IDA 7.5.201028 (SP3) October 28, 2020
The Service Pack 3 introduces a handful of new and interesting features specific to the soon-to-be-released macOS 11 (Big Sur) and provides fixes for numerous minor issues.
We improved macOS11 kernel debugging with VMware Fusion 12.
We also improved symbolication of MH_FILESET kernelcaches.
Debugger:
improved macOS 11 kernel debugging
MACHO:
improve handling of threaded pointers in iOS kernelcaches
support symbolication of macOS11 kernelcaches that link against the boot/sys kext collection. see BOOT_KC_PATH in macho.cfg for an overview
78K0S: opcode D5 was incorrectly decoded as INC (should be DEC)
A crafted IDB file could trigger a use-after-free in IDA
Chooser: the ui_get_chooser_item_attrs event was called with the wrong CHOOSER argument
Cloning script snippets could corrupt the database
As of SP3, IDAPython is incompatible with Python 3.9. If you are experiencing crashes when running IDAPython code, and in particular if the following statement crashes: `from PyQt5 import QtCore`, please run the `idapyswitch' utility that can be found next to IDA in the install directory and select a Python 3.8 (or earlier) install.
Debugger: ios debugger was broken on iOS14
Debugger: ios debugger could fail to fetch the process list on iOS 14
Debugger: mac/ios/xnu debuggers would create tons of meaningless debugger segments
Debugger: mac debugger could fail to load symbols from system dylibs
Debugger: PIN: get rid of warning "Unexpected addrsize of the debugged program", permit remote PIN to be started by Debug->Attach
Debugger: linux: debugger could interr when handling program with many short-lived threads
Debugger: xnu debugger would fail to demangle c++ names after attaching with an empty database
Decompiler: "create new struct type" could generate a new struct type with forbidden characters, like <
Decompiler: "push esp/pop reg" was decompiled incorrectly
Decompiler: automapping variables was too aggressive in some cases
Decompiler: changing the type of a structure field would cause the loss of the __cppobj attribute
Decompiler: decompile() would crash if asked to decompile an unexisting function (nullptr)
Decompiler: fixed a crash on corrupted idbs
Decompiler: fixed false alarm 'ignored garbage at the end of the blob...'
Decompiler: fixed interr 50902
Decompiler: in some cases the action "Reset pointer type" was not working (had no effect)
Decompiler: in some cases the decompiler would add a suffix to the user-defined names (myvar->myvara)
Decompiler: jumping to the pseudocode from another window (for example, from the local types) would fail to activate the window in some cases
Decompiler: on macOS, the decompiler would use shortcut "Ins" instead of "I" for the "Edit block comment" action
Decompiler: PPC: if addresses are subtracted assume that the size is being calculated
Decompiler: renaming a structure field would cause the loss of the __cppobj attribute
Decompiler: some xrefs to enum members would be missed by Ctrl-Alt-X
DWARF: IDA could try to allocate too much memory on corrupted files before dying with out-of-memory error
DWARF: The DWARF plugin could crash IDA (null pointer dereference) with some specially-crafted files
DWARF: The DWARF plugin could INTERR with specially crafted files
DWARF: The plugin could cause IDA to crash (stack exhaustion) with some specially crafted input files
DWARF: The plugin could loop (seemingly) endlessly when encountering a DW_TAG_namespace with a (broken) name whose first character is '#'
DWARF: The plugin could perform a use-after-free during stack unwinding, on some DWARF input files
DWARF: The plugin could perform a use-after-free on some specially crafted files
DWARF: validate size of compressed sections before trying to load them
IDA could complain about "corrupted database" (bad srrange) when opening a rebased and saved database
IDA could crash when loading a corrupted elf file
IDA could crash when parsing corrupted PDB files
IDA could crash when performing certain manipulations with script snippets
IDA could crash when restoring function information from a corrupted database
IDA could endlessly loop on some corrupted idbs
IDA could fail with internal error 20078 on corrupted ELF files
IDA would crash when loading an ARM64 driver if the default debugger was set to windbg
IDA would try to allocate huge amount of memory when loading a corrupted elf file
IDAPython: IDA could exit silently on startup if the Python runtime called exit() during initialization
IDAPython: ida_bytes.bin_search documentation was lacking
IDAPython: ida_bytes.next_visea, ida_bytes.prev_visea were not available
IDAPython: ida_ida.AF_FINAL had value -0x80000000 instead of 0x80000000
IDAPython: ida_name.MNG_* and ida_name.MT_* values were not exposed
IDAPython: ida_search.SEARCH_UNICODE was not available after IDA 7.0, while ida_search.find_binary() still is
IDAPython: if a 'nav colorizer' would return a long that couldn't be converted into 32-bits, IDA would fail reporting the issue in a timely manner, leaving it for later Python code to fail
IDAPython: internal error 30615 could happen if Python intialization failed
IDAPython: using ida_kernwin.choose_find() with a non-IDAPython chooser, would crash IDA
IDAPython: when using Python 2, scripts with magic 'encoding' comment could fail to run
INTERR 1983 could happen in some situations after rebasing
LUMINA: fixed "Unsupported OpenSSL version" error on macOS11
Modifying an attribute of a function argument (e.g. adding __hidden) would be saved in the database but would not be immediately reflected in the disassembly
On windows idat would let the operating system to handle some Ctrl- keys, rendering them unusable in IDA
Opening IDA without an IDB and opening the script snippets dialog, and then loading an IDB with snippets, would fail to properly load that database's snippets
PC: changes in processor specific options were not undone upon Ctrl-Z
PC: parse_reg_name() could return wrong register types for XMM/YMM/ZMM registers
PC: some FMA instructions were not decoded in 32-bit mode
Rebasing the program by an odd number of bytes was not forbidden (and led to problems later)
Renaming a local type by pressing F2 would lead to its removal from all use sites
Searching for all occurrences of a byte sequence would not work without an open disassembly view
Types: creating a c++ structure with a __vftable member in the struct view was not marking the structure as having vftable; only doing so from local types was working
UI/QT: during auto-analysis, typing in the quick filter (e.g., in the 'Functions window') could result in loss of certain characters
UI/QT: hiding columns when in 'folders' mode wouldn't work
UI/QT: if entries in the "Structures" or "Enums" widgets were sorted, scrolling by using the scrollbar would jump over some entries
UI/QT: renaming folders in the "Local types", would show the editor on the wrong cell (in the 'Name' column, even though the folder name is in first column, named 'Ordinal'.)
UI/QT: right-click would crash IDA on macOS11 beta7 and later
UI/QT: the "Command palette" could refuse to keep the user selection, making it hard to use
UI/QT: the decompiler action "Jump to local type" could fail to select the proper type when the "Local types" view was sorted
UI/QT: when searching for text in sorted folders views, IDA could loop endlessly
UI/TXT: it was impossible to "Import" snippets in the 'Script snippets' dialog
UI: Alt+T/Ctrl+T searches in tabular/tree views, wouldn't wrap around as they should
UI: choosers starting in "folder" mode, might not have the user-desired sizes for columns
UI: Cmd+M would not minimize the IDA window on macOS, per convention
UI: debugger stack view could display values with wrong bitness (e.g. 32-bit values for 64-bit programs)