clear IDA 7.0: Internationalization (i18n)
This document describes an important change that happened in the code while designing IDA version 7.0: the move to using UTF-8 everywhere.
This is mostly of interest to plugin authors, either binary or IDAPython plugins.
Prior to version 7.0, IDA would store the following strings:
segment names
function names
function local labels
comments fonr function, segment & address
database notepad contents
...
into the database, using the local 8-bit encoding. Specifically:
on Windows: usually, the OEM codepage, but sometimes the ANSI codepage (for the database notepad)
on Linux & OSX: the locale's 8-bit encoding, which in most cases ended up being UTF-8
There were many issues with this, but the most obvious ones are:
inability to pass an IDB to someone using a different locale, and have sensible non-ASCII text
it would sometimes be unclear what kind of encoding was used, for what transiting data (e.g., for plugins)
While we were knee-deep in the refactorings we did for 7.0, we decided it was a good time to improve the situation, and we did so by imposing UTF-8 everywhere in IDA: any string that transits within IDA's memory, is now encoded in UTF-8.
Plugin writers needing to support more than just the ASCII subset of Unicode code points, will certainly find the current situation more comfortable.
Because a byte is a byte, and without additional context it's impossible to know how that byte should be interpreted, we had to resort to heuristics when a database is ported to the 7.0 format.
The following will be converted during a database upgrade:
function comments
decompiler pseudo-C function comments
segment comments
hidden areas descriptions
structures comments
structure members comments
enum comments
enum members comments
database notepad contents
script snippets
And, for any of those, here's how IDA will decide whether or not a conversion is needed:
if the contents is not valid UTF-8, or
if a conversion encoding has been specified (see below)
..then IDA will convert that data to UTF-8, using the following rule:
if a conversion encoding has been specified (see below), use that
otherwise
if on windows, assume the source is in the locale's codepage(s)
otherwise (i.e., on Linux or OSX), assume the codepage(s) are those of "Western Europe" -- hopefully covering most databases
And if such a conversion happens (and no conversion encoding was specified), IDA will display an example, post-conversion, text in the messages list for you to figure out whether it did the right thing or not. E.g.,
(in this particular case, IDA converted a test function comment, which in 6.95 would be stored using the OEM codepage CP850 (i.e., "Western Europe"))
As you can see at the bottom of the message above, IDA hints at the UPGRADE_CPSTRINGS_* configuration directives. Let's have a look at those.
UPGRADE_CPSTRINGS_*In case IDA got it wrong, and either:
your locale's codepages on Windows don't correspond to those of the machine where the IDB was created, or
you are on Linux or OSX and the IDB was created on a Windows machine with a locale that features codepages other than those for "Western Europe"
...then IDA will improperly interpret those bytes, and the conversion to UTF-8 will yield wrong, possibly garbled results.
In that case, you can help IDA by specifying:
UPGRADE_CPSTRINGS_SRCENC
UPGRADE_CPSTRINGS_SRCENCA
in order to instruct it what encodings/codepages should be used for data that's encoded using the OEM codepage or the ANSI codepage, respectively.
Please have a look in the cfg/ida.cfg file for more documentation regarding those directives.
It's also worth pointing out that those directives can be passed on the command line, using the following syntax:
In this case, IDA will use CP866 (i.e., Cyrillic OEM codepage) to perform the conversion of those string that are stored using the OEM codepage.
clear IDA 7.0: IDAPython backward-compatibility with 6.95 APIs
IDAPython script/processor module writers should have a look at least at the following sections:
Availability of those APIs
Porting exsting, or writing new scripts
IDA 7.0 consists of x86_64 binaries (as opposed to all previous versions, which consisted of i386 binaries). This has the very unfortunate side-effect that all existing binary plugins will stop working.
Thus, since ABI compatibility is gone and therefore those binary plugins would require recompiling, we decided that now would be a perfect time to perform a much-needed API cleanup:
renaming inconsistently-named functions
renaming inconsistently-named constants
removing deprecated functions
improving some structures & classes
Binary plugin authors will not only have to recompile: first, a small porting effort will be needed in order to adapt to the new, cleaned-up API.
The situation, however, is very different for IDAPython script/plugin authors: the exact architecture of the platform where IDA runs (i.e., x86_64 or i386) is (mostly, at least) irrelevent to them.
Consequently, we decided we would provide a compatibility layer, that maps the 'old' 6.95 APIs, to the new 7.0 ones, in order to ease the adoption of IDA 7.0 in as many cases as possible.
Backward-compatibility is provided by python.cfg's AUTOIMPORT_COMPAT_IDA695 directive.
When that directive is set to YES, additional code will be loaded into IDAPython, providing mappings for the older function names, classes, constants, etc...
With that directive turned on, existing scripts should just work. If that isn't the case, please contact us on support@hex-rays.com and we'll try our best and fix IDAPython so that it covers your use-case.
This is not, however, a viable & long-term solution:
the amount of code & general overhead that loading these APIs adds, is not quite negligible.
it 'pollutes' to the ida_* (and idaapi) modules.
(admittedly to a lesser degree) it slows down development & evolution of IDAPython.
The AUTOIMPORT_COMPAT_IDA695 directive is turned on by default, which means that existing scripts should work.
When some time has passed, a later release of IDA will ship with AUTOIMPORT_COMPAT_IDA695 set to NO by default. Of course, users can still turn it back on, but that will at least hint the user that something might require attention.
After some time (it's difficult to provide a time frame, here. We'll have to see how things go), we'll simply remove the backward-compatibility code. It will then be impossible for scripts that were not ported to function.
If your script(s) is(are) meant to work with IDA 7.0 onwards, it might be a good idea to port them as soon as possible.
The modifications should be (in almost all cases) trivial, since many API changes consist of function, types & constants renaming.
Please have a look at the 6.95 to 7.0 API guide for information about that renaming.
A very good test to test whether your scripts have been properly ported, is to set AUTOIMPORT_COMPAT_IDA695 to NO,restart IDA, and try your scripts again.
The best course of action here is to simply set to AUTOIMPORT_COMPAT_IDA695 to NO from the beginning, and write your script/plugin directly with the new API.
We did what was reasonably feasible, to provide an IDAPython API that's as backward-compatible as possible with the IDA 6.95 API
However, we considered it unreasonable for some parts of the API to be ported. Most notably:
the "processor module" API: existing processor modules will have to be ported to the new API. Please see the SDK's module/script/proctemplate.py (or any other *.py file in that directory) for examples how to use the new API.
processor module-related notifications: some of those have either been renamed, or have possibly changed signature
Most (all?) of the renamed functions, constants, etc... should be covered, in all modules: ida_*, idaapi, idc, ...
If something doesn't work/isn't there anymore, it's likely an omission from our side. In that case, please let us know about any missing bits & pieces, that you believe should be there and that we might have forgotten!
clear IDA 7.0: Automatic discovery of string literals during auto-analysis
Experienced, power users wishing to obtain the best initial auto-analysis results, in particular on files containing non-ASCII string literals.
Note that IDA usually already provides very good results out of the box, so the information below is really for expert, fine-tuning purposes.
When it performs its initial auto-analysis IDA will, among many other things, look for string literals in the segments that were loaded from the file.
That "looking for string literals" relies rather heavily on heuristics, to tell possible string literal from other things. Some of the concepts used by those heuristics are:
length of candidate string
proximity of other strings
whether characters of candidate strings are printable
whether characters are part of ida.cfg's set of acceptable chars in a string literal
whether characters met in the candidate string are either ASCII, or for those that are non-ASCII if they are all part of the same language
?
The rest of this document will focus on the 4th item: the set of acceptable chars in a string literal.
Prior to IDA 7.0, string literals were just treated as strings of bytes, and it was assumed that the locale's encoding should be used whenever decoding those into actual, displayable strings.
That worked satisfyingly well, but led to many false positives, and the impossibility to have IDA perform the best auto-analysis possible, even when the user knew what specific encodings were used in the file.
IDA 7.0 changes that, and always assigns default encodings for encodings with 1-, 2- and 4-bytes-per-unit.
Example 1-byte-per-unit encodings are: CP1252, CP1251, UTF-8
Example 2-bytes-per-unit encodings are: UTF-16
Example 4-bytes-per-unit encodings are: UTF-32
Unless one is specified, IDA will 'guess' those encodings, and for the 1-byte-per-unit encoding, it'll do so in the following manner:
if the file is a typical Windows or DOS binary (i.e., PE, EXE or COM), then
if running on Windows, then use the locale codepage
else (i.e., running on Linux or OSX) default to CP1252
otherwise,
default to UTF-8
Those are the "best guess" defaults and they are, in effect, not very different from what was happening in IDA before version 7.0
ENCODING configuration directiveSpecifying ENCODING in the ida.cfg configuration file (or on the command line) lets the user inform IDA that the bytes in a 1-byte-per-unit string literal, are encoded using that encoding.
Now that the default (or ENCODING-specified) encoding topic is covered, let's get back to the root of the problem..
Before 7.0, IDA would use ida.cfg's (somewhat confusingly-named) AsciiStringChars directive, to determine what bytes were possibly part of a string literal.
That AsciiStringChars directive is a byte string, which contains essentially all printable ASCII chars as well as a subset of the upper 128 values of the [0-256) range.
The most visible problems with this are:
whenever a user wants to improve AsciiStringChars to match the set of bytes that look valid in a different encoding, the user typically has to:
look up that encoding definition, to see what values above 0x7F are likely valid string literal characters in that encoding
encode those in the global ida.cfg file, which can be pretty tricky if the user's editor is not setup to work in that target encoding: it will show those byte values as other characters
no support for UTF-8 sequences: AsciiStringChars doesn't support multibyte encodings. If the user is analyzing, say, a Linux binary file, it's likely that non-ASCII string literals are encoded using a multibyte encoding such as UTF-8. There was no way for the user to express what non-ASCII UTF-8 sequences are acceptable, in ida.cfg.
Instead of AsciiStringChars consisting of a C-like string of bytes describing the acceptable set of characters, we have:
renamed AsciiStringChars to the less ambiguous StrlitChars
bumped StrlitChars into something more evolved, which can contain not only character literals, but also different forms of content
Let's look at those..
StrlitChars formatThe new StrlitChars is composed of a sequence of entries. E.g.,
We can observe that:
entries are separated by ',' (commas)
string literals are accepted, which allows adding ASCII printable characters very easily
Unicode codepoints (uXXXX entries) are accepted
you can add a whole 'culture' to the set of accepted characters/codepoints
you can add the 'current culture' to the set of accepted characters/codepoints
When IDA starts, it will compile that directive into an efficient lookup table, containing all the codepoints that were specified, and that lookup table will be used just like AsciiStringChars was used to determine what codepoints are acceptable in a string literal.
Let's now take a closer look at the notions of 'culture' and 'current culture'.
First of all, let's be blunt: we use the term 'culture' for lack of a better word. It doesn't represent an actual culture in terms of history, tradition, ?
A 'culture' in IDA is a quick way to represent a set of codepoints, that conceptually belong together. Typically, those 'culture's will contain many letters, but very few symbol or punctuation codepoints (in order to reduce the number of false positives in automatic string detection.)
As an example, if we wanted to add the set of characters supported by the "Western Europe" charsets to the StrlitChars directive without using 'cultures', we could do it like so:
Note that we just introduced two additional syntactic possibilities [1], here:
Unicode codepoint range: uXXXX..uXXXX (end inclusive)
Codepoint suppression: -uXXXX
As you can guess, it can become a tad tedious -- and Latin 1 is simple, but if I wanted to add the characters that are likely to be found in, say, the "Baltic" culture (which roughly corresponds to codepage CP1257), I would have had to add ~70 disjoint codepoints, which makes it become cryptic & error-prone.
IDA ships with a predefined set of 'culture' files. They can be found in the cfg/ directory:
?but you are of course free to add your own, and/or modify or improve the existing ones as needed (you can even send those back to us; they'll be very much welcome!)
Ok, so now you know a bit about what is a 'culture' in IDA's parlance. There's one more thing to cover though, and it's non-trivial: the CURRENT_CULTURE token.
CURRENT_CULTURE about?The StrlitChars directive will typically contain the CURRENT_CULTURE directive. That instructs IDA that all codepoints derived from the 'current culture' that IDA is operating with, should be considered valid codepoints in string literals.
There can be 2 sources of information for IDA to know what 'current culture' it should be operating with:
the CULTURE config directive (in ida.cfg), or
the default 1-byte-per-unit character encoding of the IDB, if that encoding is not UTF-8 [2] (regardless of whether IDA assigned that default 1-byte-per-unit character encoding, or whether the ENCODING directive was provided.)
Let's have a look at those.
CULTURE config directiveIt is possible to tell IDA, at start-time, what 'culture' it should be operating with, by setting the CULTURE configuration directive in the ida.cfg file. E.g.,
The above statement means that IDA will load the cfg/Cyrillic.clt file, parse its set of codepoints, and add that to the ones already specified by the StrlitChars directive.
Therefore, when performing its initial auto-analysis, IDA will consider valid for a string literal all codepoints defined by StrlitChars, and that means:
codepoints within the specified ASCII subset,
or among the set of carefully-selected symbols ('COPYRIGHT_SIGN', etc..),
or among the set the codepoints featured in the cfg/Cyrillic.clt file.
If you didn't specify the CULTURE config directive though (which is the default), IDA will try to 'guess' the culture, from the current 1-byte-per-unit encoding of the database, but only if that encoding is not a multibyte encoding (e.g., UTF-8.)
However, if the encoding is UTF-8, things will be different?
Non-UTF-8 files: deriving the 'culture' from the default 1-byte-per-unit encoding
By default, IDA doesn't have a CULTURE specified in its ida.cfg file. Instead it will try to derive the 'current culture' from the default 1-byte-per-unit encoding (provided that encoding is not UTF-8)
Whether that encoding is specified using the ENCODING directive, or if it is guessed from the system's locale, IDA will derive the 'current culture' from that encoding using the following table in ida.cfg:
For example, if the default 1-byte-per-unit encoding is CP1252, IDA derived that the 'culture' is Latin_1, causing auto-analysis to discover the following string in a file:
?but if that encoding is something else (e.g., CP1251), then you might end up with this instead:
That is because IDA derived the 'culture' from the encoding, which in this case led to the 'Cyrillic' culture, which doesn't contain the French letter 'é', causing string recognition to fail.
In order to fix this, you can run IDA like so:
Then, all is fine again: IDA could find that string literal:
In addition, if you are very often disassembling files that require that you specify a given ENCODING, you can simplify your workflow by either
setting ENCODING in ida.cfg: ENCODING=CP1252
adding Latin_1 as culture in StrlitChars:
UTF-8 files: specifying a CULTURE for IDA to provide the best auto-analysis
In case the default database encoding is UTF-8, however, IDA cannot derive a 'culture' from it.
In that case, IDA will consider by default that all non-ASCII codepoints are not acceptable. That's because accepting all non-ASCII codepoints by default, would possibly bring too many false positives.
To change that behavior, you can specify the CULTURE configuration directive to match what you believe is the language(s) that the binary file's strings are encoded in.
For example, in an UTF-8 Android Dalvik file that contains some French text, IDA might fail to recognize the following string:
?and turn it into double-words instead at the end of the auto-analysis:
In order to fix this, you can specify the 'culture' for IDA to consider the acceptable set of non-ASCII codepoints for that file:
?and IDA will be able to determine that there is indeed a string there:
CULTURE=all: accept codepoints from all cultures
Although in the previous section we mentioned that accepting all codepoints by default in a string literal might lead to many false positives, it is still possible to instruct IDA to do so, by using the all wildcard:
CURRENT_CULTURE: wrapping upTherefore, the user can either:
specify an ENCODING for 1-byte-per-unit string literals, and if that encoding is not UTF-8 let IDA derive the 'current culture' from it, or
specify a CULTURE, to override whatever IDA might have derived from the effective database 1-byte-per-unit encoding (regardless of whether it was guessed, or specified with ENCODING)
There's a lot of non-trivial information for you to process in this document, and by now you might be either a bit overwhelmed, or just plain confused.
Let me sum up the information in the following manner:
On encodings:
IDA now automatically guesses & assigns 1-byte-per-unit, 2-bpu and 4-bpu encodings to a database
That guess can be overriden by specifying an ENCODING
Regardless of whether it was guessed or specified, that encoding can be used to derive a 'current culture'. That doesn't work for UTF-8 though, as that encoding covers the whole Unicode range
On StrlitChars:
IDA 7.0 introduces the notion of 'culture'. A 'culture' file describes a set of codepoints that are conceptually grouped together, although they can be disjoint in the Unicode specification
IDA 7.0 extends the previous AsciiStringChars directive, by making it capable to express much more than just 1-byte characters, and renamed it to StrlitChars
StrlitChars has a rather flexible syntax, allowing for literals, codepoints, codepoint ranges, codepoint blocks, codepoint suppressions, embedding 'cultures', and even embedding the 'current culture'
The 'current culture' is either guessed from the 1-byte-per-unit default encoding, or can be specified with the CULTURE directive
Just as with IDA 6.95's AsciiStringChars, the new StrlitChars will be used by the initial auto-analysis, in order to guess possible string literals in the program
See ida.cfg for a wider coverage of the syntax
UTF-8 covers the whole Unicode codepoint range, and thus a 'culture' derived from the UTF-8 encoding would be overly inclusive and turn up many false positives
Welcome to IDA 7.0!
The biggest news is that IDA is a native 64-bit application! First of all it means that now it can eat all memory of your computer and thrash it :) But jokes aside, switching to 64-bit aligns IDA with other modern software and makes it more compatible with the rest of the world. For example, IDAPython integration will be easier and more streamlined because many operating systems nowadays come with the 64-bit Python preinstalled (32-bit Python won't work anymore).
Second, we took this change as an opportunity (since old 32-bit plugins won't work with 64-bit IDA anyway) to clean up the IDA API, make it more consistent and less confusing. If we failed or succeeded is to be seen, but we ourselves like the new API much more. The fundamental concepts remain the same and IDA did not lose any bit of its functionality during the cleanup. We minutely tested all changes and ensured that all our tests continue to pass as before or better. We also tried to make our 3 APIs: C++, Python, and IDC, to be closer to each other. Function names and their functionality are the same in most cases, but we tried to stay pythonic in Python and C++-ish in the C++ interface. Since the changes are huge and it is easy to lose your way, we prepared a which explains what has changed and how. We hope that it will greatly help you when porting your plugins to the new 7.0 API.
For Python and IDC we implemented a compatibility layer that will help you with your scripts. Most of them should run fine on 7.0 with very minor or no changes. We plan to turn off the compatibility layer in the next release, so please dedicate some of your time to port your scripts to run without it. See the page for more info.
To make the transition even smoother, we are also publishing a 32-bit version of IDA. It can (and should) be only used to run old 32-bit plugins while you are porting them to 64-bit. The 32-bit version of IDA can read v7 databases but it lacks some very nice new features. Let us introduce them now.
Now IDA is a truly international application that can speak all languages of the world because it uses UTF-8 everywhere. All scripts and plugins can use it. You can use UTF-8 in the disassembly listing, including comments or even the function names. This is not what we advise, therefore odd characters in names require some fine tuning. See the page for all the gory details.
By the way, the existing databases will have to be upgraded to benefit from the UTF-8 encoding. We tried to make the upgrade process as simple as before but there is a catch: since old databases could use any encoding, IDA has to guess the old encoding on the fly. To learn how to help IDA with this error prone task, see the page.
IDA now parses and annotates exception handling information and RTTI. We plan to improve the decompiler and IDA to take advantage of this information in the future.
We greatly improved Objective C support both in IDA and the Decompiler. Now the metadata can be parsed on demand, not only at the loading time. The decompiler produces much nicer output:
We improved the OSX and iOS debuggers to handle OSX 10.13 and iOS 11. There are many changes under the hood but your experience should be the same as before or even better.
Processor Modules
ARM: added one more pattern of thumb->arm transition
ARM: arm64: use simplified aliases for UBFM/SBFM instructions when applicable
ARM: handle vfp instructions: VMOV immediate, VCVTB, VCVTT, VCVT with a fixed point operand
ARM: reduced complexity of the SP-analysis from quadratic to linear;
ARM: added a fix for Thumb switches with full addresses
ARM: added support of the new clang's switch pattern for arm64
ARM: extended LDRB switch pattern
ARM64: take into account instruction STP can load callee arguments into stack - add corresponding comments to such instructions
MIPS: recover more cross-references from stripped statically-linked PIC ELF files
MSP430: added simplification "movx @SP+, dst" -> "popx dst"
PC: added decoding of Control-flow Enforcement extension
PC: added decoding of newer AVX-512 extensions (4FMAPS, 4VNNIW, and VPOPCNTDQ)
PC: added new switch pattern
PC: decode PTWRITE instruction
PC: decode VMFUNC instruction
PC: detect more switch patterns from clang
PC: improved epilog detection
PC: improved prolog detection
PC: improved stack frame analysis in x64 files
PC: support another variation of x64 table-based switch with switch variable stored on the stack
PPC: added missed extended mnemonics 'rotld'
PPC: added new config flag PPC_ABI_EMBEDDED/ISA_EABI;
PPC: added support of PowerPC64 ELF V2 ABI
PPC: improved switch patterns;
PPC: r13-based operands are printed using simplified @sda suffix
SuperH: improved detection of functions when addresses are calculated with movi20s + add/sub
SuperH: added register definitions for SH7256
TMS320C3: improved stack tracing
tricore: added TRICORE_DEVICE and TRICODE_IORESP config parameters so that they can be set from scripts
File Formats
DWARF: Store file/line number information in IDB (only if requested, since it comes with a performance penalty)
ELF: added processing of many previously unsupported PPC64 relocations
ELF: annotate headers (ELF, PHT, SHT) and convert more known data to structs (symtab, strtab, relocations, dynamic information)
ELF: annotate preinit/init/fini function arrays
ELF: convert all strtab entries to ascii strings (even the ones that are not referenced)
ELF: describe DT_HASH and DT_GNU_HASH
ELF: describe symbols using symtab from DYNAMIC section
ELF: detect overlapping sections in SHT and prevent them from processing data (but still load them in the database)
ELF: don't obliterate data when patching PLT
ELF: don't skip processing relocations if symbol index is 0 (happens with IRELATIVE relocs)
ELF: IDA now uses the PHT by default instead of the SHT to load segments from ELF files
ELF: improved support for TLS variables in relocatable files
ELF: load symbols using symtab from DYNAMIC section when .dynamic section yields no symbols
ELF: PLT relocations for pc are now processed at relocation-application-time, instead of relying on the presence of a .plt section
ELF: ppc: added new ida.cfg variable PPC_FIX_GNU_VLEADRELOC_BUG to work around binutils bug 20744
ELF: process .ctors/.dtors sections for all architectures
ELF: recognize PLT stub functions from R_386_GLOB_DAT relocations
MACHO: support dyld_shared_cache files from OSX 10.13 and iOS 11
MACHO: support dyld cache slide info v2. This should improve analysis for dyld_shared_cache files from iOS 10 and OSX 10.12
MACHO: improved analysis of single modules within dyld_shared_cache files that have slide info
MACHO: added an option to load for single module plus its dependencies for dyld cache
MACHO: fixed incorrect resolution of Mach-O import table entries in files using both LC_DYLD_INFO_ONLY and LC_SYMTAB
MACHO: improved speed of objc metadata parsing
MACHO: support for apple-protected binaries from OSX versions < 10.6
MACHO: support x64 macOS kernelcaches with ketxs relocated at runtime
MACHO: added processing of the ARM64_RELOC_ADDEND relocation;
MACHO: allow the user to override the ASLR slide for dyld_shared_cache files
OBJC: added Objective-C Analysis Plugin; the plugin tries to create an xref between calls to objc_msgSend and the function that will ultimately be called by msgSend
OBJC: perform Objective-C specific analysis on the decompiler output
OBJC: implemented a "step into" action for Objective-C (Debugger>Run until message received)
OBJC: allow user to jump to a method definition given a selector string (Jump>Jump by selector)
OBJC/MACHO: IDA can now extract Objective-C type info via 'Load debug info' in the Modules view during debugging
OBJC: now objc metadata can be parsed on demand, not just at load time
OBJC: implement demangling of objective-C methods in Swift classes
TDS: added support for executable with debug info appended to the end of the file
PDB: added an explicit check for odd paths (e.g. UNC) of pdb files; if such a path is detected, we display one more warning to the user
Debugger
debugger: iOS: support debugging on iOS 11
debugger: iOS: support source-level debugging in Remote iOS Debugger
debugger: iOS: support Appcalls in Remote iOS Debugger
debugger: iOS: added support for ARM(64) FPU/NEON registers
debugger: iOS: identify regions of process memory in greater detail
debugger: iOS: always allow the user to specify a pid when attaching to a process
debugger: OSX: support debugging on OSX 10.13
debugger: OSX: improved support for debugging system libs from /usr/lib and /System/Library/Frameworks (any libs included in the dyld_shared_cache)
debugger: OSX: identify regions of process memory in greater detail
debugger: remote mac debuggers are signed and don't have to be run as root
debugger: BOCHS: added support for Bochs 2.6.9
debugger: LINUX: added environment variable IDA_SKIP_SYMS to ignore the exported names from the main module
debugger: LINUX: try to load separate debug info file for libpthread.so, if environment variable DEBUG_FILE_DIRECTORY is set
debugger: GDB: added software breakpoint for powerpc
debugger: GDB: added support for banked ARM register layouts
debugger: GDB: added support for no-acknowledgment mode (QStartNoAckMode) for reliable connections (set by default; unset by changing the stub options)
debugger: GDB: added support for uploading files to the server
debugger: GDB: enable "run a program before starting debugging" option and "Choose a configuration" for all processors including x86/x64
debugger: GDB: fetch processes list from gdbserver if supported
debugger: GDB: fetch target description from gdb stub as early as possible (mimic GDB behavior)
debugger: GDB: show the full path to be run if the user enabled "Run external program before debugging" before actually executing it
debugger: PIN: added support for appcall
debugger: debug servers can now be launched with '-kk' to specify that in case the connection between IDA & them is broken, the process should be terminated immediately
ios_deploy: added "codesign" and "appify" phases
ios_deploy: added "usbproxy" phase
ios_deploy: added "launch" phase
ios_deploy: added "kill" and "proclist" phases
ios_deploy: added "install_ex" phase
Kernel/Misc
kernel: switched to PCRE2 for the regular expression engine. Now Perl extensions (\s, \d, \w and so on) can be used in regular expressions
kernel: improved handling of 'noret' function attribute (fix endless looping in some cases);
kernel: documented ABANDON_DATABASE in ida.cfg
kernel: added separate "mingw" abi name; it can be specified for the visual studio compiler
kernel: renamed environment variable NONAMES to be IDA_NONAMES
FLIRT: Added detection of 32-bit mingw/mingw-w64 startup functions
FLIRT: Added detection of 64-bit mingw-w64 startup functions
FLIRT: Added detection of Android Bionic libc startup for ARM
FLIRT: Added MFC signatures for vc1410 (Visual Studio 2017)
FLIRT: Added MFC signatures for vc143 (Visual Studio 2015 Update 3)
FLIRT: Added signatures for Android NDK/ARM (up to version 13b)
FLIRT: BC: added signatures for xe102 (RAD Studio 10.2 Tokyo)
FLIRT: DM: added signatures for Digital Mars 2.073.0
FLIRT: ICL: Added signatures for icl164 (Intel C++ 16.4)
FLIRT: ICL: Added signatures for icl170 (Intel C++ 17.0)
FLIRT: ICL: Added signatures for icl171 (Intel C++ 17.1)
FLIRT: ICL: Added signatures for icl174 (Intel C++ 17.4)
FLIRT: VC: Added signatures for vc1410 (Visual Studio 2017)
FLIRT: VC/VC64: added signatures for ucrt 15063 (Windows 10 Creators Update SDK)
FLIRT: pcf/pelf/plb/...: added option to modify pattern using regex (-E)
FLIRT: pcf/pelf/plb/...: added option to skip bytes before first label at pattern beginning
FLIRT: remove __ehhandler and __unwindfunclet pseudo-functions from signatures
FLIRT: the parser tools now remove by default any bytes before the first label (unset with -L)
FLIRT: mingw, mingw-w64: added detection of 32- and 64-bit mingw-w64 startup functions from the sourceforge builds (7.1.0rev2 and 7.2.0rev0)
FLIRT: sigmake: document -v (verbose) switch
FLIRT: upgraded ulink signatures
IDS: Added IDS files for MFC120 and MFC140
PCF: added option to specify startup segment name
PCF: the -s option (skip unknown relocations) has been renamed to -k
SIG: added signatures for VS ucrt 14393 (Windows 10 Anniversary Update SDK)
TIL: Updated UEFI TILs to version 2.5
TIL: Updated NTAPI type library
TIL: Added type library for Android NDK
RTTI: new plugin for parsing RTTI (run-time type information) produced by MSVC, GCC and LLVM in PE, COFF and ELF files
RTTI: added detection for MSVC's ThrowInfo and related sub structures
RTTI: added type information to comment for catchable types
EH_PARSE: new plugin to parse EH (exception handling) information present in ELF, COFF, Mach-O, and PE files. NOTE: enable display in Options-General-Try block lines
User Interface
UI/qt: ability to delete breakpoints by group
UI/qt: ability to toggle between mangled & demangled versions of "Imports" & "Exports"
UI/qt: added fuzzy-searching in choosers
UI/qt: implemented ability to write custom actions for individual registers in the "General registers" (and similar) view (E.g., during a debugging session)
UI/qt: on Windows, text in message boxes (and warnings, errors, ...) can now be selected with the mouse, and copied to clipboard (it was already the case on OSX & Linux)
UI/qt: when copying tabular data (e.g. from choosers) to the clipboard, IDA now generates tab-separated values instead of aligning the text with spaces
UI/qt: when running on Linux/X11, selecting parts of the disassembly with the mouse (or Shift+navigation), will update the X11 'selection' clipboard (limited to what's visible on the screen.)
UI/qt: the Python/IDC command line auto-completion now responds to "Shift+Tab" appropriately, and goes back in history
UI/debugging: improve the formatting of the Call Stack window
UI/txt: decompiler can now be used interactively in the text version of IDA
UI: create/add/delete segment messages could be mixed up in the log
UI: do not ask permission to overwrite empty files, no info will be lost anyway
UI: pressing F9 with no debugger selected now starts the process automatically after user selects a debugger
UI: added a new action "copy field info to pointers"; it copies name and type info from a struct definition to the pointed locations for the current struct variable;
UI: all navigation actions are now proper actions, allowing their shortcuts to be overriden (and to be triggered programmatically.)
UI: many cursor movement actions can now be assigned another user-defined shortcuts
UI: mention that selector values are in paragraphs
UI: proximity view: added option to not show the collapsed nodes
UI: script snippets are now automatically saved to the database (and thus persisted to disk when the user presses Ctrl+W)
UI: script snippets: Pressing <Tab> or <Shift+Tab> while there is a selection, will cause that selection to be "block indented" (or unindented)
UI: on Windows, use Consolas font by default, as the venerable FixedSys is lacking glyphs for many Unicode characters
Scripts & SDK
IDAPython: ability to programmatically query or set the graph position + zoom level
IDAPython: ability to store attributes on tinfo_t objects
IDAPython: added example showing how to synchronize two graph views (i.e., IDA View-B follows IDA View-A, at another zoom level)
IDAPython: added IDAPython module ida_dex to access loaded DEX file information
IDAPython: hexrays: cexpr_t & cinsn_t are now writeable, allowing many modifications of the C tree
IDAPython: opened many low-level graphviewer-related functions (those were previously unavailable)
IDAPython: support for microcode_filter_t (see vds8.py example)
IDAPython: added View_Hooks for hooking IDAView events
IDAPython: fix idaapi.py dependencies
IDAPython: exposed get_predef_insn_cmt()
IDC: fix documentation for the StepUntilRet() function
IDC: support 64bit file/linput size/offset
BUGFIXES
BUGFIX: "Dump to IDC" command could create incorrect idc files (the entry point of some functions would not be marked as code)
BUGFIX: "step into" debugger action would fail for ARM64 BR/BLR instructions
BUGFIX: 32-bit iOS targets would erroneously segfault on iOS 10
BUGFIX: AD218X: Direct Instruction Type 27 was being incorrectly decoded
BUGFIX: AD218X: some branch instructions would refer to data instead of code memory
BUGFIX: AskUsingForm could crash if a space was present in the form's description, before the field type
BUGFIX: COFF (mips): the relocations REL_MIPS_REFHI, REL_MIPS_PAIR, REL_MIPS_REFLO was processed incorrectly when the relocation value (addend) is non zero;
BUGFIX: COFF: fixed recognition of files produced by TI's Code Composer Studio 6
BUGFIX: DWARF could erroneously deduce calling conventions as __fastcall even if some registers that take part in a __fastcall were skipped
BUGFIX: DWARF could fail to set the function prototype in some Mach-O files, in case Obj-C parser already typed it
BUGFIX: DWARF: Better handling of types whose DW_AT_byte_size is a (improper) unsigned 32-bit 0xffffffff value
BUGFIX: DWARF: Could fail with INTERR 782 with some variable-sized structures constructs
BUGFIX: DWARF: Do not apply TINFO_DEFINITE to __usercall prototypes
BUGFIX: DWARF: Do not mark function prototypes as TINFO_DEFINITE if producer is clang <= clang-500.2.79 (it produces bogus info)
BUGFIX: DWARF: Do not rename function F with name N, if there is already an item with name N of type data+offset pointing to F
BUGFIX: DWARF: During debugging, performing "Load module symbols" on multiple modules could cause the DWARF plugin to complain about invalid types
BUGFIX: DWARF: MinGW/Cygwin-produced PE x64 files could show __fastcall's as __usercall, even though the code does respect Microsoft's x64 ABI convention
BUGFIX: DWARF: Support for scattered arglocs was broken
BUGFIX: DWARF: When it encountered certain DWARF attributes (only used by LLVM8 so far) which it couldn't handle, the DWARF plugin would stop
BUGFIX: DWARF: clang 3.8.0 emits DWARF relocations to symbols of type 'STT_NOTYPE' in relocatable files. Those were not properly handled for relocations to DWARF sections
BUGFIX: DWARF: could fail loading DWARF info with 'R_X86_64_DTPOFF32' relocations
BUGFIX: DWARF: could override '__noreturn' attribute of functions
BUGFIX: DWARF: handle gcc's bogus "typedef __va_list_tag __va_list_tag" structure names
BUGFIX: DWARF: some register aliases could be lost because complex location descriptors were improperly handled
BUGFIX: ELF: IDA could fail to apply relative relocations for FreeBSD
BUGFIX: ELF: ida could hang trying to load a ppc64 elf file with unknown bits in the elf flags
BUGFIX: ExportData action would silently overwite the output file if it already existed
BUGFIX: Fixed DWARF->IDA register mappings for ARM64
BUGFIX: For processor modules that aren't capable of reporting the minEA/maxEA, IDA wouldn't show scrollbars to scroll through the disassembly
BUGFIX: GDB: the 64-bit ELF files created by IDA for snippet debugging were using incorrect layout of program header entries
BUGFIX: GDB: the ELF files created by IDA for snippet debugging were missing information about BSS segments
BUGFIX: GDB: the GDB plugin would not activate for big-endian ARM binaries
BUGFIX: IDA could crash at startup on OSX 10.8
BUGFIX: IDA could crash when editing code in the "Scripts snippets" dialog
BUGFIX: IDA could crash when parsing corrupted codeview data
BUGFIX: IDA could crash when saving types with attributes
BUGFIX: IDA could crash while in proximity view, when performing path-related operations
BUGFIX: IDA could die with a fatal error during sp analysis
BUGFIX: IDA could fail to display first lines of disassembly for IDBs created in pre-4.0 IDA versions
BUGFIX: IDA could fail to distinguish between ARM VCVT/VCVTR instructions
BUGFIX: IDA could fail to load some elf core files
BUGFIX: IDA could fail to set a breakpoint at an address inside dyld_shared_cache
BUGFIX: IDA could fail to step over ARM TBZ/TBNZ instructions
BUGFIX: IDA could fail with interr 1263 if 2 different definitions of the same enum group were encountered
BUGFIX: IDA could hang momentarily at startup when many iOS devices were connected, even if the iOS Debugger was not being used
BUGFIX: IDA could hang trying to load a corrupted elf file
BUGFIX: IDA could hang trying to load a corrupted pe file
BUGFIX: IDA could hang while loading corrupted macho files
BUGFIX: IDA could interr 20016 on corrupted dyld_shared_cache files
BUGFIX: IDA could interr when loading pdb info for mozilla's xul.dll
BUGFIX: IDA could sometimes crash at startup (or after a debugging session) when the IDA View-A is a graph
BUGFIX: IDA would display a not-so-useful error message when trying to attach to a process on iOS 10 if fetching process list failed; now user can enter a PID to attachh
BUGFIX: IDA would fail to launch on OSX case-sensitive volumes because it couldn't find the cocoa plugin
BUGFIX: IDA would fail to step over ARM BR/BLR instructions
BUGFIX: IDA32 could try to load PE+ files and fail; now we explicitly advise to use ida64 for these files
BUGFIX: IDA64 could accept invalid files correctly rejected by ida32
BUGFIX: IDAPython: "atoa" was returning erroneous results for programs with a real segmentation
BUGFIX: IDAPython: 'delay_slot_insn' was not usable
BUGFIX: IDAPython: 6.95 introduced a regression in idc.GetMarkedPos()
BUGFIX: IDAPython: FindImmediate() was broken and could not be called
BUGFIX: IDAPython: IDA could crash at exit-time when no IDB was opened, and a timer fires right during the closing sequence
BUGFIX: IDAPython: IDA could crash if a simplecustviewer_t subclass closed itself by reacting to the "Escape" key
BUGFIX: IDAPython: back/front in qvector's were not usable
BUGFIX: IDAPython: don't rely on internal qcp.sh tool for building on OSX
BUGFIX: IDAPython: hexrays callbacks could not handle the 'hxe_create_hint' notification
BUGFIX: IDAPython: ida_idaapi.require() would set a binding to the imported module as attribute on the importing module's globals(), only if no the imported module was not already present (and possibly require()d by another module.)
BUGFIX: IDAPython: ida_ua.get_dtyp_by_size() would return a python 'str', incompatible with the 'dt_*' enumeration
BUGFIX: IDAPython: ida_ua.get_operand_immvals() wasn't functional
BUGFIX: IDAPython: idc.ExtLinA() & idc.ExtLinB() were broken
BUGFIX: IDAPython: idc.GetMarkedPos() & idc.GetMarkComment() couldn't be called with '-1' to prompt for the position
BUGFIX: IDAPython: idc.GetStringType() could return something other than None for locations that have offsets (but no strings.)
BUGFIX: IDAPython: netnode.get_name() was broken
BUGFIX: IDAPython: remove_tinfo_pointer() was unusable
BUGFIX: IDAPython: simplecustviewer_t::AddLine wouldn't apply the fg/bg colors unless they were provided as long
BUGFIX: IDAPython: simplecustviewer_t::RefreshCurrent() was not refreshing the view
BUGFIX: IDAPython: some ARM-specific operand type definitions were incorrect
BUGFIX: IDAPython: some SDK functions could cause IDA to crash if NULL pointers were passed (through 'None'.)
BUGFIX: IDAPython: the makefile was unconditionally trying to build the hexrays module, even when no '--with-hexrays' was specified to build.py
BUGFIX: IDAPython: use_regarg_type3 was impossible to use
BUGFIX: IDAPython: using ida_graph.GraphViewer with 'close_open=True' would cause an error because '_ida_kernwin' wasn't imported
BUGFIX: IDAPython: was not exposing ida_bytes.update_hidden_area() anymore (on which idc.SetHiddenArea relies)
BUGFIX: It was impossible to change the font for the 'Execute script' window
BUGFIX: Launching remote debug sessions could fail at the second attempt (and later ones) in some cases
BUGFIX: MACHO: IDA could crash on bad data in dyld export info
BUGFIX: MACHO: IDA could hang on corrupted bind info
BUGFIX: MACHO: analysis of dyld_shared_cache files could fail due to miscalculated dyld slide values
BUGFIX: MACHO: classic relocations could be applied incorrectly for x86_64 MH_BUNDLE files
BUGFIX: MACHO: corrupted macho-o files could hang ida
BUGFIX: MACHO: dyld pcrel32 relocations were applied incorrectly in some cases
BUGFIX: MACHO: fixed incorrect handling of ARM64_RELOC_PAGEOFF12 and ARM64_RELOC_PAGE21
BUGFIX: MACHO: fixed processing of the ARM64_RELOC_SUBTRACTOR relocation;
BUGFIX: MACHO: ida could loop endlessly when loading corrupted files
BUGFIX: MACHO: objc class structure could be reconstructed incorrectly
BUGFIX: MACHO: stubs for weak imports could be incorrectly converted to infinite loops
BUGFIX: MSP430: fixed display of 20-bit values from instructions with extension word
BUGFIX: NTAPI: the wrong calling convention was used for InterlockedIncrement() from ntdll.dll
BUGFIX: OBJC: objc parser did not handle anonymous structures properly
BUGFIX: OMF: corrupted omf file could lead to interr 20066
BUGFIX: On Windows, "File > Produce file > Create XXX file" would fail to add the extension to a file name that is entered without it
BUGFIX: Opening a stack frame and programmatically changing the function stack's extents, would not update the scroller of the view nor allow jumping to the new beginning/endings of the stack frame
BUGFIX: Opening decompilation for small functions whose body fits in the view, could cause the first few lines to not be shown until manually scrolled to
BUGFIX: PC: fixed "mov sreg, r/m16" to always uses 16-bit memory references
BUGFIX: PC: some XOP instructions could be incorrectly decoded in 32-bit mode
BUGFIX: PC: some invalid VEX/EVEX/XOP instructions would be decoded as if they were valid
BUGFIX: PC: the crc32 instruction could be incorrectly decoded in 64-bit mode
BUGFIX: PC: the rdmsr and wrmsr instructions were decoded by "Intel Pentium real with MMX" (they're only available in protected mode)
BUGFIX: PCF: the "skip unknown relocations" option was being ignored
BUGFIX: PDB: could cause IDA to crash on some files
BUGFIX: PDB: in some situations IDA did not release PDB symbols after debugging sessions
BUGFIX: PDB: the pdb plugin could cause _guard_dispatch_icall_nop to be incorrectly marked as noreturn, leading to broken code flow in some x64 PE files with PDB information
BUGFIX: PDB: the remote win32 server could crash when closing connections while opening pdb files
BUGFIX: PE: IDA would ask about loading segments twice in manual loading mode
BUGFIX: PE: fixed endless loop when analyzing SEH handlers
BUGFIX: PPC: a conversion of the pair of immediates value to the dword which is displayed as a comment did not work after the initial phase of the analysis;
BUGFIX: PPC: incorrect call of add_dref occurred when emulating an indexed access to an array;
BUGFIX: PPC: restored displaying a comment for xrefs from the current instruction as it was done in IDA 6.9
BUGFIX: PPC: segments registers incorrectly converted from v.6.8 (from v.6.9 everything is OK);
BUGFIX: PPC: some instructions were incorrectly disassembled (r0 should be treated as zero instead of a register)
BUGFIX: PPC: the referencing address (from) in the call of add_dref should be a head
BUGFIX: Pressing Shift+Up/Down while at a listing boundary, wouldn't move the cursor's X position to the beginning or end of the line (for start & end of listings, respectively, allowing selection of text to comfortably reach the beginning or end of the view.)
BUGFIX: Pressing left or right while in Pseudocode view and auto-analysis was not finished, could eat the key and not move the cursor
BUGFIX: Proximity: collapsing children of nodes that are part of a 'path' could cause IDA to INTERR
BUGFIX: SDK: arm.hpp was attempting to include non-existent files
BUGFIX: TMS32028: fixed the plain binary file loading, the bytes in the word were swapped
BUGFIX: TMS320C28: added tracking of DP register value in 'mov DP,#10bit' instruction
BUGFIX: TMS320C28: do not create a redundant variable at the start of DP page
BUGFIX: TMS320C28: removed the obsolete hints when reanalazing a program
BUGFIX: TMS320C28x: added decoding for 'CLRC/SETC CNF' instructions
BUGFIX: TMS320C28x: instruction 'MPY ACC,loc16,#16bit' was wrongly decoded
BUGFIX: TMS320C3: graph view could be wrong
BUGFIX: TMS320C3: instructions LDI||LDI and LDF||LDF were incorrectly decoded
BUGFIX: Toggling fullscreen (F11) in a disassembly view and back, could result in IDA not realizing that the number of displayed lines became smaller and make the cursor invisible
BUGFIX: Using enums (or names) in IDC snippets could lead to a compilation error, while it would work if the same code was run from an .idc file
BUGFIX: Using the "Shortcuts" editor to save a shortcut such as '\', will cause IDA to complain at next startup
BUGFIX: WINDBG: double-clicking on an empty line in output window during a windbg session would crash IDA
BUGFIX: When evaluating low-level conditions, the debugger module could fail reporting some events
BUGFIX: When no enumerations were present in the "Enums" view, pressing 'PageDown' would result in the comment being duplicated
BUGFIX: WinDbg: when run under text IDA (idaw.exe), console processes could share the same stdout as idaw.exe itself, causing a possible deadlock any time a debug event happens
BUGFIX: accessing Aarch64 decompiler plugin (hexarm64) in a script passed with '-S' would crash IDA, because that plugin wasn't pre-loaded
BUGFIX: ad218x: the "Modify Flag Out" (ena/dis) instruction was disassembled incorrectly
BUGFIX: analysis of dyld_shared_cache files could fail due to miscalculated dyld slide values
BUGFIX: analyze_area() would hang if analysis was enabled
BUGFIX: arm64: request calc_arglocs3 could return wrong size of stack arguments
BUGFIX: arm64: request calc_arglocs3 did not reject functions with wrong argument types
BUGFIX: arm: IDA could generate incorrect instruction VMOV Rt, Rt2, S31, CF
BUGFIX: arm: analysis could loop endlessly on a trivial "b self" loop
BUGFIX: backward binary search would hang on debugger segments
BUGFIX: base2file() could hang when given erroneous input
BUGFIX: calling ida_dbg.enable_[func|insn]_trace() with no debugger loaded, could crash IDA
BUGFIX: choose_enum_by_value() should display symbols that correspond to the sign extended value in addition to the specified value
BUGFIX: corrupted mach-o files could hang ida
BUGFIX: dalvik: xref from the call instruction was wrongly marked as jump xref
BUGFIX: dbg: dalvik: get method accessibility flags from DEX-method description, not from Java properties
BUGFIX: dbg: fixed the value of ptrace request for ARM architecture
BUGFIX: debugger: win32: IDA would fail to properly restore page breakpoints when restarting a process
BUGFIX: debugger: win32: read/write breakpoints of length 8 were not supported on x64
BUGFIX: dwarf plugin could fail to retrieve the register number from a location entry (off by 1 error)
BUGFIX: elf files with wrong arm attribute section could not be loaded
BUGFIX: elf, ppc: fixed processing relocation R_PPC_JMP_SLOT from the dynamic table;
BUGFIX: elf: in some cases reloc R_ARM_THM_PC8 could be computed incorrectly
BUGFIX: fix processoing of the R_AARCH64_ADR_GOT_PAGE/R_AARCH64_LD64_GOT_LO12_NC relocations
BUGFIX: fixed a crash in some rare cases
BUGFIX: fixed a potential vulnerability in davlik_debmod
BUGFIX: fixed display of required DIA SDK for x64
BUGFIX: fixed vulnerability in davlik_debmod
BUGFIX: floating licesense build of IDA could crash on systems using the latest glibc compiled with SSE optimizations enabled
BUGFIX: gdb: ARM: IDA could fail to stop while single-stepping in Thumb mode
BUGFIX: gdb: ARM: software breakpoints in Thumb mode could fail with SIGBUS signal
BUGFIX: gdb: IDA could fail to start debugging a 64-bit process with error "unknown register 'rax'" if "Intel x64" wasn't explicitly set in the gdb options
BUGFIX: gdb: IDA would not remember some options set in the gdb configuration dialog
BUGFIX: gdb: IDA would use stepping by default for non-x86 if the options dialog wasn't used
BUGFIX: gdb: start gdb connection by sending an ack for any possible packet sent by the remote side (mimic GDB)
BUGFIX: gdb: the PacketSize feature was not being respected
BUGFIX: gdb: the gdb debugger could misdetect some files as 64-bit for some architectures
BUGFIX: get_import_module_name() could return true and empty module name
BUGFIX: hexview: rendering, and synchronization between an IDA View & an Hex View, could be erroneous for processors with bytes that consist of more than 8 bits
BUGFIX: hexview: when a line starts by blanks (because it is the beginning of a segment, and that segment is not aligned on the same alignment of the view), the line contents could be shifted
BUGFIX: hexview: when scrolling, some lines could be duplicated if they started at an unaligned address
BUGFIX: hexview: when standing on an invalid position (i.e., BADADDR), pressing <F2> twice in a row would successfully enter edit mode (it should not)
BUGFIX: iOS Debugger could fail to retrieve the remote process list in some cases
BUGFIX: iOS debugger could produce incomplete stack traces when the process was stopped in the epilogue of a function
BUGFIX: iOS debugger would demand a remote hostname, even when AUTOLAUNCH was enabled in dbg_ios.cfg
BUGFIX: iOS debugger would fail to step after attaching to a process that needed to be rebased
BUGFIX: idaq64: IDC's SetCharPrm(INF_TRIBYTE_ORDER, ...) was not working
BUGFIX: idc expression "GetLocalTinfo(-1)" would cause interr 952
BUGFIX: idc: %f format specifier was not honoring the width and precision
BUGFIX: idc: ida could crash when adding a struct member which is a pointer to the struct itself
BUGFIX: if the same enum member was present in different tils but it had different values, it was not always possible to select it
BUGFIX: if the user cancels the attach-process selection dialog and then terminates the debugger server, then ida would continue to assume that the connection to the debugger server is intact
BUGFIX: in rare cases IDA could crash during rebasing
BUGFIX: in the "Structures" view, allow changing the type of an array of elements, if that type can fit in the size of the array
BUGFIX: installer: installation on a Windows machine without installed Python would fail to install Python
BUGFIX: kernel: search_* functions were not honoring the SEARCH_NOSHOW flag
BUGFIX: load_plugin(<name>) could fail to load a plugin from an alternate plugin directory
BUGFIX: loading of some PE+ files was taking too long time
BUGFIX: mac debugger was broken on OSX Sierra
BUGFIX: move_segm() would not move a segment into a free area under debugger in some cases
BUGFIX: moving the vertical scrollbar's thumb in Hex-Rays (or source-level debugging) views, could cause the view to jump to unexpected locations
BUGFIX: moving the vertical scrollbar's thumb to the very bottom in Hex-Rays (or source-level debugging) views, could fail to show the last line of code
BUGFIX: nec v850: IDA could generate wrong xrefs for some of reg+N operands
BUGFIX: noType() on an instruction operand, could remove the 'sign' or 'bitwise-negation' representation of the other operand in the process
BUGFIX: objc parser would not decode long types properly
BUGFIX: on Linux, the installer would unpack most of the precompiled Python runtime, even when asked not to
BUGFIX: on some versions of OSX, large stack traces could be incomplete
BUGFIX: pc: SP analysis could fail in functions with basic blocks unreachable from entry point such as exception handlers
BUGFIX: Linux/OS X: search results in the help viewer were always labelled "Untitled"
BUGFIX: set_member_type() was not checking for recursive struct nesting and could crash
BUGFIX: setting a breakpoint condition through "update_bpt()" could cause the condition to be unusable at breakpoint trigger-time
BUGFIX: setting a struct member type as an array without explicit size (like int[]) would set the member size to be zero; this is not what we usually want
BUGFIX: source debugging: the line number printed in the status bar was off by 1 from the number printed in the leftmost column
BUGFIX: source debugging: the status bar would show the file offset, but not the current address
BUGFIX: stack tracing was broken for x86_64
BUGFIX: the PDB plugin could cause internal error if called with invalid data (now it only results in a non-fatal warning)
BUGFIX: the SNES loader could interfere and cause IDA to exit on very large files (> 2GB)
BUGFIX: the decompiler would not take into account wide user-specified variables and would create additional variables that would overlap with them
BUGFIX: the navband could disappear when using a debugger that uses manual memory regions (e.g. iOS or GDB)
BUGFIX: the presence of the decompiler plugin on the disk without a license in ida.key would lead to error
BUGFIX: tms320c6: branch detection for bnop instructions was flawed
BUGFIX: type information propagation from unnamed array function parameters would result in incorrectly named data
BUGFIX: ui/qt: "Jump in new hex window" wouldn't jump to the right address
BUGFIX: ui/qt: IDA could leave F11-style fullscreen while navigating around and/or performing other actions
BUGFIX: ui/qt: If IDA encountered an error at startup, it might not have had time to create the taskbar icon yet, sometimes leaving that error/warning dialog hard to reach
BUGFIX: ui/qt: Using special mouse buttons 4 & 5 to move forward & backward in history, would change the cursor coordinates
BUGFIX: ui/qt: deleting a script snippet would mark the one that gets selected afterwards as 'modified'
BUGFIX: ui/qt: double-clicking on the 1st member of a struct, would cause the view to jump
BUGFIX: ui/qt: it was impossible to select the font from some listing widgets
BUGFIX: ui/qt: on Windows or OSX when a screen reader is used (e.g., JAWS or VoiceOver), the IDA View-A will automatically switch to flat listing since graph views are not accessible
BUGFIX: ui: ExportData action would silently overwite the output file if it already existed
BUGFIX: ui: IDA could lose the preferences for synchronization between views (and possibly registers, in case of debugging.)
BUGFIX: ui: OSX: idaq64 would always launch idaq if a file was dragged onto the dock icon
BUGFIX: ui: On Windows, the "Load a new file" dialog wouldn't create a taskbar entry, meaning it could be hard to find it on the desktop if another window showed up in front
BUGFIX: ui: Renaming an unsaved script snippet could lose its contents
BUGFIX: ui: The 'Default CLI' wouldn't be applied if IDA opened w/o a database
BUGFIX: ui: re-enabled building graph of code and data xrefs to current address
BUGFIX: ui: the "Functions window" could spend too much time refreshing the list of function names, even when no functions were modified
BUGFIX: ui: the "Segment registers" view had fixed minimum size, meaning it was impossible to resize other tabs in case it was opened in a tabbed view
BUGFIX: version info in idaq for windows was stored incorrectly
BUGFIX: when debugging a macho shared lib, IDA could throw INTERR(40201) if the application exited prematurely
BUGFIX: when debugging, toggling breakpoints could become impossible if the last closed widget was a hex view or stack view
BUGFIX: windbg: some registers (typically ST0) could lose their value after stepping
SDK: numerous changes. see for details.
clear IDA 7.0 SDK: Porting from IDA 4.9-6.x API to IDA 7.0 API
The SDK now only supports the new 7.0 API in x64 mode. The old SDK 6.95 can be used to develop plugins for IDA 7.0-x86 (which is ABI-compatible with IDA 6.95).
While the API has been revamped somewhat, most basic concepts still hold.
There are still two variants of IDA: one supporting 32-bit (ea_t is 32-bit) and the other 64-bit address space (ea_t is 64-bit). IDA database extensions remain correspondingly '.idb' and '.i64'.
Naming of IDA binaries has been unified across all OS variants:
The IDA GUI binary has been renamed from 'idaq[.exe]' to just 'ida[.exe]'.
The IDA text-mode UI has been renamed from 'idaw.exe' (on Windows) and 'idal' (on Linux/Mac OS X) to 'idat[.exe]' on all platforms.
Plugins, loaders, processor modules, and the kernel now use standard OS-specific suffixes ('.dll', '.so', or '.dylib') instead of custom extensions.
General approaches that were taken when cleaning up the APIs:
Try to use descriptive names and drop old, cryptic abbreviations.
Rename functions using camelCase to snake_case (e.g. 'isFlow' -> 'is_flow').
Move output parameters to the front of the argument list.
Change input parameters to const references whenever possible.
Remove obsolete and deprecated functions.
Rename functioname2/3 to just functioname (e.g. 'validate_name3' -> 'validate_name').
Rename functions with 64 suffix to the main name (e.g. 'qfseek64' -> 'qfseek').
File offsets are 64-bit in all functions working with files.
Get rid of global variables (not complete, but we made good progress).
Most functions accepting a buffer and size (or limited to MAXSTR) now use 'qstring' or 'bytevec_t' instead (depending on the nature of the data).
Assume UTF-8 in most functions dealing with text.
Try to get rid of forced struct packing and rearrange fields to avoid unnecessary gaps as needed.
Common porting steps for plugins/loaders/modules:
Add __X64__ to the list of preprocessor defines. You still need to compile with or without __EA64__ defined to select between 32- and 64-bit address space.
If using custom build system, change output extension to OS-specific suffixes ('.dll', '.so', or '.dylib').
IDA library link path should start with x64 instead of x86.
Some headers have been renamed and/or removed:
ints.hpp
<removed>
sistack.h
<removed>
area.hpp
range.hpp
queue.hpp
problems.hpp
srarea.hpp
segregs.hpp
area_t
range_t
areavec_t
rangevec_t
endEA
end_ea
startEA
start_ea
area-related methods have been renamed too (e.g. 'prev_area' -> 'prev_range').
The plugin entry prototype has been changed from:
void idaapi run(int);
to:
bool idaapi run(size_t);
The input parameter is now of type 'size_t', which allows passing a pointer as the argument of run() for extra possibilities.
The rest of the plugin interface is unchanged.
The prototype for 'accept_file()' has been changed from:
int idaapi accept_file(linput_t *li, char fileformatname[MAX_FILE_FORMAT_NAME], int n);
to:
int idaapi accept_file(qstring *fileformatname, qstring *processor, linput_t *li, const char *filename);
The desired processor may be returned in the 'processor' output parameter.
The return value has been extended with flags 'ACCEPT_ARCHIVE' and 'ACCEPT_CONTINUE'.
Loaders can also process and extract archives now. If you detect an archive, the return value for 'accept_file' should be ORed with the 'ACCEPT_ARCHIVE' flag. After extraction, all loaders are queried again, which means IDA can now handle multiply nested archives.
Non-archive loaders should extend the return value with the 'ACCEPT_CONTINUE' flag.
WARNING: The global variables 'cmd' and 'uFlag' are gone.
Most APIs return or accept an 'insn_t' structure with instruction details.
The 'processor_t' structure has had many unused and obsolete fields removed, such as 'flag2', 'rFiles', 'rFnames', 'rFdescs', and 'CPUregs'.
Most callbacks are now handled centrally via the 'notify()' function:
header
ev_out_header
footer
ev_out_footer
segstart
ev_out_segstart
segend
ev_out_segend
assumes
ev_out_assumes
u_ana
ev_ana_insn
u_emu
ev_emu_insn
u_out
ev_out_insn
u_outop
ev_out_operand
d_out
ev_out_data
cmp_opnd
ev_cmp_opnd
can_have_type
ev_can_have_type
is_far_jump
ev_is_far_jump
getreg
ev_getreg
ana.cpp
Change the prototype of 'ana' from:
int idaapi ana(void);
to:
int idaapi ana(insn_t *_insn);
You may then declare an 'insn_t' reference variable to simplify your code:
insn_t &insn = *_insn;
Then replace all uses of 'cmd' by 'insn'. You will likely need to pass 'insn' to other helper functions that used 'cmd'.
emu.cpp
Change the prototype of 'emu' from:
int idaapi emu(void);
to:
int idaapi emu(const insn_t &insn);
Then replace all uses of 'cmd' by 'insn'. You may need to adjust some code if it was relying on cmd being writeable.
out.cpp
The output functions now use a context structure ('outctx_t') instead of operating on a global buffer.
You must declare a class inheriting from 'outctx_t' and override its methods or add new ones for non-standard functions. For example:
Then use one of the two macros from idaidp.hpp:
DECLARE_OUT_FUNCS_WITHOUT_OUTMNEM(out_myproc_t)
or, if you implement 'out_mnem':
DECLARE_OUT_FUNCS(out_myproc_t)
Then prefix old function names with your class and rename them to match methods. For example, from:
to:
Then remove calls to 'init_output_buffer()' and uses of the buffer variable.
Other changes that must be made are:
Replacing references to 'cmd' with 'insn';
Replacing term_output_buffer()/MakeLine() sequence with flush_outbuf().
Most of the other code can remain intact or can be replaced by the new helper functions.
For other output-related callbacks, convert them to take an 'outctx_t &ctx' parameter and use its methods. For example, from:
void idaapi header(void);
to:
void idaapi myproc_header(outctx_t &ctx)
See the changes to 'ua.hpp' below for more information on converting the functions.
Also, see the SDK samples for more ideas.
reg.cpp
Remove the old callbacks from the 'processor_t' structure and call them from the 'notify()' function instead. For example:
For 'ev_out_insn', call 'out_insn()' generated by the macro in out.cpp:
When hooking notifications, return 0 for "not handled" instead of 1 as before.
Many notifications had their arguments types and/or order changed. Double-check your handlers against the new headers.
Instead of calling ph.notify() or similar, prefer helper inline functions for additional type safety. For example, use 'ph.get_operand_string()' instead of 'ph.notify(processor_t::get_operand_string, ...)'.
Some IDP events have been moved to the IDB event group (see the table class="table table-sm" below), so they should be handled on the HT_IDB level. You will need to move the corresponding code from the IDP notification hooks to the IDB hooks.
closebase
closebase
savebase
savebase
auto_empty
auto_empty
auto_empty_finally
auto_empty_finally
determined_main
determined_main
load_idasgn
idasgn_loaded
kernel_config_loaded
kernel_config_loaded
loader_finished
loader_finished
preprocess_chart
flow_chart_created
setsgr
sgr_changed
set_compiler
compiler_changed
move_segm
segm_moved
extlang_changed
extlang_changed
make_code
make_code
make_data
make_data
renamed
renamed
add_func
func_added
del_func
deleting_func
set_func_start
set_func_start
set_func_end
set_func_end
Make a new class derived from 'chooser_t' or 'chooser_multi_t'. Its fields are similar to arguments of 'choose2()' from IDA 6.95.
You should implement at least 2 methods:
'get_count()', and
'get_row()'.
The 'get_row()' method combines 3 methods of 6.95's old 'chooser_info_t':
'get_row()'
'get_icon()', and
'get_attrs()'
If you want to show actions Ins/Delete/Edit/Refresh in a popup-menu you should set new bits 'CH_CAN_...' in the 'flags' member.
The header line is stored in a new 'header' member.
All indexes are now 0-based. You can use new constant 'NO_SELECTION' for non-existing rows.
The default value is not stored in the 'chooser_t' structure now and it is passed directly to the 'choose()' function.
You can prepare a specialized version of the 'choose()' method that takes a special default value (e.g. an effective address). For this you should implement a new 'get_item_index()' method.
The 'update()' callback has been renamed to 'refresh()' and it returns the cursor position after refresh. If the data has not changed this callback should return a 'NOTHING_CHANGED' hint.
The returned value of the 'ins()', 'del()', 'edit()' and 'exit()' callbacks are the same as for 'refresh()' callback. E.g. the 'ins()' callback may return the cursor position of the newly inserted item. Or the 'del()' callback may return 'NOTHING_CHANGED' if it asked the user about the removal and he refused.
The 'initializer()' callback has been renamed to 'init()'. Its use allows you to prepare data when it is really needed (i.e., "lazy" populating).
The 'destroyer()' callback has been renamed to 'closed()' and it is called when the chooser window is about to close. To clean up the chooser data you should use the destructor.
The 'CH_MULTI' flag has been removed altogether. If you want to create a chooser with multiple selection, you should derive your class from 'chooser_multi_t'.
While callbacks for the 'chooser_t' class would receive and return a single value specifying the currently-selected row, callbacks of the 'chooser_multi_t' class will receive a vector of such values instead.
In a similar fashion, instead of using the 'NO_SELECTION' constant, 'chooser_multi_t' will use an empty vector.
In contrast to IDA 6.95, the selected items are now all processed at once, in one call to the 'ins()', 'del()', 'edit()' and 'exit()' callbacks (this greatly simplified implementing them.)
This section describes in detail the changes to the APIs for each file in the SDK.
NOTE: global variables 'auto_state', 'auto_display', and 'autoEnabled' have been removed.
[1] output argument moved to beginning of argument list
autoGetName
<removed>
autoStep
<removed>
<added>
auto_apply_tail
<added>
auto_recreate_insn
<added>
enable_auto
to be used instead of 'autoEnabled'
<added>
get_auto_display
to be used instead of 'auto_display'
<added>
get_auto_state
to be used instead of 'auto_state'
<added>
is_auto_enabled
to be used instead of 'autoEnabled'
<added>
set_auto_state
to be used instead of 'auto_state'
analyze_area
plan_and_wait
added 'final_pass' argument (true for analyze_area behaviour)
autoCancel
auto_cancel
autoIsOk
auto_is_ok
autoMark
auto_mark
autoUnmark
auto_unmark
autoWait
auto_wait
auto_get
*
noUsed
plan_ea
(ea_t ea) variant
noUsed
plan_range
(ea_t sEA, ea_t eEA) variant
setStat
set_ida_state
showAddr
show_addr
showAuto
show_auto
bitrange_t::extract
argument type: 'int' changed to 'size_t'
bitrange_t::inject
argument type: 'int' changed to 'size_t'
NOTE: The misleading term "ASCII string" has been replaced by "string literal" (strlit).
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
clrFlbits
<removed>
do3byte
<removed>
doASCI
<removed>
doVar
<removed>
do_unknown
<removed>
use 'del_items' instead
do_unknown_range
<removed>
use 'del_items' instead
f_is3byte
<removed>
getRadixEA
<removed>
get_3byte
<removed>
get_many_bytes
<removed>
use 'get_bytes' instead
get_many_bytes_ex
<removed>
use 'get_bytes' instead
is3byte
<removed>
isVar
<removed>
noImmd
<removed>
setFlags
<removed>
setFlbits
<removed>
tribyteflag
<removed>
<added>
add_mapping
<added>
attach_custom_data_format
<added>
del_items
<added>
del_mapping
<added>
detach_custom_data_format
<added>
get_bytes
<added>
get_first_hidden_range
<added>
get_last_hidden_range
<added>
get_mapping
<added>
get_mappings_qty
<added>
is_attached_custom_data_format
<added>
revert_byte
<added>
update_hidden_range
<added>
use_mapping
add_hidden_area
add_hidden_range
alignflag
align_flag
asciflag
strlit_flag
binflag
bin_flag
byteflag
byte_flag
charflag
char_flag
chunksize
chunk_size
chunkstart
chunk_start
codeflag
code_flag
custflag
cust_flag
custfmtflag
custfmt_flag
decflag
dec_flag
delValue
del_value
del_hidden_area
del_hidden_range
do16bit
create_16bit_data
do32bit
create_32bit_data
doAlign
create_align
doByte
create_byte
doCustomData
create_custdata
doDouble
create_double
doDwrd
create_dword
doFloat
create_float
doImmd
set_immd
doOwrd
create_oword
doPackReal
create_packed_real
doQwrd
create_qword
doStruct
create_struct
doTbyt
create_tbyte
doWord
create_word
doYwrd
create_yword
doZwrd
create_zword
do_data_ex
create_data
doubleflag
double_flag
dwrdflag
dword_flag
enumflag
enum_flag
f_hasRef
f_has_xref
f_isASCII
f_is_strlit
f_isAlign
f_is_align
f_isByte
f_is_byte
f_isCode
f_is_code
f_isCustom
f_is_custom
f_isData
f_is_data
f_isDouble
f_is_double
f_isDwrd
f_is_dword
f_isFloat
f_is_float
f_isHead
f_is_head
f_isNotTail
f_is_not_tail
f_isOwrd
f_is_oword
f_isPackReal
f_is_pack_real
f_isQwrd
f_is_qword
f_isStruct
f_is_struct
f_isTail
f_is_tail
f_isTbyt
f_is_tbyte
f_isWord
f_is_word
f_isYwrd
f_is_yword
floatflag
float_flag
fltflag
flt_flag
freechunk
free_chunk
getDefaultRadix
get_default_radix
getFlags
get_full_flags
WARNING: 'getFlags' has not been renamed to 'get_flags'
get_long
get_dword
get_full_byte
get_wide_byte
get_full_word
get_wide_word
get_full_long
get_wide_dword
get_original_long
get_original_dword
put_long
put_dword
patch_long
patch_dword
add_long
add_dword
getRadix
get_radix
get_ascii_contents2
get_strlit_contents
q
*
return type changed from 'bool' to 'ssize_t'; output argument 'usedsize' (in bytes) changed to 'maxcps' (in codepoints)
get_cmt
q
*
get_custom_data_format
removed 'dtid' argument
get_data_value
*
get_enum_id
*
get_flags_novalue
get_flags
WARNING: 'getFlags' has not been renamed to 'get_flags'
get_forced_operand
q
*
get_hidden_area
get_hidden_range
return type: 'hidden_area_t *' has been renamed to 'hidden_range_t *'
get_hidden_area_num
get_hidden_range_num
get_hidden_area_qty
get_hidden_range_qty
get_manual_insn
q
*
return type changed from 'char *' to 'ssize_t';
get_max_ascii_length
get_max_strlit_length
get_next_hidden_range
get_next_hidden_area
return type: 'hidden_area_t *' has been renamed to 'hidden_range_t *'
get_opinfo
*
get_predef_insn_cmt
q
*
moved from ints.hpp
get_prev_hidden_range
get_prev_hidden_area
return type: 'hidden_area_t *' has been renamed to 'hidden_range_t *'
get_stroff_path
*
get_zero_areas
get_zero_ranges
argument type: 'areaset_t' has been renamed to 'rangeset_t'
getn_hidden_area
getn_hidden_range
return type: 'hidden_area_t *' has been renamed to 'hidden_range_t *'
hasExtra
has_extra_cmts
hasRef
has_xref
hasValue
has_value
hexflag
hex_flag
isASCII
is_strlit
isAlign
is_align
isByte
is_byte
isChar
is_char
isChar0
is_char0
isChar1
is_char1
isCode
is_code
isCustFmt
is_custfmt
isCustFmt0
is_custfmt0
isCustFmt1
is_custfmt1
isCustom
is_custom
isData
is_data
isDefArg
is_defarg
isDefArg0
is_defarg0
isDefArg1
is_defarg1
isDouble
is_double
isDwrd
is_dword
isEnabled
is_mapped
isEnum
is_enum
isEnum0
is_enum0
isEnum1
is_enum1
isFloat
is_float
isFloat0
is_float0
isFloat1
is_float1
isFlow
is_flow
isFltnum
is_fltnum
isFop
is_manual
isFunc
is_func
isHead
is_head
isImmd
has_immd
isLoaded
is_loaded
isNotTail
is_not_tail
isNum
is_numop
isNum0
is_numop0
isNum1
is_numop1
isOff
is_off
isOff0
is_off0
isOff1
is_off1
isOwrd
is_oword
isPackReal
is_pack_real
isQwrd
is_qword
isSeg
is_seg
isSeg0
is_seg0
isSeg1
is_seg1
isStkvar
is_stkvar
isStkvar0
is_stkvar0
isStkvar1
is_stkvar1
isStroff
is_stroff
isStroff0
is_stroff0
isStroff1
is_stroff1
isStruct
is_struct
isTail
is_tail
isTbyt
is_tbyte
isUnknown
is_unknown
isVoid
is_suspop
isWord
is_word
isYwrd
is_yword
isZwrd
is_zword
make_ascii_string
create_strlit
nextaddr
next_addr
nextchunk
next_chunk
nextthat
next_that
noType
clr_op_type
numflag
num_flag
octflag
oct_flag
offflag
off_flag
op_stroff
converted input 'ea_t' argument to 'const insn_t &'
owrdflag
oword_flag
packrealflag
packreal_flag
patch_many_bytes
patch_bytes
prevaddr
prev_addr
prevchunk
prev_chunk
prevthat
prev_that
print_ascii_string_type
print_strlit_type
q
*
return type changed from 'char *' to 'bool'; added 'out_tooltip' and 'flags' arguments
put_many_bytes
put_bytes
qwrdflag
qword_flag
register_custom_data_format
removed 'dtid' argument
segflag
seg_flag
set_opinfo
added 'suppress_events' argument
stkvarflag
stkvar_flag
stroffflag
stroff_flag
struflag
stru_flag
tbytflag
tbyte_flag
unregister_custom_data_format
removed 'dtid' argument
wordflag
word_flag
ywrdflag
yword_flag
zwrdflag
zword_flag
process_zipfile64
process_zipfile
process_zipfile_entry64
process_zipfile_entry
cfg_get_cc_header_path
moved from idp.hpp
cfg_get_cc_parm
moved from idp.hpp
cfg_get_cc_predefined_macros
moved from idp.hpp
cfgopt_t__apply
moved from idp.hpp
parse_config_value
moved from idp.hpp
read_config
moved from idp.hpp
read_config_file
moved from idp.hpp
read_config_string
moved from idp.hpp
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
get_process_info
<removed>
use 'get_processes' instead
get_process_qty
<removed>
use 'get_processes' instead
getn_process
<removed>
use 'get_processes' instead
<added>
bpt_t::get_cnd_elang_idx
<added>
get_ip_val
<added>
get_sp_val
bpt_location_t::print
*
choose_trace_file
*
create_source_viewer
argument type: 'TWinControl' and 'TCustomControl' changed to 'TWidget'; added 'out_ccv' argument
get_dbg_byte
*
get_trace_file_desc
q
*
internal_get_sreg_base
*
load_trace_file
q
*
source_file_t::open_srcview
argument type: 'TCustomControl' changed to 'TWidget'
source_item_t::get_hint
q
source_item_t::get_kind
source_item_t::get_item_kind
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
[3] return type changed from '[u]int32' to '[u]int64'/'qoff64_t'
[4] input argument changed from '[u]int32' to '[u]int64'/'qoff64_t'
create_generic_linput
<removed>
echsize64
<removed>
ecreateT
<removed>
eseek64
<removed>
free_ioports
<removed>
qfsize64
<removed>
qlgetz64
<removed>
qlseek64
<removed>
qlsize64
<removed>
qltell64
<removed>
choose_ioport_device
q
*
echsize
*
eseek
*
find_ioport
input argument converted to 'const ioports_t &'
find_ioport_bit
input argument converted to 'const ioports_t &'
get_special_folder
*
getdspace
get_free_disk_space
qfsize
*
qlgetz
*
qlseek
*
*
qlsize
*
qltell
*
read_ioports
return type changed from 'ioport_t *' to 'ssize_t'; output argument converted 'ioports_t'
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
[3] added 'flags' argument
add_entry
*
get_entry_forwarder
q
*
get_entry_name
q
*
rename_entry
*
set_entry_forwarder
*
NOTE: global variable 'enums' has been removed.
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
add_selected_enum
<removed>
get_bmask_node
<removed>
get_selected_enum
<removed>
init_enums
<removed>
save_enums
<removed>
set_enum_flag
<removed>
term_enums
<removed>
unmark_selected_enums
<removed>
get_bmask_cmt
q
*
get_enum_cmt
q
*
get_enum_member_cmt
q
*
get_first_serial_enum_member
*
get_last_serial_enum_member
*
get_next_serial_enum_member
*
get_prev_serial_enum_member
*
qstrerror
buf argument removed; returns string in static buffer (thread-safe)
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
[3] input argument changed from pointer to reference
ExecuteFile
<removed>
use 'exec_idc_script' instead
ExecuteLine, execute
<removed>
use 'eval_idc_snippet' instead
call_idc_method
<removed>
call_script_method
<removed>
use 'extlang_t::call_method' instead
compile_script_file
<removed>
use 'extlang_t::compile_file' instead
compile_script_func
<removed>
use 'extlang_t::compile_expr' instead
create_idc_object
<removed>
create_script_object
<removed>
use 'extlang_t::create_object' instead
extlang_call_method_exists
<removed>
'extlang_t::call_method' should always exist
extlang_compile_file
<removed>
use 'extlang_t::compile_file' instead
extlang_compile_file_exists
<removed>
'extlang_t::compile_file' should always exist
extlang_create_object_exists
<removed>
'extlang_t::create_object' should always exist
extlang_get_attr_exists
<removed>
'extlang_t::get_attr' should always exist
extlang_run_statements_exists
<removed>
replaced by 'extlang_t::eval_statements', which should always exist
extlang_set_attr_exists
<removed>
'extlang_t::set_attr' should always exist
extlang_unload_procmod
<removed>
use 'extlang_t::unload_procmod' instead
get_extlang_fileext
<removed>
use 'extlang_t::fileext' instead
get_extlangs
<removed>
use 'for_all_extlangs' instead
get_idc_func_body
<removed>
get_script_attr
<removed>
use 'extlang_t::get_attr' instead
run_script_func
<removed>
use 'extlang_t::call_func' instead
run_statements
<removed>
use 'extlang_t::eval_statements' instead
set_idc_func_body
<removed>
set_idc_func_ex
<removed>
use 'add_idc_func'/'del_idc_func' instead
set_script_attr
<removed>
use 'extlang_t::set_attr' instead
<added>
add_idc_func
to be used instead of 'set_idc_func_ex'
<added>
compile_idc_snippet
<added>
del_idc_func
to be used instead of 'set_idc_func_ex'
<added>
eval_idc_snippet
<added>
find_extlang_by_index
<added>
find_idc_func
<added>
for_all_extlangs
<added>
get_extlang
always returns non-NULL
Compile, CompileEx
compile_idc_file
q
*
CompileLine, CompileLineEx
compile_idc_text
*
added 'resolver' argument
Run
call_idc_func
*
*
swapped 'argsnum' and 'args'; argument type: 'int' changed to 'size_t'; added 'resolver' argument
VarAssign
copy_idcv
*
VarCopy
deep_copy_idcv
*
VarDelAttr
del_idcv_attr
VarDeref
deref_idcv
VarFirstAttr
first_idcv_attr
VarFloat
idcv_float
VarFree
free_idcv
VarGetAttr
get_idcv_attr
*
VarGetClassName
get_idcv_class_name
q
VarGetSlice
get_idcv_slice
*
VarInt64
idcv_int64
VarLastAttr
last_idcv_attr
VarLong
idcv_long
VarMove
move_idcv
VarNextAttr
next_idcv_attr
VarNum
idcv_num
VarObject
idcv_object
VarPrevAttr
prev_idcv_attr
VarPrint
print_idcv
*
VarRef
create_idcv_ref
VarSetAttr
set_idcv_attr
*
VarSetSlice
set_idcv_slice
*
VarString2
idcv_string
VarSwap
swap_idcvs
calc_idc_expr
eval_idc_expr
*
*
calcexpr
eval_expr
*
*
calcexpr_long
eval_expr_long
*
*
dosysfile
exec_system_script
argument order has swapped
find_extlang_by_ext
return type changed from 'const extlang_t *' to 'extlang_object_t'
find_extlang_by_name
return type changed from 'const extlang_t *' to 'extlang_object_t'
install_extlang
removed const from 'el' argument; return type changed from 'bool' to 'ssize_t'
remove_extlang
removed const from 'el' argument
select_extlang
removed const from 'el' argument
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
[3] input argument changed from pointer to reference
get_fixup_base
<removed>
use 'fd.get_base()' instead
get_fixup_extdef_ea
<removed>
use 'fd.get_base() + fd.off' instead
get_fixup_segdef_sel
<removed>
use 'fd.sel' instead
set_custom_fixup
<removed>
use 'set_fixup' instead
set_custom_fixup_ex
<removed>
use 'set_fixup' instead
set_fixup_ex
<removed>
<added>
calc_fixup_size
<added>
exists_fixup
<added>
find_custom_fixup
to be used instead of 'create_custom_fixup' (from idp.hpp)
<added>
get_fixup_handler
<added>
get_fixup_value
<added>
get_fixups
<added>
is_fixup_custom
<added>
patch_fixup_value
get_fixup
*
get_fixup_desc
q
*
*
return type changed from 'char *' to 'const char *'
register_custom_fixup
input argument changed from 'const fixup_handler_t *' to 'const custom_fixup_handler_t *'; return type changed from 'int' to 'fixup_type_t'
set_fixup
*
unregister_custom_fixup
input argument changed from 'int' to 'fixup_type_t'
[1] input argument changed from 'int32' to 'qoff64_t'
[2] return type changed from 'int32' to 'qoff64_t'
<added>
qaccess
<added>
qgetline
qcopyfile64
qcopyfile
qfseek64
qfseek
*
qftell64
qftell
*
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
[3] input argument 'func_t *pfn' made const
add_auto_stkpnt2
add_auto_stkpnt
add_stkvar2
define_stkvar
add_stkvar3
add_stkvar
added 'const insn_t &' input argument
build_stkvar_name
q
*
*
return type changed from 'char *' to 'ssize_t'
calc_stkvar_struc_offset
converted input 'ea_t' argument to 'const insn_t &'
frame_off_args
*
frame_off_lvars
*
frame_off_retaddr
*
frame_off_savregs
*
get_frame_part
*
*
argument type: 'area_t' changed to 'range_t'
get_frame_retsize
*
get_frame_size
*
get_stkvar
*
added 'const insn_t &' input argument
is_funcarg_off
*
lvar_off
*
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
a2funcoff
<removed>
apply_idasgn
<removed>
clear_func_struct
<removed>
del_func_cmt
<removed>
use 'set_func_cmt("")' instead
std_gen_func_header
<removed>
use 'outctx_base_t::gen_func_header' instead
<added>
is_same_func
<added>
lock_func_range
<added>
reanalyze_noret_flag
add_func
second 'ea_t' argument made optional
add_regarg2
add_regarg
find_func_bounds
*
removed 'ea' argument
func_item_iterator_t::decode_preceding_insn
added 'insn_t *' output argument
func_item_iterator_t::decode_prev_insn
added 'insn_t *' output argument
func_setend
set_func_end
func_setstart
set_func_start
get_func_bits
input argument 'func_t *' made const
get_func_bytes
input argument 'func_t *' made const
get_func_cmt
q
*
return type changed from 'char *' to 'ssize_t'
get_func_limits
get_func_ranges
*
output argument converted from 'area_t *' to 'rangeset_t *'; return type changed from 'bool' to 'ea_t'
get_func_name2
get_func_name
get_idasgn_desc
q
*
get_idasgn_title
q
*
return type changed from 'char *' to 'ssize_t'
set_func_cmt
input argument 'func_t *' made const
create_multirange_qflow_chart
argument type: 'areavec_t' has been renamed to 'rangevec_t'
[1] input argument changed from 'TCustomControl *' to 'graph_viewer_t *'
set_graph_dispatcher
<removed>
use 'hook_to_notification_point(HT_GRAPH, [...])' instead
viewer_add_menu_item
<removed>
use 'viewer_attach_menu_item' instead
viewer_del_menu_item
<removed>
<added>
viewer_get_gli
clr_node_info2
clr_node_info
create_disasm_graph
argument type: 'areavec_t' has been renamed to 'rangevec_t'
create_graph_viewer
added 'title' argument; 'parent' argument made optional and reordered
del_node_info2
del_node_info
get_graph_viewer
input argument changed from 'TForm *' to 'TWidget *'
get_node_info2
get_node_info
get_viewer_graph
*
grentry
'grentry' has been converted from a global variable to an inline function
refresh_viewer
*
set_node_info2
set_node_info
viewer_center_on
*
viewer_create_groups
*
viewer_del_node_info
*
viewer_delete_groups
*
viewer_fit_window
*
viewer_get_curnode
*
viewer_get_node_info
*
viewer_set_gli
*
added 'flags' argument
viewer_set_groups_visibility
*
viewer_set_node_info
*
askyn
ask_yn
askyn_v
vask_yn
ansi2idb
<removed>
dto_copy_from_inf
<removed>
dto_copy_to_inf
<removed>
dto_init
<removed>
idb2scr
<removed>
scr2idb
<removed>
showAllComments
show_all_comments
showComments
show_comments
showRepeatable class="table table-sm"s
show_repeatable class="table table-sm"s
toEA
to_ea
[1] output argument moved to beginning of argument list
dbg_appcall
*
swapped 'argnum' and 'argv'; argument type: 'int' changed to 'size_t'
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
get_reg_info2
get_reg_info
get_reg_name
q
*
invoke_callbacks
moved from loader.hpp
hook_to_notification_point
moved from loader.hpp
unhook_from_notification_point
moved from loader.hpp
set_processor_type
return type changed from 'char' to 'bool'; argument type: 'int' changed to 'setproc_level_t'
parse_reg_name
*
cfg_get_cc_header_path
moved to config.hpp
cfg_get_cc_parm
moved to config.hpp
cfg_get_cc_predefined_macros
moved to config.hpp
cfgopt_t__apply
moved to config.hpp
parse_config_value
moved to config.hpp
read_config
moved to config.hpp
read_config_file
moved to config.hpp
read_config_string
moved to config.hpp
InstrIsSet
has_insn_feature
str2regf
<removed>
create_custom_fixup
<removed>
gen_spcdef
<removed>
use 'outctx_t::out_specea' instead
gen_abssym
<removed>
use 'outctx_t::out_specea' instead
gen_comvar
<removed>
use 'outctx_t::out_specea' instead
gen_extern
<removed>
use 'outctx_t::out_specea' instead
intel_data
<removed>
use 'outctx_t::out_data' instead
is_basic_block_end
added 'const insn_t &' input argument
is_call_insn
converted input 'ea_t' argument to 'const insn_t &'
is_indirect_jump_insn
converted input 'ea_t' argument to 'const insn_t &'
is_ret_insn
converted input 'ea_t' argument to 'const insn_t &'
[1] output argument moved to beginning of argument list
eetol
*
eetol64
*
eetol64u
*
realtoasc
*
get_predef_cmt
<removed>
get_vxd_func_name
<removed>
get_predef_insn_cmt
moved to bytes.hpp
NOTE: Please note that in IDA version 6.7 we introduced the Actions API, which deprecated many functions related to augmenting functionality in IDA.
Those previously deprecated functions have been removed. For more details about the Actions API, please visit our old blog post from 2014:
NOTE: 'TForm', 'TCustomControl', and 'TWinControl' have been replaced by 'TWidget'
NOTE: global variable 'dirty_infos' has been removed.
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
[3] input argument changed from pointer to reference
[4] return type changed from 'TForm *' to 'TWidget *'
[5] input argument changed from 'TCustomControl *' to 'TWidget *'
askfile_c
<removed>
askfile_cv
<removed>
askstr
<removed>
close_form
<removed>
use 'form_actions_t::close' instead
close_tform
<removed>
use 'close_widget' instead
create_tform
<removed>
use 'find_widget' or 'create_empty_widget' instead
enable_menu_item
<removed>
superseded by the Actions API (see blog post above)
entab
<removed>
find_tform
<removed>
use 'find_widget' instead
get_current_tform
<removed>
use 'get_current_widget' instead
get_highlighted_identifier
<removed>
use 'get_current_viewer' and 'get_highlight' instead
get_tform_idaview
<removed>
use the 'TWidget *' directly instead of obtaining the IDAView
get_tform_title
<removed>
use 'get_widget_title' instead
get_tform_type
<removed>
use 'get_widget_type' instead
get_viewer_name
<removed>
use 'get_widget_title' instead
init_kernel
<removed>
is_chooser_tform
<removed>
use 'is_chooser_widget' instead
print_disp
<removed>
use 'append_disp' instead
set_menu_item_icon
<removed>
superseded by the Actions API (see blog post above)
switchto_tform
<removed>
use 'activate_widget' instead
term_kernel
<removed>
umsg
<removed>
vaskstr
<removed>
vumsg
<removed>
<added>
activate_widget
<added>
append_disp
<added>
close_widget
<added>
create_empty_widget
<added>
find_widget
<added>
get_current_widget
<added>
get_highlight
<added>
get_widget_title
<added>
get_widget_type
<added>
is_buttoncb_t_type
<added>
is_chooser_widget
<added>
is_formchgcb_t_type
<added>
qcleanline
<added>
set_highlight
<added>
unpack_ds_to_buf
AskUsingForm_c
ask_form
AskUsingForm_cv
vask_form
OpenForm_c
open_form
*
OpenForm_cv
vopen_form
*
askaddr
ask_addr
askbuttons_c
ask_buttons
askbuttons_cv
vask_buttons
askfile2_c
ask_file
'filters' argument merged into 'format'
askfile2_cv
vask_file
'filters' argument merged into 'format'
askident
ask_ident
*
return type changed from 'char *' to 'bool'
asklong
ask_long
askqstr
ask_str
added 'hist' argument
askseg
ask_seg
asktext
ask_text
q
*
return type changed from 'char *' to 'bool'
askyn_c
ask_yn
askyn_cv
vask_yn
atob32
*
atob64
*
atoea
*
atos
*
attach_action_to_popup
input argument changed from 'TForm *' to 'TWidget *'
attach_dynamic_action_to_popup
*
input argument changed from 'TForm *' to 'TWidget *'
b2a32
*
b2a64
*
back_char
moved to pro.h
choose, choose2, choose3
choose
choosers should use the new 'chooser_base_t' interface
choose_srcp
return type changed from 'segreg_area_t *' to 'sreg_range_t *'
choose_til
*
clearBreak
clr_cancelled
clear_refresh_request
to be used instead of 'dirty_infos'
create_code_viewer
return type changed from 'TCustomControl *' to 'TWidget *'; 'parent' argument made optional and reordered
create_custom_viewer
return type changed from 'TCustomControl *' to 'TWidget *'; 'parent' argument made optional and reordered
custom_viewer_jump
*
destroy_custom_viewer
*
detach_action_from_popup
input argument changed from 'TForm *' to 'TWidget *'
ea2str
*
ea_viewer_history_push_and_jump
*
gen_disasm_text
*
get_8bit
*
get_action_label
*
get_action_shortcut
*
get_action_tooltip
*
get_chooser_data
argument type: 'uint32' changed to 'int'
get_current_viewer
return type changed from 'TCustomControl *' to 'TWidget *'
get_custom_viewer_curline
*
get_custom_viewer_place
*
get_ea_viewer_history_info
*
get_kernel_version
return type changed from 'bool' to 'ssize_t'
get_output_curline
*
get_output_selected_text
*
get_view_renderer_type
*
get_viewer_place_type
*
get_viewer_user_data
*
is_idaview
*
is_refresh_requested
to be used instead of 'dirty_infos'
jumpto
*
linearray_t::down
return type changed from 'char *' to 'const qstring *'
linearray_t::up
return type changed from 'char *' to 'const qstring *'
open_bpts_window
*
open_bpts_window
*
open_calls_window
*
open_disasm_window
*
input argument changed from 'const areavec_t *' to 'const rangevec_t *'
open_enums_window
*
open_exports_window
*
open_frame_window
*
open_funcs_window
*
open_hexdump_window
*
open_imports_window
*
open_loctypes_window
*
open_modules_window
*
open_names_window
*
open_navband_window
*
open_notepad_window
*
open_problems_window
*
open_segments_window
*
open_segregs_window
*
open_selectors_window
*
open_signatures_window
*
open_stack_window
*
open_strings_window
*
open_structs_window
*
open_tform
display_widget
input argument changed from 'TForm *' to 'TWidget *'
open_threads_window
*
open_tils_window
*
open_trace_window
*
open_xrefs_window
*
qstr2user
moved to pro.h
r50_to_asc
*
read_range_selection
read_selection
*
WARNING: 'read_selection' has changed meaning
read_selection
read_range_selection
WARNING: 'read_selection' has changed meaning; added 'TWidget *' argument
refresh_custom_viewer
*
repaint_custom_viewer
*
request_refresh
added 'cnd' argument
setBreak
set_cancelled
set_code_viewer_handler
*
set_code_viewer_is_source
*
set_code_viewer_line_handlers
*
set_code_viewer_lines_alignment
*
set_code_viewer_lines_icon_margin
*
set_code_viewer_lines_radix
*
set_code_viewer_user_data
*
set_custom_viewer_handler
*
set_custom_viewer_handlers
*
set_custom_viewer_qt_aware
*
set_custom_viewer_range
*
set_view_renderer_type
*
show_hex_file
argument type: 'int32' changed to 'int64'
skipSpaces
skip_spaces
stoa
q
*
str2ea
*
str2ea_ex
*
str2user
moved to pro.h
ui_load_new_file
added 'temp_file' and 'ploaders'; input argument 'filename' changed from 'const char *' to 'qstring *'
user2qstr
moved to pro.h
user2str
moved to pro.h
vaskqstr
vask_str
added 'hist' argument
vasktext
vask_text
q
*
return type changed from 'char *' to 'bool'
vshow_hex_file
argument type: 'int32' changed to 'int64'
wasBreak
user_cancelled
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
lex_define
lex_define_macro
lex_undef
lex_undefine_macro
lxascii
lex_print_token
q
*
lxget
lex_get_token
lxgetserr
lex_get_file_line
lxgetsini
lex_init_file
lxgetstrm
lex_term_file
lxini
lex_init_string
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
[3] return type changed from 'void' to 'bool'
MakeBorder
<removed>
use 'outctx_base_t::gen_border_line(false)' instead
MakeLine
<removed>
use 'outctx_base_t::flush_buf' instead
MakeNull
<removed>
use 'outctx_base_t::gen_empty_line' instead
MakeSolidBorder
<removed>
use 'outctx_base_t::gen_border_line(true)' instead
add_long_cmt_v
<removed>
use 'vadd_extra_line' instead
close_comment
<removed>
use 'outctx_base_t::close_comment' instead
describex
<removed>
use 'vadd_extra_line' instead
finish_makeline
<removed>
use 'outctx_base_t::term_outctx' instead
gen_cmt_line
<removed>
use 'outctx_base_t::gen_cmt_line' instead
gen_cmt_line_v
<removed>
use 'outctx_base_t::gen_cmt_line_v' instead
gen_collapsed_line
<removed>
use 'outctx_base_t::gen_collapsed_line' instead
gen_colored_cmt_line_v
<removed>
use 'outctx_base_t::gen_colored_cmt_line_v' instead
generate_big_comment
<removed>
use 'outctx_base_t::gen_block_cmt' instead
generate_many_lines
<removed>
use 'outctx_base_t::gen_many_lines(-1, NULL, [...])' instead
init_lines
<removed>
init_lines_array
<removed>
use 'outctx_base_t::init_lines_array' instead
printf_line
<removed>
use 'outctx_base_t::gen_printf' instead
printf_line_v
<removed>
use 'outctx_base_t::gen_vprintf' instead
save_line_in_array
<removed>
use 'outctx_base_t::save_buf' instead
save_lines
<removed>
save_sourcefiles
<removed>
setup_makeline
<removed>
use 'outctx_base_t::setup_outctx' instead
tag_addchr
<removed>
tag_addstr
<removed>
tag_off
<removed>
tag_on
<removed>
<added>
get_last_pfxlen
<added>
vadd_extra_line
add_long_cmt
add_extra_cmt
add_pgm_cmt
*
describe
add_extra_line
*
generate_disasm_line
q
*
generate_disassembly
q
*
output argument is 'qstrvec_t'
get_extra_cmt
q
*
get_sourcefile
argument type: 'area_t *' changed to 'range_t *'
tag_addr
q
*
return type changed from 'char *' to 'void'; added 'ins' argument
tag_remove
q
*
added 'init_level' argument
[1] output argument moved to beginning of argument list
[2] output argument changed from reference to pointer
<removed>
llong_div
*
*
llong_udiv
*
*
NOTE: global variables 'database_flags', 'command_line_file', 'idb_path', and 'id0_path' have been removed.
NOTE: class 'loader_jump' has been renamed to 'loader_failure_t'
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] input argument changed from 'int32' to 'qoff64_t'
[3] return type changed from 'int32' to 'qoff64_t'
enum_plugins
<removed>
init_loader_options
<removed>
<added>
find_plugin
<added>
process_archive
accept_file
q
*
added 'processor' output argument (optional)
base2file
*
build_loaders_list
added 'filename' argument (name of the input file for archives)
clr_database_flag
to be used instead of 'database_flags'
extract_module_from_archive
*
file2base
*
get_fileregion_ea
*
get_fileregion_offset
*
get_path
to be used instead of 'idb_path'
hook_to_notification_point
moved to idp.hpp
invoke_callbacks
moved to idp.hpp
is_database_flag
to be used instead of 'database_flags'
load_and_run_plugin
argument type: 'int' changed to 'size_t'
load_binary_file
*
argument type: 'uint32' changed to 'uint64'
load_dll_or_say
load_core_module
*
added 'entry' argument (name of plugin 'entrypoint' symbol)
mem2base
*
run_plugin
argument type: 'int' changed to 'size_t'
save_database_ex
save_database
set_database_flag
to be used instead of 'database_flags'
set_path
to be used instead of 'idb_path'
unhook_from_notification_point
moved to idp.hpp
NOTE: 'curloc_t' and 'location_t' have been replaced by 'lochist_t'.
curloc_get
<removed>
curloc_get_entry
<removed>
curloc_hide_if_necessary
<removed>
curloc_jump
<removed>
curloc_jump_push
<removed>
curloc_linkTo
<removed>
curloc_mark
<removed>
curloc_markdesc
<removed>
curloc_markedpos
<removed>
curloc_pop
<removed>
curloc_unhide_if_necessary
<removed>
location_get
<removed>
location_get_entry
<removed>
location_jump
<removed>
location_linkTo
<removed>
location_mark
<removed>
location_pop
<removed>
location_push_and_jump
<removed>
<added>
graph_location_info_t::deserialize
<added>
graph_location_info_t::serialize
<added>
renderer_info_pos_t::deserialize
<added>
renderer_info_pos_t::serialize
NOTE: global variable 'import_node' has been removed.
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
_del_item_color
<removed>
_del_strid
<removed>
_set_item_color
<removed>
_set_item_color
<removed>
_set_strid
<removed>
del__segtrans
<removed>
del_enum_id0
<removed>
del_enum_id1
<removed>
del_fop1
<removed>
del_fop2
<removed>
del_fop3
<removed>
del_fop4
<removed>
del_fop5
<removed>
del_fop6
<removed>
del_graph_groups0
<removed>
del_jumptable class="table table-sm"_info
<removed>
del_linnum0
<removed>
del_manual_insn0
<removed>
del_nalt_cmt
<removed>
del_nalt_rptcmt
<removed>
del_stroff0
<removed>
del_stroff1
<removed>
del_wide_value
<removed>
get__segtrans
<removed>
get_auto_plugins
<removed>
get_custom_refinfos
<removed>
use 'get_refinfo_descs' instead
get_enum_id0
<removed>
get_enum_id1
<removed>
get_fop1
<removed>
get_fop2
<removed>
get_fop3
<removed>
get_fop4
<removed>
get_fop5
<removed>
get_fop6
<removed>
get_graph_groups0
<removed>
get_jumptable class="table table-sm"_info
<removed>
get_linnum0
<removed>
get_manual_insn0
<removed>
get_nalt_cmt
<removed>
get_nalt_rptcmt
<removed>
get_stroff0
<removed>
get_stroff1
<removed>
get_wide_value
<removed>
is_unicode
<removed>
use 'get_strtype_bpu' instead
set__segtrans
<removed>
set_auto_plugins
<removed>
set_enum_id0
<removed>
set_enum_id1
<removed>
set_fop1
<removed>
set_fop2
<removed>
set_fop3
<removed>
set_fop4
<removed>
set_fop5
<removed>
set_fop6
<removed>
set_graph_groups0
<removed>
set_jumptable class="table table-sm"_info
<removed>
set_linnum0
<removed>
set_manual_insn0
<removed>
set_nalt_cmt
<removed>
set_nalt_rptcmt
<removed>
set_stroff0
<removed>
set_stroff1
<removed>
set_wide_value
<removed>
<added>
clr_notproc
<added>
delete_imports
to be used instead of 'auto_display'
<added>
ea2node
<added>
find_custom_refinfo
<added>
get_abi_name
<added>
get_archive_path
<added>
get_custom_refinfo
<added>
get_custom_refinfo_handler
<added>
get_encoding_bpu
<added>
get_gotea
<added>
get_refinfo_descs
<added>
get_strtype_bpu
<added>
getnode
<added>
is_notproc
<added>
is_reftype_target_optional
<added>
node2ea
<added>
set_archive_path
<added>
set_gotea
<added>
set_notproc
change_encoding_name
rename_encoding
del_switch_info_ex
del_switch_info
del_tinfo2
del_tinfo
del_tinfo2(,n)
del_op_tinfo
get_array_parameters
*
removed 'bufsize' argument
get_asm_inc_file
*
get_custom_data_type_ids
*
removed 'bufsize' argument
get_default_encoding_idx
argument type: 'int32' changed to 'int'
get_encodings_count
get_encoding_qty
get_import_module_name
q
*
get_op_tinfo2
get_op_tinfo
*
get_refinfo
*
get_str_type_code
return type changed from 'char' to 'uchar'; argument type: 'uval_t' changed to 'int32'
get_strid
return type changed from 'ea_t' to 'tid_t'
get_switch_info_ex
get_switch_info
*
removed 'bufsize' argument
get_tinfo2
get_tinfo
*
get_xrefpos
*
removed 'bufsize' argument
read_struc_path
*
argument type: 'netnode' changed to 'ea_t'
set_default_encoding_idx
argument type: 'int32' changed to 'int'
set_op_tinfo2
set_op_tinfo
set_switch_info_ex
set_switch_info
input argument changed from 'const switch_info_ex_t *' to 'const switch_info_t &'
set_tinfo2
set_tinfo
write_struc_path
argument type: 'netnode' changed to 'ea_t'
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
[3] output argument changed from reference to pointer
gen_name_decl
<removed>
use 'outctx_base_t::gen_name_decl' instead
<added>
is_strlit_cp
<added>
is_valid_cp
<added>
set_cp_validity
append_struct_fields2
append_struct_fields
*
demangle_name2
demangle_name
do_name_anyway
force_name
removed 'maxlen' argument
extract_name2
extract_name
get_debug_name2
get_debug_name
get_debug_names
*
*
get_ea_name
removed const from 'gtni' argument
get_name_expr
q
*
get_name_value
*
get_nice_colored_name
q
*
get_struct_operand
*
get_true_name
get_name
is_ident_char
is_ident_cp
is_visible_char
is_visible_cp
isident
is_ident
validate_name3
validate_name
added 'type' and 'flags' arguments
<added>
netnode::altdel_ea
to be used instead of 'netnode::altdel' for addresses (ea_t)
<added>
netnode::altset_ea
to be used instead of 'netnode::altset' for addresses (ea_t)
<added>
netnode::altval_ea
to be used instead of 'netnode::altval' for addresses (ea_t)
<added>
netnode::blobsize_ea
to be used instead of 'netnode::blobsize' for addresses (ea_t)
<added>
netnode::chardel_ea
to be used instead of 'netnode::chardel' for addresses (ea_t)
<added>
netnode::charset_ea
to be used instead of 'netnode::charset' for addresses (ea_t)
<added>
netnode::charval_ea
to be used instead of 'netnode::charval' for addresses (ea_t)
<added>
netnode::delblob_ea
to be used instead of 'netnode::delblob' for addresses (ea_t)
<added>
netnode::eadel
<added>
netnode::eadel_idx8
<added>
netnode::eaget
<added>
netnode::eaget_idx8
<added>
netnode::easet
<added>
netnode::easet_idx8
<added>
netnode::getblob_ea
to be used instead of 'netnode::getblob' for addresses (ea_t)
<added>
netnode::setblob_ea
to be used instead of 'netnode::setblob' for addresses (ea_t)
<added>
netnode::supdel_ea
to be used instead of 'netnode::supdel' for addresses (ea_t)
<added>
netnode::supset_ea
to be used instead of 'netnode::supset' for addresses (ea_t)
<added>
netnode::supstr_ea
to be used instead of 'netnode::supstr' for addresses (ea_t)
<added>
netnode::supval_ea
to be used instead of 'netnode::supval' for addresses (ea_t)
netnode::alt1st
netnode::altfirst
netnode::alt1st_idx8
netnode::altfirst_idx8
netnode::altnxt
netnode::altnext
netnode::char1st
netnode::charfirst
netnode::char1st_idx8
netnode::charfirst_idx8
netnode::charnxt
netnode::charnext
netnode::getblob
added variants that work with 'qvector<T> *' and 'qstring *'
netnode::hash1st
netnode::hashfirst
added variant that works with 'qstring *'
netnode::hashlast
added variant that works with 'qstring *'
netnode::hashnxt
netnode::hashnext
added variant that works with 'qstring *'
netnode::hashprev
added variant that works with 'qstring *'
netnode::hashstr
added variant that works with 'qstring *'
netnode::sup1st
netnode::supfirst
netnode::sup1st_idx8
netnode::supfirst_idx8
netnode::supnxt
netnode::supnext
netnode::supstr
added variant that works with 'qstring *'
netnode::valstr
added variant that works with 'qstring *'
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
[3] input argument 'refinfo_t &' made const
calc_reference_basevalue
<removed>
use 'calc_reference_data' instead
calc_reference_target
<removed>
use 'calc_reference_data' instead
set_offset
<removed>
use 'calc_offset_base' and 'op_plain_offset' instead
<added>
add_refinfo_dref
<added>
calc_basevalue
<added>
calc_offset_base
<added>
calc_reference_data
<added>
op_plain_offset
get_offset_expr
q
*
*
get_offset_expression
q
*
NOTE: 'qtype_t' has been changed to 'problist_id_t'.
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
QueueGet
<removed>
get_long_queue_name
<removed>
Use 'get_problem_name(type, true);' instead
get_short_queue_name
<removed>
Use 'get_problem_name(type, false);' instead
mark_ida_decision
<removed>
unmark_ida_decision
<removed>
<added>
get_problem_name
QueueDel
forget_problem
return type changed from 'void' to 'bool'
QueueGetMessage
get_problem_desc
q
*
QueueGetType
get_problem
QueueIsPresent
is_problem_present
QueueSet
remember_problem
qfindclose64
qfindclose
qfindfirst64
qfindfirst
qfindnext64
qfindnext
NOTE: global variables 'codepage' and 'oemcodepage' have been removed.
[1] output argument moved to beginning of argument list
c2ustr
<removed>
use 'utf8_utf16' instead
char2oem
<removed>
convert_codepage
<removed>
create_hit_counter
<removed>
expand_argv
<removed>
get_codepages
<removed>
hit_counter_timer
<removed>
oem2char
<removed>
reg_hit_counter
<removed>
u2cstr
<removed>
use 'utf16_utf8' instead
win_utf2idb
<removed>
<added>
acp_utf8
<added>
change_codepage
<added>
idb_utf8
<added>
is_valid_utf8
<added>
put_utf8_char
<added>
qchdir
<added>
qustrlen
<added>
scr_utf8
<added>
skip_utf8
<added>
utf8_scr
<added>
utf8_wchar16
<added>
utf8_wchar32
back_char
moved from kernwin.hpp
convert_encoding
*
return type changed from 'int' to 'ssize_t'
get_nsec_stamp
output argument changed from 'uint64 *' to the 'uint64' return value
parse_command_line3
parse_command_line
*
qchsize64
qchsize
qfileexist64
qfileexist
qfilesize64
qfilesize
qfstat64
qfstat
qseek64
qseek
qstat64
qstat
qstr2user
moved from kernwin.hpp; added 'nsyms' argument
qtell64
qtell
qwait
*
qwait_for_handles
*
qwait_timed
*
search_path
*
str2user
moved from kernwin.hpp
unicode_utf8
utf16_utf8
user2qstr
moved from kernwin.hpp
user2str
moved from kernwin.hpp
utf8_unicode
utf8_utf16
<added>
qhost2addr
NOTE: some classes have been renamed: - 'area_t' has been renamed to 'range_t' - 'areavec_t' has been renamed to 'rangevec_t' - 'areaset_t' has been renamed to 'rangeset_t'
NOTE: the classes 'rangecb_t', 'ranges_cache_t', and 'lock_range' have been removed
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
reg_read_strlist
*
reg_read_string
q
*
removed variant with default value
[1] output argument moved to beginning of argument list
user2bin
*
find_imm
argument type: 'sval_t' changed to 'uval_t'
find_void
find_suspop
NOTE: global variables 'hidden_ranges', 'funcs', and 'segs' have been removed.
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
[3] added 'flags' argument
del_segment_cmt
<removed>
use 'set_range_cmt("")' instead
vset_segm_name
<removed>
<added>
get_segm_num
to be used instead of 'segs.get_range_num()'
<added>
lock_segm
to be used instead of 'rangecb_t_unlock_range(&segs)'
add_segm
*
ask_selector
sel2para
correct_address
added 'skip_check' argument
del_segment_translations
return type changed from 'bool' to 'void'
get_segm_class
q
*
get_segm_name
get_visible_segm_name
removed variant with 'ea_t' argument
get_segment_cmt
q
*
return type changed from 'char *' to 'ssize_t'; added 'repeatable class="table table-sm"' argument
get_segment_translations
return type changed from 'ea_t *' to 'ssize_t'; output argument converted 'eavec_t'
get_true_segm_name
get_segm_name
q
*
*
getn_selector
*
set_segm_class
*
set_segm_name
*
arguments converted from printf-style to simple 'const char *'
set_segment_cmt
input argument 'segment_t *' made const
set_segment_translations
input argument converted to 'const eavec_t &'
std_gen_segm_footer
std_out_segm_footer
converted to outctx_t; input argument changed to segment_t*
NOTE: type 'segreg_area_t' has been renamed to 'sreg_range_t'
copy_srareas
copy_sreg_ranges
del_srarea
del_sreg_range
WARNING: argument order has swapped
get_prev_srarea
get_prev_sreg_range
argument type: 'segreg_area_t' changed to 'sreg_range_t'
get_segreg
get_sreg
get_srarea2
get_sreg_range
argument type: 'segreg_area_t' changed to 'sreg_range_t'
get_srarea_num
get_sreg_range_num
WARNING: argument order has swapped
get_srareas_qty2
get_sreg_ranges_qty
getn_srarea2
getn_sreg_range
argument type: 'segreg_area_t' changed to 'sreg_range_t'
set_default_segreg_value
set_default_sreg_value
split_srarea
split_sreg_range
sistack_t_size
<removed>
sistack_t_flush
<removed>
[1] output argument moved to beginning of argument list
refresh_strlist
<removed>
set_strlist_options
<removed>
<added>
build_strlist
<added>
clear_strlist
<added>
get_strlist_options
get_strlist_item
*
argument type: 'int' changed to 'size_t'
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
get_member_by_fullname
*
get_member_cmt
q
*
get_member_name2
get_member_name
get_member_tinfo2
get_member_tinfo
*
get_or_guess_member_tinfo2
get_or_guess_member_tinfo
*
get_struc_cmt
q
*
retrieve_member_info
*
save_struc2
save_struc
set_member_tinfo2
set_member_tinfo
<added>
add_tryblk
<added>
del_tryblks
<added>
get_tryblks
NOTE: global variable 'idati' has been removed.
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
based_ptr_name_and_size
<removed>
callregs_init_regs
<removed>
choose_local_type
<removed>
create_numbered_type_reference
<removed>
equal_types
<removed>
get_de
<removed>
get_default_enum_size
<removed>
get_func_cvtarg_map
<removed>
get_named_type_size
<removed>
get_referred_ordinal
<removed>
get_stkarg_offset
<removed>
get_unk_type_bit
<removed>
is_restype_array
<removed>
is_restype_bitfld
<removed>
is_restype_complex
<removed>
is_restype_const
<removed>
is_restype_floating
<removed>
is_restype_func
<removed>
is_restype_ptr
<removed>
is_restype_union
<removed>
max_ptr_size
<removed>
rename_named_type
<removed>
set_named_type
<removed>
use 'tinfo_t::set_named_type' instead
set_named_type64
<removed>
use 'tinfo_t::set_named_type' instead
<added>
append_abi_opts
<added>
gcc_layout
<added>
get_arg_addrs
<added>
get_idati
to be used instead of 'idati'
<added>
remove_abi_opts
<added>
resolve_typedef
<added>
set_compiler_string
add_til2
add_til
append_tinfo_covered
argument type: 'areaset_t' has been renamed to 'rangeset_t'
apply_callee_tinfo
return type changed from 'void' to 'bool'
apply_cdecl2
apply_cdecl
apply_tinfo2
apply_tinfo
apply_tinfo_to_stkarg
added 'insn' argument
build_anon_type_name
*
calc_c_cpp_name4
calc_c_cpp_name
calc_tinfo_gaps
argument type: 'areaset_t' has been renamed to 'rangeset_t'
choose_local_tinfo
added 'def_ord' argument
choose_named_type2
choose_named_type
*
the original 'choose_named_type' has been removed
create_numbered_type_name
q
*
return type changed from 'size_t' to 'ssize_t'
decorate_name3
decorate_name
added 'type' argument
del_tinfo_attr
added 'make_copy' argument
deref_ptr2
deref_ptr
*
extract_argloc
*
find_tinfo_udt_member
*
format_cdata2
format_cdata
gen_decorate_name3
gen_decorate_name
the original 'gen_decorate_name' has been removed; added 'type' argument
get_c_header_path
*
get_c_macros
*
get_enum_member_expr2
get_enum_member_expr
*
get_idainfo_by_type3
get_idainfo_by_type
*
get_int_type_bit
get_scalar_bt
get_tinfo_pdata
*
get_tinfo_size
*
guess_tinfo2
guess_tinfo
*
load_til2
load_til
*
the original 'load_til' has been removed; added 'tildir' argument
load_til_header
*
lower_type2
lower_type
optimize_argloc
argument type: 'areaset_t' has been renamed to 'rangeset_t'
parse_decl2
parse_decl
q
print_type3
print_type
remove_tinfo_pointer
*
save_tinfo
*
set_abi_name
added 'user_level' argument
set_compiler2
set_compiler
set_numbered_type
return type changed from 'bool' to 'tinfo_code_t'
verify_argloc
argument type: 'areaset_t' has been renamed to 'rangeset_t'
WARNING: The global variables 'cmd' and 'uFlag' are gone.
All functions previously operating on 'cmd' now accept an 'insn_t' pointer or reference. Use get_flags() (or, if you really need it, get_full_flags()) to read the current flags.
NOTE: The maximum number of instruction operands (UA_MAXOP) has increased to 8.
NOTE: class 'outctx_base_t' has been added to replace functions that generate the disassembly text
NOTE: global variable 'lookback' has been removed.
[1] output argument moved to beginning of argument list
q: argument is a qstring
[2] output buffer converted to qstring
[3] added input/output 'insn_t &insn' argument
[4] added input 'const insn_t &insn' argument
[5] added output 'insn_t *out' argument
OutBadInstruction
<removed>
OutChar
<removed>
use 'outctx_base_t::out_char' instead
OutImmChar
<removed>
use 'outctx_base_t::out_immchar_cmts' instead
OutLine
<removed>
use 'outctx_base_t::out_line' instead
OutLong
<removed>
use 'outctx_base_t::out_btoa' instead
OutMnem
<removed>
use 'outctx_base_t::out_mnem' instead
OutValue
<removed>
use 'outctx_base_t::out_value' instead
get_output_ptr
<removed>
init_output_buffer
<removed>
out_addr_tag
<removed>
use 'outctx_base_t::out_addr_tag' instead
out_colored_register_line
<removed>
use 'outctx_base_t::out_colored_register_line' instead
out_insert
<removed>
use 'outctx_base_t::outbuf' directly instead
out_line
<removed>
use 'outctx_base_t::out_line' instead
out_long
<removed>
use 'outctx_base_t::out_long' instead
out_name_expr
<removed>
use 'outctx_base_t::out_name_expr' instead
out_one_operand
<removed>
use 'outctx_base_t::out_one_operand' instead
out_snprintf
<removed>
use 'outctx_base_t::out_printf' instead
out_symbol
<removed>
use 'outctx_base_t::out_symbol' instead
out_tagoff
<removed>
use 'outctx_base_t::out_tagoff' instead
out_tagon
<removed>
use 'outctx_base_t::out_tagon' instead
set_output_ptr
<removed>
term_output_buffer
<removed>
ua_dodata2
<removed>
use 'insn_t::create_op_data' instead
ua_next_byte
<removed>
use 'insn_t::get_next_byte' instead
ua_next_long
<removed>
use 'insn_t::get_next_dword' instead
ua_next_qword
<removed>
use 'insn_t::get_next_qword' instead
ua_next_word
<removed>
use 'insn_t::get_next_word' instead
<added>
can_decode
<added>
create_outctx
<added>
get_lookback
to be used instead of 'lookback'
<added>
map_ea
codeSeg
map_code_ea
*
input arguments changed to either 'const op_t &op' or 'ea_t addr, int opnum'
construct_macro
*
create_insn
*
dataSeg, dataSeg_op
map_data_ea
*
input arguments changed to either 'const op_t &op' or 'ea_t addr, int opnum'
dataSeg_opreg
calc_dataseg
*
decode_insn
*
decode_preceding_insn
*
decode_prev_insn
*
get_dtyp_by_size
get_dtype_by_size
return type changed from 'char' to 'op_dtype_t'
get_dtyp_flag
get_dtype_flag
argument type: 'char' changed to 'op_dtype_t'
get_dtyp_size
get_dtype_size
argument type: 'char' changed to 'op_dtype_t'
get_operand_immvals
get_immvals
*
added 'flags_t' and 'cache' arguments
get_spoiled_reg
*
guess_table class="table table-sm"_address
*
guess_table class="table table-sm"_size
*
out_real
print_fpval
*
showAsChar
print_charlit
*
ua_add_cref
<removed>
use 'insn_t::add_cref' instead
ua_add_dref
<removed>
use 'insn_t::add_dref' instead
ua_add_off_drefs2
<removed>
use 'insn_t::add_off_drefs' instead
ua_mnem
print_insn_mnem
q
*
ua_outop2
print_operand
q
*
added 'printop_t' argument
ua_stkvar2
<removed>
use 'insn_t::create_stkvar' instead
[1] output argument moved to beginning of argument list
[2] input argument changed from pointer to reference
calc_switch_cases
*
*
create_switch_table class="table table-sm"
*
create_switch_xrefs
*
