IDA Pro Changelog

What's new in IDA Pro 8.3

Jun 18, 2023

IDA Teams and Lumina:
lumina: add a UI action to inspect a function's metadata history
lumina: allow specifying up to two Lumina servers (public or private, in any order)
lumina: metadata history can now be browsed on private Lumina servers
Teams: use licenses from vault server on IDA side (no more need for ida.key files on the client)
Procesor modules:
ARM: ARM64 system registers are now displayed using symbolic names
ARM: set offsets/xrefs for LDRD/STRD if the base register is known
Dalvik: support for const-method-handle and const-method-type bytecode instructions (DEX 039/Android 10)
MIPS: improved analysis of functions with large stack frames for MIPS16
MIPS: improved the regtracker
PPC: added Power ISA 3.0C Ultravisor-related instructions
PPC: support LSP (Lightweight Signal Processing) extension instructions, available in some MPC57xx cores
PPC: support Power ISA 3.1, including prefixed instructions
RISCV: register tracker can now be configured via settings in ida.cfg
File formats:
DEX: annotate hidden API section (DEX 039)
ELF: ppc: parse and use .gnu.attributes and .PPC.EMB.apuinfo sections to detect the used ISA extension
ESP: new loader for the Espressif images, supporting images from ESP8266 (Xtensa) to ESP32-C6 (RISC-V)
FLIRT / TILS / IDS:
TIL: added type library for Android ARM64
TIL: suppport __attribute__((flag_enum)) or __bitmask attribute on enums
Standard plugins:
DWARF: improve handling of unsigned 'char' types; now they're mapped to 'char' on IDA's side (instead of 'unsigned __int8')
DWARF: significantly speed up importing of type information
golang: added "detect and parse golang metadata" command
golang: annotate funcInfo's funcFlag field
golang: handle different functions with the same name in pclntab
golang: use full package prefix for functions dirtree
goomba: new plugin for optimizing mixed boolean expressions (MBA) in pseudocode
idaclang: added presets of predefined arguments for common platforms
idaclang: updated libclang to 16.0.0
OBJC: set prototypes for some widely used objc methods (e.g. objc_alloc_init)
OBJC: support iOS16 optimized objc_retain_xY/objc_release_xY stubs
OBJC: support objc_msgSend$... stubs
Kernel/Misc:
installer: Missing dependencies on Linux are now checked and reported at install time
kernel: properly support operand types for 3rd to 8th operands
licensing: the EULA has been updated and unified across all IDA editions and license types
network: added ability to use an HTTP CONNECT-style proxy
network: added support for HTTP CONNECT proxy basic authentication
Scripting & SDK:
IDAPython: added an example showing how to paint over an existing graph's edges
IDAPython: added support for Python 3.12
IDAPython: enable access to the global debug variable+
IDAPython: improve doc for str2ea (use text from the SDK header)
SDK/Python: added get_config_value for retrieving arbitrary JSON values in config files
SDK/Python: notepad APIs (get_ida_notepad_text/set_ida_notepad_text) now synchronize the database/UI state
SDK/UI: added ability to dynamically change values in combobox in forms
SDK: added functions validate_idb(), move_privrange()
SDK: added methods edit_named_type_details()/edit_numbered_type_details() to edit local type enum/udt details
SDK: added parse_decl_ex()
UI:
UI: "Color instruction" action now also colorizes undefined items in the selection (previously they were skipped)
UI: Added support for Unicode 15.0, now more string literals are detected and displayed correctly
UI: allow editing struct.enum comments in the type editor
UI: during autoanalysis, mark choosers with a filter and/or sorting as outdated instead of updating immediately
UI: improved performance for refreshing choosers when there is no sorting or filtering
UI: provide the ability to specify icons for actions through CSS themes
UI: show comments for strlits or mangled names on each member of a string array in the disassembly listing
UI: the graph options are now saved in the desktop
UI: teams: Allow picking a chunk to use from the context menu in addition to the toolbar button/hotkey
UI: teams: save desktop layout in the database using user's name so that each user's desktop is not overridden by others
Decompilers:
decompiler: added a new API function change_hexrays_config() to update the hexrays configuration, e.g. to set the analysis options or disable warnings after IDA start
decompiler: added the option to disable some optimizations
decompiler: arm: detect usage of X8 for reurning structures on ARM64 and add a hidden 'retptr' argument when callee prototypes is guessed by IDA
decompiler: enable IDAPython API for the cloud decompiler (IDA Home, IDA Educational)
decompiler: exported set_lvar_name() which can be used to rename local variables
decompiler: improve callee type guessing (detect arguments passed by reference)
decompiler: improve fastcall/thiscall callee detection
decompiler: improved guessing of call types (detect more fastcall/thiscall calls without stack arguments)
decompiler: improved propagation of zero values
Bugfixes:
BUGFIX: decompiler: assignment to a stack variable used by reference in a syscall could be erroneously removed
BUGFIX: decompiler: corrupted info in the database could lead to crashes during decompilation
BUGFIX: decompiler: decompiler could cause IDA to crash if an error happened during plugin initialization
BUGFIX: decompiler: fixed a crash that could occur when deleting a function in the presence of outlined functions
BUGFIX: decompiler: fixed numerous interrs
BUGFIX: decompiler: indirect jumps in outlined code were handled incorrectly
BUGFIX: decompiler: jumps to outlined functions were handled incorrectly
BUGFIX: decompiler: the "select union member" action (Alt-Y) could fail in some cases
BUGFIX: ELF: Android ARM64 JNI files would incorrectly use 32-bit type library
BUGFIX: formatting golang metadata could fail for some 64-bit binaries if they used addresses above 32-bit address space
BUGFIX: IDA on Linux would not start if libsecret-1 or libglib-2.0 were not present
BUGFIX: idapyswitch would accept buggy Anaconda 2022 distributions which would later cause IDA to crash
BUGFIX: IDAPython: ida_dbg.get_dbg_byte() was not usable
BUGFIX: IDAPython: non-modal Python forms (using class Form) could cause crashes on the ARM macOS build of IDA
BUGFIX: IDAPython: the bookmarks_t object was not usable from IDAPython
BUGFIX: kernel: fixed printing of opcode bytes for processors which use two-byte grouping (PR_WORD_INS flag)
BUGFIX: kernel: idat64 would try to load picture_search plugin, although it only works in GUI version
BUGFIX: Lumina: fixed interr 1512 which could occur on wrong directives in lumina.conf
BUGFIX: MACHO: IDA 8.2 would fail to recover tagged pointers in arm64e dyld caches
BUGFIX: MACHO: iOS16+ branch mappings/stubs regions were not loaded in "complete" and "dependencies" modes, leading to missing symbols
BUGFIX: MACHO: when loading a complete dyld cache for iOS16, authenticated pointers would retain tagged values
BUGFIX: MIPS: TX19A-only MIPS16 BAL does not have a delay slot
BUGFIX: PDB: IDA would fail to load PDBs with page size 8192 (e.g. from recent Chrome builds)
BUGFIX: PE: Load Config Directory comments for ProcessHeapFlags and ProcessAffinityMask fields were swapped in 32-bit files
BUGFIX: PE: some files using EH4 metadata (__CxxFrameHandler4) could produce bogus "DATABASE IS CORRUPTED" warnings on load
BUGFIX: Teams: IDA would crash silently on start if the license was expired but within the grace period
BUGFIX: teams: IDA would sometime fail to save the login credentials
BUGFIX: Teams: Vault server no longer refuses to work when there are not enough licenses
BUGFIX: ui/qt: get_viewer_graph wouldn't return the mutable_graph_t instance for proximity views
BUGFIX: UI: binary search with selection would fail if cursor was at the end of selection
BUGFIX: UI: fixed an accelerator clash in the Cross-references tab of the Options dialog box
BUGFIX: UI: graph printing did not work on Windows and macOS
BUGFIX: UI: license agreement dialog was mis-interpreting UTF-8 text for Latin-1
BUGFIX: UI: renaming a structure (or an enum) from the listing, could result in the left-hand list being outdated
BUGFIX: UI: some of the search actions were not respecting user selection

New in IDA Pro 8.2 (Feb 2, 2023)

IDA Teams and Lumina:
lumina: added support for recent MySQL versions which default to TLS connection
teams: the password for Vault is now saved securely in the OS-specific keychain
vault/lumina: allow any local MAC address to match the one specified in .lic file
Procesor modules:
XTENSA: added support for many additional instructions, registers, stack variables (thanks to Zak Escano)
XTENSA: added support for many standard switch patterns (thanks to Zak Escano)
XTENSA: detect used ABI (CALL0 or windowed)
RISC-V: added support for vector extension instructions
TRICORE: decode FTOHP and HPTOF instructions from TC1.6.2
File formats:
macho: added USE_SEG_PREFIXES option to macho.cfg, which instructs IDA to use the Mach-O segment name as a prefix for IDA segment names, e.g. "__TEXT:__text"
FLIRT / TILS / IDS:
FLIRT: added signatures for vc1434 (Visual Studio 16.11)
FLIRT: added MFC signatures for vc1434 (Visual Studio 16.11)
FLIRT: added signatures for icl 222 (Intel C++ 2021.2)
FLIRT: added signatures for icl 2221 (Intel C++ 2021.2.1)
TIL: added a type library for Aarch64 (ARM64) UEFI 2.5
idaclang: added "--idaclang-mangle-format" switch. it works similarly to the -G option for tilib when the user wants to set a custom name mangling format
Standard plugins:
PDB: on Windows, enabled fallback mode by default so that MSDIA is used to load legacy PDB files
picture_search: new plugin for finding and displaying raster images embedded in the binary
svdimport: added support for cluster, derivedFrom and dim/dimIncrement peripheral attributes
svdimport: use a folder-based tree for the plugin's UI
swift: parse and format Swift metadata
swift: import simple types (enums, structs) into Local Types
Kernel:
kernel: added a new flag REFINFO_SELFREF for offsets (base is equal to the address of the current element)
Scripting & SDK:
IDAPython: expose the C++ SDK's processor_t (as ida_idp._processor_t)
SDK: added capture_process_output() to capture output of an external program;
SDK: added support for lazy-loaded dirtree choosers. CH2_LAZY_LOADED flag can be used with dirtree-based choosers to load contents of a directory when it's expanded.
SDK: deprecated qerrcode() (errno can be accessed directly instead)
UI:
UI: added an easy way to take memory snapshot of current segment
UI: improved highlighting of matching registers on platforms which use various prefixes (e.g. @r1)
UI: in the disassembly, addresses in the line prefixes of structure or array members now increase with those members' offsets.
UI: it is now possible to attribute an image as background to the listings (IDA View, Pseudocode, ...) using CSS in themes
UI: jumping to an address in the middle of a struct or an array now positions cursor on the correct line of the disassembly listing
UI: the "Wait" dialog now only shows after a certain timeout (thereby reducing the number of interfering popping dialogs)
Decompilers:
decompiler: added an action to jump to a new pseudocode windows with 'alt+enter' shortcut
decompiler: enabled decompiling of 32-bit files in IDA64 if a corresponding 32-bit decompiler license is available
Bugfixes:
BUGFIX: arm: "set callee" (Alt-F11) failed to create cross-references for BLR instructions
BUGFIX: alpha: 'lda' instructions could cause wrong sized stack variables to be created
BUGFIX: DWARF: Debug information present in .dwz companion files (pointed to by .gnu_debugaltlink) would be skipped when the link is absolute
BUGFIX: FLAIR: The pelf utility could crash when used with incorrect 'pelf.rtb' files
BUGFIX: IDA could crash if an array typedef was replaced by a structure of the same size
BUGFIX: IDA could fail to detect dyld (and any loaded modules) after attaching to a process on macOS 13.
BUGFIX: IDA could fail to parse Objective-C method data during debugging.
BUGFIX: IDAPython: cfunc_t.arguments array could have function arguments in wrong order
BUGFIX: IDAPython: documentation for ida_kernwin.Choose callbacks was missing
BUGFIX: IDAPython: get_reg_vals() was not usable
BUGFIX: IDAPython: using values in the range [128,255) as 'tag' for ida_netnode functions, would fail
BUGFIX: ios_deploy "symbols" phase would fail on iOS 14-16.
BUGFIX: lumina: private lumina server could fail starting with certain MySQL setups, due to case sensitivity in INFORMATION_SCHEMA.COLUMNS fields
BUGFIX: PC: callee target was not printed for some call instructions
BUGFIX: svdimport: fixed problem with odd (+1) start addresses in segments
BUGFIX: ui/qt: IDA could crash when passed the wrong widget to ida_kernwin.get_highlight()
BUGFIX: ui: "size" expressions in 'Structure offset' context menu differed from 'T' hotkey
BUGFIX: ui: exporting data from hex view with non-default item width could produce wrong output
BUGFIX: UI: IDA on Windows would hang if the accessibilty option "Use text cursor indicator" was enabled
BUGFIX: ui: improvements for accessibility under Windows for "Text Cursor Indicator" on "Output" widget
BUGFIX: vault: 'hv purge' command was not usable
BUGFIX: xtensa: write acccesses for stack variables were not shown properly

New in IDA Pro 8.1 (Oct 7, 2022)

IDA Teams and Lumina:
Lumina: private Lumina server is now available
Lumina: got rid of LUMINA_HOST and LUMINA_PORT configuration parameters (those values are saved/retrieved in the registry instead)
Teams: switched to PBKDF2 hash for the password storage in the vault server
Procesor modules:
ARM: improved recognition of A32 switch patterns produced by Android NDK 19 toolchain
XTENSA: added decoding of the nop.n instruction
XTENSA: print a1 register as 'sp'
File formats:
ELF: ARM: added support for the R_AARCH64_IRELATIVE relocation
FLIRT / TILS / IDS:
FLIRT: added signatures for icl 221 (Intel C++ 2022.1)
FLIRT: added signatures for ucrt 22621
FLIRT: VC: added signatures for vc1431 (Visual Studio 16.11.10) 64bit
FLIRT: VC: added signatures for vc1432 (Visual Studio 16.11)
Standard plugins:
golang: added support for the regabi calling convention
Kernel:
noret.cfg: added more __noreturn function names
Scripting & SDK:
SDK: changing the application bitness (e.g. inf_set_64bit()) now also adjusts the basic type sizes
SDK: now the processor modules that support 64-bit mode must have PR_USE64 set; previously this was not enforced
UI:
UI: IDA now uses new icons specific to the edition (Pro/Home/Free/Teams)
Decompilers:
decompiler: x86: improved detection of __fascall functions with stack arguments
Bugfixes:
BUGFIX: ARM: fixed decoding of T32 UMAAL instruction (wrong operands)
BUGFIX: debugger: pressing F8 on jXcx might resume the application and let it run freely
BUGFIX: decompiler: during debugging, hovering over stack variables could show wrong data
BUGFIX: decompiler: tail calls in outlined functions could lead to truncated pseudocode
BUGFIX: idapyswitch could fail to create the libpython symlink on arm64 macOS.
BUGFIX: interr 1784 could be produced when loading databases which were rebased multiple times
BUGFIX: PC: improved the analysis speed in presence of thunk functions
BUGFIX: SDK: get_db_byte() would return bytes from process memory instead of IDB
BUGFIX: some debugger plugins would fail with an error message about the 'dbg' variable
BUGFIX: teams: merging was not implemented for manual memory regions
BUGFIX: tilib could not open files with double extension (file.ext.til)
BUGFIX: UI: IDA could crash when using the "New instance" action on macOS
BUGFIX: UI: IDA could incorrectly highlight non-ascii characters during filtering in list views
BUGFIX: UI: it was impossible to set COMMENTS_INDENTION or INDENTION to more than 132 in the config file (the UI allows up to 255)
BUGFIX: UI: some menu actions could be erroneously disabled during auto-analysis
BUGFIX: UI: current item focus in the Functions window kept jumping during autoanalysis
BUGFIX: vault: multiple IDA instances run by the same user on the same host would consume multiple licenses

New in IDA Pro 8.0 (Oct 7, 2022)

Procesor modules:
68K: support switches which use cmpa for the range check
ARM: improve handling of manual setting of ARM/Thumb mode via the T pseudo-register
AVR: added config for ATmega640
PC: improve function recognition
Debuggers:
PIN: support PIN 3.22-98547
File formats:
COFF: support ARM64 and ARMv7 object files compiled with /bigobj option
DWARF: upgrade libdwarf to version 20220625 (aka 0.4.1)
MACHO: improve symbolication of branch mappings in iOS16+ dyldcaches
MACHO: support for iOS16 dyld caches
MACHO: when loading a dyld shared cache, make "single module" option the default choice
FLIRT / TILS / IDS:
FLIRT: GO: increased coverage of golang signatures
FLIRT: MFC: added signatures for vc1431 (Visual Studio 16.11.10)
FLIRT: VC: added signatures for vc1431 32bit(Visual Studio 16.11.10)
idaclang: added "--idaclang-parse-static" option to the cmdline tool
idaclang: introduced the "--idaclang-extra-c-mangling" option for building type libs for mixed-language inputs (e.g. C++, C, and Objective-C)
idaclang: try to pre-set a default target configuration that corresponds to the currently loaded file
Standard plugins
DSCU: support loading (and symbolicating) global offset tables from iOS16
dyldcaches
golang: support for go1.18 (function names, types)
OBJC: improved decompilation of functions that use objc_alloc_init() to initialize Objective-C objects
OBJC: improved decompilation of Objective-C binaries by creating artificial imports for to methods not present in the idb
patfind: new plugin to discover code patterns in otherwise unmarked binaries
Scripting & SDK
IDAPython: removed Python 2 support
SDK: added a new method qstring::rtrim() to trim whitespaces
SDK: added get_stdact_descs() for choosers for customizing the standard actions (Insert, Delete, Edit, Refresh)
SDK: added wildcard_path_match(), that can match entire paths against a pattern following the same rules as a shell (e.g. ** and ranges like [a-z])
SDK: improved comment for has_external_refs()
SDK: support usage of qstring in hashed STL containers
UI:
UI: the command-line arguments in the Debugger>Process options... dialog are no longer limited to 1024 characters
Decompilers:
added option HO_PROP_VOLATILE_LDX to propagate load instructions without checking for volatile memory access
added support for outlined functions
arm: recognize thunk functions with suffixes _from_thumb, _from_arm, _veneer
improve handling of scattered return values (=using mutiple registers/stack locations)
new decompiler: HEXARC (for the ARC processor family)
pc: control register maniplation intrinsics (e.g __writecr0) work with 32-bit values in 32-bit mode
support WCHAR, wchar16_t, wchar32_t as character element types
Bugfixes:
BUFGIX: IDC: definitions of SN_CHECK/SN_NOCHECK (flags for set_name()) were wrong
BUGFIX: ARM: fixed an endless loop which could occur when analyzing code switching between ARM/Thumb modes
BUGFIX: ARM: IDA could display a "bad instruction decoding" warning when trying to decode an undefined instruction
BUGFIX: ARM: some undefined A64 instructions were wrongly decoded as FCMEQ
BUGFIX: ARM: arm64 function arguments with wrong attributes could crash ida
BUGFIX: automatically created string literal names would have repeating symbols in place of embedded zeroes in the string
BUGFIX: dbg: IDA could produce an internal error when undo was used during debugging
BUGFIX: decompiler: do not crash if nullptr is passed to various save_.. functions
BUGFIX: decompiler: do not optimize away successive volatile memory reads
BUGFIX: decompiler: fix sometimes wrong decompilation when loading values from memory in big-endian mode
BUGFIX: decompiler: fixed multiple interrs
BUGFIX: decompiler: modifies_d() was incorrectly returning true for instructions without the 'd' operand
BUGFIX: DWARF: during source-level debugging, location of some items wouldn't be properly resolved
BUGFIX: DWARF: The plugin could INTERR because of how duplicate types were handled
BUGFIX: golang: IDA could hang when parisng metadata in some Go binaries
BUGFIX: IDA could crash when loading PE files if IDS debugging was enabled (-z40 switch)
BUGFIX: IDA could fail to load bytes from modules in iOS 15 dyldcaches for older iphones (iphone X and earlier)
BUGFIX: IDA could fail to load symbols for some modules in iOS 15 dyldcaches
BUGFIX: idaclang could create invalid types after parsing a "using" declaration that has the same name as an existing type
BUGFIX: idaclang could fail to parse c++ type declarations that use the "auto" keyword
BUGFIX: idaclang would fail to parse function prototypes that have an unspecified number of arguments
BUGFIX: IDAPython: fixed multiple crashes and infinite loops when wrong arguments are passed to IDA APIs
BUGFIX: IDAPython: IDA could crash if 'has_insn_feature' was called with improper data
BUGFIX: IDAPython: internal errors in IDA API wrappers which are called bypassing IDA UI (e.g. from alternative IDAPython shells) are now caught and reported properly
BUGFIX: IDAPython: when trying to create a too big segment, produce a warning instead of fatal error
BUGFIX: IDC: calling get_tev_reg() with wrong data could produce "No error" message instead of showing the correct error
BUGFIX: installer: PIN debugger plugin was not shipped with Mac builds of IDA by mistake
BUGFIX: kernel: compact_numbered_types() was mishandling aliased types
BUGFIX: kernel: fixed an endless loop which could occur during application of startup signatures
BUGFIX: kernel: fixed interr 641 that could occur when parsing a bad function prototype
BUGFIX: kernel: get_strlit_contents() could loop very long time even when maxcps was set to a reasonable value
BUGFIX: kernel: IDA could produce "database corrupted" when undoing some operations
BUGFIX: MACHO: some ARM64e binaries could have wrong pointer values, leading to wrong parsing of Objective-C metadata
BUGFIX: MIPS: bltzal and bgezal were not handled as call instructions
BUGFIX: OBJC: "Run until message received" action could fail on macOS 12
BUGFIX: PC: some 64-bit functions would lose offsets when Lumina metadata was applied
BUGFIX: PC: ud1 instruction was decoded incorrectly (the mod r/m byte was not parsed)
BUGFIX: PDB: fixed interr 984 which could occur when loading PDBs with types from recent Windows builds
BUGFIX: PDB: the PDB file download could be cancelled unexpectedly when using symsrv.dll from WinDbg Preview
BUGFIX: PPC: functions using 'ba' for tail calls to noret functions were not marked as noret
BUGFIX: SDK: get_name_ea() would return non-BADADDR results for structure or enum names
BUGFIX: svdimport: plugin could crash when processing certain SVD files
BUGFIX: tilib: fixed interr 157 that could occur when listing til contents in the presence of type aliases
BUGFIX: UI: database snapshots were added to the recent files list and could fill it completely
BUGFIX: UI: IDA could produce internal errror 40225 after some user manipulations with the function graphs
BUGFIX: UI: IDA would not display shortcuts for actions in context menus on macOS
BUGFIX: UI: strings containing rn could be printed as empty in the Output window and the log file
BUGFIX: UI: TOOL_CLOSED_BY_ESC in idagui.cfg did not work
BUGFIX: windbg: IDA could crash if a breakpoint it added became invalid (e.g. by user's actions bypassing IDA's UI)

New in IDA Pro 7.0.170920 (Oct 10, 2017)

Processor Modules:
ARM: added one more pattern of thumb->arm transition
ARM: arm64: use simplified aliases for UBFM/SBFM instructions when applicable
ARM: handle vfp instructions: VMOV immediate, VCVTB, VCVTT, VCVT with a fixed point operand
ARM: reduced complexity of the SP-analysis from quadratic to linear;
ARM: added a fix for Thumb switches with full addresses
ARM: added support of the new clang's switch pattern for arm64
ARM: extended LDRB switch pattern
ARM64: take into account instruction STP can load callee arguments into stack - add corresponding comments to such instructions
MIPS: recover more cross-references from stripped statically-linked PIC ELF files
MSP430: added simplification "movx @SP+, dst" -> "popx dst"
PC: added decoding of Control-flow Enforcement extension
PC: added decoding of newer AVX-512 extensions (4FMAPS, 4VNNIW, and VPOPCNTDQ)
PC: added new switch pattern
PC: decode PTWRITE instruction
PC: decode VMFUNC instruction
PC: detect more switch patterns from clang
PC: improved epilog detection
PC: improved prolog detection
PC: improved stack frame analysis in x64 files
PC: support another variation of x64 table-based switch with switch variable stored on the stack
PPC: added missed extended mnemonics 'rotld'
PPC: added new config flag PPC_ABI_EMBEDDED/ISA_EABI;
PPC: added support of PowerPC64 ELF V2 ABI
PPC: improved switch patterns;
PPC: r13-based operands are printed using simplified @sda suffix
SuperH: improved detection of functions when addresses are calculated with movi20s + add/sub
SuperH: added register definitions for SH7256
TMS320C3: improved stack tracing
tricore: added TRICORE_DEVICE and TRICODE_IORESP config parameters so that they can be set from scripts
File Formats:
DWARF: Store file/line number information in IDB (only if requested, since it comes with a performance penalty)
ELF: added processing of many previously unsupported PPC64 relocations
ELF: annotate headers (ELF, PHT, SHT) and convert more known data to structs (symtab, strtab, relocations, dynamic information)
ELF: annotate preinit/init/fini function arrays
ELF: convert all strtab entries to ascii strings (even the ones that are not referenced)
ELF: describe DT_HASH and DT_GNU_HASH
ELF: describe symbols using symtab from DYNAMIC section
ELF: detect overlapping sections in SHT and prevent them from processing data (but still load them in the database)
ELF: don't obliterate data when patching PLT
ELF: don't skip processing relocations if symbol index is 0 (happens with IRELATIVE relocs)
ELF: IDA now uses the PHT by default instead of the SHT to load segments from ELF files
ELF: improved support for TLS variables in relocatable files
ELF: load symbols using symtab from DYNAMIC section when .dynamic section yields no symbols
ELF: PLT relocations for pc are now processed at relocation-application-time, instead of relying on the presence of a .plt section
ELF: ppc: added new ida.cfg variable PPC_FIX_GNU_VLEADRELOC_BUG to work around binutils bug 20744
ELF: process .ctors/.dtors sections for all architectures
ELF: recognize PLT stub functions from R_386_GLOB_DAT relocations
MACHO: support dyld_shared_cache files from OSX 10.13 and iOS 11
MACHO: support dyld cache slide info v2. This should improve analysis for dyld_shared_cache files from iOS 10 and OSX 10.12
MACHO: improved analysis of single modules within dyld_shared_cache files that have slide info
MACHO: added an option to load for single module plus its dependencies for dyld cache
MACHO: fixed incorrect resolution of Mach-O import table entries in files using both LC_DYLD_INFO_ONLY and LC_SYMTAB
MACHO: improved speed of objc metadata parsing
MACHO: support for apple-protected binaries from OSX versions < 10.6
MACHO: support x64 macOS kernelcaches with ketxs relocated at runtime
MACHO: added processing of the ARM64_RELOC_ADDEND relocation;
MACHO: allow the user to override the ASLR slide for dyld_shared_cache files
OBJC: added Objective-C Analysis Plugin; the plugin tries to create an xref between calls to objc_msgSend and the function that will ultimately be called by msgSend
OBJC: perform Objective-C specific analysis on the decompiler output
OBJC: implemented a "step into" action for Objective-C (Debugger>Run until message received)
OBJC: allow user to jump to a method definition given a selector string (Jump>Jump by selector)
OBJC/MACHO: IDA can now extract Objective-C type info via 'Load debug info' in the Modules view during debugging
OBJC: now objc metadata can be parsed on demand, not just at load time
OBJC: implement demangling of objective-C methods in Swift classes
TDS: added support for executable with debug info appended to the end of the file
PDB: added an explicit check for odd paths (e.g. UNC) of pdb files; if such a path is detected, we display one more warning to the user
Debugger:
debugger: iOS: support debugging on iOS 11
debugger: iOS: support source-level debugging in Remote iOS Debugger
debugger: iOS: support Appcalls in Remote iOS Debugger
debugger: iOS: added support for ARM(64) FPU/NEON registers
debugger: iOS: identify regions of process memory in greater detail
debugger: iOS: always allow the user to specify a pid when attaching to a process
debugger: OSX: support debugging on OSX 10.13
debugger: OSX: improved support for debugging system libs from /usr/lib and /System/Library/Frameworks (any libs included in the dyld_shared_cache)
debugger: OSX: identify regions of process memory in greater detail
debugger: remote mac debuggers are signed and don't have to be run as root
debugger: BOCHS: added support for Bochs 2.6.9
debugger: LINUX: added environment variable IDA_SKIP_SYMS to ignore the exported names from the main module
debugger: LINUX: try to load separate debug info file for libpthread.so, if environment variable DEBUG_FILE_DIRECTORY is set
debugger: GDB: added software breakpoint for powerpc
debugger: GDB: added support for banked ARM register layouts
debugger: GDB: added support for no-acknowledgment mode (QStartNoAckMode) for reliable connections (set by default; unset by changing the stub options)
debugger: GDB: added support for uploading files to the server
debugger: GDB: enable "run a program before starting debugging" option and "Choose a configuration" for all processors including x86/x64
debugger: GDB: fetch processes list from gdbserver if supported
debugger: GDB: fetch target description from gdb stub as early as possible (mimic GDB behavior)
debugger: GDB: show the full path to be run if the user enabled "Run external program before debugging" before actually executing it
debugger: PIN: added support for appcall
debugger: debug servers can now be launched with '-kk' to specify that in case the connection between IDA & them is broken, the process should be terminated immediately
ios_deploy: added "codesign" and "appify" phases
ios_deploy: added "usbproxy" phase
ios_deploy: added "launch" phase
ios_deploy: added "kill" and "proclist" phases
ios_deploy: added "install_ex" phase
Kernel/Misc:
kernel: switched to PCRE2 for the regular expression engine. Now Perl extensions (s, d, w and so on) can be used in regular expressions
kernel: improved handling of 'noret' function attribute (fix endless looping in some cases);
kernel: documented ABANDON_DATABASE in ida.cfg
kernel: added separate "mingw" abi name; it can be specified for the visual studio compiler
kernel: renamed environment variable NONAMES to be IDA_NONAMES
FLIRT: Added detection of 32-bit mingw/mingw-w64 startup functions
FLIRT: Added detection of 64-bit mingw-w64 startup functions
FLIRT: Added detection of Android Bionic libc startup for ARM
FLIRT: Added MFC signatures for vc1410 (Visual Studio 2017)
FLIRT: Added MFC signatures for vc143 (Visual Studio 2015 Update 3)
FLIRT: Added signatures for Android NDK/ARM (up to version 13b)
FLIRT: BC: added signatures for xe102 (RAD Studio 10.2 Tokyo)
FLIRT: DM: added signatures for Digital Mars 2.073.0
FLIRT: ICL: Added signatures for icl164 (Intel C++ 16.4)
FLIRT: ICL: Added signatures for icl170 (Intel C++ 17.0)
FLIRT: ICL: Added signatures for icl171 (Intel C++ 17.1)
FLIRT: ICL: Added signatures for icl174 (Intel C++ 17.4)
FLIRT: VC: Added signatures for vc1410 (Visual Studio 2017)
FLIRT: VC/VC64: added signatures for ucrt 15063 (Windows 10 Creators Update SDK)
FLIRT: pcf/pelf/plb/...: added option to modify pattern using regex (-E)
FLIRT: pcf/pelf/plb/...: added option to skip bytes before first label at pattern beginning
FLIRT: remove __ehhandler and __unwindfunclet pseudo-functions from signatures
FLIRT: the parser tools now remove by default any bytes before the first label (unset with -L)
FLIRT: mingw, mingw-w64: added detection of 32- and 64-bit mingw-w64 startup functions from the sourceforge builds (7.1.0rev2 and 7.2.0rev0)
FLIRT: sigmake: document -v (verbose) switch
FLIRT: upgraded ulink signatures
IDS: Added IDS files for MFC120 and MFC140
PCF: added option to specify startup segment name
PCF: the -s option (skip unknown relocations) has been renamed to -k
SIG: added signatures for VS ucrt 14393 (Windows 10 Anniversary Update SDK)
TIL: Updated UEFI TILs to version 2.5
TIL: Updated NTAPI type library
TIL: Added type library for Android NDK
RTTI: new plugin for parsing RTTI (run-time type information) produced by MSVC, GCC and LLVM in PE, COFF and ELF files
RTTI: added detection for MSVC's ThrowInfo and related sub structures
RTTI: added type information to comment for catchable types
EH_PARSE: new plugin to parse EH (exception handling) information present in ELF, COFF, Mach-O, and PE files. NOTE: enable display in Options-General-Try block lines
User Interface:
UI/qt: ability to delete breakpoints by group
UI/qt: ability to toggle between mangled & demangled versions of "Imports" & "Exports"
UI/qt: added fuzzy-searching in choosers
UI/qt: implemented ability to write custom actions for individual registers in the "General registers" (and similar) view (E.g., during a debugging session)
UI/qt: on Windows, text in message boxes (and warnings, errors, ...) can now be selected with the mouse, and copied to clipboard (it was already the case on OSX & Linux)
UI/qt: when copying tabular data (e.g. from choosers) to the clipboard, IDA now generates tab-separated values instead of aligning the text with spaces
UI/qt: when running on Linux/X11, selecting parts of the disassembly with the mouse (or Shift+navigation), will update the X11 'selection' clipboard (limited to what's visible on the screen.)
UI/qt: the Python/IDC command line auto-completion now responds to "Shift+Tab" appropriately, and goes back in history
UI/debugging: improve the formatting of the Call Stack window
UI/txt: decompiler can now be used interactively in the text version of IDA
UI: create/add/delete segment messages could be mixed up in the log
UI: do not ask permission to overwrite empty files, no info will be lost anyway
UI: pressing F9 with no debugger selected now starts the process automatically after user selects a debugger
UI: added a new action "copy field info to pointers"; it copies name and type info from a struct definition to the pointed locations for the current struct variable;
UI: all navigation actions are now proper actions, allowing their shortcuts to be overriden (and to be triggered programmatically.)
UI: many cursor movement actions can now be assigned another user-defined shortcuts
UI: mention that selector values are in paragraphs
UI: proximity view: added option to not show the collapsed nodes
UI: script snippets are now automatically saved to the database (and thus persisted to disk when the user presses Ctrl+W)
UI: script snippets: Pressing or while there is a selection, will cause that selection to be "block indented" (or unindented)
UI: on Windows, use Consolas font by default, as the venerable FixedSys is lacking glyphs for many Unicode characters
Scripts & SDK:
IDAPython: ability to programmatically query or set the graph position + zoom level
IDAPython: ability to store attributes on tinfo_t objects
IDAPython: added example showing how to synchronize two graph views (i.e., IDA View-B follows IDA View-A, at another zoom level)
IDAPython: added IDAPython module ida_dex to access loaded DEX file information
IDAPython: hexrays: cexpr_t & cinsn_t are now writeable, allowing many modifications of the C tree
IDAPython: opened many low-level graphviewer-related functions (those were previously unavailable)
IDAPython: support for microcode_filter_t (see vds8.py example)
IDAPython: added View_Hooks for hooking IDAView events
IDAPython: fix idaapi.py dependencies
IDAPython: exposed get_predef_insn_cmt()
IDC: fix documentation for the StepUntilRet() function
IDC: support 64bit file/linput size/offset
SDK: numerous changes. see this page for details.
BUGFIXES:
BUGFIX: "Dump to IDC" command could create incorrect idc files (the entry point of some functions would not be marked as code)
BUGFIX: "step into" debugger action would fail for ARM64 BR/BLR instructions
BUGFIX: 32-bit iOS targets would erroneously segfault on iOS 10
BUGFIX: AD218X: Direct Instruction Type 27 was being incorrectly decoded
BUGFIX: AD218X: some branch instructions would refer to data instead of code memory
BUGFIX: AskUsingForm could crash if a space was present in the form's description, before the field type
BUGFIX: COFF (mips): the relocations REL_MIPS_REFHI, REL_MIPS_PAIR, REL_MIPS_REFLO was processed incorrectly when the relocation value (addend) is non zero;
BUGFIX: COFF: fixed recognition of files produced by TI's Code Composer Studio 6
BUGFIX: DWARF could erroneously deduce calling conventions as __fastcall even if some registers that take part in a __fastcall were skipped
BUGFIX: DWARF could fail to set the function prototype in some Mach-O files, in case Obj-C parser already typed it
BUGFIX: DWARF: Better handling of types whose DW_AT_byte_size is a (improper) unsigned 32-bit 0xffffffff value
BUGFIX: DWARF: Could fail with INTERR 782 with some variable-sized structures constructs
BUGFIX: DWARF: Do not apply TINFO_DEFINITE to __usercall prototypes
BUGFIX: DWARF: Do not mark function prototypes as TINFO_DEFINITE if producer is clang IDA register mappings for ARM64
BUGFIX: For processor modules that aren't capable of reporting the minEA/maxEA, IDA wouldn't show scrollbars to scroll through the disassembly
BUGFIX: GDB: the 64-bit ELF files created by IDA for snippet debugging were using incorrect layout of program header entries
BUGFIX: GDB: the ELF files created by IDA for snippet debugging were missing information about BSS segments
BUGFIX: GDB: the GDB plugin would not activate for big-endian ARM binaries
BUGFIX: IDA could crash at startup on OSX 10.8
BUGFIX: IDA could crash when editing code in the "Scripts snippets" dialog
BUGFIX: IDA could crash when parsing corrupted codeview data
BUGFIX: IDA could crash when saving types with attributes
BUGFIX: IDA could crash while in proximity view, when performing path-related operations
BUGFIX: IDA could die with a fatal error during sp analysis
BUGFIX: IDA could fail to display first lines of disassembly for IDBs created in pre-4.0 IDA versions
BUGFIX: IDA could fail to distinguish between ARM VCVT/VCVTR instructions
BUGFIX: IDA could fail to load some elf core files
BUGFIX: IDA could fail to set a breakpoint at an address inside dyld_shared_cache
BUGFIX: IDA could fail to step over ARM TBZ/TBNZ instructions
BUGFIX: IDA could fail with interr 1263 if 2 different definitions of the same enum group were encountered
BUGFIX: IDA could hang momentarily at startup when many iOS devices were connected, even if the iOS Debugger was not being used
BUGFIX: IDA could hang trying to load a corrupted elf file
BUGFIX: IDA could hang trying to load a corrupted pe file
BUGFIX: IDA could hang while loading corrupted macho files
BUGFIX: IDA could interr 20016 on corrupted dyld_shared_cache files
BUGFIX: IDA could interr when loading pdb info for mozilla's xul.dll
BUGFIX: IDA could sometimes crash at startup (or after a debugging session) when the IDA View-A is a graph
BUGFIX: IDA would display a not-so-useful error message when trying to attach to a process on iOS 10 if fetching process list failed; now user can enter a PID to attachh
BUGFIX: IDA would fail to launch on OSX case-sensitive volumes because it couldn't find the cocoa plugin
BUGFIX: IDA would fail to step over ARM BR/BLR instructions
BUGFIX: IDA32 could try to load PE+ files and fail; now we explicitly advise to use ida64 for these files
BUGFIX: IDA64 could accept invalid files correctly rejected by ida32
BUGFIX: IDAPython: "atoa" was returning erroneous results for programs with a real segmentation
BUGFIX: IDAPython: 'delay_slot_insn' was not usable
BUGFIX: IDAPython: 6.95 introduced a regression in idc.GetMarkedPos()
BUGFIX: IDAPython: FindImmediate() was broken and could not be called
BUGFIX: IDAPython: IDA could crash at exit-time when no IDB was opened, and a timer fires right during the closing sequence
BUGFIX: IDAPython: IDA could crash if a simplecustviewer_t subclass closed itself by reacting to the "Escape" key
BUGFIX: IDAPython: back/front in qvector's were not usable
BUGFIX: IDAPython: don't rely on internal qcp.sh tool for building on OSX
BUGFIX: IDAPython: hexrays callbacks could not handle the 'hxe_create_hint' notification
BUGFIX: IDAPython: ida_idaapi.require() would set a binding to the imported module as attribute on the importing module's globals(), only if no the imported module was not already present (and possibly require()d by another module.)
BUGFIX: IDAPython: ida_ua.get_dtyp_by_size() would return a python 'str', incompatible with the 'dt_*' enumeration
BUGFIX: IDAPython: ida_ua.get_operand_immvals() wasn't functional
BUGFIX: IDAPython: idc.ExtLinA() & idc.ExtLinB() were broken
BUGFIX: IDAPython: idc.GetMarkedPos() & idc.GetMarkComment() couldn't be called with '-1' to prompt for the position
BUGFIX: IDAPython: idc.GetStringType() could return something other than None for locations that have offsets (but no strings.)
BUGFIX: IDAPython: netnode.get_name() was broken
BUGFIX: IDAPython: remove_tinfo_pointer() was unusable
BUGFIX: IDAPython: simplecustviewer_t::AddLine wouldn't apply the fg/bg colors unless they were provided as long
BUGFIX: IDAPython: simplecustviewer_t::RefreshCurrent() was not refreshing the view
BUGFIX: IDAPython: some ARM-specific operand type definitions were incorrect
BUGFIX: IDAPython: some SDK functions could cause IDA to crash if NULL pointers were passed (through 'None'.)
BUGFIX: IDAPython: the makefile was unconditionally trying to build the hexrays module, even when no '--with-hexrays' was specified to build.py
BUGFIX: IDAPython: use_regarg_type3 was impossible to use
BUGFIX: IDAPython: using ida_graph.GraphViewer with 'close_open=True' would cause an error because '_ida_kernwin' wasn't imported
BUGFIX: IDAPython: was not exposing ida_bytes.update_hidden_area() anymore (on which idc.SetHiddenArea relies)
BUGFIX: It was impossible to change the font for the 'Execute script' window
BUGFIX: Launching remote debug sessions could fail at the second attempt (and later ones) in some cases
BUGFIX: MACHO: IDA could crash on bad data in dyld export info
BUGFIX: MACHO: IDA could hang on corrupted bind info
BUGFIX: MACHO: analysis of dyld_shared_cache files could fail due to miscalculated dyld slide values
BUGFIX: MACHO: classic relocations could be applied incorrectly for x86_64 MH_BUNDLE files
BUGFIX: MACHO: corrupted macho-o files could hang ida
BUGFIX: MACHO: dyld pcrel32 relocations were applied incorrectly in some cases
BUGFIX: MACHO: fixed incorrect handling of ARM64_RELOC_PAGEOFF12 and ARM64_RELOC_PAGE21
BUGFIX: MACHO: fixed processing of the ARM64_RELOC_SUBTRACTOR relocation;
BUGFIX: MACHO: ida could loop endlessly when loading corrupted files
BUGFIX: MACHO: objc class structure could be reconstructed incorrectly
BUGFIX: MACHO: stubs for weak imports could be incorrectly converted to infinite loops
BUGFIX: MSP430: fixed display of 20-bit values from instructions with extension word
BUGFIX: NTAPI: the wrong calling convention was used for InterlockedIncrement() from ntdll.dll
BUGFIX: OBJC: objc parser did not handle anonymous structures properly
BUGFIX: OMF: corrupted omf file could lead to interr 20066
BUGFIX: On Windows, "File > Produce file > Create XXX file" would fail to add the extension to a file name that is entered without it
BUGFIX: Opening a stack frame and programmatically changing the function stack's extents, would not update the scroller of the view nor allow jumping to the new beginning/endings of the stack frame
BUGFIX: Opening decompilation for small functions whose body fits in the view, could cause the first few lines to not be shown until manually scrolled to
BUGFIX: PC: fixed "mov sreg, r/m16" to always uses 16-bit memory references
BUGFIX: PC: some XOP instructions could be incorrectly decoded in 32-bit mode
BUGFIX: PC: some invalid VEX/EVEX/XOP instructions would be decoded as if they were valid
BUGFIX: PC: the crc32 instruction could be incorrectly decoded in 64-bit mode
BUGFIX: PC: the rdmsr and wrmsr instructions were decoded by "Intel Pentium real with MMX" (they're only available in protected mode)
BUGFIX: PCF: the "skip unknown relocations" option was being ignored
BUGFIX: PDB: could cause IDA to crash on some files
BUGFIX: PDB: in some situations IDA did not release PDB symbols after debugging sessions
BUGFIX: PDB: the pdb plugin could cause _guard_dispatch_icall_nop to be incorrectly marked as noreturn, leading to broken code flow in some x64 PE files with PDB information
BUGFIX: PDB: the remote win32 server could crash when closing connections while opening pdb files
BUGFIX: PE: IDA would ask about loading segments twice in manual loading mode
BUGFIX: PE: fixed endless loop when analyzing SEH handlers
BUGFIX: PPC: a conversion of the pair of immediates value to the dword which is displayed as a comment did not work after the initial phase of the analysis;
BUGFIX: PPC: incorrect call of add_dref occurred when emulating an indexed access to an array;
BUGFIX: PPC: restored displaying a comment for xrefs from the current instruction as it was done in IDA 6.9
BUGFIX: PPC: segments registers incorrectly converted from v.6.8 (from v.6.9 everything is OK);
BUGFIX: PPC: some instructions were incorrectly disassembled (r0 should be treated as zero instead of a register)
BUGFIX: PPC: the referencing address (from) in the call of add_dref should be a head
BUGFIX: Pressing Shift+Up/Down while at a listing boundary, wouldn't move the cursor's X position to the beginning or end of the line (for start & end of listings, respectively, allowing selection of text to comfortably reach the beginning or end of the view.)
BUGFIX: Pressing left or right while in Pseudocode view and auto-analysis was not finished, could eat the key and not move the cursor
BUGFIX: Proximity: collapsing children of nodes that are part of a 'path' could cause IDA to INTERR
BUGFIX: SDK: arm.hpp was attempting to include non-existent files
BUGFIX: TMS32028: fixed the plain binary file loading, the bytes in the word were swapped
BUGFIX: TMS320C28: added tracking of DP register value in 'mov DP,#10bit' instruction
BUGFIX: TMS320C28: do not create a redundant variable at the start of DP page
BUGFIX: TMS320C28: removed the obsolete hints when reanalazing a program
BUGFIX: TMS320C28x: added decoding for 'CLRC/SETC CNF' instructions
BUGFIX: TMS320C28x: instruction 'MPY ACC,loc16,#16bit' was wrongly decoded
BUGFIX: TMS320C3: graph view could be wrong
BUGFIX: TMS320C3: instructions LDI||LDI and LDF||LDF were incorrectly decoded
BUGFIX: Toggling fullscreen (F11) in a disassembly view and back, could result in IDA not realizing that the number of displayed lines became smaller and make the cursor invisible
BUGFIX: Using enums (or names) in IDC snippets could lead to a compilation error, while it would work if the same code was run from an .idc file
BUGFIX: Using the "Shortcuts" editor to save a shortcut such as '', will cause IDA to complain at next startup
BUGFIX: WINDBG: double-clicking on an empty line in output window during a windbg session would crash IDA
BUGFIX: When evaluating low-level conditions, the debugger module could fail reporting some events
BUGFIX: When no enumerations were present in the "Enums" view, pressing 'PageDown' would result in the comment being duplicated
BUGFIX: WinDbg: when run under text IDA (idaw.exe), console processes could share the same stdout as idaw.exe itself, causing a possible deadlock any time a debug event happens
BUGFIX: accessing Aarch64 decompiler plugin (hexarm64) in a script passed with '-S' would crash IDA, because that plugin wasn't pre-loaded
BUGFIX: ad218x: the "Modify Flag Out" (ena/dis) instruction was disassembled incorrectly
BUGFIX: analysis of dyld_shared_cache files could fail due to miscalculated dyld slide values
BUGFIX: analyze_area() would hang if analysis was enabled
BUGFIX: arm64: request calc_arglocs3 could return wrong size of stack arguments
BUGFIX: arm64: request calc_arglocs3 did not reject functions with wrong argument types
BUGFIX: arm: IDA could generate incorrect instruction VMOV Rt, Rt2, S31, CF
BUGFIX: arm: analysis could loop endlessly on a trivial "b self" loop
BUGFIX: backward binary search would hang on debugger segments
BUGFIX: base2file() could hang when given erroneous input
BUGFIX: calling ida_dbg.enable_[func|insn]_trace() with no debugger loaded, could crash IDA
BUGFIX: choose_enum_by_value() should display symbols that correspond to the sign extended value in addition to the specified value
BUGFIX: corrupted mach-o files could hang ida
BUGFIX: dalvik: xref from the call instruction was wrongly marked as jump xref
BUGFIX: dbg: dalvik: get method accessibility flags from DEX-method description, not from Java properties
BUGFIX: dbg: fixed the value of ptrace request for ARM architecture
BUGFIX: debugger: win32: IDA would fail to properly restore page breakpoints when restarting a process
BUGFIX: debugger: win32: read/write breakpoints of length 8 were not supported on x64
BUGFIX: dwarf plugin could fail to retrieve the register number from a location entry (off by 1 error)
BUGFIX: elf files with wrong arm attribute section could not be loaded
BUGFIX: elf, ppc: fixed processing relocation R_PPC_JMP_SLOT from the dynamic table;
BUGFIX: elf: in some cases reloc R_ARM_THM_PC8 could be computed incorrectly
BUGFIX: fix processoing of the R_AARCH64_ADR_GOT_PAGE/R_AARCH64_LD64_GOT_LO12_NC relocations
BUGFIX: fixed a crash in some rare cases
BUGFIX: fixed a potential vulnerability in davlik_debmod
BUGFIX: fixed display of required DIA SDK for x64
BUGFIX: fixed vulnerability in davlik_debmod
BUGFIX: floating licesense build of IDA could crash on systems using the latest glibc compiled with SSE optimizations enabled
BUGFIX: gdb: ARM: IDA could fail to stop while single-stepping in Thumb mode
BUGFIX: gdb: ARM: software breakpoints in Thumb mode could fail with SIGBUS signal
BUGFIX: gdb: IDA could fail to start debugging a 64-bit process with error "unknown register 'rax'" if "Intel x64" wasn't explicitly set in the gdb options
BUGFIX: gdb: IDA would not remember some options set in the gdb configuration dialog
BUGFIX: gdb: IDA would use stepping by default for non-x86 if the options dialog wasn't used
BUGFIX: gdb: start gdb connection by sending an ack for any possible packet sent by the remote side (mimic GDB)
BUGFIX: gdb: the PacketSize feature was not being respected
BUGFIX: gdb: the gdb debugger could misdetect some files as 64-bit for some architectures
BUGFIX: get_import_module_name() could return true and empty module name
BUGFIX: hexview: rendering, and synchronization between an IDA View & an Hex View, could be erroneous for processors with bytes that consist of more than 8 bits
BUGFIX: hexview: when a line starts by blanks (because it is the beginning of a segment, and that segment is not aligned on the same alignment of the view), the line contents could be shifted
BUGFIX: hexview: when scrolling, some lines could be duplicated if they started at an unaligned address
BUGFIX: hexview: when standing on an invalid position (i.e., BADADDR), pressing twice in a row would successfully enter edit mode (it should not)
BUGFIX: iOS Debugger could fail to retrieve the remote process list in some cases
BUGFIX: iOS debugger could produce incomplete stack traces when the process was stopped in the epilogue of a function
BUGFIX: iOS debugger would demand a remote hostname, even when AUTOLAUNCH was enabled in dbg_ios.cfg
BUGFIX: iOS debugger would fail to step after attaching to a process that needed to be rebased
BUGFIX: idaq64: IDC's SetCharPrm(INF_TRIBYTE_ORDER, ...) was not working
BUGFIX: idc expression "GetLocalTinfo(-1)" would cause interr 952
BUGFIX: idc: %f format specifier was not honoring the width and precision
BUGFIX: idc: ida could crash when adding a struct member which is a pointer to the struct itself
BUGFIX: if the same enum member was present in different tils but it had different values, it was not always possible to select it
BUGFIX: if the user cancels the attach-process selection dialog and then terminates the debugger server, then ida would continue to assume that the connection to the debugger server is intact
BUGFIX: in rare cases IDA could crash during rebasing
BUGFIX: in the "Structures" view, allow changing the type of an array of elements, if that type can fit in the size of the array
BUGFIX: installer: installation on a Windows machine without installed Python would fail to install Python
BUGFIX: kernel: search_* functions were not honoring the SEARCH_NOSHOW flag
BUGFIX: load_plugin() could fail to load a plugin from an alternate plugin directory
BUGFIX: loading of some PE+ files was taking too long time
BUGFIX: mac debugger was broken on OSX Sierra
BUGFIX: move_segm() would not move a segment into a free area under debugger in some cases
BUGFIX: moving the vertical scrollbar's thumb in Hex-Rays (or source-level debugging) views, could cause the view to jump to unexpected locations
BUGFIX: moving the vertical scrollbar's thumb to the very bottom in Hex-Rays (or source-level debugging) views, could fail to show the last line of code
BUGFIX: nec v850: IDA could generate wrong xrefs for some of reg+N operands
BUGFIX: noType() on an instruction operand, could remove the 'sign' or 'bitwise-negation' representation of the other operand in the process
BUGFIX: objc parser would not decode long types properly
BUGFIX: on Linux, the installer would unpack most of the precompiled Python runtime, even when asked not to
BUGFIX: on some versions of OSX, large stack traces could be incomplete
BUGFIX: pc: SP analysis could fail in functions with basic blocks unreachable from entry point such as exception handlers
BUGFIX: Linux/OS X: search results in the help viewer were always labelled "Untitled"
BUGFIX: set_member_type() was not checking for recursive struct nesting and could crash
BUGFIX: setting a breakpoint condition through "update_bpt()" could cause the condition to be unusable at breakpoint trigger-time
BUGFIX: setting a struct member type as an array without explicit size (like int[]) would set the member size to be zero; this is not what we usually want
BUGFIX: source debugging: the line number printed in the status bar was off by 1 from the number printed in the leftmost column
BUGFIX: source debugging: the status bar would show the file offset, but not the current address
BUGFIX: stack tracing was broken for x86_64
BUGFIX: the PDB plugin could cause internal error if called with invalid data (now it only results in a non-fatal warning)
BUGFIX: the SNES loader could interfere and cause IDA to exit on very large files (> 2GB)
BUGFIX: the decompiler would not take into account wide user-specified variables and would create additional variables that would overlap with them
BUGFIX: the navband could disappear when using a debugger that uses manual memory regions (e.g. iOS or GDB)
BUGFIX: the presence of the decompiler plugin on the disk without a license in ida.key would lead to error
BUGFIX: tms320c6: branch detection for bnop instructions was flawed
BUGFIX: type information propagation from unnamed array function parameters would result in incorrectly named data
BUGFIX: ui/qt: "Jump in new hex window" wouldn't jump to the right address
BUGFIX: ui/qt: IDA could leave F11-style fullscreen while navigating around and/or performing other actions
BUGFIX: ui/qt: If IDA encountered an error at startup, it might not have had time to create the taskbar icon yet, sometimes leaving that error/warning dialog hard to reach
BUGFIX: ui/qt: Using special mouse buttons 4 & 5 to move forward & backward in history, would change the cursor coordinates
BUGFIX: ui/qt: deleting a script snippet would mark the one that gets selected afterwards as 'modified'
BUGFIX: ui/qt: double-clicking on the 1st member of a struct, would cause the view to jump
BUGFIX: ui/qt: it was impossible to select the font from some listing widgets
BUGFIX: ui/qt: on Windows or OSX when a screen reader is used (e.g., JAWS or VoiceOver), the IDA View-A will automatically switch to flat listing since graph views are not accessible
BUGFIX: ui: ExportData action would silently overwite the output file if it already existed
BUGFIX: ui: IDA could lose the preferences for synchronization between views (and possibly registers, in case of debugging.)
BUGFIX: ui: OSX: idaq64 would always launch idaq if a file was dragged onto the dock icon
BUGFIX: ui: On Windows, the "Load a new file" dialog wouldn't create a taskbar entry, meaning it could be hard to find it on the desktop if another window showed up in front
BUGFIX: ui: Renaming an unsaved script snippet could lose its contents
BUGFIX: ui: The 'Default CLI' wouldn't be applied if IDA opened w/o a database
BUGFIX: ui: re-enabled building graph of code and data xrefs to current address
BUGFIX: ui: the "Functions window" could spend too much time refreshing the list of function names, even when no functions were modified
BUGFIX: ui: the "Segment registers" view had fixed minimum size, meaning it was impossible to resize other tabs in case it was opened in a tabbed view
BUGFIX: version info in idaq for windows was stored incorrectly
BUGFIX: when debugging a macho shared lib, IDA could throw INTERR(40201) if the application exited prematurely
BUGFIX: when debugging, toggling breakpoints could become impossible if the last closed widget was a hex view or stack view
BUGFIX: windbg: some registers (typically ST0) could lose their value after stepping

New in IDA Pro 6.95.160808 (Jan 20, 2017)

Processor Modules:
ARM: improved register tracking
CLI: skip unknown metadata streams instead of exiting with a fatal error
CLI: support .net files with tables stream named "#-" instead of the standard "#~"
PC: added decoding of CLZERO, MONITORX and MWAITX instructions
PC: added decoding of HLE prefixes (XACQUIRE and XRELEASE)
PC: adjusted handling of chained unwind-information
PC: calls with address-size override prefix could truncate the target address
SPARC: added support for UA2005
V850: convert gp-based movea references to offset expressions
V850: resolve callt addresses when user provides CTBP option
File Formats:
ELF: added R_386_GOT32X relocation
ELF: added R_X86_64_GOTPCRELX and R_X86_64_REX_GOTPCRELX relocations
ELF: added R_X86_64_RELATIVE64 relocation
PDB: added support for obtaining types for global data
PE: added detection of entry point from incremental linking by Visual Studio
PE: handle non-ASCII PDB filenames
MACHO: improved constant CFString parsing (handle Unicode CFStrings and CFStrings not in the __cfstring section)
Debugger:
GDB: added support for MIPS64 and SPARC
PIN: build pintool with PIN 3.0.76991
Remote PDB debugging from non-Windows machines, with the help of a remote Windows debugger server
Remote iOS Debugger:
added support for Intel x64 Android binaries (android_x64_server)
dalvik: added Dalvik debugger specific IDC function: DalvikGetLocalTyped()
gdb: added support for ARM M-Profile debugging
Kernel/Misc:
FLIRT: signature files for PC must now be placed in the sig/pc/ subdirectory
FLIRT: added signatures for Embarcadero RAD Studio 10.1 Berlin
FLIRT: added signatures for icl163 (Intel C++ 16.3)
FLIRT: added signatures for Windows Driver Kits 7-10
FLIRT: added detection of GsDriverEntry for Windows Drivers
FLIRT: dm: added signatures for Digital Mars 2.071.0
TIL: fixed 64-bit macros, which were either truncated or not sign-extended correctly
TIL: fixed values for macros that contained casts
TIL: updated list of known WM_ messages
TIL: added processor specific til files for linux
now we build idal/idaq as PIE on Linux
more aggressive string detection
the IDASGN, IDAIDS, IDAIDC, and IDATIL environment variables have been deprecated: the more versatile IDAUSR should be used instead
the IDAUSR environment variable has been extended to all IDA subdirectories (idc, ids, sig, and til)
updated Mac OS X (xnu) syscall list
User Interface:
ui: (windows) added a workaround to allow opening files in directories with paths which are not representable in the system 8-bit encoding
ui: IDA now updates the mac dock tile with the idb name when multiple IDA instances are running
ui/qt: added envvar IDA_STYLESHEET allowing to load contents from a CSS file without having to make a wrapper invoking "idaq.exe -stylesheet=..."
ui/qt: the colorizer passed through set_nav_colorizer() can now be used to update the colors of the legend in the navigation band
ui: ability to programmatically create_menu() & delete_menu()
ui: ability to programmatically create_toolbar() & delete_toolbar()
ui: ability to query choosers for their data
ui: get_registered_actions() can now be used to retrieve a list of all registered actions
Scripts & SDK:
IDAPython: IDAPython is now split in multiple modules
IDAPython: added tinfo_t::serialize()
SDK: added IDA syntax highlighter
SDK: added cleanup_name() to convert a name into some kind of canonical form (strip underscores, module name, etc)
BUGFIXES:
BUGFIX: "Select all" was not selecting anything
BUGFIX: About program...->Addons... dialog could show incorrect info if both HEXARM and HEXARM64 were present in the same ida.key file
BUGFIX: CLI: stack buffer overrun could happen when disassembling .net files with very long method prototypes
BUGFIX: DWARF could fail while attempting to persist arrays with huge numbers of elements (e.g. >= 0x80000000)
BUGFIX: DWARF: Don't try to apply DWARF relocations if the file is not properly relocatable
BUGFIX: DWARF: Files with DWARF relocations of type 0 (i.e., 'NONE') would prevent loading DWARF information
BUGFIX: DWARF: GNU ADA can use strange constructs for specifying bitfield type dependencies, which the DWARF plugin wouldn't properly handle
BUGFIX: DWARF: pressing Esc at the "DWARF info found" dialog did not cancel DWARF loading
BUGFIX: DWARF: some types with virtual inheritance could cause IDA to interr
BUGFIX: DWARF: two enumerations of different byte size that contain the same list on enumerators would be considered equal
BUGFIX: Deleting bookmarks from the menu could crash IDA
BUGFIX: Double-clicking in the "Output window" would cause the selection to span from the beginning of the word, to the end of the line instead of the end of the word (and would sometimes fail to recognize some identifiers & jump to them.)
BUGFIX: During source-level debugging, the source view scrollbars wouldn't follow the position in the file
BUGFIX: ELF: code relocations for big-endian Aarch64 files were applied incorrectly
BUGFIX: Fujitsu FR: segments were 16bit (must be 32bit)
BUGFIX: GDB: register view in GDB was missing jump arrows and address display
BUGFIX: Graph view: when searching (e.g., "Alt+Up/Down", or "Alt+T/Ctrl+T"), IDA could fail placing the cursor's X position at the beginning of the match
BUGFIX: IDA View-A wouldn't apply the node_info_t::text property for non-group nodes
BUGFIX: IDA could crash while parsing header files with recursive macro definitions
BUGFIX: IDA could crash right after having loaded the dyld_shared_cache (on linux.)
BUGFIX: IDA could crash when jumping to another function while in graph view, or when switching to the graph view
BUGFIX: IDA did not remove xref and switch records when deleted debug segments
BUGFIX: IDA on Linux could crash while Tab-completing in the file chooser if 1) 'New' was selected at startup, and 2) Qt couldn't load the GTK2 theme
BUGFIX: IDA would attempt to auto-analyze binary files with no known entry point
BUGFIX: IDA would fail to keep the cursor on the instruction (or operand) when switching between flat & graph views
BUGFIX: IDAPython: IDP_Hooks instances could prevent the decompiler from working properly
BUGFIX: IDAPython: decompile_many() wouldn't accept a list of ea_t's
BUGFIX: IDAPython: running a long script that cause an IDAPython processor module to kick in, could fail to be properly interruptible because the processor module could receive the error instead of the script itself
BUGFIX: IDC's MakeLocal was broken
BUGFIX: In hex view, when the first edit takes place at EA 0, the line could fail showing the first byte
BUGFIX: On OS X, searching for binary patterns might fail for some values in the [0x80 - 0xff] range
BUGFIX: PE: IDA would not detect DLL exports with empty names
BUGFIX: PE: IDA would show no exports if the export directory's DLL name was an empty string
BUGFIX: Pressing Alt+ as an accelerator to (e.g.,) toggle a checkbox in a form, while a text field is being filled and a "completion" overlay is visible, wouldn't transfer focus to the checkbox (because of the auto-completion overlay swallowing those key presses)
BUGFIX: Proximity viewer: clicking on nodes representing addresses that fall in the middle of a data item, could cause IDA to INTERR (40467)
BUGFIX: SetFunctionFlags() could modify FUNC_SP_READY and FUNC_NORET_PENDING bits, which should be managed by IDA
BUGFIX: When performing PDB debugging across multiple modules, IDA could show locals variables that belong to another function
BUGFIX: When remote debugging, segment permissions could contain unexpected bits set in the upper nibble
BUGFIX: When selecting a union member in the "Structure offsets" view, IDA could crash when hovering that member
BUGFIX: When selecting negative "standard constant" enumerators, IDA could display the operand as a faulty number, instead of as that symbolic constant
BUGFIX: When trying to load PDB information remotely and no MSDIA DLL could be found, no clear error message was printed on the console
BUGFIX: accessibility: reading last word of line, could overflow to following lines
BUGFIX: accessibility: when the cursor was after the text on a line, accessibility tools could read the wrong data
BUGFIX: arm64: incorrect type of the first operand in instructions UADDLV, SADDLV
BUGFIX: arm: in some rare cases undefined data could be disassembled as VLDM/VSTM instructions
BUGFIX: arm: incorrect decoding of double presision registers D15-D31 in some VFP instructions
BUGFIX: corrupted idbs with wrong segment names info could cause interr 1248
BUGFIX: debugger: in the watch view the first member of a struct would be printed in more complete way than other members
BUGFIX: f2mc: callp/jmpp instructions did not create proper cross-references
BUGFIX: f2mc: operands of callp/jmpp instructions could be decoded incorrectly
BUGFIX: flirt: parsing of Digital Mars OMF libraries was broken
BUGFIX: gdb: attaching to 64-bit processes would give warnings about unknown registers and CPU_NOT_SUPPORTED
BUGFIX: gdb: attaching to ppc64 would fail with 'more than one special register present' message
BUGFIX: gdb: memory contents could become undefined while single stepping in the debugger
BUGFIX: gdb: some cpu flags could not be edited
BUGFIX: ida could loop endlessly trying to create a function and deleting it; overall the idea of deleting a function because it has no call xrefs is not very good; for example, functions referenced from vtable won't have any xrefs; also compilers use tail call optimization and this coverts call xrefs and jump xrefs
BUGFIX: idapython: SetFchunkOwner was broken
BUGFIX: jump-to-node-by-doubleclick in proximity view was broken
BUGFIX: load_debugger() was requiring an underscore in the file name of the debugger plugin; it is not really necessary
BUGFIX: on linux/MAC IDA did not apply umask when created some output files
BUGFIX: pc: fixed operands for MONITOR and MWAIT instructions
BUGFIX: pc: incorrect handling of 16byte aligned function argument/return types of size

New in IDA Pro 6.7.141229 (Dec 30, 2014)

Highlights:
A lot of work was done on the UI internals to improve the speed and responsiveness, and reduce unnecessary screen redrawing
UI: no more resetting to the default desktop layout when moving your IDB to another PC/monitor - the saved layout is scaled to fit the new resolution
SDK/UI: new set of functions for dealing with user-provided actions
[un]register_action
[at|de]tach_action_[to|from]_menu
attach_action_to_custom_viewer_popup
attach_action_to_output_popup
[at|de]tach_action_[to|from]_toolbar
All of them are also available in IDAPython
DWARF: much improved support for DWARF4, and added support for DWZ (compressed DWARF) files
MIPS: support for microMIPS, DSP extensions and Cavium Octeon II instructions
PIN and Dalvik debuggers were improved considerably to be faster, more robust and easier to use
Position-independent build of ARM Android remore debugger server (required for Android Lollipop)
UEFI type libraries and TE (Terse Executable) file format support
Many vulnerabilities fixed thanks to the submissions to our bug bounty program
Complete changelist:
Processor Modules:
6809: added support for data page segment register (DP)
ARM: detect several additional variations of the __rt_switch8 helper in binaries produced by the ARM compiler (armcc)
ARM: improve no-ret analysis for calls performed using BX and BLX instructions
Dalvik: 'T' can be used to apply structure offsets to odex "quick" instruction operands
Dalvik: decode return-void-barrier (opcode 0xf1) instruction
f2mc: Added PCB to the list of segment registers
m740: added I/O port definitions for m3804x
Mach-O: add init pointers as entrypoints (similar to PE's TLS callbacks)
Mach-O: improve the loader to handle unusual and deliberately modified files
Mach-O: use the LC_MAIN command, if present, to determine the program entrypoint
MIPS: added support for Cavium Octeon II instructions
MIPS: added DSP ASE support
MIPS: added MSA ASE support
MIPS: added microMIPS instruction set support
MIPS: provide auto-comment for floating point and dword-sized stack args
MIPS: resolve gp-relative references on N64 ABI
MIPS: simplify some instruction sequences to dla/dli on N32/N64 ABIs
MIPS: Support for R_MIPS_TLS_TPREL relocations
PC/PE/kernel: define entrypoint prototype for UEFI files NB: DXE entrypoint is used for all UEFI files, since it's impossible to distingish PEI and DXE files by the header flags
PC: decode FMA4 instructions
PC: handle switches produced by the Sun C compiler
PC: improve recognition of GCC switches in non-PIC x64 binaries
PC: improve switch analysis (again)
PC: improved frame analysis (some 'lea ebp' insns were recognized as part of prolog while they were not)
PC: improved prolog recognition
PE: handle unwind info version 2 in x64 .pdata sections
PE: support ARM64 files
PE: when applying relocations, mark relocations which apply to code as such (improves autoanalysis)
PPC: PPC_TOC, PPC_SDA_BASE, PPC_MMIO_BASE can now be set from IDC scripts
PPC: support for SPE 2.0 instructions
Tricore: apply mapping to offsets recognized in standard instruction sequences
File Formats:
IDA automatically uses sparse storage for uninitialized segments
ELF: add support for R_MIPS_64 reloc
ELF: DT_MIPS_LOCAL_GOTNO-declared relocations in MIPS shared libraries will now be properly handled on rebasing/segment move
ELF: handle x86/x64 files with bogus EI_CLASS and EI_DATA values (these fields are ignored by Linux kernel)
ELF: if a dynamic shared object file has ".interp" section, do not mark it as DLL (it's a position-independent executable)
ELF: MIPS: detect microMIPS functions
ELF: MIPS: try to find initial gp value even when DT_MIPS_GP_VALUE is missing
ELF: PPC: handle R_PPC_ADDR24 relocation
ELF: support files that use bogus R_ARM_REL32 relocations for self-decryption
ELF: Support for R_386_TLS_TPOFF32 relocation
HEX: split the file being loaded into several segments if there are big gaps in addressing
Java: support loading of .class files produced by Java 8
CLI: IDA on Windows can now make use of the built-in CLI metadata loader, if the environment variable 'PE_CLI_FORCE_RAW' is set
TE: added support for TE (Terse Executable) file format, used in UEFI firmwares
Debugger:
BOCHS: enabled manual memory regions in disk image mode
BOCHS: support for Bochs 2.6.6
debugger: Android: added a position-independent build of the debugging server (android_server_pie); necessary for Android Lollipop
Debugger: Dalvik: added an ability to preset breakpoints at methods of Activity to start with, controlled by Debug specific options
Debugger: linux: try to detect if the dynamic interpreter (ld.so) is loaded at runtime and start reporting shared libraries at that time This helps with debugging of compressed programs
DWARF: Don't try and use DWARF info from files that have a .gnu_debugaltlink companion file
DWARF: Golang: Better handling of some poorly-defined arrays dimensions
DWARF: Initial support for CFA(Call Frame Activation)-based stack arguments
DWARF: Moved to libdwarf 20140805, which provides much better DWARF V4 support
DWARF: Support for decimal floating point values
DWARF: Support for ELF files with a companion 'DWZ' file (i.e., "compressed" DWARF information.)
DWARF: Support for Free Pascal-style UDT-member-as-subroutine (lacks a '*' DIE)
PIN: implemented write memory request
PIN: print PIN toolkit version when starting pintool
PIN: provide access to FPU/XMM registers
PIN: support PIN toolkin version 2.14
PIN: support register modification
Kernel/Misc:
demangler: added support for the .eh suffix
demangler: handle rvalue reference and nullptr_t in VC++ mangled names
generate a xref to the target struct type when 'struct offset' applied to a struct member
installer: enable SEHOP and Force ASLR mitigations on Windows at install time
kernel: reimplemented storage of segment register changepoints. Now ARM files with many ARM-Thumb changepoints consume much less memory
Linux installer will warn the user about missing 32-bit support instead of failing silently on pure x64 distros
show string tail as a comment if cross-refence points into the middle of the string
sync all imported types from loaded tils to the local til file; we need this to ensure that an imported type does not suddently change because of til manipulations
PELF: add support for ARCompact relocations
TIL: added a type library for UEFI (x86 and x64, version 2.4)
kernel: virtual array was flushing pages to the disk every time we changed its size; removed that
User Interface:
UI/QT: When holding Shift or Ctrl while mouse wheel scrolling, entire pages are scrolled at once. When doing so in hint windows, they are grown/reduced faster, too
UI: add 'Undefine operand', and 'Alignment' to the context menu, when applicable
UI: Added "Copy to clipboard" functionality to "Export Data"
UI: added a setting for the number of xrefs for structs/enums in the Options dialog
UI: distinguish the main entrypoint in the list of exports/entry points
UI: double-clicking on a register value during debugging allows to edit it
UI: force randomization of Python DLLs load addresses, to reduce the risk of vulnerabilities; also enable Force ASLR if available (Windows 8 or later)
UI: handle gracefully lack of disk space when trying to save the database - allow the user to retry saving
UI: if one of the recent file entries in the File menu is selected while Shift key is held down, the file is opened in a new IDA instance
UI: improved the "Edit Segment" form; segment access permissions can be edited now
UI: on Windows, offer to create a minidump in case of an internal error
UI: options dialog: added a "graph" or "nongraph" suffix to the settings which are mode-specific
UI: print detailed function argument information when the user presses 'F'
UI: QT: remove requirement for compatible screen resolution when loading desktop from IDB. If some floating windows do not fit into the screen, they're resized
UI: remember the last used directory for the "Script file..." dialog (if OPEN_DEFAULT_IDC_PATH is not set)
Scripts & SDK:
IDAPython: add idaapi.get_kernel_version()
IDAPython: added ability to build IDAPython with Hex-Rays bindings by specifying a path to a directory where to find the 'hexrays.hpp' file
IDAPython: added APIs for accessing the registry
IDAPython: added APIs for working with breakpoint groups
IDAPython: added umsg() for printing UTF-8 text into the Output Window
IDAPython: construct_macro() is now available to IDAPython processor modules
IDAPython: export get_custom_viewer_place(), and allow place_t clone() & related functions
IDAPython: expose QueueDel(qtype_t, ea_t), to complete APIs for manipulating entries from the "known list of problems"
IDAPython: get_tform_type()/get_tform_title(), & current_tform_changed callback
IDAPython: give users the ability to access the underlying TForm/TCutsomControl objects that back higher-level Pythony wrappers, so that the rest of the SDK API can be used as well
IDAPython: improve stability and error reporting for Python processor modules
IDAPython: Scripts can use OnViewMouseMoved() callback to be notified of mouse movement on views (both user-created, as well as core IDA views)
IDAPython: User graphs: double-clicking on a graph edge, will (by default) jump to the node on the other side of that edge
IDC: Added UMessage(), to print UTF-8 strings
IDC: 'Dump Database to IDC' now exports function comments too
IDC: SetType/ApplyType can be used with struct member IDs
SDK: Added 'umsg', which is in all aspects similar to 'msg', except that it works exclusively with UTF-8 strings
SDK: added build_stkvar_xrefs(), to get a list of all the xrefs in a function for a given argument/variable in that function's stack frame
SDK: added function to retrieve action attributes
SDK: added lower_type2(), that accepts a helper capable of providing additional information about the function, that lower_type2() itself doesn't know about
SDK: Added patch_qword(), (and PatchQword for IDC.)
SDK: added qfindclose64() to the destructor of qffblk64_t; there is no need to call it explicitly anymore
SDK: added qfstat64()
SDK: added unpack_xleb128() to read sleb/uleb128 values
SDK: attach_action_to_popup()/detach_action_from_popup() can now be used to register and remove 'permanent' popup actions
SDK: deprecated 32-bit findfirst/findnext functions and qstat()
SDK: deprecated guess_func_tinfo2 (use guess_tinfo2)
SDK: deprecated ui_showauto and ui_setstate
SDK: extend APIs for working with breakpoint groups
SDK: extended set_dock_pos usage. Now it can be applied for the complex widgets by specifying the window title, f.e. "IDA View-B, Enums, Exports"
SDK: extensive reworking of comments in the headers (converted to Doxygen format). HTML documentation is avilable for
SDK: introduced debugger_t::set_resume_mode to be able to specify various resuming kinds (it replaces 'thread_set_step')
SDK: new set of functions for dealing with user-provided actions
SDK: qfileexist() now returns false if the specified path is a directory (use qisdir() for directories)
SDK: since the return value of malloc/calloc with zero size is implementation dependent, the qalloc/qcalloc functions check for zero and return NULL
SDK: added qgetcwd()
BUGFIXES:
BUGFIX: IDAPython: made 'extract_name' available again
BUGFIX: 32bit offsets in 16-bit segments were interpreted as seg:off pairs for all processors (should happen only for x86)
BUGFIX: 64bit windows debugger: read/write of FPU/MMX was handled incorrectly
BUGFIX: 6809: low/high offset expressions were displayed incorrectly
BUGFIX: a signed comparison was used to validate the 'maxord' field of .til files; this is a vulnerability that can be exploited by creating a specially crafted .idb file, at least in theory
BUGFIX: AOF: AOF loader could access out-of-bounds memory
BUGFIX: AOUT: IDA could crash trying to load a corrupted a.out file
BUGFIX: ARC: ARC4 ld/st were incorrectly treated as having delay slots
BUGFIX: ARC: brCC and bbitX instructions were printed incorrectly (no delay slot and unnecessary period)
BUGFIX: ARC: some ARCompact instructions were missing flag-setting bits
BUGFIX: ARM: IDA could hang if there were three or more thunk functions calling each other in a loop
BUGFIX: ARM: IDA could loop endlessly on some files (if the byte sequence would be resemble valid code but still had many inconsistencies)
BUGFIX: ARM: instructions belonging to TBH/TBB switches were not properly marked
BUGFIX: ARM: instructions inside IT blocks would lose their condition suffixes on rebasing
BUGFIX: ARM: single stepping inside IT blocks was broken
BUGFIX: autoanalysis could endlessly loop in some (rare) cases
BUGFIX: BOCHS: IDA could fail to start debugging in snippet mode (IDB mode) if there was a big .bss segment at the end of address space in the database
BUGFIX: BOCHS: IDB mode would work incorrectly with files that have many small, non-page-aligned segments (e.g. many ELF files)
BUGFIX: BOCHS: in protected mode (disk image mode), mappping of segment selectors that use LDT (and not GDT) was done incorrectly
BUGFIX: check_process_exit() could not handle the processes that were terminated by a signal (unix)
BUGFIX: choose2() in batch mode could return wrong answer (if the default answer was wrong)
BUGFIX: CLI: IDA could crash when loading a corrupted .NET file on Linux/OS X (double free)
BUGFIX: CLI: IDA could hang on some corrupted .net files
BUGFIX: CLI: IDA could spend enormous amount of time trying to load some corrupted .net files
BUGFIX: CLI: Incorrect .net metadata could cause IDA to quit on Linux & OSX
BUGFIX: CLI: specially crafted .net file could crash IDA on unix
BUGFIX: Closing the IDB and calling 'get_import_module_name()' (e.g., through a PLUGIN_FIX plugin) would crash IDA
BUGFIX: COFF: corrupted file could crash IDA
BUGFIX: COFF: IDA could crash on some corrupted files
BUGFIX: COFF: truncated string tables could lead to memory corruption
BUGFIX: Dalvik debugger could crash when switching to the debugger desktop
BUGFIX: Dalvik: move/16 and move-object/16 instructions were decoded incorrectly
BUGFIX: DBG/COFF: IDA could crash when parsing a COFF symbol with bogus count of aux records
BUGFIX: debugger: Android debugger could miss some memory areas (if the same starting address was listed twice in 'maps')
BUGFIX: debugger: in some cases debugger could not continue execution after suspending on 'start process' event
BUGFIX: debugger: it was impossible to read MMX registers from 64bit linux debugger
BUGFIX: debugger: mac: IDA would fail to read debuggee's memory at or close to address 0 even when it was valid
BUGFIX: Debugger: some debugger modules could still send BREAKPOINT events after receiving the termination request; IDA should ignore them
BUGFIX: DEX: a specially crafted DEX could crash ida
BUGFIX: DEX: fixed a buffer overflow in the DEX loader
BUGFIX: DEX: IDA could crash trying to load a corrupted DEX file
BUGFIX: DOS: MZ EXE relocations with values >0x8000 were processed incorrectly
BUGFIX: DWARF: could fail recognizing some types as being equivalent, and end up in an INTERR
BUGFIX: DWARF: could crash when generating some variations of a type, to make its size suitable for inheritance
BUGFIX: DWARF: some badly corrupted DWARF data could cause IDA to quit
BUGFIX: ELF: bogus PT_NOTE entries could cause IDA to hang for a long time
BUGFIX: ELF: could crash on corrupted elf files
BUGFIX: ELF: IDA could crash when loading a specially crafted ELF file
BUGFIX: ELF: MIPS HI16 RELA relocations were incorrectly applied
BUGFIX: ELF: specially crafted file could result in stack buffer overrun
BUGFIX: ELF: STB_WEAK symbols were not listed in the 'exports' window
BUGFIX: EPOC: handcrafted EPOC files could cause an endless recursion and eventual crash (but IDA would ask for a confirmation at each iteration)
BUGFIX: EPOC: IDA could crash trying to load corrupted EPOC files
BUGFIX: EPOC: malicious deflate-compressed EPOC files could crash IDA
BUGFIX: EPOC: specially crafted .sis file may cause memory corruption
BUGFIX: fixed behavior of highlight + scrolling to be like IDA pre-6.6
BUGFIX: Fixed exporting to C header file of types with fileds of referenced by name type
BUGFIX: GDB: the "Use CS:IP in real mode" option was treated as always active, leading to incorrect EIP values in real mode in some stubs (e.g. VMWare)
BUGFIX: HPSOM: HP-UX SOM loader could access out-of-boundary memory
BUGFIX: IDA could crash at the exit time if tinfo_t objects were leaked by a plugin or script
BUGFIX: IDA could crash if an attempt to match a jump table instruction sequence was made on an ea without a segment
BUGFIX: IDA could crash on specially crafted DEX file (trying to allocate a huge segment)
BUGFIX: IDA could crash trying to guess a function type (stack overflow)
BUGFIX: IDA could crash trying to load corrupted PharLap extender files
BUGFIX: IDA could hang trying to move a segment from the top of the addressing space
BUGFIX: IDA could interr if the program was rebased in the presence of orphan bytes (bytes that do not belong to any segment)
BUGFIX: IDA could not parse 'static int inline x;'
BUGFIX: IDAPython Decompiler bindings could abort IDA because of some uncaught C++ exception
BUGFIX: IDAPython processor modules' outop-produced op_t references were leaked
BUGFIX: IDAPython: Activate() callback was not functional
BUGFIX: IDAPython: Exceptions in GraphViewer.OnRefresh() were silently ignored
BUGFIX: IDAPython: exceptions thrown inside the code called by SWIG wrappers must be caught, or IDA might abort
BUGFIX: IDAPython: Form.Close() was not working in most cases
BUGFIX: IDAPython: gen_disasm_text() was expecting a 'text_t' instance, which is not exposed
BUGFIX: IDAPython: get_ascii_contents2() was not honoring the possible output encoding request
BUGFIX: IDAPython: GetLocalType() could produce errors with some local types
BUGFIX: IDAPython: GraphViewer would not allow grouping of nodes, unless OnCreatingGroup was implemented
BUGFIX: IDAPython: GraphViewer.Select() method was always selecting node 0 regardless of the argument
BUGFIX: IDAPython: It was not possible to use 'tag' and 'reg' functions of a segreg_t instance returned by get_srarea()
BUGFIX: IDAPython: Some char arrays-derived Python strings could contain garbage in some cases
BUGFIX: IDAPython: some functions which returned a ssize_t, were wrapped incorrectly and were unusable
BUGFIX: IDAPython: udt_type_data_t was not exposed as a qvector, and thus couldn't be iterated on
BUGFIX: IDAPython: When using the Strings() class, bytes could be erroneously retrieved
BUGFIX: IDC's SetShortPrm(INF_BINPREF, gt;) would not properly change the current renderer's amount of displayed bytes
BUGFIX: IDC: GetLocalTinfo() would return a non-zero number upon failure (must return 0)
BUGFIX: IDC: IDA could interr if an IDC function was called with wrong number of arguments
BUGFIX: IDC: SetMemberType() with struct offset would use wrong struct offset delta
BUGFIX: IDC: the function SetRegValue() could set incorrect value for FPU registers
BUGFIX: it was possible to create an item across function chunk boundaries (only in some cases)
BUGFIX: kernel: instruction emulator could destroy the current insn in some cases and this would cause an interr later
BUGFIX: LE: LE files without the MZ header could not be loaded
BUGFIX: linux debmod could interr on low-level conditions
BUGFIX: Mach-O: __stubs section was processed incorrectly for x64 files
BUGFIX: Mach-O: corrupted export data could cause buffer overflow and crash IDA
BUGFIX: Mach-O: Fixed crash in Mach-O loader (endless recursion)
BUGFIX: Mach-O: fixed off-by-one bug in many places; efd was crashing on the sample files we received today; probably IDA too
BUGFIX: Mach-O: Fixed potential endless recursion
BUGFIX: Mach-O: IDA could crash on some corrupted Mach-O files the number of sections or section boundaries are bad
BUGFIX: Mach-O: IDA could crash when loading Mach-O files with malformed LC_LOAD_DYLIB commands
BUGFIX: Mach-O: IDA could not load files with over-sized sections
BUGFIX: MIPS: building mips16 macro instructions could consume too many bytes, preventing some following instructions from being decoded
BUGFIX: MIPS: registers could be tracked incorrectly for mips16 code
BUGFIX: MIPS: some references to local symbols loaded from the GOT could not be converted to offsets
BUGFIX: msp430: was using 16-bit segments by default
BUGFIX: MSP430: some BRA instructions were decoded incorrectly
BUGFIX: NE: IDA could crash on specially crafted NE file (zero pointer dereference)
BUGFIX: on Linux some of concurrently started instances of IDA could fail to load the registry
BUGFIX: our C parser was supporting only "ui64" suffix for 64-bit constants; the 'll' prefix was silently skipped
BUGFIX: Patched bytes are now reverted before the segment and its data are deleted
BUGFIX: PC: 'ymmword' keyword was not defined for PC module which caused 32-byte data items to be displayed with (null) prefix
BUGFIX: PC: AVX instructions that refer to r8..r15 should not be decoded in 32-bit mode
BUGFIX: PC: some instructions using repeated 66 and 67 prefixes (operand/address size override) were not decoded correctly
BUGFIX: PDB: IDA could fail to load a PDB file when using File->gt;Load additional file->gt;PDB file... dialog
BUGFIX: PE: files with corrupted CodeView debug info could trigger a double free
BUGFIX: PE: heap overwrite in processing of x64 .pdata entries
BUGFIX: PE: IDA could access invalid memory when a corrupted COFF symbol table was present
BUGFIX: PE: IDA could take a very long time loading a file with bad debug directory
BUGFIX: PE: specially crafted PE file could lead to memory corruption
BUGFIX: PEF: fixed multiple vulnerabilities
BUGFIX: PEF: specially crafted PEF files could crash IDA
BUGFIX: PIN: get rid of duplicates in trace buffer (basic block tracing mode)
BUGFIX: PIN: in some cases IDA tried to launch pintool even if 'autolaunch' option was disabled by the user
BUGFIX: PIN: in some cases pintool could provide incorrect memory configuration
BUGFIX: PIN: incorrect tooltips for memory operands in the disassembly window
BUGFIX: PIN: not all threads appeared in IDA after initial attach to a process
BUGFIX: PIN: register values/threads could be lost when debugger stops on "Process start"/"Library loaded" events (in case 'Suspend on debugging start' or "Suspend on library load/unload' option is enabled)
BUGFIX: PIN: take into account actual flags of segments/function when enabled options 'Trace over debugger segments', 'Trace over library functions'
BUGFIX: PPC: undecorating a name could yield an empty name and that could cause a crash
BUGFIX: PPC: VLE instruction se_addi was incorrectly simplified into se_li when r0 was used as a source operand
BUGFIX: Producing files with only structures/enums gave erroneous feedback on the line count
BUGFIX: Proximity view could crash when asked to expand/collapse multiple nodes, when some of those are "(+)" nodes
BUGFIX: qrealloc() with BADMEMSIZE could succeed on some flavors of linux64 (it should fail)
BUGFIX: qwingraph: could crash on some huge graphs; now we nicely display a message and exit
BUGFIX: references to unexisting types would be saved with explicit struct/union/enum keywords even if the reference was simply by name; the keyword would be derived on the fly from the forward declaration, if it existed
BUGFIX: renaming a struct/enum would break references to it because IDA was using references by name instead of by ordinal
BUGFIX: SDK: tinfo_t::is_forward_decl() could incorrectly return false in some cases
BUGFIX: searching for the next unknown byte in sparse storage was buggy
BUGFIX: some -D command line options could be effectively ignored because IDA could load a new processor module immediately after applying them; now we apply -D switches after loading the input file
BUGFIX: some anonymous unions of bitfields could be handled incorrectly in pdb files
BUGFIX: some register names were duplicated by some debugger backends
BUGFIX: SPARC: IDA would miss delay slots in little endian mode
BUGFIX: structure alignment was incorrectly calculated when copying from the struct window to the local types;
BUGFIX: switch idioms that had the default jump target inside (but unmarked) would still be decompiled incorrectly
BUGFIX: Syncing a Hex-View to the value of a register would cause an interr
BUGFIX: the 'local types' window was not refreshed after importing some types to the IDB
BUGFIX: tilib: could interr when trying to calculate the alignment of a 'long double' type when the compiler is set to 'Borland' (long double is 10 bytes but has alignment of 8)
BUGFIX: tinfo_t::print() could crash if PRTYPE_DEF was passed for a trivial type
BUGFIX: tracing, basic block tracing mode: broken order of instructions in the trace buffer
BUGFIX: Tricore: some ld16/st16 instructions were decoded incorrectly
BUGFIX: UI: after switching Hex View to one-column it was not displaying anything
BUGFIX: UI: IDA could confuse structs with members when renaming in the structures view
BUGFIX: UI: IDA could crash when showing proximity graph coming from a trace
BUGFIX: UI: IDA could crash when trying to display a proximity view graph for a newly opened file, if that graph exceeded the max node limit
BUGFIX: UI: IDA could show "undefined type" message when loading some PE files into IDB
BUGFIX: UI: IDA was generating bogus idb_event::op_type_changed when showing the context menu
BUGFIX: UI: in some cases picking a standard numeric constants (enum) for the value in the disassembly did not work
BUGFIX: UI: load-time warnings could be shown again even if the user checked "Don't show again in current session"
BUGFIX: UI: Pressing '.' when in the "Output window"'s messages widget wouldn't switch control to the CLI widget
BUGFIX: ui: qt: Changed meaning of 'width' field parameter in forms descriptions. Now it is buffer size -1 for text fields and the number of characters for digital fields
BUGFIX: UI: QT: Open... file dialog was displaying only "All files(*)"; now extensions idagui.cfg are used
BUGFIX: UI: Right-clicking on a graph view, and then clicking on the "Zoom 100%" action could lead the view to zoom to the wrong place
BUGFIX: UI: Right-clicking on an edge, and requesting a grouping of nodes while none are selected could crash IDA
BUGFIX: UI: some IDBs created on Windows and used on Unix could have problems with the 'struct offset' command in the gui verion
BUGFIX: UI: switching from graph view to flat view and back would change the current disassembly position if the current node was a group node
BUGFIX: UI: the import window would display wrong library names if a new database was opened without quitting IDA
BUGFIX: UI: tracing actions (Instruction tracing etc.) were not enabled for some debuggers which do support tracing (e.g. Bochs)
BUGFIX: UI: TXT: Changed meaning of 'width' field parameter in forms descriptions. Now it is buffer size -1 for text fields and the number of characters for digital fields
BUGFIX: UI: Using IDA in a Windows 8 RDP session might cause a freeze of the session when dragging & dropping widgets
BUGFIX: UI: When animations were turned off, IDA could temporarily freeze
BUGFIX: UI: when creating 32-bit segments with base 0, a selector was not allocated for it, leading to various issues
BUGFIX: UI: when creating a new script snippet, the previous snippet text was not always cleared from text field
BUGFIX: UI: When double-clicking a result in a non-modal "Xrefs to ..." view, in order to jump in the (previously hidden) tabbed graph view, the graph view might center on an incorrect place
BUGFIX: uiswitch: it was impossible to specify a switch with zero elbase but nonzero shift
BUGFIX: unreachable meaningless fpu instructions could hinder fpu stack analysis
BUGFIX: User graphs: paint nodes background even when text is not painted (i.e., zoom level is too far away.)
BUGFIX: when a struct was deleted, the corresponding type was not always deleted from the local types
BUGFIX: When changing a variable/argument type in a function frame, 'Structures' xrefs might not be updated
BUGFIX: when debugging, the cursor could be positioned on a multiline comment line in the pseudocode view, instead of the line with the real code
BUGFIX: When horizontally scrolled, IDA View-A could fail to highlight the word on which the cursor is currently placed
BUGFIX: When in graph view, jumping to the current function's call sites through the node title's "Jump to xref" icon could focus on the wrong node in the calling function
BUGFIX: when opening an old IDB for a processor without the type system there could be a significant delay (a dozen of seconds or more)
BUGFIX: When performing some keyboard shortcut sequences very fast, and then moving up/down with the keyboard's line up/down, or page up/down, the disassembly listing could show a single line (or jump one page off)
BUGFIX: While grouping/ungrouping some nodes, IDA could freeze until 'Esc' is pressed
BUGFIX: WinDbg: windbg debugger could not write FPU register values
BUGFIX: 64bit linux debugger: Incorrect reading of FPU registers
BUGFIX: ARM: arm module would display 'LDR R0, =0xFFFFFFFF' or similar in case the LDR instruction was referrring to a non-existing or uninitialized memory address
BUGFIX: DWARF: Could misinterpret very large types (> 0x1fffffff bytes-large)
BUGFIX: GDB: a malicious GDB stub could cause heap memory overwrite in IDA during debugging
BUGFIX: IDA could abort with message "index file is bad" when compressing database
BUGFIX: IDA could crash at DWARF-loading time, because the DWARF plugin would try and retrieve too many bytes from the file
BUGFIX: IDA could crash/hang on corrupted databases
BUGFIX: IDA could hang trying to load corrupted input files
BUGFIX: IDA could hang trying to read symbols from an erroneously-large symbols table
BUGFIX: IDAPython: internal_get_sreg_base() wasn't usable
BUGFIX: IDAPython: set_nav_colorizer() was not accepting Python callables as implementation. Issue 1370
BUGFIX: PC: some FPU instructions were not decoded if they had a REX prefix
BUGFIX: Pressing 'p' to create a procedure, then keyboard-navigating to another piece of code and pressing 'p' again could not work (unless something caused the actions to be updated again; e.g., opening a dialog.)
BUGFIX: IDA could interr when guessing a function prototype if the stack was growing up for the current processor
BUGFIX: IDA could spend too much time generating the listing if there were too many lines in .net files
BUGFIX: kernel: handling of switches with SWI_JMP_INV flag set was broken
BUGFIX: specially crafted .sig files could crash IDA
BUGFIX: PPC: some simplified instruction forms were missed

New in IDA Pro 6.0 (Jan 21, 2011)

PROCESSOR MODULES:
6812: support an alternative memory layout for paged segments which allows to use short offsets inside the segment
ARM: added a switch pattern that uses BX to jump to case labels
ARM: display the optional operand of the MRC/MCR instructions, as preferred by the ARM documentation
ARM: support another variation of GCC Thumb-2 switches
PPC: added SPE (Signal Processing Engine) instructions, including floating-point and vector FP
PPC: trace stack pointer for 64-bit code
SuperH: added SH-4a instructions
SuperH: display immediates loaded from literal pool in the instruction itself
SuperH: trace stack pointer and create stack variables
TMS320C54x: added register definitions for TI Calypso chipset (thanks to Sylvain Munaut)
TMS320C54x: better handling of multi-section files (thanks to Sylvain Munaut)
TMS320C54x: better handling of multi-section files (thanks to Sylvain Munaut)
FILE FORMATS:
Added loader for HP-UX core files (non-ELF), provided by Avi Cohen Stuart
ELF: added support for more IA64 relocations
LE: added support for bound DOS/4G executables
KERNEL:
kernel: improved database loading and saving times (new crc32 algorithm)
Configurable plugins can specify which platform they can operate on in plugins.cfg
demangler: demangle GCC local names (_ZLxxx)
FLIRT: added parser for Mach-O object files (pmacho)
'volatile' keyword is automatically removed from function return types
IDC & SDK:
IDAPython: added auto completion support
IDC: added ItemHead()
IDC: added Exec() to execute IDC statement(s)
SDK: added idb events for segment name/class modifications
SDK: get_many_bytes_ex() to retrieve bytes and information about initialized and unitialized bytes from the database
USER INTERFACE:
it is now possible to jump to a structure cross-reference (default hotkey: Ctrl-X in the structures window)
Added "Save to file" to save the trace window contents
added a checkbox for sparse segments to the 'create segment' dialog box
multiple segments can be selected and moved using the segments window
DEBUGGER:
debugger: added support for virtual modules (user-defined modules can be added from api)
debugger: non-integer register values can be displayed as hints
BUGFIXES:
BUGFIX: 'analyze module' was failing on modules with unknown size; now it tries to estimate it
BUGFIX: -B switch fails to generate ASM files if idb path contains the '.' character
BUGFIX: a structure with pointers to functions with non-empty argument names was incorrectly converted to a local type
BUGFIX: adding a segment could erroneously delete a selector (if the start address of the new segment was equal to the start address of an existing segment and the selector was used only by that segment and the selector of the new segment was equal to the selector of the existing segment)
BUGFIX: after attaching to a linux process the names of the main process module were not available
BUGFIX: arm relative-mode elf files were loaded incorrectly (thumb was not used when required)
BUGFIX: ARM: LDMFD SP (no writeback) was incorrectly decoded as POP in Thumb-2 mode
BUGFIX: binary search could return a result outside of the search region
BUGFIX: Bochs could crash in some cases when setting a bp at data locations
BUGFIX: bochs direct commands were not working under linux
BUGFIX: calc_bare_name() could not handle gcc mangled names with '.' prefix
BUGFIX: command line arguments with backslashes were parsed incorrectly under MS Windows: backslashes were escaped even without quotes
BUGFIX: dummy_name_ea() was failing for dword_xxx dummy names
BUGFIX: GDB debugger: resolved incompatibility with VMWare 7.x GDB stub
BUGFIX: global idc variables of object type would crash ida if they were present at the exit time; now we get rid of them when we close the database
BUGFIX: GUI: chooser window may be improperly resized if moved from a low resolution screen to a higher resolution screen
BUGFIX: IDA could crash if an unsuccessful search backwards was done while the debugger was active
BUGFIX: IDA could crash when trying to display custom data items bigger than 16 bytes in size on big-endian processors
BUGFIX: IDA could endlessly loop on some x86 files
BUGFIX: if a search was performed within a selected text, the screen was not redrawn correctly
BUGFIX: if full stack analysis was turned off and a pdb file was loaded at the idb creation time, the decompiler would interr
BUGFIX: it was not possible to create 64-bit segments from UI for PowerPC
BUGFIX: kernel: user-defined offsets with non-zero bases were not adjusted properly during rebasing
BUGFIX: linux debugger was processing 'detach from process' command not quite correctly
BUGFIX: MIPS: basic block boundaries were determined incorrectly for MIPS16 code (MIPS16 branches do not have a delay slot)
BUGFIX: modal recent script box would crash if no script was selected
BUGFIX: moving the vertical scrollbar thumb in the disassembly listing was not handled correctly for 64-bit programs
BUGFIX: MS DOS: rebasing EXE files was not properly adjusting relocations
BUGFIX: PE loader: a bad load config directory can cause an infinite loop
BUGFIX: qvector's insert/erase methods were moving vector elements incorrectly
BUGFIX: replacing a type the comes from a til file might lead to a crash (if there were no defined local types yet)
BUGFIX: script processor module could crash if 'codestart' and 'retcodes' fields were used under Linux/MAC
BUGFIX: the 'switch debugger' command was available only when a disassembly window had focus
BUGFIX: the disassembly text that was copied to clipboard could contain odd characters at the begining in some cases
BUGFIX: the help subsystem of the text version was using memory allocation functions incorrectly
BUGFIX: UI: indexes printed for array of structures were incorrect
BUGFIX: UI: it was not possible to set the type of a structure member ('Y' key) if the cursor was on an undefined area in the disassembly view.
BUGFIX: Windbg plugin now forbids starting a process in non-invasive mode. Only non-invasive attach is supported.