# IDA 6.7 #### Highlights * A lot of work was done on the UI internals to improve the speed and responsiveness, and reduce unnecessary screen redrawing * UI: no more resetting to the default desktop layout when moving your IDB to another PC/monitor - the saved layout is scaled to fit the new resolution * SDK/UI: new set of functions for dealing with user-provided actions * \[un]register\_action * \[at|de]tach\_action\_\[to|from]\_menu * attach\_action\_to\_custom\_viewer\_popup * attach\_action\_to\_output\_popup * \[at|de]tach\_action\_\[to|from]\_toolbar All of them are also available in IDAPython * DWARF: much improved support for DWARF4, and added support for DWZ (compressed DWARF) files * MIPS: support for microMIPS, DSP extensions and Cavium Octeon II instructions * PIN and Dalvik debuggers were improved considerably to be faster, more robust and easier to use * Position-independent build of ARM Android remote debugger server (required for Android Lollipop) * UEFI type libraries and TE (Terse Executable) file format support * Many vulnerabilities fixed thanks to the submissions to our [bug bounty](https://hex-rays.com/bugbounty) program #### Complete changelist * **Processor Modules** * 6809: added support for data page segment register (DP) * ARM: detect several additional variations of the \_\_rt\_switch8 helper in binaries produced by the ARM compiler (armcc) * ARM: improve no-ret analysis for calls performed using BX and BLX instructions * Dalvik: 'T' can be used to apply structure offsets to odex "quick" instruction operands * Dalvik: decode return-void-barrier (opcode 0xf1) instruction * f2mc: Added PCB to the list of segment registers * m740: added I/O port definitions for m3804x * Mach-O: add init pointers as entrypoints (similar to PE's TLS callbacks) * Mach-O: improve the loader to handle unusual and deliberately modified files * Mach-O: use the LC\_MAIN command, if present, to determine the program entrypoint * MIPS: added support for Cavium Octeon II instructions * MIPS: added DSP ASE support * MIPS: added MSA ASE support * MIPS: added microMIPS instruction set support * MIPS: provide auto-comment for floating point and dword-sized stack args * MIPS: resolve gp-relative references on N64 ABI * MIPS: simplify some instruction sequences to dla/dli on N32/N64 ABIs * MIPS: Support for R\_MIPS\_TLS\_TPREL relocations * PC/PE/kernel: define entrypoint prototype for UEFI files NB: DXE entrypoint is used for all UEFI files, since it's impossible to distingish PEI and DXE files by the header flags * PC: decode FMA4 instructions * PC: handle switches produced by the Sun C compiler * PC: improve recognition of GCC switches in non-PIC x64 binaries * PC: improve switch analysis (again) * PC: improved frame analysis (some 'lea ebp' insns were recognized as part of prolog while they were not) * PC: improved prolog recognition * PE: handle unwind info version 2 in x64 .pdata sections * PE: support ARM64 files * PE: when applying relocations, mark relocations which apply to code as such (improves autoanalysis) * PPC: PPC\_TOC, PPC\_SDA\_BASE, PPC\_MMIO\_BASE can now be set from IDC scripts * PPC: support for SPE 2.0 instructions * Tricore: apply mapping to offsets recognized in standard instruction sequences * **File Formats** * IDA automatically uses sparse storage for uninitialized segments * ELF: add support for R\_MIPS\_64 reloc * ELF: DT\_MIPS\_LOCAL\_GOTNO-declared relocations in MIPS shared libraries will now be properly handled on rebasing/segment move * ELF: handle x86/x64 files with bogus EI\_CLASS and EI\_DATA values (these fields are ignored by Linux kernel) * ELF: if a dynamic shared object file has ".interp" section, do not mark it as DLL (it's a position-independent executable) * ELF: MIPS: detect microMIPS functions * ELF: MIPS: try to find initial gp value even when DT\_MIPS\_GP\_VALUE is missing * ELF: PPC: handle R\_PPC\_ADDR24 relocation * ELF: support files that use bogus R\_ARM\_REL32 relocations for self-decryption * ELF: Support for R\_386\_TLS\_TPOFF32 relocation * HEX: split the file being loaded into several segments if there are big gaps in addressing * Java: support loading of .class files produced by Java 8 * CLI: IDA on Windows can now make use of the built-in CLI metadata loader, if the environment variable 'PE\_CLI\_FORCE\_RAW' is set * TE: added support for TE (Terse Executable) file format, used in UEFI firmwares * **Debugger** * BOCHS: enabled manual memory regions in disk image mode * BOCHS: support for Bochs 2.6.6 * debugger: Android: added a position-independent build of the debugging server (android\_server\_pie); necessary for Android Lollipop * Debugger: Dalvik: added an ability to preset breakpoints at methods of Activity to start with, controlled by Debug specific options * Debugger: linux: try to detect if the dynamic interpreter (ld.so) is loaded at runtime and start reporting shared libraries at that time This helps with debugging of compressed programs * DWARF: Don't try and use DWARF info from files that have a .gnu\_debugaltlink companion file * DWARF: Golang: Better handling of some poorly-defined arrays dimensions * DWARF: Initial support for CFA(Call Frame Activation)-based stack arguments * DWARF: Moved to libdwarf 20140805, which provides much better DWARF V4 support * DWARF: Support for decimal floating point values * DWARF: Support for ELF files with a companion 'DWZ' file (i.e., "compressed" DWARF information.) * DWARF: Support for Free Pascal-style UDT-member-as-subroutine (lacks a '\*' DIE) * PIN: implemented write memory request * PIN: print PIN toolkit version when starting pintool * PIN: provide access to FPU/XMM registers * PIN: support PIN toolkin version 2.14 * PIN: support register modification * **Kernel/Misc** * demangler: added support for the .eh suffix * demangler: handle rvalue reference and nullptr\_t in VC++ mangled names * generate a xref to the target struct type when 'struct offset' applied to a struct member * installer: enable SEHOP and Force ASLR mitigations on Windows at install time * kernel: reimplemented storage of segment register changepoints. Now ARM files with many ARM-Thumb changepoints consume much less memory * Linux installer will warn the user about missing 32-bit support instead of failing silently on pure x64 distros * show string tail as a comment if cross-refence points into the middle of the string * sync all imported types from loaded tils to the local til file; we need this to ensure that an imported type does not suddently change because of til manipulations * PELF: add support for ARCompact relocations * TIL: added a type library for UEFI (x86 and x64, version 2.4) * kernel: virtual array was flushing pages to the disk every time we changed its size; removed that * **User Interface** * UI/QT: When holding Shift or Ctrl while mouse wheel scrolling, entire pages are scrolled at once. When doing so in hint windows, they are grown/reduced faster, too * UI: add 'Undefine operand', and 'Alignment' to the context menu, when applicable * UI: Added "Copy to clipboard" functionality to "Export Data" * UI: added a setting for the number of xrefs for structs/enums in the Options dialog * UI: distinguish the main entrypoint in the list of exports/entry points * UI: double-clicking on a register value during debugging allows to edit it * UI: force randomization of Python DLLs load addresses, to reduce the risk of vulnerabilities; also enable Force ASLR if available (Windows 8 or later) * UI: handle gracefully lack of disk space when trying to save the database - allow the user to retry saving * UI: if one of the recent file entries in the File menu is selected while Shift key is held down, the file is opened in a new IDA instance * UI: improved the "Edit Segment" form; segment access permissions can be edited now * UI: on Windows, offer to create a minidump in case of an internal error * UI: options dialog: added a "graph" or "nongraph" suffix to the settings which are mode-specific * UI: print detailed function argument information when the user presses 'F' * UI: QT: remove requirement for compatible screen resolution when loading desktop from IDB. If some floating windows do not fit into the screen, they're resized * UI: remember the last used directory for the "Script file..." dialog (if OPEN\_DEFAULT\_IDC\_PATH is not set) * **Scripts & SDK** * IDAPython: add idaapi.get\_kernel\_version() * IDAPython: added ability to build IDAPython with Hex-Rays bindings by specifying a path to a directory where to find the 'hexrays.hpp' file * IDAPython: added APIs for accessing the registry * IDAPython: added APIs for working with breakpoint groups * IDAPython: added umsg() for printing UTF-8 text into the Output Window * IDAPython: construct\_macro() is now available to IDAPython processor modules * IDAPython: export get\_custom\_viewer\_place(), and allow place\_t clone() & related functions * IDAPython: expose QueueDel(qtype\_t, ea\_t), to complete APIs for manipulating entries from the "known list of problems" * IDAPython: get\_tform\_type()/get\_tform\_title(), & current\_tform\_changed callback * IDAPython: give users the ability to access the underlying TForm/TCutsomControl objects that back higher-level Pythony wrappers, so that the rest of the SDK API can be used as well * IDAPython: improve stability and error reporting for Python processor modules * IDAPython: Scripts can use OnViewMouseMoved() callback to be notified of mouse movement on views (both user-created, as well as core IDA views) * IDAPython: User graphs: double-clicking on a graph edge, will (by default) jump to the node on the other side of that edge * IDC: Added UMessage(), to print UTF-8 strings * IDC: 'Dump Database to IDC' now exports function comments too * IDC: SetType/ApplyType can be used with struct member IDs * SDK: Added 'umsg', which is in all aspects similar to 'msg', except that it works exclusively with UTF-8 strings * SDK: added build\_stkvar\_xrefs(), to get a list of all the xrefs in a function for a given argument/variable in that function's stack frame * SDK: added function to retrieve action attributes * SDK: added lower\_type2(), that accepts a helper capable of providing additional information about the function, that lower\_type2() itself doesn't know about * SDK: Added patch\_qword(), (and PatchQword for IDC.) * SDK: added qfindclose64() to the destructor of qffblk64\_t; there is no need to call it explicitly anymore * SDK: added qfstat64() * SDK: added unpack\_xleb128() to read sleb/uleb128 values * SDK: attach\_action\_to\_popup()/detach\_action\_from\_popup() can now be used to register and remove 'permanent' popup actions * SDK: deprecated 32-bit findfirst/findnext functions and qstat() * SDK: deprecated guess\_func\_tinfo2 (use guess\_tinfo2) * SDK: deprecated ui\_showauto and ui\_setstate * SDK: extend APIs for working with breakpoint groups * SDK: extended set\_dock\_pos usage. Now it can be applied for the complex widgets by specifying the window title, f.e. "IDA View-B, Enums, Exports" * SDK: extensive reworking of comments in the headers (converted to Doxygen format). HTML documentation is avilable for * SDK: introduced debugger\_t::set\_resume\_mode to be able to specify various resuming kinds (it replaces 'thread\_set\_step') * SDK: new set of functions for dealing with user-provided actions * SDK: qfileexist() now returns false if the specified path is a directory (use qisdir() for directories) * SDK: since the return value of malloc/calloc with zero size is implementation dependent, the qalloc/qcalloc functions check for zero and return NULL * SDK: added qgetcwd() * **BUGFIXES** * BUGFIX: IDAPython: made 'extract\_name' available again * BUGFIX: 32bit offsets in 16-bit segments were interpreted as seg:off pairs for all processors (should happen only for x86) * BUGFIX: 64bit windows debugger: read/write of FPU/MMX was handled incorrectly * BUGFIX: 6809: low/high offset expressions were displayed incorrectly * BUGFIX: a signed comparison was used to validate the 'maxord' field of .til files; this is a vulnerability that can be exploited by creating a specially crafted .idb file, at least in theory * BUGFIX: AOF: AOF loader could access out-of-bounds memory * BUGFIX: AOUT: IDA could crash trying to load a corrupted a.out file * BUGFIX: ARC: ARC4 ld/st were incorrectly treated as having delay slots * BUGFIX: ARC: brCC and bbitX instructions were printed incorrectly (no delay slot and unnecessary period) * BUGFIX: ARC: some ARCompact instructions were missing flag-setting bits * BUGFIX: ARM: IDA could hang if there were three or more thunk functions calling each other in a loop * BUGFIX: ARM: IDA could loop endlessly on some files (if the byte sequence would be resemble valid code but still had many inconsistencies) * BUGFIX: ARM: instructions belonging to TBH/TBB switches were not properly marked * BUGFIX: ARM: instructions inside IT blocks would lose their condition suffixes on rebasing * BUGFIX: ARM: single stepping inside IT blocks was broken * BUGFIX: autoanalysis could endlessly loop in some (rare) cases * BUGFIX: BOCHS: IDA could fail to start debugging in snippet mode (IDB mode) if there was a big .bss segment at the end of address space in the database * BUGFIX: BOCHS: IDB mode would work incorrectly with files that have many small, non-page-aligned segments (e.g. many ELF files) * BUGFIX: BOCHS: in protected mode (disk image mode), mappping of segment selectors that use LDT (and not GDT) was done incorrectly * BUGFIX: check\_process\_exit() could not handle the processes that were terminated by a signal (unix) * BUGFIX: choose2() in batch mode could return wrong answer (if the default answer was wrong) * BUGFIX: CLI: IDA could crash when loading a corrupted .NET file on Linux/OS X (double free) * BUGFIX: CLI: IDA could hang on some corrupted .net files * BUGFIX: CLI: IDA could spend enormous amount of time trying to load some corrupted .net files * BUGFIX: CLI: Incorrect .net metadata could cause IDA to quit on Linux & OSX * BUGFIX: CLI: specially crafted .net file could crash IDA on unix * BUGFIX: Closing the IDB and calling 'get\_import\_module\_name()' (e.g., through a PLUGIN\_FIX plugin) would crash IDA * BUGFIX: COFF: corrupted file could crash IDA * BUGFIX: COFF: IDA could crash on some corrupted files * BUGFIX: COFF: truncated string tables could lead to memory corruption * BUGFIX: Dalvik debugger could crash when switching to the debugger desktop * BUGFIX: Dalvik: move/16 and move-object/16 instructions were decoded incorrectly * BUGFIX: DBG/COFF: IDA could crash when parsing a COFF symbol with bogus count of aux records * BUGFIX: debugger: Android debugger could miss some memory areas (if the same starting address was listed twice in 'maps') * BUGFIX: debugger: in some cases debugger could not continue execution after suspending on 'start process' event * BUGFIX: debugger: it was impossible to read MMX registers from 64bit linux debugger * BUGFIX: debugger: mac: IDA would fail to read debuggee's memory at or close to address 0 even when it was valid * BUGFIX: Debugger: some debugger modules could still send BREAKPOINT events after receiving the termination request; IDA should ignore them * BUGFIX: DEX: a specially crafted DEX could crash ida * BUGFIX: DEX: fixed a buffer overflow in the DEX loader * BUGFIX: DEX: IDA could crash trying to load a corrupted DEX file * BUGFIX: DOS: MZ EXE relocations with values >0x8000 were processed incorrectly * BUGFIX: DWARF: could fail recognizing some types as being equivalent, and end up in an INTERR * BUGFIX: DWARF: could crash when generating some variations of a type, to make its size suitable for inheritance * BUGFIX: DWARF: some badly corrupted DWARF data could cause IDA to quit * BUGFIX: ELF: bogus PT\_NOTE entries could cause IDA to hang for a long time * BUGFIX: ELF: could crash on corrupted elf files * BUGFIX: ELF: IDA could crash when loading a specially crafted ELF file * BUGFIX: ELF: MIPS HI16 RELA relocations were incorrectly applied * BUGFIX: ELF: specially crafted file could result in stack buffer overrun * BUGFIX: ELF: STB\_WEAK symbols were not listed in the 'exports' window * BUGFIX: EPOC: handcrafted EPOC files could cause an endless recursion and eventual crash (but IDA would ask for a confirmation at each iteration) * BUGFIX: EPOC: IDA could crash trying to load corrupted EPOC files * BUGFIX: EPOC: malicious deflate-compressed EPOC files could crash IDA * BUGFIX: EPOC: specially crafted .sis file may cause memory corruption * BUGFIX: fixed behavior of highlight + scrolling to be like IDA pre-6.6 * BUGFIX: Fixed exporting to C header file of types with fileds of referenced by name type * BUGFIX: GDB: the "Use CS:IP in real mode" option was treated as always active, leading to incorrect EIP values in real mode in some stubs (e.g. VMWare) * BUGFIX: HPSOM: HP-UX SOM loader could access out-of-boundary memory * BUGFIX: IDA could crash at the exit time if tinfo\_t objects were leaked by a plugin or script * BUGFIX: IDA could crash if an attempt to match a jump table instruction sequence was made on an ea without a segment * BUGFIX: IDA could crash on specially crafted DEX file (trying to allocate a huge segment) * BUGFIX: IDA could crash trying to guess a function type (stack overflow) * BUGFIX: IDA could crash trying to load corrupted PharLap extender files * BUGFIX: IDA could hang trying to move a segment from the top of the addressing space * BUGFIX: IDA could interr if the program was rebased in the presence of orphan bytes (bytes that do not belong to any segment) * BUGFIX: IDA could not parse 'static int inline x;' * BUGFIX: IDAPython Decompiler bindings could abort IDA because of some uncaught C++ exception * BUGFIX: IDAPython processor modules' outop-produced op\_t references were leaked * BUGFIX: IDAPython: Activate() callback was not functional * BUGFIX: IDAPython: Exceptions in GraphViewer.OnRefresh() were silently ignored * BUGFIX: IDAPython: exceptions thrown inside the code called by SWIG wrappers must be caught, or IDA might abort * BUGFIX: IDAPython: Form.Close() was not working in most cases * BUGFIX: IDAPython: gen\_disasm\_text() was expecting a 'text\_t' instance, which is not exposed * BUGFIX: IDAPython: get\_ascii\_contents2() was not honoring the possible output encoding request * BUGFIX: IDAPython: GetLocalType() could produce errors with some local types * BUGFIX: IDAPython: GraphViewer would not allow grouping of nodes, unless OnCreatingGroup was implemented * BUGFIX: IDAPython: GraphViewer.Select() method was always selecting node 0 regardless of the argument * BUGFIX: IDAPython: It was not possible to use 'tag' and 'reg' functions of a segreg\_t instance returned by get\_srarea() * BUGFIX: IDAPython: Some char arrays-derived Python strings could contain garbage in some cases * BUGFIX: IDAPython: some functions which returned a ssize\_t, were wrapped incorrectly and were unusable * BUGFIX: IDAPython: udt\_type\_data\_t was not exposed as a qvector, and thus couldn't be iterated on * BUGFIX: IDAPython: When using the Strings() class, bytes could be erroneously retrieved * BUGFIX: IDC's SetShortPrm(INF\_BINPREF, \) would not properly change the current renderer's amount of displayed bytes * BUGFIX: IDC: GetLocalTinfo() would return a non-zero number upon failure (must return 0) * BUGFIX: IDC: IDA could interr if an IDC function was called with wrong number of arguments * BUGFIX: IDC: SetMemberType() with struct offset would use wrong struct offset delta * BUGFIX: IDC: the function SetRegValue() could set incorrect value for FPU registers * BUGFIX: it was possible to create an item across function chunk boundaries (only in some cases) * BUGFIX: kernel: instruction emulator could destroy the current insn in some cases and this would cause an interr later * BUGFIX: LE: LE files without the MZ header could not be loaded * BUGFIX: linux debmod could interr on low-level conditions * BUGFIX: Mach-O: \_\_stubs section was processed incorrectly for x64 files * BUGFIX: Mach-O: corrupted export data could cause buffer overflow and crash IDA * BUGFIX: Mach-O: Fixed crash in Mach-O loader (endless recursion) * BUGFIX: Mach-O: fixed off-by-one bug in many places; efd was crashing on the sample files we received today; probably IDA too * BUGFIX: Mach-O: Fixed potential endless recursion * BUGFIX: Mach-O: IDA could crash on some corrupted Mach-O files the number of sections or section boundaries are bad * BUGFIX: Mach-O: IDA could crash when loading Mach-O files with malformed LC\_LOAD\_DYLIB commands * BUGFIX: Mach-O: IDA could not load files with over-sized sections * BUGFIX: MIPS: building mips16 macro instructions could consume too many bytes, preventing some following instructions from being decoded * BUGFIX: MIPS: registers could be tracked incorrectly for mips16 code * BUGFIX: MIPS: some references to local symbols loaded from the GOT could not be converted to offsets * BUGFIX: msp430: was using 16-bit segments by default * BUGFIX: MSP430: some BRA instructions were decoded incorrectly * BUGFIX: NE: IDA could crash on specially crafted NE file (zero pointer dereference) * BUGFIX: on Linux some of concurrently started instances of IDA could fail to load the registry * BUGFIX: our C parser was supporting only "ui64" suffix for 64-bit constants; the 'll' prefix was silently skipped * BUGFIX: Patched bytes are now reverted before the segment and its data are deleted * BUGFIX: PC: 'ymmword' keyword was not defined for PC module which caused 32-byte data items to be displayed with (null) prefix * BUGFIX: PC: AVX instructions that refer to r8..r15 should not be decoded in 32-bit mode * BUGFIX: PC: some instructions using repeated 66 and 67 prefixes (operand/address size override) were not decoded correctly * BUGFIX: PDB: IDA could fail to load a PDB file when using File->gt;Load additional file->gt;PDB file... dialog * BUGFIX: PE: files with corrupted CodeView debug info could trigger a double free * BUGFIX: PE: heap overwrite in processing of x64 .pdata entries * BUGFIX: PE: IDA could access invalid memory when a corrupted COFF symbol table was present * BUGFIX: PE: IDA could take a very long time loading a file with bad debug directory * BUGFIX: PE: specially crafted PE file could lead to memory corruption * BUGFIX: PEF: fixed multiple vulnerabilities * BUGFIX: PEF: specially crafted PEF files could crash IDA * BUGFIX: PIN: get rid of duplicates in trace buffer (basic block tracing mode) * BUGFIX: PIN: in some cases IDA tried to launch pintool even if 'autolaunch' option was disabled by the user * BUGFIX: PIN: in some cases pintool could provide incorrect memory configuration * BUGFIX: PIN: incorrect tooltips for memory operands in the disassembly window * BUGFIX: PIN: not all threads appeared in IDA after initial attach to a process * BUGFIX: PIN: register values/threads could be lost when debugger stops on "Process start"/"Library loaded" events (in case 'Suspend on debugging start' or "Suspend on library load/unload' option is enabled) * BUGFIX: PIN: take into account actual flags of segments/function when enabled options 'Trace over debugger segments', 'Trace over library functions' * BUGFIX: PPC: undecorating a name could yield an empty name and that could cause a crash * BUGFIX: PPC: VLE instruction se\_addi was incorrectly simplified into se\_li when r0 was used as a source operand * BUGFIX: Producing files with only structures/enums gave erroneous feedback on the line count * BUGFIX: Proximity view could crash when asked to expand/collapse multiple nodes, when some of those are "(+)" nodes * BUGFIX: qrealloc() with BADMEMSIZE could succeed on some flavors of linux64 (it should fail) * BUGFIX: qwingraph: could crash on some huge graphs; now we nicely display a message and exit * BUGFIX: references to unexisting types would be saved with explicit struct/union/enum keywords even if the reference was simply by name; the keyword would be derived on the fly from the forward declaration, if it existed * BUGFIX: renaming a struct/enum would break references to it because IDA was using references by name instead of by ordinal * BUGFIX: SDK: tinfo\_t::is\_forward\_decl() could incorrectly return false in some cases * BUGFIX: searching for the next unknown byte in sparse storage was buggy * BUGFIX: some -D command line options could be effectively ignored because IDA could load a new processor module immediately after applying them; now we apply -D switches after loading the input file * BUGFIX: some anonymous unions of bitfields could be handled incorrectly in pdb files * BUGFIX: some register names were duplicated by some debugger backends * BUGFIX: SPARC: IDA would miss delay slots in little endian mode * BUGFIX: structure alignment was incorrectly calculated when copying from the struct window to the local types; * BUGFIX: switch idioms that had the default jump target inside (but unmarked) would still be decompiled incorrectly * BUGFIX: Syncing a Hex-View to the value of a register would cause an interr * BUGFIX: the 'local types' window was not refreshed after importing some types to the IDB * BUGFIX: tilib: could interr when trying to calculate the alignment of a 'long double' type when the compiler is set to 'Borland' (long double is 10 bytes but has alignment of 8) * BUGFIX: tinfo\_t::print() could crash if PRTYPE\_DEF was passed for a trivial type * BUGFIX: tracing, basic block tracing mode: broken order of instructions in the trace buffer * BUGFIX: Tricore: some ld16/st16 instructions were decoded incorrectly * BUGFIX: UI: after switching Hex View to one-column it was not displaying anything * BUGFIX: UI: IDA could confuse structs with members when renaming in the structures view * BUGFIX: UI: IDA could crash when showing proximity graph coming from a trace * BUGFIX: UI: IDA could crash when trying to display a proximity view graph for a newly opened file, if that graph exceeded the max node limit * BUGFIX: UI: IDA could show "undefined type" message when loading some PE files into IDB * BUGFIX: UI: IDA was generating bogus idb\_event::op\_type\_changed when showing the context menu * BUGFIX: UI: in some cases picking a standard numeric constants (enum) for the value in the disassembly did not work * BUGFIX: UI: load-time warnings could be shown again even if the user checked "Don't show again in current session" * BUGFIX: UI: Pressing '.' when in the "Output window"'s messages widget wouldn't switch control to the CLI widget * BUGFIX: ui: qt: Changed meaning of 'width' field parameter in forms descriptions. Now it is buffer size -1 for text fields and the number of characters for digital fields * BUGFIX: UI: QT: Open... file dialog was displaying only "All files(\*)"; now extensions idagui.cfg are used * BUGFIX: UI: Right-clicking on a graph view, and then clicking on the "Zoom 100%" action could lead the view to zoom to the wrong place * BUGFIX: UI: Right-clicking on an edge, and requesting a grouping of nodes while none are selected could crash IDA * BUGFIX: UI: some IDBs created on Windows and used on Unix could have problems with the 'struct offset' command in the gui verion * BUGFIX: UI: switching from graph view to flat view and back would change the current disassembly position if the current node was a group node * BUGFIX: UI: the import window would display wrong library names if a new database was opened without quitting IDA * BUGFIX: UI: tracing actions (Instruction tracing etc.) were not enabled for some debuggers which do support tracing (e.g. Bochs) * BUGFIX: UI: TXT: Changed meaning of 'width' field parameter in forms descriptions. Now it is buffer size -1 for text fields and the number of characters for digital fields * BUGFIX: UI: Using IDA in a Windows 8 RDP session might cause a freeze of the session when dragging & dropping widgets * BUGFIX: UI: When animations were turned off, IDA could temporarily freeze * BUGFIX: UI: when creating 32-bit segments with base 0, a selector was not allocated for it, leading to various issues * BUGFIX: UI: when creating a new script snippet, the previous snippet text was not always cleared from text field * BUGFIX: UI: When double-clicking a result in a non-modal "Xrefs to ..." view, in order to jump in the (previously hidden) tabbed graph view, the graph view might center on an incorrect place * BUGFIX: uiswitch: it was impossible to specify a switch with zero elbase but nonzero shift * BUGFIX: unreachable meaningless fpu instructions could hinder fpu stack analysis * BUGFIX: User graphs: paint nodes background even when text is not painted (i.e., zoom level is too far away.) * BUGFIX: when a struct was deleted, the corresponding type was not always deleted from the local types * BUGFIX: When changing a variable/argument type in a function frame, 'Structures' xrefs might not be updated * BUGFIX: when debugging, the cursor could be positioned on a multiline comment line in the pseudocode view, instead of the line with the real code * BUGFIX: When horizontally scrolled, IDA View-A could fail to highlight the word on which the cursor is currently placed * BUGFIX: When in graph view, jumping to the current function's call sites through the node title's "Jump to xref" icon could focus on the wrong node in the calling function * BUGFIX: when opening an old IDB for a processor without the type system there could be a significant delay (a dozen of seconds or more) * BUGFIX: When performing some keyboard shortcut sequences very fast, and then moving up/down with the keyboard's line up/down, or page up/down, the disassembly listing could show a single line (or jump one page off) * BUGFIX: While grouping/ungrouping some nodes, IDA could freeze until 'Esc' is pressed * BUGFIX: WinDbg: windbg debugger could not write FPU register values * BUGFIX: 64bit linux debugger: Incorrect reading of FPU registers * BUGFIX: ARM: arm module would display 'LDR R0, =0xFFFFFFFF' or similar in case the LDR instruction was referrring to a non-existing or uninitialized memory address * BUGFIX: DWARF: Could misinterpret very large types (> 0x1fffffff bytes-large) * BUGFIX: GDB: a malicious GDB stub could cause heap memory overwrite in IDA during debugging * BUGFIX: IDA could abort with message "index file is bad" when compressing database * BUGFIX: IDA could crash at DWARF-loading time, because the DWARF plugin would try and retrieve too many bytes from the file * BUGFIX: IDA could crash/hang on corrupted databases * BUGFIX: IDA could hang trying to load corrupted input files * BUGFIX: IDA could hang trying to read symbols from an erroneously-large symbols table * BUGFIX: IDAPython: internal\_get\_sreg\_base() wasn't usable * BUGFIX: IDAPython: set\_nav\_colorizer() was not accepting Python callables as implementation. Issue 1370 * BUGFIX: PC: some FPU instructions were not decoded if they had a REX prefix * BUGFIX: Pressing 'p' to create a procedure, then keyboard-navigating to another piece of code and pressing 'p' again could not work (unless something caused the actions to be updated again; e.g., opening a dialog.) * BUGFIX: IDA could interr when guessing a function prototype if the stack was growing up for the current processor * BUGFIX: IDA could spend too much time generating the listing if there were too many lines in .net files * BUGFIX: kernel: handling of switches with SWI\_JMP\_INV flag set was broken * BUGFIX: specially crafted .sig files could crash IDA * BUGFIX: PPC: some simplified instruction forms were missed --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hex-rays.com/9.0/release-notes/6_7.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.