IDA 7.7
IDA 7.7.211224 December 24, 2021
IDA 7.7 Highlights
iOS15 and macOS 12 support
Apple has made major changes to the internal format of core OS files. In particular, the DYLD Shared Cache (DSC) has been split into multiple parts. Our Mach-O loader and the helper DSCU plugin have been updated to handle this seamlessly. We have also updated our iOS and Mac debuggers to handle peculiarities of debugging in the new OS versions.
Clang-based C++ parser
In addition to the built-in C parser, IDA now supports an additional parser based on libclang. It allows IDA to handle complex, real-life C, C++, and Objective-C syntax found in STL, MFC, Apple's XNU and iOS SDK, and Linux kernel headers. We will also soon provide a command-line version to build your own type libraries - stay tuned!
Thanks to Clang-based parser, now the types from the Boost library can be parsed:
Configuring it is very easy:
Golang improvements
We took our golang analysis to another level. Detection of golang binaries is more robust thanks to the standard startup code detection, and standard library signatures allow you to ignore unimportant functions. We also use more of the rich metadata present in Go binaries:
Functions are automatically grouped into folders by modules. Once you enable folders, these groups will be visible:
\
Reflection metadata is parsed to recover types used by the program
\
The Lock Highlight button now allows you to have multiple permanent highlights in the database, so you can see the important things at a glance.
New icons to easily hide or unhide the listing elements, like functions, segments, etc.
Output window gained an option to enable timestamps making it easier to keep track of the various messages printed there.
Multiple highlights:
Native macOS Dark Mode:
Breakpoint groups:
Two new processor modules were added in this release: Cadence Tensilica Xtensa and the Renesas RX series.
RX processor:
XTensa processor:
Basic type system support has been enabled for all processors, This means that now you can use C syntax declarations for structures and enums via the Local Types editor or by parsing C headers. DWARF types are also imported, when available. FYI, DWARF5, the new version of the debug format, which is the default since GCC 11, is now supported.
RISC-V types imported from DWARF:
We have ported our decompiler to MIPS64. We have also added support for some of the custom instructions of Cavium OCTEON MIPS processors used in advanced network equipment. Currently only n64 ABI is supported for MIPS64. Of course, the existing decompilers also received numerous improvements and fixes. For example, the new extended flow guard (XFG) calls are handled in x64 and ARM64 Windows binaries.
Full list of changes and new features:
Procesor modules:
8051: added configuration for the R8051XC2 core in M5 FPGA by Capital Microelectronics (thanks to Zak Escano)
8051: allow loading binary files without a device selection (thanks to Zak Escano)
ARM: improved function recognition
bochs: added a config parameter HIDE_CONSOLE in dbg_bochs.cfg
bochs: inform the user about the presence of a .lock file, instead of launching bochs that would complain about the wrong img file
debugger: improve stack walking for macos x64
MACHO: support new format of the dyld shared cache split into subcaches (iOS 15, macOS12)
MACHO: disable ASLR slide detection in dyld shared cache by default (use IDA_DYLD_SHARED_CACHE_SLIDE environment variable to set it manually)
PE, COFF: parse and format new FH4 (CxxFrameHandler4) C++ exception tables
FLIRT / TILS / IDS:
FLAIR: go2pat: go obj file to .pat converter for generating Go function signatures
FLAIR: sigmake: added support for signatures with names > 1024 characters
FLIRT: GO: added signatures for the major standard libraries for golang 1.10-1.16 (x64 only)
Standard plugins
golang: add a numerical suffix when a type name already exists (this can happen due to different import paths)
golang: add definitions of some builtin types (string, array, interface, slice)
golang: annotate interface (itab) table
goodname.cfg: simplify names of STL classes in __cxx11 namespace (libstdc++)
ida.cfg: added DEVICE parameter to specify the target device (e.g. ida -pavr -DDEVICE=\"AT90C8534\" firmware.hex)
ida.cfg: added PRIVRANGE parameter to specify the default private address interval (addresses for internal usage) for new databases
Scripting & SDK
IDAPython: added colorize_disassembly_on_the_fly.py example to demonstrate dynamically coloring listing lines (w/o touching the IDB)
IDAPython: added example print_call_stack.py
IDAPython: added IDAPYTHON_IDAUSR_SYSPATH parameter to idapython.cfg to automatically add $IDAUSR/python/[2|3]/ directories to sys.path (enabled by default)
UI: add the shortcut number to the tabs' titles if Alt is pressed for 1 second
UI: added checks in the floating license borrow/retun forms to avoid a problem with decompiler licenses not being returned
UI: added ymmword and zmmword data types to "Setup data dialog" (for processors that support them)
decompiler: add the "Copy" action in the context menu when it's available
decompiler: added PSEUDOCODE_SYNC_XPOS option, to prevent synchronized Pseudocode-* views from scrolling horizontally when navigating in the other view
decompiler: optimize complex conditions by removing useless parts. E.g. x==3 || x!=4 is replaced by x!=4
