IDA 6.2
Last updated
Was this helpful?
IDA 9.0
Last updated
Was this helpful?
GUI installers for Linux and OS X No more manual extraction of tar archives for Linux or OS X. A new installer will be provided for ease of installation. Linux installer screenshot:
OS X installer screenshot:
Proximity view: The allows the user to see and browse the relationships between functions, global variables, constants, etc...
It can be used, for example, to visualize the complete callgraph of a program, to see the path between 2 functions or what global variables are referenced from some function.
PE+ support for Bochs (64-bit PE files) Now the Bochs debugger plugin supports debugging basic PE+ executables. API emulation via scripting also works as usual. Click for more details.
(Screenshot of a PE+ malware being debugged with the Bochs debugger plugin)
UI shortcut editor With this feature, it will be possible to change and re-assign the shortcuts of built-in IDA actions and the default shortcuts of plugins, external menu entries and IDC scripts.
More about
UI filters in choosers This feature will be very handy when it comes to filtering out the content of choosers in order to show or highlight the items that matter.
More about
Database snapshots In this version, it will be possible to take and restore them when needed (hierarchical snapshots are supported as well).\
Automatic new version check Checking for new Hex-Rays products version has been improved. This new addition will check for new versions of IDA Pro or the Hex-Rays Decompilers.\
Cross-references to structure members Another nice addition are xrefs to structure members. This features comes in handy when reversing/tracking data structure use in a program for example.
ARM and iOS analysis improvements Apple is not standing still and in iOS 5 the default compiler will be LLVM instead of GCC. It produces somewhat different code and we have improved our processor module to handle it. Compare two snippets of the same file.
In IDA Pro 6.1:
In IDA Pro 6.2:
As you can see, we now also parse and analyze Objective-C 2.0 metadata structures produced by the compiler. Using that information, we rename methods, create structures for classes, and apply C-style prototypes to methods for better results in the decompiler.
We have also added support for the dyld_shared_cache format used in current iOS versions.
kernelcache files are also recognized now and are split into separate KEXTs.
IDAPython 1.5.3 IDAPython has been updated. The most notable additions:
More form control support (refer to AskUsingForm() documentation in the SDK)
New processor and UI notification callbacks
New APIs and samples
IDC compatible netnode support
! and ? pseudo commands to shell execute and retrieve documentation
Support for extending IDC functions using Python
Working with patched bytes
Binding of hotkeys with Python functions (no need to go through IDC anymore)
Floating licenses An IDA Pro with floating license can be installed on many computers but only the purchased number of seats can be used simultaneously. Floating licenses require installation of a license manager to track the license use. This feature is useful for enterprises who want to optimize the license use.
Processor Modules
+ 65816: A 65816 CPU module (used in SNES consoles)
+ ARM: better tracking of cross-references in code produced by LLVM compiler (MOVW+MOVT pairs)
+ Dalvik: decode instructions produced by dexopt (odex)
+ HCS12X: implemented extended direct addressing (using DIRECT Direct Page register)
+ PC: improve recognition of x64 switches produced by GCC
+ PC: most assemblers encode mov ds, ax and mov ds, eax differently; handle it in the same way
+ PC: some sparse switches produced by Visual C++ for x64 were not recognized
+ PC: __SEH_prolog and similar functions were not properly handled in debugged modules
+ PC: display "66 90" as "xchg ax, ax"
+ PPC: decode tlbie and tlbiel with an optional immediate operand
+ SuperH: track values loaded into the gbr register
+ Z8: added configuration file for device-specific registers, including the Extended Register File banks
+ Z8: detect the use of different register banks by tracking changes to the register pointer (RP) value
File Formats
+ SMC: added a SNES rom loader
+ ELF: added support for MN10200 and MN10300 (AM33, AM34) files
+ ELF: added support for x64 TLS relocations in object files
+ ELF: ARM: added support for R_ARM_THM_PC8 relocation
+ LOD: added a loader for Motorola DSP56000 .LOD files
+ MACHO: entry point was not set properly for some packed files
+ MACHO: parse Objective-C 2.0 metadata, rename methods, create structures
+ MACHO: support dyld_shared_cache file format
+ MACHO: detect OS X/iOS kernelcache files and split the image into kext subfiles
+ PE: added support for ARMv7 relocations (MOV32T)
+ PE: create segments for gaps between sections when complete file is mapped to memory
+ PE: manually loading PE files will prompt before processing the export directory and the TLS entries
+ PE: overlays can now be loaded in manual mode
+ UImage: added a loader for U-Boot images
+ PDB: support PDBs for ARMv7 files
Kernel
+ Improved display of self-modifying code which changes during debugging
+ Track cross-references to structure members
FLIRT & TILS
+ TIL: tilib: added support the new constructs from VC10 header files
+ TIL: added VC10 TIL file
+ FLIRT: pelf: added R_ARM_THM_PC8 support
Scripts & SDK
+ IDAPython: added add_hotkey and del_hotkey() to associate hotkeys with Python functions
+ IDAPython: added execute_sync() to insert a function call into the UI message queue
+ IDAPython: added execute_ui_requests()
+ IDAPython: added idatuils.ProcessUiActions() to process more than one UI action at a time
+ IDAPython: added IDC array functions in idc.py module
+ IDAPython: added IDC hash functions in idc.py module
+ IDAPython: Added MakeCustomData() (and related MakeCustomDataEx)
+ IDAPython: added ph_get_operand_info()
+ IDAPython: Added Structs() and StructMembers() generator functions
+ IDAPython: added support for multiline text input in the Form class
+ IDAPython: added the assemble callback
+ IDAPython: added timer functions
+ IDAPython: added ui_term/ui_save/ui_saved/ui_get_ea_hint UI notifications
+ IDAPython: added visit_patched_bytes()
+ IDAPython: better error reporting for plugin scripts, loaders and processor modules
+ IDAPython: introduced the '!' (shell command) and '?' (Python help) pseudo commands to the CLI
+ IDAPython: it is now possible to add/register new IDC functions from Python
+ IDC: added GetNsecStamp()
+ IDC: DecodeInstruction() now exposes the canonical feature and mnemonic
+ IDC: it is now possible to catch IDC script interruption (with a try/catch) and resume exection if needed
+ IDC: renimp.idc: added support for PE+
+ SDK: added ALOPT_IGNPRINT option for get_max_ascii_length()
+ SDK: added execute_ui_requests() to execute a list of UI requests asynchronously
+ SDK: added extlang->run_statements() callback
+ SDK: added find_extlang_by_name()
+ SDK: added gen_rand_buf() to generate random data
+ SDK: added get_ascii_contents2()
+ SDK: added LP_USE_SHELL bit to launch_process() to launch commands using a shell
+ SDK: added new breakpoint management functions to work with source and module relative breakpoints
+ SDK: added qcopyfile()
+ SDK: added qfsize() and deprecated efilelength()
+ SDK: added qtime64_t and supporting functions
+ SDK: added read/write_dbg_memory(), set_reg_vals() and get_dbg_memory_info()
+ SDK: added register_addon() to allow registration of plug-ins and other add-ons for the About box
+ SDK: added save_database_ex()
+ SDK: added snapshot management plugin sample
+ SDK: added snapshot manipulation functions
+ SDK: added ui_requests plugin sample
+ SDK: added visit_patched_bytes()
+ SDK: exec requests can now set code = 0 inside their execute method to delegate their destruction to handle_exec_request
+ SDK: exported base64_encode/base64_decode functions
+ SDK: introduced ASKBTN_XXX constants for askyn() and askbuttons() functions
+ SDK: moved debugger related functions to dbg.hpp (get_dbg_byte, etc)
+ SDK: updated the "uunp" plugin to support PE+ when used in manual reconstruction mode
+ SDK: Windbg: added debugger extension interface
+ SDK: removed support for create_flow_chart() and flow_chart_t. Please use qflow_chart_t instead.
+ SDK: UI: added a way to specify and retrieve user data in forms
+ SDK: UI: added the close() method to form actions
+ SDK: UI: added timers API for plugins
+ SDK: UI: qt: added the code viewer control
+ SDK: UI: qt: added the get_attrs callback to embedded choosers
User Interface
+ GUI installer for Linux and OS X
+ UI: added the proximity browser view
+ UI: added IDA_NOEH environment variable to disable IDA exception handler on Windows
+ UI: setting IDA_MINIDUMP=NO disables minidump writing on Windows
+ UI: File/IDC command (Shift-F2) has been replaced with File/Script command to execute a statement with a selected extlang
+ UI: Edit/Patch functionality is now enabled by default
+ UI: added "Edit/Patch/Apply patches to input file" functionality to directly save the patches back to the input file
+ UI: added combobox and multi-line edit controls to forms (AskUsingForm())
+ UI: added a menu item "Report a bug or an issue..."
+ UI: added a status bar context menu item for quick access to processor-specific analysis options
+ UI: added an option to automatically check for new versions and request updates for IDA
+ UI: added database snapshots support
+ UI: added the 'select nodes of this color' right click menu command (available in the graph mode)
+ UI: AskUsingForm_c() no longer exits IDA in case of form syntax error. Very useful when building forms dynamically from IDAPython
+ UI: idag.exe and idau.exe are discontinued
+ UI: idaq now uses CHM (HTML Help) under Windows
+ UI: plugins can now be quickly executed using the "Quick plugin run" functionality (Ctrl-3)
+ UI: qt: added the MSG_DELAYED_UPDATE configuration option
+ UI: qt: added the shortcut editor
+ UI: qt: all Ctrl-Ins copy shortcuts were changed to Ctrl-C
+ UI: OSX: 'I' key is used in place of 'Ins' on OS X
Debugger
+ Added the '-I' command line switch to install IDA as a just-in-time debugger
+ debugger: added "event condition" debugger option to allow breaking when a debug event matches a given criteria
+ debugger: huge zero filled arrays are displayed faster in the debugger (do not use the dup construct for them)
+ Bochs: added option to disable Activation context and SearchPath() usage (this allows loading libraries from current directory or search path w/o activating context applied)
+ Bochs: added support for PE+ (64-bit PE files)
+ PDB: handle MIPS16 and ARMv7 files (low bit of the symbol address specifies Thumb/MIPS16 bit)
+ Win32/Linux/Mac debuggers now support I/O redirection
+ Win32 debuggers now have a new window to show the SEH list
+ Windbg: added option to disable debugger auto launch for crash dump files
Bugfixes
BUGFIX: 'edit breakpoints' dialog was still wrong in 6.1
BUGFIX: 'search for undefined address' (Ctrl-U) was not working correctly in debugger segments
BUGFIX: an exception in asynchronious execution request (execute_sync) could crash ida
BUGFIX: ARM: instructions combined into macros inside IT blocks could lead to wrong disassembly
BUGFIX: armuclinux server was probably broken (it was using a separate thread to listen to debugee events but uclinux seems to have issues with that)
BUGFIX: associating .idb extension with idaq was broken
BUGFIX: Bochs debugger in disk image mode would display wrong addresses sometimes (caused by optimizer bug in VS2010 compiler)
BUGFIX: bochs was not handling sections with vsize==0 properly
BUGFIX: bochsrc loader was failing to load the boot sector of the disk images if it was larger than 4GB
BUGFIX: choosing a device configuration in some processors could crash IDA on Windows
BUGFIX: clicking on the title of a group node could crash IDA
BUGFIX: debthread could not handle a hung remote server correctly
BUGFIX: debugger: long DNS lookup for the connected peer name could lead to failure of the remote debugging session
BUGFIX: demangler option "no return types of functions" had no effect for Borland mangled names
BUGFIX: DOS: programs with Borland overlays (FBOV) were loaded incorrectly
BUGFIX: EPOC: imports from hal.dll were not renamed
BUGFIX: Executing a script that could cause a desktop switch (start or stop debugger) from the recent scripts window would crash IDA
BUGFIX: find_binary() was crashing if radix of 0 was passed
BUGFIX: find_strmem2() with STRMEM_INDEX was broken
BUGFIX: get_next_struc_idx(-1) was not returning -1 as it should
BUGFIX: get_type_size() could return >0 value for some illegal types
BUGFIX: High 64 bit addresses were not being parsed properly by IDAPython in idaq64
BUGFIX: IDA could crash if starting the application the first time failed (e.g. application path was wrong)
BUGFIX: IDA could interr when trying to edit an address name in stack view
BUGFIX: ida was failing with interr 40419 while rendering some graphs
BUGFIX: IDAPython: Calling set_script_timeout() from callbacks may show the script wait box dialog with no possibility to close it
BUGFIX: IDAPython: dbg_bpt was called instead of dbg_trace for a DBG_Hooks class implementation
BUGFIX: IDAPython: dbg_read|write_memory() and dbg_get_thread_sreg_base() were broken
BUGFIX: IDAPython: del_menu_item() was failing to delete menu items inserted in the middle of a menu list
BUGFIX: IDAPython: get_blob() was returning a buffer with at most MAXSPECSIZE bytes
BUGFIX: idapython: idaapi.get_item_head() was ignored
BUGFIX: IDAPython: idc.GetString()/idaapi.get_ascii_contents()/idautils.Strings() were limited to MAXSTR string length
BUGFIX: IDC: DelStruc() was behaving as a 'void' function (always returning 0)
BUGFIX: IDC: on OS X, macros with 6 or more arguments would cause a syntax error
BUGFIX: IDC: rotate_left() was broken
BUGFIX: if a function lost some basic blocks (for example, because the user truncated it), its flowchart might be rendered with some empty nodes
BUGFIX: if a read or read/write hardware breakpoint and a software breakpoint were defined at the same address, IDA would get confused when such such a breakpoint gets hit
BUGFIX: illegal graph group info in the IDB could crash IDA
BUGFIX: immediate search could not match the search criteria against defined data items
BUGFIX: import libraries for gcc under ms windows were erroneously including _alloca and _main symbols.
BUGFIX: in some cases IDA was trying to read memory outside of ranges provided by a debugger module
BUGFIX: It was not possible to suspend Bochs if the debuggee was continously calling an API which is emulated by an IDC script
BUGFIX: launch_process() was crashing in unix if command line arguments were NULL
BUGFIX: linker directives with non-ascii characters in coff files would be displayed incorrectly
BUGFIX: location of relative breakpoint was displayed in absolute notation in some cases
BUGFIX: multithreaded Android applications could not be debugged on some devices
BUGFIX: non-null terminated strings were printed incorrectly for assemblers with ASCIIZ directives (such as AIX PPC assembler)
BUGFIX: Opening a crash dump file was failing in some cases
BUGFIX: opening a malicious idb could lead to launching of debugger on any file (including files accessible with webdav)
BUGFIX: PC: handling of __fastcall calling convention for Delphi was wrong
BUGFIX: PC: mov to/from CRn/DRn ignore the mod field and always treat operands as registers (thanks to Ange Albertini)
BUGFIX: PC: type information from .til files was not used for __fascall APIs (e.g. KfAcquireSpinLock)
BUGFIX: PPC: dccci instruction with non-zero operands was decoded incorrectly
BUGFIX: PDB: loading symbols for a module in memory (during debugging) could fail
BUGFIX: PDB: old way of retreiving symbols (via dbghelp.dll) did not work for 64-bit modules loaded above 4GB
BUGFIX: PDB: the "Load debug symbols" command was trying to use local files even when debugging remotely
BUGFIX: PE loader could not properly handle relocations of type IMAGE_REL_BASED_DIR64
BUGFIX: PE: files with exceedingly big relocation table size could not be loaded
BUGFIX: PE: MIPS16 and ARMv7 exports and .pdata entries were not handled correctly
BUGFIX: PE: some files with bogus/huge ImageSize could not be loaded (thanks to Ange Albertini)
BUGFIX: qrealloc() was freeing the original pointer if allocation failed
BUGFIX: qsem_create() was ignoring the initial value in mac
BUGFIX: qt: askfile_c() was returning paths with forward slashes (/) on Windows; this broke some old plugins
BUGFIX: qt: custom graphs were sometimes displaying some additional misplaced context-menu items
BUGFIX: qt: forms with no dialog buttons (yes, no, cancel) would cause a crash
BUGFIX: qt: jump buttons in the CPU Registers window were not working correctly on OSX
BUGFIX: Qt: On OS X, shortcuts not defined inside idagui.cfg could contain the wrong modifier
BUGFIX: qt: rendering on mac had problems because of a bug in the Carbon API
BUGFIX: qt: some actions were not disabled in the stack frame view
BUGFIX: qt: the jump xref action was missing in the stack frame view
BUGFIX: qt: the strings sub-menu was missing letter shortcuts
BUGFIX: qthread_kill() was freeing qthread_t in Windows; it should not
BUGFIX: running ida with -z10000 could lead to deadlocks or crashes (for win32/linux/mac debugger modules)
BUGFIX: SDK: askfile_c() default answer was not populated properly if it contained an absolute file path
BUGFIX: SDK: qfilesize() now returns 0 if file is too large or does not exist (use get_qerrno() to tell between the two).
BUGFIX: second failed attempt to launch the debugger would lead to interr
BUGFIX: some edges of the graph would be rendered incorrectly after deleting an uncollapsed group (only if the graph contained more than one group)
BUGFIX: text version of ida could hang while executing a script that handles numerous debug events
BUGFIX: the form change callback of AskUsingForm() may be called recursively (leading to a crash) when using fa.set_field_value()
BUGFIX: the function flowchart with custom layout and collapsed groups could be refreshed incorrectly in some cases
BUGFIX: UI: "set segment register value dialog" was still using segment selectors even if the processor module had PR_SGROTHER flag set
BUGFIX: UI: it was not possible to set a structure member's type to Float from the menus
BUGFIX: UI: refreshing the graph was not resetting all the variables, some were still pointing to old nodes
BUGFIX: UI: text version was crashing when calling up "Processor-specific options"
BUGFIX: UI: the "Analysis enabled" checkbox in the load file dialog did not work as expected for non-x86 files
BUGFIX: UI: the notepad text could exceed the maximum size and overwrite other blob indexes
BUGFIX: under Windows, IDA still loaded a plugin even if it was renamed to e.g. plugin.plw1 (because the short name extension was still .plw)
BUGFIX: Windbg 64bit was always proposing to run the dbgsrv even for 32bit apps
BUGFIX: Windbg debugger in kernel mode would show one big segment called MEMORY in some cases
BUGFIX: windbg debugger plugin was ignoring the DBGTOOLS value in ida.cfg
BUGFIX: Windbg plugin was not able to restore absolute breakpoints on the process start if the memory was not already mapped
BUGFIX: Windbg plugin was not working properly in kernel debugging with reconnect mode
BUGFIX: Windbg: re-attaching to the kernel debugger may in some cases yield an empty module list (in the modules list window)
BUGFIX: Windows plugins that used create_flow_chart() function (e.g. Color Loops) were crashing IDA 6.1.
BUGFIX: IDAPython: calling reserve() on a movable type regvals_t was crashing due to regval_t.clear() with grabage values
