IDA 3.x

Highlights

New features in version 3.85 (25/04/99)

1. Disassembler module for H8/300, H8/300L, H8/300H, H8S/2000, H8S/2600 (std)

2. H8 COFF files (std)

3. FLIRT signature for H8 (std)

4. FULL Sony Playstation Support (adv)

5. FLIRT signatures for Sony Playstation files. (adv)

6. FLAIR preprocessor for PSYQ object files. (adv)

New features in version 3.84 Professional (06/04/99)

1. Full Windows CE Support (SH-3, SH-4, Mips, ARM)

2. Disassembler module MIPS Processor (see our processor page)

3. FLIRT for MS Visual C++ 6.0 for Windows CE

4. Preliminary Nintendo 64 loader

New features in version 3.84 (07/03/99)

1. Pentium III support

2. Disassembler module for Hitachi SH-4 / Dreamcast (Professional processor pack)

3. Disassembler module for Atmel AVR

4. plugin architecture

5. hide/unhide - collapse/expand the disassembly

6. unions, bitfields, variable size structures

7. Delphi 2 support

8. several analysis improvements

9. several IDA C improvements

10. several user interface improvements

11. 6809 OS9 system calls

12. several bug fixes

FLAIR Utilities updated (01/03/99)

1. FLAIR Utilities Improved - Delphi and Pascal support added.

New features in version 3.8b (25/11/98)

1. Object Toolkit Pro libraries added to FLIRT

2. the reported bugs were fixed :-)

New features in version 3.8 (09/11/98)

1. the Hitachi SH-3 processor is now supported (extended version).

2. the Intel 80196 processor is now supported (included in the base package).

3. the Zilog Z-8 processor is now supported.

4. complex references are now supported.

5. NetBSD a.out files are now supported.

6. ARM ELF executable are now supported.

7. PowerPC ELF executables are now supported.

8. MakeAlign and GenerateFile have been added to the build-in IDC language.

9. Floating Point emulation instructions are now disassembled.

10. the load file dialog now supports processor type choice and analysis options definition.

11. the video mode can now be changed on the fly

12. the PE loader has been improved to support some virus infected files.

13. bugs have been fixed in the PE loader, in the 68K module, in the structure view, in the Borland name demangler, in the handling of wide ASCII pascal strings and in various other areas.

QNX Loader (01/09/98)

1. Denis Petrov wrote a nifty QNX loader for IDA 3.76

ARM Modules (18/08/98)

1. updated ARM 710a modules for IDA 3.76: allow to force endianness.

Special (07/07/98)

1. Peter Sawatzki releases Delphi 4 FLIRT signatures.

New features in version 3.76 (30/06/98)

1. PowerPC processor support ( activated by the -pppc command line switch )

2. AMD K6-2 3DNow! instruction set support ( activated by the -pk62 command line switch )

3. Pentium II additional instructions support: SYSENTER/SYSEXIT ( activated by the -pp2 command line switch )

4. IDA support for Java classes has been updated.

5. XCOFF file format support AIAFF file format support

6. PEF file format support (BeOS and MacOS)

7. Partial support for Pilot, PalmPilot and Pilot Pro PRC files (the algorithm for the decompression of the data segment is undocumented)

8. VxD modules can now be loaded at the 0xC0000000 address.

9. IDA now supports up to 4096 selectors in a program.

10. IDA now supports Microsoft overlayed programs.

11. Delphi 1 FLIRT standard library signatures have been added to FLIRT

12. IDA 3.76 introduces a special "silent" mode: in this mode IDA warning dialog boxes are not displayed. The warnings are redirected to the messages window. To enter this "silent" mode the user should press the "Silent" button on the warning dialog box. To return to the normal mode the user should execute the Batch(0); IDC function by pressing Shift-F2.

13. Bug fix: an array of words containing a value 0xFFFF followed by any other value could be misrepresented as 2 dup(0xFFFF). This bug was only present in 3.75 and has now been corrected.

14. Bug fix: the 8bit motorola module disassembled some instructions incorrectly. This has been corrected.

New features in version 3.75 (14/04/98)

1. Pascal Flirt Support and Delphi have been greatly enhanced.

2. Pascal string handling and recognition is now fully automated

3. NT DBG files are now supported.

4. fxsave and fsrstor instructions are now supported (Intel Deschutes)

5. Perl-like hash manipulation functions have been added to IDC

6. IDS files can now be used to describe functions recognized by FLIRT

7. other minor changes (menu structure, etc...)

Pascal and Delphi FLIRT Support (17//03/98)

1. Nick Pisanov gave us Pascal Flirt Support

2. Peter Sawatzki gave us Delphi 3 Flirt Support (this is a link to Peter's site)

New features in version 3.74b (02/03/98)

1. TMS320C6x DSP support

New features in version 3.74 (15/02/98)

MAJOR FEATURES

1. small embedded 80x86 assembler

2. regular expression searches

3. ARM 7xx processor support

MINOR FEATURES

1. IDC: GetInputFile() - returns name of the input file.

2. IDC: Exec(cmd) - executes OS command.

3. Interface : text selection behaviour has been modified.

New features and bug fixes in version 3.7

MAJOR FEATURES

1. functional color highlighting

2. stack variables

3. symbolic constants (enums) support

4. C++ demangled names (Borland, MicroSoft,Watcom)

5. ELF format files

6. compressed NLMs support

7. unicode strings

8. new processors : 6301, 6809

9. multi-pass analysis

MINOR FEATURES

1. onload.idc is executed when a new file is loaded

2. IDC: array manipulation functions have been added

3. IDC: AskFile() function have been added

4. IDC: PatchWord() and PatchDword() functions have been added

5. IDC: the IDCPATH environment variable may point to the directory containing IDC scripts. By default IDC scripts are kept in the IDC subdirectory of the base IDA directory.

6. ida.cfg: MangleChars and SubstChar are introduced to allow the creation of mangled names. You are now free to define names containing unusual characters such as "%()[]" which are used in C++ mangled names but are prohibited in normal identifiers. IDA will replace them with 'SubstChar' at display time.

7. operand types: all commands that change a type of an operand now can modify all operands in the selected area.

8. names with reserved prefixes cannot be used in structs and enums anymore.

9. IDA now supports offsets to struct members.

10. format of IDS files is changed.

11. data and ascii strings can be defined with the Alt-D and Alt-A keys : they allow you to choose the exact type of data or ascii string.

12. alignment directives are supported

13. user-defined offsets are supported: offset base can be specified manually.

14. the autoanalysis can now be totally controlled.

Bug Fixes

1. The bios comments database is now opened in the correct R/W mode.

2. 8051 & 680x0: relative addressing mode is fixed

3. 8051 @dptr addressing mode was lost. This has been corrected.

4. 68xx jmp and jsr instructions generated data reference. This has been corrected.

5. COFF: the entry point was not properly calculated for some executables. This situation has been corrected.

6. In some cases, instructions disappeared from the disassembly if the previous instruction had a fixup information and was analysed at load time. This occured rarely.

7. PE files: sometimes the .idata section contains import definitions and additional data. IDA only kept import definitions. IDA's behaviour can now be controlled through the "load file" dialog box and IDA checks that no useful information is discarded.

New features and bug fixes in version 3.64

Version 3.64 is free to all users of 3.5 and above.

MAJOR FEATURES

(3.64) Standard Library Recognition

The following compilers are supported in this release, new compilers will be added regularly.

• Aztec C v3.20d

• Borland C++ for OS/2 v1.0

• Borland C++ for OS/2 v1.5

• Borland C++ for OS/2 v2.0

• Borland C++ v2.0

• Borland C++ v3.1

• Borland C++ v4.0

• Borland C++ v4.5

• Borland C++ v5.0

• Borland C++ v5.01

• EMX (GCC) for OS/2 v0.9b

• IBM C Set v2.00

• IBM C Set v2.01

• IBM C Set v2.10

• Lattice C v3.30

• Metaware High C for OS/2

• Microsoft C v5.0

• Microsoft C v6.0

• Microsoft C v7.0

• Microsoft Quick C v1.0

• Microsoft Quick C v2.01

• Microsoft Visual C++ v1.0

• Microsoft Visual C++ v1.5

• Microsoft Visual C++ v2.0

• Microsoft Visual C++ v4.0

• Microsoft Visual C++ v4.1

• NDP C v4.2

• Optima v1.0

• Symantec C++ v6.0

• Symantec C++ v6.1

• Symantec C++ v7.2

• Turbo C v2.00

• Turbo C v2.01

• Turbo C++ v1.01

• Visual Age C++ v3.0

• Watcom C++ v10.0

• Watcom C++ v10.0b

• Watcom C++ v10.5

• Watcom C++ v10.6

• Watcom C++ v9.01d

• Watcom C++ v9.5

• Zortech C++ v1.0

• Zortech C++ v3.1

Special

• MicroSoft Foundation Classes

• Vireo VToolsD

(3.6) 32-bit Windows native disassembly environment (console)

(3.6) Java support (and ZIP support)

(3.6) Motorola 8bit processors are now supported.

• Motorola MC6800

• Motorola MC6801

• Motorola MC6803

• Motorola MC6805

• Motorola MC6808

• Motorola MC6809

• Motorola MC6811

IMPROVEMENTS

(3.6) 64MB programs can now be disassembled.

(3.6) OMF libraries are now recognized and modules can be extracted and disassembled.

(3.6) CEXTDEF records in OBJ files are now handled properly.

(3.6) improved recognition of data segment for DOS executables.

(3.6) COFF : the C_NT_WEAK storage class is now handled.

(3.6) OS/2 Merlin chained relocation records are now handled properly.

(3.6) the following sequence has changed: dd -> float -> dq -> dt

(3.6) jump tables are now analyzed faster.

(3.6) the generation of map files has been improved.

(3.6) It is now possible to define the following environment. variables.

IDASGN points to the signature directory. IDAIDS points to the IDS files directory.

(3.6) the environment variable IDA_PAGESIZE now defines the page size for newly created databases. The default page size is 4096. Pagesize should be power of 2. You may want to increase the page size if you hit limit on the number of chunks when loading an .OBJ or NE file. Judicious use of this variable now allows the disassembly of files of virtually any size.

(3.6) the -b (program base address) switch now understands 32bit addresses.

(3.6) binary search is now faster.

(3.6) interface enhancements : CTRL-ENTER and BACKSAPACE allow fast lookups in the viewer. Data Items can now be defined massively. ALT-T and CTRL-T allow fast searches in the list viewers.

(3.6) dozens of minor enhancements.

BUG FIXES & CORRECTIONS

(3.6) data xrefs can now be deleted manually.

(3.6) a bug with jcxz instruction in huge 32bit segments has been fixed.

(3.6) a bug has been fixed in the IDC interpreter: 16bit numbers at page boundaries would be read incorrectly.

(3.6) a laoding problem with some NE files has been corrected.

(3.6) version 3.53 would exit with a "heap corrupt" message when loading a 3.04 database.

(3.6) the loopw instruction was incorrectly disassembled in huge 32-bit segment. This has been corrected.

(3.6) The Borland v5.01 ctime() function has a bug that sometimes caused IDA to crash. This has been fixed.

(3.6) dozens of minor fixes.

New features and bug fixes in version 3.53

Version 3.53 is free to all users of 3.5 and above.

Enhancements

• IDA tries the file extensions specified in IDA.CFG in order to open the file to disassemble.

• Ctrl-KB/Ctrl-KH may now be used for block marking/unmarking.

• The name of the file being disassembled is displayed in the title bar of the message window.

• The COFF format handling has been slightly improved.

• The name of the disassembled file is displayed in the "produce output file" dialogs.

Corrections

• The 32-bit IDA versions crashed trying to generate a .MAP file.

• IDA crashed if more than 50 segments were defined in a group (object files)

• The tails of very long names (>32 chars) are displayed in the names list (Ctrl-L) after the addresses column.

• IDA crashed attempting to display xrefs to a very long name (more than 79 characters)

• Object files: a loading error is fixed: in 32-bit object files the self-referenced relocations were resolved incorrectly if a symbol was declared as external and public at the same time.

• IBM PC: the "large" keyword was used when it was not necessary (new versions of TASM issued warning)

• The indicator displayed READY during the creation of an asm/lst output file.