IDA 6.1

Highlights

• Support for Android The long awaited Android support in IDA is ready! The new version can disassemble Android bytecode (Dalvik). An IDA user kindly contributed the processor module and file loader (thank you!) A screenshot for your pleasure:

  Dalvik disassembler is available in the Professional Edition.

  Native ARM code can be debugged too. IDA supports mixed ARM/Thumb code and can handle multithreaded applications:
• 64-bit support for Bochs/GDB debuggers The Bochs emulating debugger is very handy for small snippets of code. Before we could handle only 32-bit code but the new version adds 64-bit support.

  Currently only the IDB mode is supported, later we plan to add PE+ support as well.

  The GDBServer module adds x64 support and works with the latest VMWare versions.

• Loading PDB files under Linux/MacOSX Another long awaited feature is loading of PDB files under Linux and Mac OS X. Lack of this feature was a blocking factor for many Unix users. It is available now. Below is a screenshot made immediately after loading a PE file with PDB info on Linux:

  We added PDB support to the win32 debugger server. The Unix version of IDA connects to a remote MS Windows computer (or local Wine session) and retrieves PDB information from it.

• String encodings Not only Unicode, but other character encodings can be displayed in the disassembly listing. It is even possible to specify the encoding of individual strings:
• Low level conditional breakpoints Conditional breakpoints can be very slow, especially during remote debugging. We addressed this problem by creating server side low level conditional breakpoints. They speed up the debugger tremendously. In our tests breakpoints were handled more than 20 times faster, even when running the remote server on the same computer as IDA. Low level breakpoints are beneifical even for local debugging, so they are available for local debuggers too:

  By the way, the screenshot shows other new breakpoint features: module relative, symbolic, and source code breakpoints. Unfortunately we had no time to finish source level debugging, so source level breakpoints are disabled for the moment.

• Multithreaded debugger Another measure to speed up the debugger: we made the debugger itself multithreaded. While this feature is not visible, it makes IDA more responsive and enjoyable to use. Also we introduced multithread support in the IDA kernel. The kernel is still single threaded but it is much more friendly towards multithreaded plugins.

• Power PC improvements Many things were improved in the Power PC module. All the latest instructions defined by Power ISA were added, including Altivec and VSX extensions.

  Another addition is the VLE (Variable Length Encoding) instruction set, used in many embedded PPC processors.

  Also useful for embedded PPC is the new option to set a fixed value for the r13 register, commonly used as base for the small data area.
• Wingraph is back! Chris Eagle has ported Wingraph32 to Qt framework (thanks!), and now we include it with all platforms, not just Windows.
• SPU In addition to Dalvik, there is another new processor module in 6.1. It is the SPU (aka Synergistic Processing Unit) of the Cell BE processor, used in Sony PS3 console. This processor module is available in the Professional Edition.

Changelist

Processor Modules

• + DALVIK: new processor module (Android Dalvik VM)

• + SPU: new processor module (Cell Broadband Engine Synergistic Processor Unit); contributed by Felix Domke

• + ARM: turned on BL-as-jump analysis for ARM code. Before it was enabled only for Thumb code

• + AVR: added XMega instructions DES, LAC, LAS, LAT, XCH

• + AVR: decode eijmp and eicall instructions

• + C166: allow double-word and floating-point items in the disassembly

• + EBC: discover and comment function thunks

• + EBC: implemented instruction auto comments

• + EBC: made disassembly syntax closer to the one used in UEFI specification

• + EBC: trace stack pointer and create stack variables

• + MIPS: added support for Cavium Networks (Octeon) instructions

• + MIPS: added support for MIPS64r2 instructions (doubleword bit manipulation)

• + MIPS: added support for Sony PSP (Allegrex) instructions

• + MIPS: added type system support (parameter identification and tracking)

• + MSP430: added support for MSP430X (20-bit) instructions

• + MSP430: resolve PC-relative (aka symbolic) addresses

• + PC: recognize prologs of VB6 applications (substantially speeds up analysis in some cases)

• + PC: show Intel conditional branch hints (prefixes 2E/3E)

• + PC: disassemble retn/retf opcodes with operand size override

• + PC: disassemble undocumented bswap ax instruction

• + PIC: automatically track changes to the PA0 status bit (bank selector) for 12-bit PIC processors

• + PIC: track values of BANK and PCLATH registers through the code flow - this improves disassembly of code that resides in multiple banks

• + PPC: added support for AltiVec instructions (including Cell BE extensions)

• + PPC: added support for VLE (Variable Length Encoding) instructions

• + PPC: it is now possible to specify a fixed base for the r13 register (small data area, often used in embedded PPC processors) and automatically convert all references to it

• + PPC: recognize switches used in 64-bit code with 32-bit addressing

• + PPC: updated GNU register names to reflect current conventions

• + SuperH: added option to disable immediates substitution (pre-6.0 behavior)

• + SuperH: it is now possible to use zero-offset structure fields in indirect register operands

File Formats

• + DEX: new loader for Dalvik Executable files

• + COFF: added support for TI MSP430 files

• + COFF: handle Xbox 360 files (PPCBE). Also small improvements for ARM and MIPS files

• + DOS: added support of loading of CodeView debug info for DOS .exe files

• + ELF: added support for Cell SPU files (no relocations supported yet)

• + ELF: added support for PPC64 relocations

• + ELF: added support for R_*_IRELATIVE relocations

• + ELF: Android prelinked files are detected and loaded at the correct address

• + ELF: handle files produced by Tasking C166/ST10 compiler

• + ELF: if data at entry point is not present in the section list, use program headers to load the missing code.

• + ELF: implemented some workarounds to load Cisco IOS files

• + ELF: PPC: handle files with VLE code sections and mark them as such

• + ELF: PPC: handle VLE relocations

• + ELF: support PSP PRX files

• + NE: support self-loading NE files

• + PE: added support for ARMv7 files

Kernel

• + added support for arbitrarily big types in the type parser

• + added support for custom data formats inside structures

• + improved PIT (parameter identification and tracking) to better handle compex functions

• + improved the speed of rebasing the program

• + IDS: added ceddk.ids for Windows CE

FLIRT & TILS

• + FLIRT: added autodetection of the programs written in the D language

• + FLIRT: added Digital Mars FLIRT signatures

• + FLIRT: added FLIRT signatures for the Intel Compose XE 2011 ICL compiler

• + FLIRT: pcf: handle ARMv7 COFF files

• + FLIRT: pcf: handle PowerPC BE (Xbox 360) COFF files

• + FLIRT: pelf: i386 TLS related relocations require special handing because the linker modifies instructions

• + FLIRT: pelf: added support for SuperH files

• + prepared new mssdk til files based on the Windows SDK 7.0a

Scripts & SDK

• + IDAPython: added PluginForm class which adds the possibility to extend the UI with PyQt or PySide

• + IDAPython: Python statement execution and script timeout are configurable

• + IDAPython: added AskUsingForm() with embedded choosers support

• + IDAPython: added idautils.DecodePreviousInstruction() / DecodePrecedingInstruction()

• + IDAPython: added idc.BeginTypeUpdating() / EndTypeUpdating() for fast batch type update operations

• + IDAPython: added more IDP callbacks

• + IDAPython: added UI_Hooks with a few notification events

• + IDAPython: added process_ui_action()

• + IDAPython: better handling of ea_t in 32/64bit

• + IDAPython: Added netnode.index() method

• + IDC: added DbgRead/DbgWrite functions to access the debuggee memory directly

• + IDC: added highlevel breakpoint management class

• + IDC: added get_nsec_stamp()

• + IDC: added SetBptCndEx(), unlink(), rename(), mkdir() functions

• + IDC: added ProcessUiAction()

• + IDC: added sp register change points functions

• + SDK: added begin_type_updating() / end_type_updating() functions to allow faster updates to the types

• + SDK: added get_strmem2()

• + SDK: added support for asynchronious execute_sync() calls (MFF_NOWAIT)

• + SDK: added system-independent functions to work with pipes

• + SDK: added process_ui_command()

• + SDK: IDC engine is thread safe. However, multiple threads should not access/modify the same IDC variables, this is not supported

• + SDK: implemented choosers embeddable in forms

• + SDK: introduced get_full_data_elsize(), useful for wide-byte processors

• + SDK: introduced qisspace and similar functions to avoid problems with signed chars

• + SDK: introduced thread-local functions to handle error codes (set_qerrno/get_qerrno)

• + SDK: renamed init_process() to launch_process()

• + SDK: trim() removes all whitespace at the string end (before it was removing only spaces and tabs)

User Interface

• + wingraph for Qt, kindly shared by Chris Eagle

• + graph: respect the selection priority when displaying nodes and clicking on them

• + added "New instance" menu entry

• + added "Produce header file from local types" menu entry

• + added 'Unsort' command in choosers

• + added Select All/Deselect All context menu items to the structure offset dialog

• + allow to open any file by drag&dropping on IDA icon (previously only .idb files could be opened this way)

• + allow multiple selection in the recent scripts window

• + enabled multi-selection in the Strings List

• + improved 'rename register' dialog box

• + improved the rebase dialog

• + it is now possible to set a string's encoding from "Setup ASCII types" dialog (Alt-A)

• + pressing Ctrl+K will always jump to the stack variable under the cursor (even if stack window is already open)

• + qt: implemented functions to load/free custom icons to be used in contexts like the chooser

• + qt: improved scroll speed

• + qt: improved the windows list dialog (Ctrl-Tab)

• + qt: improved wait dialog speed

• + txt: implemented the Load Binary dialog

• + gui: this is the last release of VCL based idag.exe

Debugger

• + added support for server-side low-level breakpoint conditions. Such conditions are evaluated on the remote computer, without causing any network traffic

• + added support for Android debugger target (native ARM only)

• + Bochs: added debugging support for 64bit code snippets

• + Bochs: path to Bochs can now only be specified through IDA.CFG or PATH environment variable

• + GDB: added support for debugging x64 code

• + GDB: enabled "Run external program" option for Linux and OS X

• + GDB: handle read/write memory breakpoints if the stub supports them (e.g. VMWare)

• + GDB: improved debugging of MIPS16 code

• + Windbg: added support for the 'reconnect' option

• + Windbg: the debugging tools path can now only be specified through IDA.CFG or PATH environment variable

Bugfixes

all bugfixes since the initial release of IDA 6.0:

• BUGFIX: 'open file' dialog in idal was not sorting directories to the end of the list

• BUGFIX: "copy structure" and "create structure from data" commands should copy the type information

• BUGFIX: "Produce HTML file" functionality was susceptible to Javascript injection vulnerability

• BUGFIX: .NET: opcode "constrained." was decoded incorrectly

• BUGFIX: a variable name was accepted and ignored in "enum : int mystupidvarname"

• BUGFIX: Adding an enum or struct from an already parsed typeinfo that does not correspond to an enum or struct would cause IDA to crash

• BUGFIX: AIF: a specially crafted file could trigger arbitrary code execution

• BUGFIX: appcall was failing on high addresses

• BUGFIX: arm debuggers could lose control after stepping over pop {pc} insn (the target address was calculated incorrectly)

• BUGFIX: ARM: ARM processor module was ignoring the "Mark typical code sequences as code" autonalysis setting

• BUGFIX: ARM: in rare cases, bogus data interpreted as code could crash IDA with a stack overflow

• BUGFIX: ARM: TBB/THB switch constructs were marked up incorrectly, leading to incorrect decompilation in Hex-Rays

• BUGFIX: Bochs debugger plugin was hanging if bochsdbg was terminated due to a crash or VM OS shutdown

• BUGFIX: Bochs debugger run menu item was not present in the list when no database is opened

• BUGFIX: change_storage_type() was creating sparse flags very inefficiently in some cases

• BUGFIX: coff/psx/geos loaders had an integer overflow bug in memory allocation

• BUGFIX: COFF: a specially crafted file could trigger a heap overflow

• BUGFIX: COFF: relocation REL_ARM_SECREL was not handled

• BUGFIX: convert_codepage() was prone to buffer overflow exploits

• BUGFIX: debugger / stack view address size was incorrect when debugging without an initial database

• BUGFIX: debugger options were not restored if the database had no segments

• BUGFIX: demangler: for Borland names do not unmangle procedure/template name when it contains >= 36 arguments

• BUGFIX: EBC: indirect register operands without index were disassembled incorrectly

• BUGFIX: ELF: import list for ELF files was attaching one of the linked .so files to all imports. Since ELF imports use global namespace, don't attach a library name to them.

• BUGFIX: ELF: some SuperH files marked as "sh2a-or-sh3" were loaded incorrectly

• BUGFIX: ELF: symbols were not loaded from some ELF files with non-standard section names

• BUGFIX: enums with custom size were printed incorrectly and thus their names were lost after editing in "Local Types" list

• BUGFIX: EPOC: a specially crafted file could cause a heap overflow

• BUGFIX: Executing a script with File/Script file could add a wrong file name to the recent scripts list in some cases

• BUGFIX: exiting IDA at the very start of debugging would lead to an internal error

• BUGFIX: EXPLOAD: a specially crafted file could trigger a heap overflow

• BUGFIX: fixed a longstanding 'nrect(..)' internal error that was occurring in rare cases

• BUGFIX: fixed a very rare btree error (there was no logic to handle a double page overflow during a key deletion; only single page overflows were handled)

• BUGFIX: fixed DLL hijacking exploit for windmp, windbg and pdb plugins

• BUGFIX: Fixed multiple execution of the same sync request for blocking operations like launching modal dialog as the chooser.

• BUGFIX: fixed occasional crash when opening the breakpoint list

• BUGFIX: GDB: for big-endian ARM targets, PSR register value was sent in wrong byte order

• BUGFIX: get_flags_novalue() could fail in some rare circumstances (when the debugger is running and a previously defined memory area disappears it could return garbage)

• BUGFIX: header() callback was not working in scripted processor modules

• BUGFIX: HEX files for wide-byte processors (e.g. AVR) were loaded at a wrong address if a start address record was present

• BUGFIX: hardware breakpoints were not deleted correctly on OSX

• BUGFIX: hppa: delay slots were calculated wrongly while applying type information to function calls

• BUGFIX: IDA could interr when parsing a C header with the same type name as in a loaded standard type library.

• BUGFIX: IDA would crash on Mac / Linux when exiting after the user has attached to a process without an initial database

• BUGFIX: IDA could fail to detect some address space overflows (when too many big segments were created)

• BUGFIX: idag -S switch was not working properly for file names with spaces

• BUGFIX: IDC: open_loader_input() would leak linput_t handles

• BUGFIX: IDC: SetSegmentAttr() could crash if passed wrong segment address

• BUGFIX: implemented the "CLOSED_BY_ESC" configuration parameter for idaq

• BUGFIX: in some cases, trying to focus the recent scripts window with Alt-F9 after having added a new script may not work properly unless the window is closed and reopened

• BUGFIX: in some cases, when the cursor was on a structure member, IDA was proposing to rename the whole structure instead of the member

• BUGFIX: integer overflow was possible in qcalloc()

• BUGFIX: get_chooser_object() was broken in the text UI

• BUGFIX: it was impossible to launch idaq64 with command line arguments on OS X

• BUGFIX: it was impossible to remotely debug 32-bit programs from IDA64

• BUGFIX: it was not possible to rename stack variables from the listing at the start of the function in PowerPC files

• BUGFIX: it was possible to rename a register to a name with a space

• BUGFIX: it was possible to specify malicious plugins to be autorun at the database opening time; introduced an option to enable/disable autorun plugins and set it to 'off' by default

• BUGFIX: kernel: on big-endian processors, float values in collapsed (terse) structures were displayed wrong

• BUGFIX: OS X debugger could fail if a hardware breakpoint and software breakpoint occurred at the same address simultaneously

• BUGFIX: Mach-O: buffer overflow when loading Mach-O files with corrupted export information

• BUGFIX: Mach-O: some corrupted files could cause IDA to crash with out-of-memory exception

• BUGFIX: MSP430: sub and subc instructions were swapped

• BUGFIX: on very rare occasions the graph overview window would process a paint event after having closed a file and access invalid memory

• BUGFIX: opcode bytes were not always printed along with the insruction for TMS320C6

• BUGFIX: PatchByte() and similar functions were not refreshing the disassembly view

• BUGFIX: PC: pushfq and some other 64-bit stack operating instructions were not handled during stack pointer tracing

• BUGFIX: PC: some memory references were displayed incorrectly in TASM Ideal mode (for example: [name[eax*4], note the second bracket)

• BUGFIX: PC: some switch constructs were marked up incorrectly by IDA leading to wrong decompilation in Hex-Rays

• BUGFIX: PC: the wait instruction could be printed with erroneous prefix byte which belonged to the following non-FPU instruction

• BUGFIX: PDB plugin would crash on certain input files

• BUGFIX: PEF: a specially crafted file could trigger heap overflow

• BUGFIX: PPC: immediate operands for some binary instructions (ori, xori, etc.) were incorrectly displayed as signed values

• BUGFIX: pressing Esc in a form with Yes/No/Cancel buttons would return 0 (must return -1)

• BUGFIX: qt: added graphs toolbar and implemented prev/next toolbar menu

• BUGFIX: qt: adding items to the top-level Edit/Jump/Search menus of enum and struct views would fail

• BUGFIX: qt: adding menu items to the Edit menu could fail if it was invisible

• BUGFIX: qt: after executing custom menu items from the menu by keyboard on Windows the current focus might be lost

• BUGFIX: qt: breakpoint dialog was missing the "Refresh debugger memory" option

• BUGFIX: qt: call the sizer() callback in the chooser only for refresh events

• BUGFIX: qt: calling msg() from chooser's sizer() and getl() callbacks would crash idaq

• BUGFIX: qt: correctly associate the idb extension on Windows

• BUGFIX: qt: correctly restore arrows width in disassembly when loading a saved database

• BUGFIX: qt: correctly restore focus on Windows after having executed an action in the menu (make sure the focus doesn't remain on the menu)

• BUGFIX: qt: correctly restore focus with floating docks under Linux

• BUGFIX: qt: correctly restore row selection in a sorted list in a chooser after an edit action

• BUGFIX: qt: correctly update navigation history when clicking on an edge in graph mode

• BUGFIX: qt: could crash when calling Exit() or idaapi.qexit() from scripts

• BUGFIX: qt: could sometimes crash when renaming structure members from the disassembly

• BUGFIX: qt: couldn't close dock tabs with the middle mouse button

• BUGFIX: qt: debug actions were not updated when an instant debugging session ended

• BUGFIX: qt: docking the graph overview in a tab view would lead to problems

• BUGFIX: qt: don't ask twice in the Save File dialog to overwrite an existing file

• BUGFIX: qt: don't show the Sync submenu in a stackview.

• BUGFIX: qt: fixed -t command line switch behavior

• BUGFIX: qt: fixed a problem with the shortcut system on mac

• BUGFIX: qt: fixed case insensitive completer for input fields in forms.

• BUGFIX: qt: fixed incremental search in choosers

• BUGFIX: qt: fixed some minor graph rendering glitches

• BUGFIX: qt: fixed specific group box frame drawing issue in forms

• BUGFIX: qt: fixed the not working Follow in Dump command in the hex editor

• BUGFIX: qt: fixed the setting of the initial focus in forms

• BUGFIX: qt: fixed wait dialog problems on Linux

• BUGFIX: qt: fixed wrong behavior of the numpad Enter

• BUGFIX: qt: implemented alternative key to Ins on OS X

• BUGFIX: qt: implemented blinking arrows in graph view when debugging

• BUGFIX: qt: implemented HELP/ENDHELP in custom forms

• BUGFIX: qt: implemented external help support for Windows

• BUGFIX: qt: implemented FORM_PERSIST flag in open_tform

• BUGFIX: qt: implemented auto-indentation in comment/script dialog

• BUGFIX: qt: implemented set_dock_pos()

• BUGFIX: qt: improved quality of graph rendering in zoom mode

• BUGFIX: qt: improved shortcuts behavior on OS X

• BUGFIX: qt: input fields in forms were not generating change events

• BUGFIX: qt: it was not possible to open Struct window if a function stack window was open before

• BUGFIX: qt: it was not possible to overwrite menu label shortcuts with user created shortcuts

• BUGFIX: qt: mac: fixed minor glitch in drawing the cursor

• BUGFIX: qt: make sure that after closing an idb all actions are refreshed.

• BUGFIX: qt: message box shortcuts now work without pressing Alt

• BUGFIX: qt: Produce HTML file was using wrong font

• BUGFIX: qt: remember the position of the cursor in the struct view when saving database

• BUGFIX: qt: reset desktop was not working properly sometimes on mac

• BUGFIX: qt: restore focus after a dock drag operation

• BUGFIX: qt: select current thread in debug mode

• BUGFIX: qt: set_custom_viewer_popup and add_custom_viewer_popup work now even on non-TCustomViewer IDA memos

• BUGFIX: qt: set_focused_field in forms would fail at initialization time

• BUGFIX: qt: shortcuts for custom data types were not set correctly

• BUGFIX: qt: show lock status on the Highlight toolbar button

• BUGFIX: qt: show text cursor in the output window

• BUGFIX: qt: some entries of the quick open dialog may fail because of wrong context

• BUGFIX: qt: the '.' shortcut now activates the command line when the current focus is in the output window already

• BUGFIX: qt: the Cancel button in forms was not returning -1

• BUGFIX: qt: the chooser now accepts Home and End even from the numpad and acts the same when Ctrl is pressed. Also, the fast search is cleared when pressing these keys

• BUGFIX: qt: the Del shortcut in the watchlist was not always working

• BUGFIX: qt: the jump to neighbor node shortcuts were working only on mac

• BUGFIX: qt: the main window would not show when starting to debug from the command line

• BUGFIX: qt: UI would hang if typing a non-matching letter at the last item of a chooser

• BUGFIX: qt: was eating too much cpu time when idle

• BUGFIX: qt: was not using system locale to convert text data, so localized comments, file paths, etc. were not displayed properly

• BUGFIX: qt: would hang if trying to incrementally search for an item in a chooser without having a selection first

• BUGFIX: qt: would not revert to default stack variable name if the name was cleared

• BUGFIX: text: chooser was leaking memory on destruction

• BUGFIX: right click menu was not listing structures with unions and unions as creatable variable types

• BUGFIX: rebase_program() was not updating the xref cache, so cross-references could be wrong immediately after rebasing

• BUGFIX: Recent scripts window displays blank script file names if no database was open

• BUGFIX: result of custom_ana notification was not handled properly, breaking some processor extension plugins.

• BUGFIX: IDC: Qword() was not returning 64bit values in IDA32

• BUGFIX: SBN: a specially crafted input file could lead to buffer overflow

• BUGFIX: SDK: get_default_reftype() was not working correctly for processors with wide bytes

• BUGFIX: The IDC engine was failing on __get/setattr__ functions for IDC objects if those functions were registered from the SDK via set_idc_getattr()/set_idc_setattr()

• BUGFIX: SDK: launch_process(formerly init_process) function did not handle properly quoted command-line arguments on Linux and OS X

• BUGFIX: SDK: OutMnem() did not work properly for values of 'width' different from default

• BUGFIX: set_auto_plugins() was allowing arbitrary plugin path (including UNC) thus leading to malicious code execution

• BUGFIX: shortcuts for custom graph actions were not working

• BUGFIX: some win32 OEM keys were incorrectly converted to qt codes

• BUGFIX: SPARC: R_SPARC_JMP_SLOT relocation was not processed properly in 64-bit files

• BUGFIX: SPARC: some WR instructions were decoded incorrectly in V8 mode

• BUGFIX: stack view was always using 64-bit addressing in IDA64, even for 32-bit programs

• BUGFIX: Symbian debugger was not clearing the old process list before retrieving a new one.

• BUGFIX: text version: in the 'create array' dialog box, it was impossible to switch back from binary indexes to any other number base

• BUGFIX: The "OK" button in the Choose Structure window was not being enabled when a struct is selected for the first time

• BUGFIX: The debugger popup menu to open a register class window was not working

• BUGFIX: type parser: type definitions without the terminating ; were silently ignored at the end of the input file (or line)

• BUGFIX: ui: a byte with value 0xFF was not printed as a character, even if it was in the AsciiStringChars list.

• BUGFIX: ui: avoid duplicate upper/lower-case history entries on Windows

• BUGFIX: ui: binary search was searching for wrong pattern if a too long number was entered

• BUGFIX: ui: buffer overflow could happen when trying to display a very long string

• BUGFIX: ui: Calculator (Shift-/ key) was picking up wrong value from disassembly on OSX and Linux

• BUGFIX: ui: fill the Edit->Plugins menu with PLUGIN_FIX plugins when no IDB is open

• BUGFIX: ui: IDA could hang while trying to display a hint in some rare situations

• BUGFIX: ui: IDA could lock up for some time while trying to display a hint.

• BUGFIX: ui: in the 'User Offset' dialog, set initial focus to the 'Base address' field

• BUGFIX: ui: the cross reference list would show empty if already open for the same target

• BUGFIX: unix: unicode strings were not handled correctly for some locales

• BUGFIX: while undecorating names try to preserve the suffix after '@'. remove it only in some special cases

• BUGFIX: Windbg debugging mode option was not saved in instant debugging mode

• BUGFIX: zero values were always represented as "0" in terse structure representations, even if they should be replaced by offsets or enums or something else