possibility to close it
  • BUGFIX: IDAPython: dbg_bpt was called instead of dbg_trace for a DBG_Hooks class implementation
  • BUGFIX: IDAPython: dbg_read|write_memory() and dbg_get_thread_sreg_base() were broken
  • BUGFIX: IDAPython: del_menu_item() was failing to delete menu items inserted in the middle of a menu list
  • BUGFIX: IDAPython: get_blob() was returning a buffer with at most MAXSPECSIZE bytes
  • BUGFIX: idapython: idaapi.get_item_head() was ignored
  • BUGFIX: IDAPython: idc.GetString()/idaapi.get_ascii_contents()/idautils.Strings() were limited to MAXSTR string length
  • BUGFIX: IDC: DelStruc() was behaving as a 'void' function (always returning 0)
  • BUGFIX: IDC: on OS X, macros with 6 or more arguments would cause a syntax error
  • BUGFIX: IDC: rotate_left() was broken
  • BUGFIX: if a function lost some basic blocks (for example, because the user truncated it), its flowchart might be rendered with some empty nodes
  • BUGFIX: if a read or read/write hardware breakpoint and a software breakpoint were defined at the same address, IDA would get confused when such such a breakpoint gets hit
  • BUGFIX: illegal graph group info in the IDB could crash IDA
  • BUGFIX: immediate search could not match the search criteria against defined data items
  • BUGFIX: import libraries for gcc under ms windows were erroneously including _alloca and _main symbols.
  • BUGFIX: in some cases IDA was trying to read memory outside of ranges provided by a debugger module
  • BUGFIX: It was not possible to suspend Bochs if the debuggee was continously calling an API which is emulated by an IDC script
  • BUGFIX: launch_process() was crashing in unix if command line arguments were NULL
  • BUGFIX: linker directives with non-ascii characters in coff files would be displayed incorrectly
  • BUGFIX: location of relative breakpoint was displayed in absolute notation in some cases
  • BUGFIX: multithreaded Android applications could not be debugged on some devices
  • BUGFIX: non-null terminated strings were printed incorrectly for assemblers with ASCIIZ directives (such as AIX PPC assembler)
  • BUGFIX: Opening a crash dump file was failing in some cases
  • BUGFIX: opening a malicious idb could lead to launching of debugger on any file (including files accessible with webdav)
  • BUGFIX: PC: handling of __fastcall calling convention for Delphi was wrong
  • BUGFIX: PC: mov to/from CRn/DRn ignore the mod field and always treat operands as registers (thanks to Ange Albertini)
  • BUGFIX: PC: type information from .til files was not used for __fascall APIs (e.g. KfAcquireSpinLock)
  • BUGFIX: PPC: dccci instruction with non-zero operands was decoded incorrectly
  • BUGFIX: PDB: loading symbols for a module in memory (during debugging) could fail
  • BUGFIX: PDB: old way of retreiving symbols (via dbghelp.dll) did not work for 64-bit modules loaded above 4GB
  • BUGFIX: PDB: the "Load debug symbols" command was trying to use local files even when debugging remotely
  • BUGFIX: PE loader could not properly handle relocations of type IMAGE_REL_BASED_DIR64
  • BUGFIX: PE: files with exceedingly big relocation table size could not be loaded
  • BUGFIX: PE: MIPS16 and ARMv7 exports and .pdata entries were not handled correctly
  • BUGFIX: PE: some files with bogus/huge ImageSize could not be loaded (thanks to Ange Albertini)
  • BUGFIX: qrealloc() was freeing the original pointer if allocation failed
  • BUGFIX: qsem_create() was ignoring the initial value in mac
  • BUGFIX: qt: askfile_c() was returning paths with forward slashes (/) on Windows; this broke some old plugins
  • BUGFIX: qt: custom graphs were sometimes displaying some additional misplaced context-menu items
  • BUGFIX: qt: forms with no dialog buttons (yes, no, cancel) would cause a crash
  • BUGFIX: qt: jump buttons in the CPU Registers window were not working correctly on OSX
  • BUGFIX: Qt: On OS X, shortcuts not defined inside idagui.cfg could contain the wrong modifier
  • BUGFIX: qt: rendering on mac had problems because of a bug in the Carbon API
  • BUGFIX: qt: some actions were not disabled in the stack frame view
  • BUGFIX: qt: the jump xref action was missing in the stack frame view
  • BUGFIX: qt: the strings sub-menu was missing letter shortcuts
  • BUGFIX: qthread_kill() was freeing qthread_t in Windows; it should not
  • BUGFIX: running ida with -z10000 could lead to deadlocks or crashes (for win32/linux/mac debugger modules)
  • BUGFIX: SDK: askfile_c() default answer was not populated properly if it contained an absolute file path
  • BUGFIX: SDK: qfilesize() now returns 0 if file is too large or does not exist (use get_qerrno() to tell between the two).
  • BUGFIX: second failed attempt to launch the debugger would lead to interr
  • BUGFIX: some edges of the graph would be rendered incorrectly after deleting an uncollapsed group (only if the graph contained more than one group)
  • BUGFIX: text version of ida could hang while executing a script that handles numerous debug events
  • BUGFIX: the form change callback of AskUsingForm() may be called recursively (leading to a crash) when using fa.set_field_value()
  • BUGFIX: the function flowchart with custom layout and collapsed groups could be refreshed incorrectly in some cases
  • BUGFIX: UI: "set segment register value dialog" was still using segment selectors even if the processor module had PR_SGROTHER flag set
  • BUGFIX: UI: it was not possible to set a structure member's type to Float from the menus
  • BUGFIX: UI: refreshing the graph was not resetting all the variables, some were still pointing to old nodes
  • BUGFIX: UI: text version was crashing when calling up "Processor-specific options"
  • BUGFIX: UI: the "Analysis enabled" checkbox in the load file dialog did not work as expected for non-x86 files
  • BUGFIX: UI: the notepad text could exceed the maximum size and overwrite other blob indexes
  • BUGFIX: under Windows, IDA still loaded a plugin even if it was renamed to e.g. plugin.plw1 (because the short name extension was still .plw)
  • BUGFIX: Windbg 64bit was always proposing to run the dbgsrv even for 32bit apps
  • BUGFIX: Windbg debugger in kernel mode would show one big segment called MEMORY in some cases
  • BUGFIX: windbg debugger plugin was ignoring the DBGTOOLS value in ida.cfg
  • BUGFIX: Windbg plugin was not able to restore absolute breakpoints on the process start if the memory was not already mapped
  • BUGFIX: Windbg plugin was not working properly in kernel debugging with reconnect mode
  • BUGFIX: Windbg: re-attaching to the kernel debugger may in some cases yield an empty module list (in the modules list window)
  • BUGFIX: Windows plugins that used create_flow_chart() function (e.g. Color Loops) were crashing IDA 6.1.
  • BUGFIX: IDAPython: calling reserve() on a movable type regvals_t was crashing due to regval_t.clear() with grabage values

New in IDA 6.1 (May 31, 2016)

  • HIGHLIGHTS:
  • Support for Android
  • 64-bit support for Bochs/GDB debuggers
  • String encodings
  • Low level conditional breakpoints
  • Multithreaded debugger
  • Power PC improvements
  • Wingraph is back!
  • SPU
  • CHANGELIST:
  • Processor Modules:
  • DALVIK: new processor module (Android Dalvik VM)
  • SPU: new processor module (Cell Broadband Engine Synergistic Processor Unit); contributed by Felix Domke
  • ARM: turned on BL-as-jump analysis for ARM code. Before it was enabled only for Thumb code
  • AVR: added XMega instructions DES, LAC, LAS, LAT, XCH
  • AVR: decode eijmp and eicall instructions
  • C166: allow double-word and floating-point items in the disassembly
  • EBC: discover and comment function thunks
  • EBC: implemented instruction auto comments
  • EBC: made disassembly syntax closer to the one used in UEFI specification
  • EBC: trace stack pointer and create stack variables
  • MIPS: added support for Cavium Networks (Octeon) instructions
  • MIPS: added support for MIPS64r2 instructions (doubleword bit manipulation)
  • MIPS: added support for Sony PSP (Allegrex) instructions
  • MIPS: added type system support (parameter identification and tracking)
  • MSP430: added support for MSP430X (20-bit) instructions
  • MSP430: resolve PC-relative (aka symbolic) addresses
  • PC: recognize prologs of VB6 applications (substantially speeds up analysis in some cases)
  • PC: show Intel conditional branch hints (prefixes 2E/3E)
  • PC: disassemble retn/retf opcodes with operand size override
  • PC: disassemble undocumented bswap ax instruction
  • PIC: automatically track changes to the PA0 status bit (bank selector) for 12-bit PIC processors
  • PIC: track values of BANK and PCLATH registers through the code flow - this improves disassembly of code that resides in multiple banks
  • PPC: added support for AltiVec instructions (including Cell BE extensions)
  • PPC: added support for VLE (Variable Length Encoding) instructions
  • PPC: it is now possible to specify a fixed base for the r13 register (small data area, often used in embedded PPC processors) and automatically convert all references to it
  • PPC: recognize switches used in 64-bit code with 32-bit addressing
  • PPC: updated GNU register names to reflect current conventions
  • SuperH: added option to disable immediates substitution (pre-6.0 behavior)
  • SuperH: it is now possible to use zero-offset structure fields in indirect register operands
  • File Formats:
  • DEX: new loader for Dalvik Executable files
  • COFF: added support for TI MSP430 files
  • COFF: handle Xbox 360 files (PPCBE). Also small improvements for ARM and MIPS files
  • DOS: added support of loading of CodeView debug info for DOS .exe files
  • ELF: added support for Cell SPU files (no relocations supported yet)
  • ELF: added support for PPC64 relocations
  • ELF: added support for R_*_IRELATIVE relocations
  • ELF: Android prelinked files are detected and loaded at the correct address
  • ELF: handle files produced by Tasking C166/ST10 compiler
  • ELF: if data at entry point is not present in the section list, use program headers to load the missing code.
  • ELF: implemented some workarounds to load Cisco IOS files
  • ELF: PPC: handle files with VLE code sections and mark them as such
  • ELF: PPC: handle VLE relocations
  • ELF: support PSP PRX files
  • NE: support self-loading NE files
  • PE: added support for ARMv7 files
  • Kernel:
  • added support for arbitrarily big types in the type parser
  • added support for custom data formats inside structures
  • improved PIT (parameter identification and tracking) to better handle compex functions
  • improved the speed of rebasing the program
  • IDS: added ceddk.ids for Windows CE
  • FLIRT & TILS:
  • FLIRT: added autodetection of the programs written in the D language
  • FLIRT: added Digital Mars FLIRT signatures
  • FLIRT: added FLIRT signatures for the Intel Compose XE 2011 ICL compiler
  • FLIRT: pcf: handle ARMv7 COFF files
  • FLIRT: pcf: handle PowerPC BE (Xbox 360) COFF files
  • FLIRT: pelf: i386 TLS related relocations require special handing because the linker modifies instructions
  • FLIRT: pelf: added support for SuperH files
  • prepared new mssdk til files based on the Windows SDK 7.0a
  • Scripts & SDK:
  • IDAPython: added PluginForm class which adds the possibility to extend the UI with PyQt or PySide
  • IDAPython: Python statement execution and script timeout are configurable
  • IDAPython: added AskUsingForm() with embedded choosers support
  • IDAPython: added idautils.DecodePreviousInstruction() / DecodePrecedingInstruction()
  • IDAPython: added idc.BeginTypeUpdating() / EndTypeUpdating() for fast batch type update operations
  • IDAPython: added more IDP callbacks
  • IDAPython: added UI_Hooks with a few notification events
  • IDAPython: added process_ui_action()
  • IDAPython: better handling of ea_t in 32/64bit
  • IDAPython: Added netnode.index() method
  • IDC: added DbgRead/DbgWrite functions to access the debuggee memory directly
  • IDC: added highlevel breakpoint management class
  • IDC: added get_nsec_stamp()
  • IDC: added SetBptCndEx(), unlink(), rename(), mkdir() functions
  • IDC: added ProcessUiAction()
  • IDC: added sp register change points functions
  • SDK: added begin_type_updating() / end_type_updating() functions to allow faster updates to the types
  • SDK: added get_strmem2()
  • SDK: added support for asynchronious execute_sync() calls (MFF_NOWAIT)
  • SDK: added system-independent functions to work with pipes
  • SDK: added process_ui_command()
  • SDK: IDC engine is thread safe. However, multiple threads should not access/modify the same IDC variables, this is not supported
  • SDK: implemented choosers embeddable in forms
  • SDK: introduced get_full_data_elsize(), useful for wide-byte processors
  • SDK: introduced qisspace and similar functions to avoid problems with signed chars
  • SDK: introduced thread-local functions to handle error codes (set_qerrno/get_qerrno)
  • SDK: renamed init_process() to launch_process()
  • SDK: trim() removes all whitespace at the string end (before it was removing only spaces and tabs)
  • User Interface:
  • wingraph for Qt, kindly shared by Chris Eagle
  • graph: respect the selection priority when displaying nodes and clicking on them
  • added "New instance" menu entry
  • added "Produce header file from local types" menu entry
  • added 'Unsort' command in choosers
  • added Select All/Deselect All context menu items to the structure offset dialog
  • allow to open any file by drag&dropping on IDA icon (previously only .idb files could be opened this way)
  • allow multiple selection in the recent scripts window
  • enabled multi-selection in the Strings List
  • improved 'rename register' dialog box
  • improved the rebase dialog
  • it is now possible to set a string's encoding from "Setup ASCII types" dialog (Alt-A)
  • pressing Ctrl+K will always jump to the stack variable under the cursor (even if stack window is already open)
  • qt: implemented functions to load/free custom icons to be used in contexts like the chooser
  • qt: improved scroll speed
  • qt: improved the windows list dialog (Ctrl-Tab)
  • qt: improved wait dialog speed
  • txt: implemented the Load Binary dialog
  • gui: this is the last release of VCL based idag.exe
  • Debugger:
  • added support for server-side low-level breakpoint conditions. Such conditions are evaluated on the remote computer, without causing any network traffic
  • added support for Android debugger target (native ARM only)
  • Bochs: added debugging support for 64bit code snippets
  • Bochs: path to Bochs can now only be specified through IDA.CFG or PATH environment variable
  • GDB: added support for debugging x64 code
  • GDB: enabled "Run external program" option for Linux and OS X
  • GDB: handle read/write memory breakpoints if the stub supports them (e.g. VMWare)
  • GDB: improved debugging of MIPS16 code
  • Windbg: added support for the 'reconnect' option
  • Windbg: the debugging tools path can now only be specified through IDA.CFG or PATH environment variable
  • Bugfixes:
  • all bugfixes since the initial release of IDA 6.0:
  • BUGFIX: 'open file' dialog in idal was not sorting directories to the end of the list
  • BUGFIX: "copy structure" and "create structure from data" commands should copy the type information
  • BUGFIX: "Produce HTML file" functionality was susceptible to Javascript injection vulnerability
  • BUGFIX: .NET: opcode "constrained." was decoded incorrectly
  • BUGFIX: a variable name was accepted and ignored in "enum : int mystupidvarname"
  • BUGFIX: Adding an enum or struct from an already parsed typeinfo that does not correspond to an enum or struct would cause IDA to crash
  • BUGFIX: AIF: a specially crafted file could trigger arbitrary code execution
  • BUGFIX: appcall was failing on high addresses
  • BUGFIX: arm debuggers could lose control after stepping over pop {pc} insn (the target address was calculated incorrectly)
  • BUGFIX: ARM: ARM processor module was ignoring the "Mark typical code sequences as code" autonalysis setting
  • BUGFIX: ARM: in rare cases, bogus data interpreted as code could crash IDA with a stack overflow
  • BUGFIX: ARM: TBB/THB switch constructs were marked up incorrectly, leading to incorrect decompilation in Hex-Rays
  • BUGFIX: Bochs debugger plugin was hanging if bochsdbg was terminated due to a crash or VM OS shutdown
  • BUGFIX: Bochs debugger run menu item was not present in the list when no database is opened
  • BUGFIX: change_storage_type() was creating sparse flags very inefficiently in some cases
  • BUGFIX: coff/psx/geos loaders had an integer overflow bug in memory allocation
  • BUGFIX: COFF: a specially crafted file could trigger a heap overflow
  • BUGFIX: COFF: relocation REL_ARM_SECREL was not handled
  • BUGFIX: convert_codepage() was prone to buffer overflow exploits
  • BUGFIX: debugger / stack view address size was incorrect when debugging without an initial database
  • BUGFIX: debugger options were not restored if the database had no segments
  • BUGFIX: demangler: for Borland names do not unmangle procedure/template name when it contains >= 36 arguments
  • BUGFIX: EBC: indirect register operands without index were disassembled incorrectly
  • BUGFIX: ELF: import list for ELF files was attaching one of the linked .so files to all imports. Since ELF imports use global namespace, don't attach a library name to them.
  • BUGFIX: ELF: some SuperH files marked as "sh2a-or-sh3" were loaded incorrectly
  • BUGFIX: ELF: symbols were not loaded from some ELF files with non-standard section names
  • BUGFIX: enums with custom size were printed incorrectly and thus their names were lost after editing in "Local Types" list
  • BUGFIX: EPOC: a specially crafted file could cause a heap overflow
  • BUGFIX: Executing a script with File/Script file could add a wrong file name to the recent scripts list in some cases
  • BUGFIX: exiting IDA at the very start of debugging would lead to an internal error
  • BUGFIX: EXPLOAD: a specially crafted file could trigger a heap overflow
  • BUGFIX: fixed a longstanding 'nrect(..)' internal error that was occurring in rare cases
  • BUGFIX: fixed a very rare btree error (there was no logic to handle a double page overflow during a key deletion; only single page overflows were handled)
  • BUGFIX: fixed DLL hijacking exploit for windmp, windbg and pdb plugins
  • BUGFIX: Fixed multiple execution of the same sync request for blocking operations like launching modal dialog as the chooser.
  • BUGFIX: fixed occasional crash when opening the breakpoint list
  • BUGFIX: GDB: for big-endian ARM targets, PSR register value was sent in wrong byte order
  • BUGFIX: get_flags_novalue() could fail in some rare circumstances (when the debugger is running and a previously defined memory area disappears it could return garbage)
  • BUGFIX: header() callback was not working in scripted processor modules
  • BUGFIX: HEX files for wide-byte processors (e.g. AVR) were loaded at a wrong address if a start address record was present
  • BUGFIX: hardware breakpoints were not deleted correctly on OSX
  • BUGFIX: hppa: delay slots were calculated wrongly while applying type information to function calls
  • BUGFIX: IDA could interr when parsing a C header with the same type name as in a loaded standard type library.
  • BUGFIX: IDA would crash on Mac / Linux when exiting after the user has attached to a process without an initial database
  • BUGFIX: IDA could fail to detect some address space overflows (when too many big segments were created)
  • BUGFIX: idag -S switch was not working properly for file names with spaces
  • BUGFIX: IDC: open_loader_input() would leak linput_t handles
  • BUGFIX: IDC: SetSegmentAttr() could crash if passed wrong segment address
  • BUGFIX: implemented the "CLOSED_BY_ESC" configuration parameter for idaq
  • BUGFIX: in some cases, trying to focus the recent scripts window with Alt-F9 after having added a new script may not work properly unless the window is closed and reopened
  • BUGFIX: in some cases, when the cursor was on a structure member, IDA was proposing to rename the whole structure instead of the member
  • BUGFIX: integer overflow was possible in qcalloc()
  • BUGFIX: get_chooser_object() was broken in the text UI
  • BUGFIX: it was impossible to launch idaq64 with command line arguments on OS X
  • BUGFIX: it was impossible to remotely debug 32-bit programs from IDA64
  • BUGFIX: it was not possible to rename stack variables from the listing at the start of the function in PowerPC files
  • BUGFIX: it was possible to rename a register to a name with a space
  • BUGFIX: it was possible to specify malicious plugins to be autorun at the database opening time; introduced an option to enable/disable autorun plugins and set it to 'off' by default
  • BUGFIX: kernel: on big-endian processors, float values in collapsed (terse) structures were displayed wrong
  • BUGFIX: OS X debugger could fail if a hardware breakpoint and software breakpoint occurred at the same address simultaneously
  • BUGFIX: Mach-O: buffer overflow when loading Mach-O files with corrupted export information
  • BUGFIX: Mach-O: some corrupted files could cause IDA to crash with out-of-memory exception
  • BUGFIX: MSP430: sub and subc instructions were swapped
  • BUGFIX: on very rare occasions the graph overview window would process a paint event after having closed a file and access invalid memory
  • BUGFIX: opcode bytes were not always printed along with the insruction for TMS320C6
  • BUGFIX: PatchByte() and similar functions were not refreshing the disassembly view
  • BUGFIX: PC: pushfq and some other 64-bit stack operating instructions were not handled during stack pointer tracing
  • BUGFIX: PC: some memory references were displayed incorrectly in TASM Ideal mode (for example: [name[eax*4], note the second bracket)
  • BUGFIX: PC: some switch constructs were marked up incorrectly by IDA leading to wrong decompilation in Hex-Rays
  • BUGFIX: PC: the wait instruction could be printed with erroneous prefix byte which belonged to the following non-FPU instruction
  • BUGFIX: PDB plugin would crash on certain input files
  • BUGFIX: PEF: a specially crafted file could trigger heap overflow
  • BUGFIX: PPC: immediate operands for some binary instructions (ori, xori, etc.) were incorrectly displayed as signed values
  • BUGFIX: pressing Esc in a form with Yes/No/Cancel buttons would return 0 (must return -1)
  • BUGFIX: qt: added graphs toolbar and implemented prev/next toolbar menu
  • BUGFIX: qt: adding items to the top-level Edit/Jump/Search menus of enum and struct views would fail
  • BUGFIX: qt: adding menu items to the Edit menu could fail if it was invisible
  • BUGFIX: qt: after executing custom menu items from the menu by keyboard on Windows the current focus might be lost
  • BUGFIX: qt: breakpoint dialog was missing the "Refresh debugger memory" option
  • BUGFIX: qt: call the sizer() callback in the chooser only for refresh events
  • BUGFIX: qt: calling msg() from chooser's sizer() and getl() callbacks would crash idaq
  • BUGFIX: qt: correctly associate the idb extension on Windows
  • BUGFIX: qt: correctly restore arrows width in disassembly when loading a saved database
  • BUGFIX: qt: correctly restore focus on Windows after having executed an action in the menu (make sure the focus doesn't remain on the menu)
  • BUGFIX: qt: correctly restore focus with floating docks under Linux
  • BUGFIX: qt: correctly restore row selection in a sorted list in a chooser after an edit action
  • BUGFIX: qt: correctly update navigation history when clicking on an edge in graph mode
  • BUGFIX: qt: could crash when calling Exit() or idaapi.qexit() from scripts
  • BUGFIX: qt: could sometimes crash when renaming structure members from the disassembly
  • BUGFIX: qt: couldn't close dock tabs with the middle mouse button
  • BUGFIX: qt: debug actions were not updated when an instant debugging session ended
  • BUGFIX: qt: docking the graph overview in a tab view would lead to problems
  • BUGFIX: qt: don't ask twice in the Save File dialog to overwrite an existing file
  • BUGFIX: qt: don't show the Sync submenu in a stackview.
  • BUGFIX: qt: fixed -t command line switch behavior
  • BUGFIX: qt: fixed a problem with the shortcut system on mac
  • BUGFIX: qt: fixed case insensitive completer for input fields in forms.
  • BUGFIX: qt: fixed incremental search in choosers
  • BUGFIX: qt: fixed some minor graph rendering glitches
  • BUGFIX: qt: fixed specific group box frame drawing issue in forms
  • BUGFIX: qt: fixed the not working Follow in Dump command in the hex editor
  • BUGFIX: qt: fixed the setting of the initial focus in forms
  • BUGFIX: qt: fixed wait dialog problems on Linux
  • BUGFIX: qt: fixed wrong behavior of the numpad Enter
  • BUGFIX: qt: implemented alternative key to Ins on OS X
  • BUGFIX: qt: implemented blinking arrows in graph view when debugging
  • BUGFIX: qt: implemented HELP/ENDHELP in custom forms
  • BUGFIX: qt: implemented external help support for Windows
  • BUGFIX: qt: implemented FORM_PERSIST flag in open_tform
  • BUGFIX: qt: implemented auto-indentation in comment/script dialog
  • BUGFIX: qt: implemented set_dock_pos()
  • BUGFIX: qt: improved quality of graph rendering in zoom mode
  • BUGFIX: qt: improved shortcuts behavior on OS X
  • BUGFIX: qt: input fields in forms were not generating change events
  • BUGFIX: qt: it was not possible to open Struct window if a function stack window was open before
  • BUGFIX: qt: it was not possible to overwrite menu label shortcuts with user created shortcuts
  • BUGFIX: qt: mac: fixed minor glitch in drawing the cursor
  • BUGFIX: qt: make sure that after closing an idb all actions are refreshed.
  • BUGFIX: qt: message box shortcuts now work without pressing Alt
  • BUGFIX: qt: Produce HTML file was using wrong font
  • BUGFIX: qt: remember the position of the cursor in the struct view when saving database
  • BUGFIX: qt: reset desktop was not working properly sometimes on mac
  • BUGFIX: qt: restore focus after a dock drag operation
  • BUGFIX: qt: select current thread in debug mode
  • BUGFIX: qt: set_custom_viewer_popup and add_custom_viewer_popup work now even on non-TCustomViewer IDA memos
  • BUGFIX: qt: set_focused_field in forms would fail at initialization time
  • BUGFIX: qt: shortcuts for custom data types were not set correctly
  • BUGFIX: qt: show lock status on the Highlight toolbar button
  • BUGFIX: qt: show text cursor in the output window
  • BUGFIX: qt: some entries of the quick open dialog may fail because of wrong context
  • BUGFIX: qt: the '.' shortcut now activates the command line when the current focus is in the output window already
  • BUGFIX: qt: the Cancel button in forms was not returning -1
  • BUGFIX: qt: the chooser now accepts Home and End even from the numpad and acts the same when Ctrl is pressed. Also, the fast search is cleared when pressing these keys
  • BUGFIX: qt: the Del shortcut in the watchlist was not always working
  • BUGFIX: qt: the jump to neighbor node shortcuts were working only on mac
  • BUGFIX: qt: the main window would not show when starting to debug from the command line
  • BUGFIX: qt: UI would hang if typing a non-matching letter at the last item of a chooser
  • BUGFIX: qt: was eating too much cpu time when idle
  • BUGFIX: qt: was not using system locale to convert text data, so localized comments, file paths, etc. were not displayed properly
  • BUGFIX: qt: would hang if trying to incrementally search for an item in a chooser without having a selection first
  • BUGFIX: qt: would not revert to default stack variable name if the name was cleared
  • BUGFIX: text: chooser was leaking memory on destruction
  • BUGFIX: right click menu was not listing structures with unions and unions as creatable variable types
  • BUGFIX: rebase_program() was not updating the xref cache, so cross-references could be wrong immediately after rebasing
  • BUGFIX: Recent scripts window displays blank script file names if no database was open
  • BUGFIX: result of custom_ana notification was not handled properly, breaking some processor extension plugins.
  • BUGFIX: IDC: Qword() was not returning 64bit values in IDA32
  • BUGFIX: SBN: a specially crafted input file could lead to buffer overflow
  • BUGFIX: SDK: get_default_reftype() was not working correctly for processors with wide bytes
  • BUGFIX: The IDC engine was failing on __get/setattr__ functions for IDC objects if those functions were registered from the SDK via set_idc_getattr()/set_idc_setattr()
  • BUGFIX: SDK: launch_process(formerly init_process) function did not handle properly quoted command-line arguments on Linux and OS X
  • BUGFIX: SDK: OutMnem() did not work properly for values of 'width' different from default
  • BUGFIX: set_auto_plugins() was allowing arbitrary plugin path (including UNC) thus leading to malicious code execution
  • BUGFIX: shortcuts for custom graph actions were not working
  • BUGFIX: some win32 OEM keys were incorrectly converted to qt codes
  • BUGFIX: SPARC: R_SPARC_JMP_SLOT relocation was not processed properly in 64-bit files
  • BUGFIX: SPARC: some WR instructions were decoded incorrectly in V8 mode
  • BUGFIX: stack view was always using 64-bit addressing in IDA64, even for 32-bit programs
  • BUGFIX: Symbian debugger was not clearing the old process list before retrieving a new one.
  • BUGFIX: text version: in the 'create array' dialog box, it was impossible to switch back from binary indexes to any other number base
  • BUGFIX: The "OK" button in the Choose Structure window was not being enabled when a struct is selected for the first time
  • BUGFIX: The debugger popup menu to open a register class window was not working
  • BUGFIX: type parser: type definitions without the terminating ; were silently ignored at the end of the input file (or line)
  • BUGFIX: ui: a byte with value 0xFF was not printed as a character, even if it was in the AsciiStringChars list.
  • BUGFIX: ui: avoid duplicate upper/lower-case history entries on Windows
  • BUGFIX: ui: binary search was searching for wrong pattern if a too long number was entered
  • BUGFIX: ui: buffer overflow could happen when trying to display a very long string
  • BUGFIX: ui: Calculator (Shift-/ key) was picking up wrong value from disassembly on OSX and Linux
  • BUGFIX: ui: fill the Edit->Plugins menu with PLUGIN_FIX plugins when no IDB is open
  • BUGFIX: ui: IDA could hang while trying to display a hint in some rare situations
  • BUGFIX: ui: IDA could lock up for some time while trying to display a hint.
  • BUGFIX: ui: in the 'User Offset' dialog, set initial focus to the 'Base address' field
  • BUGFIX: ui: the cross reference list would show empty if already open for the same target
  • BUGFIX: unix: unicode strings were not handled correctly for some locales
  • BUGFIX: while undecorating names try to preserve the suffix after '@'. remove it only in some special cases
  • BUGFIX: Windbg debugging mode option was not saved in instant debugging mode
  • BUGFIX: zero values were always represented as "0" in terse structure representations, even if they should be replaced by offsets or enums or something else

New in IDA 6.0 (May 31, 2016)

  • Processor Modules:
  • 6812: support an alternative memory layout for paged segments which allows to use short offsets inside the segment
  • ARM: added a switch pattern that uses BX to jump to case labels
  • ARM: display the optional operand of the MRC/MCR instructions, as preferred by the ARM documentation
  • ARM: support another variation of GCC Thumb-2 switches
  • PPC: added SPE (Signal Processing Engine) instructions, including floating-point and vector FP
  • PPC: trace stack pointer for 64-bit code
  • SuperH: added SH-4a instructions
  • SuperH: display immediates loaded from literal pool in the instruction itself
  • SuperH: trace stack pointer and create stack variables
  • TMS320C54x: added register definitions for TI Calypso chipset (thanks to Sylvain Munaut)
  • TMS320C54x: better handling of multi-section files (thanks to Sylvain Munaut)
  • TMS320C54x: better handling of multi-section files (thanks to Sylvain Munaut)
  • File Formats:
  • Added loader for HP-UX core files (non-ELF), provided by Avi Cohen Stuart
  • ELF: added support for more IA64 relocations
  • LE: added support for bound DOS/4G executables
  • Kernel:
  • kernel: improved database loading and saving times (new crc32 algorithm)
  • Configurable plugins can specify which platform they can operate on in plugins.cfg
  • demangler: demangle GCC local names (_ZLxxx)
  • FLIRT: added parser for Mach-O object files (pmacho)
  • 'volatile' keyword is automatically removed from function return types
  • Scripts & SDK:
  • IDAPython: added auto completion support
  • IDC: added ItemHead()
  • IDC: added Exec() to execute IDC statement(s)
  • SDK: added idb events for segment name/class modifications
  • SDK: get_many_bytes_ex() to retrieve bytes and information about initialized and unitialized bytes from the database
  • User Interface:
  • it is now possible to jump to a structure cross-reference (default hotkey: Ctrl-X in the structures window)
  • Added "Save to file" to save the trace window contents
  • added a checkbox for sparse segments to the 'create segment' dialog box
  • multiple segments can be selected and moved using the segments window
  • Debugger:
  • debugger: added support for virtual modules (user-defined modules can be added from api)
  • debugger: non-integer register values can be displayed as hints
  • Bugfixes:
  • BUGFIX: 'analyze module' was failing on modules with unknown size; now it tries to estimate it
  • BUGFIX: -B switch fails to generate ASM files if idb path contains the '.' character
  • BUGFIX: a structure with pointers to functions with non-empty argument names was incorrectly converted to a local type
  • BUGFIX: adding a segment could erroneously delete a selector (if the start address of the new segment was equal to the start address of an existing segment and the selector was used only by that segment and the selector of the new segment was equal to the selector of the existing segment)
  • BUGFIX: after attaching to a linux process the names of the main process module were not available
  • BUGFIX: arm relative-mode elf files were loaded incorrectly (thumb was not used when required)
  • BUGFIX: ARM: LDMFD SP (no writeback) was incorrectly decoded as POP in Thumb-2 mode
  • BUGFIX: binary search could return a result outside of the search region
  • BUGFIX: Bochs could crash in some cases when setting a bp at data locations
  • BUGFIX: bochs direct commands were not working under linux
  • BUGFIX: calc_bare_name() could not handle gcc mangled names with '.' prefix
  • BUGFIX: command line arguments with backslashes were parsed incorrectly under MS Windows: backslashes were escaped even without quotes
  • BUGFIX: dummy_name_ea() was failing for dword_xxx dummy names
  • BUGFIX: GDB debugger: resolved incompatibility with VMWare 7.x GDB stub
  • BUGFIX: global idc variables of object type would crash ida if they were present at the exit time; now we get rid of them when we close the database
  • BUGFIX: GUI: chooser window may be improperly resized if moved from a low resolution screen to a higher resolution screen
  • BUGFIX: IDA could crash if an unsuccessful search backwards was done while the debugger was active
  • BUGFIX: IDA could crash when trying to display custom data items bigger than 16 bytes in size on big-endian processors
  • BUGFIX: IDA could endlessly loop on some x86 files
  • BUGFIX: if a search was performed within a selected text, the screen was not redrawn correctly
  • BUGFIX: if full stack analysis was turned off and a pdb file was loaded at the idb creation time, the decompiler would interr
  • BUGFIX: it was not possible to create 64-bit segments from UI for PowerPC
  • BUGFIX: kernel: user-defined offsets with non-zero bases were not adjusted properly during rebasing
  • BUGFIX: linux debugger was processing 'detach from process' command not quite correctly
  • BUGFIX: MIPS: basic block boundaries were determined incorrectly for MIPS16 code (MIPS16 branches do not have a delay slot)
  • BUGFIX: modal recent script box would crash if no script was selected
  • BUGFIX: moving the vertical scrollbar thumb in the disassembly listing was not handled correctly for 64-bit programs
  • BUGFIX: MS DOS: rebasing EXE files was not properly adjusting relocations
  • BUGFIX: PE loader: a bad load config directory can cause an infinite loop
  • BUGFIX: qvector's insert/erase methods were moving vector elements incorrectly
  • BUGFIX: replacing a type the comes from a til file might lead to a crash (if there were no defined local types yet)
  • BUGFIX: script processor module could crash if 'codestart' and 'retcodes' fields were used under Linux/MAC
  • BUGFIX: the 'switch debugger' command was available only when a disassembly window had focus
  • BUGFIX: the disassembly text that was copied to clipboard could contain odd characters at the begining in some cases
  • BUGFIX: the help subsystem of the text version was using memory allocation functions incorrectly
  • BUGFIX: UI: indexes printed for array of structures were incorrect
  • BUGFIX: UI: it was not possible to set the type of a structure member ('Y' key) if the cursor was on an undefined area in the disassembly view.
  • BUGFIX: Windbg plugin now forbids starting a process in non-invasive mode. Only non-invasive attach is supported.

New in IDA 5.1 (Jan 16, 2008)

  • Improved iPhone support
  • Much improved ARM and PowerPC support
  • Much improved PowerPC module
  • Easy debugger scripts in IDC
  • Improved type support