IDA 4.x
New Features in version 4.50 (12/02/2003)
Windows PE Integrated debugger
Processors
new processor: Intel xScale
new processor: Mitsubishi M32R (Professional)
new processor: Mitsubishi MELPS740
new processor: Mitsubishi M7700 family (Professional)
new processor: NEC 78K0 (Professional)
new processor: NEC 78K0S (Professional)
new processor: Fujitsu FR family
new processor: STMicroelectronics ST9+ (Professional)
IBM PC: borland RTTI-templates with GUID are supported
IBM PC: rep prefix is used when the Intel manual says it should be
IBM PC: the current compiler is taken into account when using the __fastcall calling convention (before only Borland was supported)
IBM PC: better handling of indirect calls (mov offset func-add-call is detected)
ARM: call sequences like "mov lr, pc; ldr pc, something" are recognized by ida and don't interrupt the execution flow
ARM: SUB Rx, PC, #imm is replaced by ADR Rx, label; ARM module is commented
ARM: stack variables are supported
ARM: option to disable pointer dereferencing is added
AVR: better configuration file; config file management is improved
AVR: interrupt vectors are supported
AVR: EEPROM file extension by default is BIN
MIPS: memory mapping is supported
PowerPC little-endian mode can be specified by the user
MC68K: respect the user-defined offsets for o_mem and o_near addressing modes
ST7: new config file
File Formats
COFF loader sets up the default data segment (better analysis)
better recognition of VxD driver files
HEX: added support of extended segment information record type
PE: better support of invalid files
PE: FS and GS register values are set to unknown at the loading time
PE: If the debug information is corrupted (in packed files, for example), IDA doesn't die but gracefully skips it
PE: section permissions are loaded into the database
LX: IDA always uses "metapc" processor and ignores the processor type specified in the file header
PSX object files: additional fixup record types are supported (26 and 30)
PSX object files: ida knows how to skip record type 60. We still don't know what this record type means, but at least we can load files with this record present.
Memory dump loader: now it accepts dumps with one digit per byte
Mitsubishi HEX file extended address records are supported
palmpilot loader: better check of time stamp
New XBE file format is supported
stricter check of PalmPilot files
the pdb plugin has been rewritten (requires VC++ to be compiled)
User Interface
flow chart: option to print block labels
'jump in a new window' command added in context and main menus
'jump to file offset' command
new command: move a segment which allows to move an existing segment to another address
it is possible to hide/unhide arbitrary regions
command to toggle leading zeroes on a number
value of an enum member can now be changed
graphs: now supports recursion depth
new dialog box to easily assign structure offsets/union paths to a selection "en masse"
previous & next drop-down menus for navigation stack (as in the Internet Explorer)
options in 'Browser' to set maximum lines & auto clean of upper items
cursor for search/auto-analysis in the navigation toolbar + associated color option
customizable background color for memo hints (Options -> Colors 1)
hexview: better handling of highlight-background combinations
hide/unhide all now works on functions, structs & enums for GUI & TXT
highlight the problematic line in a 'problem hint' on the navigation toolbar
hints on "Address" & "Called function" columns in callees
hints on hidden functions, structures & enumerations
hints on navigation toolbar (on stars, after a search)
hints on structures in a struct window
hints on xrefs in a struct window
hints on xrefs now print preceding lines and highlight the destination name
input text fields are in Courier font
jump commands (using the lists in the search toolbar) now open a new disassembly window if needed
xrefs in structure and enumeration windows are not displayed because they confuse the users
notepad now automatically popups at start if it was saved as opened in the database
register hints now print the associated comment
the function prototype is linked to the function stack argument definitions
the input database name is displayed in the title bar
the welcome dialog box can be resized
ida displays the welcome form is the input file is not specified in the command line
user defined graphs: option to print function comments (use the same color as regular comments)
desktop/top commands added to tabs popup menu
the 'show flags' command displays all information about the structure members
faster arrows management
ida runs faster
Kernel Improvements
new switch -o to specify the output database from the command line
WinCE: several IDS files were updated/added
FLAIR: plb supports wildcards in the file names
c parser: multiple byte character constants are supported
c parser: better handling of pointer modifiers; several bugs are fixed
ida looks for the referenced DLLs in the input file directory
it is possible to autoload a til file when a dll is referenced (see ids\idsnames)
vc6win.til is not loaded for pe files with subsystem==native (usually they are system drivers and they don't need vc6win.til)
the annoying "can't add structure member cx" message removed
the default loading address for all file types is 0 (this can be overridden by the file format)
ids files with '-' is idsnames do not prevent the kernel from using the corresponding dll from the system directory
IDC and SDK
IDC: GetFloat(), GetDouble() functions are added
IDC: GetOriginalByte() function is added
IDC: GetStringType() function
IDC: descriptions of NextHead, PrevHead, AskFile IDC functions are updated+ IDA environment variable is not required to build modules anymore
added comments about filling the op_t structure; fixed some typos in netnode.hpp
COLOR_INV is added
hidden plugins are supported: PLUGIN_HIDE flag is introduced
idaw choose() function respects the batch mode
negative buffer sizes are handled properly (str2user, user2str, pack_ds)
new function flag FUNC_BOTTOMBP. It means that the frame pointer is equal to the stack pointer in the function and it points to the bottom of the stack frame.
ph.flag PR_CHK_XREF: don't allow near xrefs between segments with different bases. This flag is used for IBM PC only.
read_ioport_device() function reports about configuration files with no devices
renamed FIXUP_PTR32->FIXUP_PTR16, FIXUP_PTR48->FIXUP_PTR32
the user-defined data supplied to linearray_t is documented in kernwin.hpp
up to 16 source files for plugins
setBreak() function is added
the processor extension callbacks are called for all instructions, not only when cmd.itype >= CUSTOM_CMD_ITYPE
find_ioport_bit() returns NULL is the bit name is NULL
rebase_program() is added. This function allows to shift the whole program in the memory. Since rebasing the program involves correcting the relocated bytes, the file loader takes part of the job. File loaders may have "move_segm" callback functions now.
now a good behaving procesor module handles the ph.move_segm event
numop2str(): output instruction operand with optional leading zeroes; is_lzero(),toggle_lzero() to modify the display of leading zeroes; inf.s_genflags introduced; atoa, b2a32, b2a64, b2_width function parameters has been changed
move_segm_start(), set_segm_start(), set_segm_end() may destroy the adjacent segment if necessary; ADDSEG_QUIET flas has been added
new type of segments: SEGM_DEBUG. Used in the debugger.
get_sourcefile() function prototype has been changed. Now it returns the range information.
hidden_area_t and functions to work with it are introduced
byteValue() function is renamed to _byteValue(); this function should not be used anymore if possible. The reason is that it works only with 8-bit processors and doesn't take into account possible debugger side-effects.
Bugfixes
BUGFIX: MIPS R5900 madd/msub instructions were not disassembled
BUGFIX: C166: ida would create strange references if the first segment of the program was not loaded at the address 0; .end start would display garbage if there was no start address
BUGFIX: ARM switch jumps were recognizied only for R0BUGFIX: Intel HEX files could be loaded incorrectly
BUGFIX: MS DOS executables with the entry point at FFF0:0100 are loaded correctly
BUGFIX: Amiga: zero sized hunks caused problems
BUGFIX: COFF: skip .stab* debug information sections
BUGFIX: IDA would fail to load some invalid PE filesBUGFIX: "Create"/"Edit" (purged bytes)/"End of" function actions are now updated properly
BUGFIX: can now rename a register for one instruction
BUGFIX: can now rename everywhere (externs, ...)
BUGFIX: copy to clipboard from the list views could hang
BUGFIX: correct work on multiple monitor desktops
BUGFIX: cursor disappearing if using CTRL-TAB
BUGFIX: hints on local labels weren't always highlighted
BUGFIX: ida could crash if several standard enums were added without uncollapsing them
BUGFIX: ida would go to the top of the screen during analysis even if it was put to the bottom (z-order)
BUGFIX: if the messages window was minimized to invisibility, then the next start of ida would not display messages on the status bar.
BUGFIX: infinite scrolling enum window
BUGFIX: it is impossible to rename a register to another register name
BUGFIX: it is possible to open xrefs window even the current item has no xrefs
BUGFIX: it was impossible to use the function name at the function header to double click, jump to xrefs, etc. if the name contained undisplayable characters (ibm pc, mips, mc68k)
BUGFIX: navigation toolbar not updated once displaying after undock+hide
BUGFIX: opening a database without closing the current one could leave the names, functions, or strings window unopened even if they should have been opened for the new databases; this could also lead to a crash
BUGFIX: pressing the down arrow of the scrollbar now stops once no more lines
BUGFIX: the collect garbage flag would stay once set until ida exits
BUGFIX: the width of the ordinals field in the "jump to entry point" was 3 positions which was not enough to display big ordinals. made it 8.
BUGFIX: window98 resources were depleted fast
BUGFIX: "jump to the beginning" with home-home-home key was not working if used twice with "jump to address" in between
BUGFIX: after repeatedly closing/opening the structs/enums window the renaming of a struct/enum member could lead to an access violation
BUGFIX: no more "list index out of bounds" message if the number of columns in a chooser changedBUGFIX: type specification was printed incorrectly: int (*fnc1(void))[5];
BUGFIX: some borland thunk mangled names were not demangled
BUGFIX: truncated names from gnu compiler would cause problems during demangling
BUGFIX: verification of the new manual operand would fail for 32-bit operands if the old operand didn't have a segment register and the new one has
BUGFIX: unions were not displayed in the list of standard structures
BUGFIX: IDA was marking the return instructions of some functions as "unknown_libname"
BUGFIX: it was not possible to disable the plugin hotkey
BUGFIX: pcf was not detecting coff files properly
BUGFIX: autoload vc6win.til only for IBM PC PE filesBUGFIX: IDC function GetSegmentAttr() was broken
BUGFIX: refresh the screen after IDC scripts
BUGFIX: manual execution of VXD.IDC could hang ida
BUGFIX: qmakepath() could generate file names with several backslashes in them
New features in version 4.30 (05/08/2002)
User Interface
major improvements, too many changes to list, MDI, context sensitive toolbars, more standard looks.
Processors
ARM Architecture Version 5E (Enhanced DSP) instructions are supported, FLIRT signatures and type information files have been added.
Motorola 6812: many new chip types are supported, memory configurations can be specified
File Formats
Improved support of PSX object files.
Improved support of EPOC files.
Borland extensions for DMPI to PE executables are supported
ELF machine type 6 is supported
Kernel
The stack tracing algorithm is improved
Type libraries are regenerated: they are smaller
Improved FLAIR utilities (added ELF support for IBM PC)
Bugfixes
Fixed a bug in PIT: all stack parameters were shifted by 4 for indirect calls
IA64: brl.cond.dptk.few instruction caused an internal error
the list of xrefs to a stack variable could contain wrong data items (only instructions can be in this list)
fixed bug in set_de (some standard enumeration declarations were wrong)
TMS320C6: several bugs are fixed (ACR/ADR, B reg src2)
Better handling of stack references to the saved registers area: bp-based frames are not modified because of this
PowerPC: wrteei instruction was disassembled incorrectly
Some enumeration constants in the type libraries could have incorrect values
IDA would lose some variable names if more than 1000 very long variable names were defined (1KB long names)
If the last symbolic constant of the last enumeration was not the only symbolic constant in the enumeration and its value was equal to -1, then it would not be displayed in the enumeration definition
New features in version 4.21 (19/04/2002)
Processors
Trimedia (upon special request only)
TMS320C55 (Professional). All documented instructions are supported
the PIC processor module offers better analysis of bank switches
8-bit Motorola : many new chip types are supported, memory configurations can be specified
C166 (Professional): many more chip types are supported, memory configurations can be specified
F2MC : many more chip variants are supported, memory configurations can be specified
Z180 configuration files have been added
IBM PC: memory references with the sib byte can be converted to offsets.
ARM: pseudo-instructions can be turned off (ret)
File Formats
Intel OMF386 is added
EPOC6 import ordinals are supported
User Interface
xrefs from/to code,data,externals
user-defined graph (various options)
highlight current addresses in graph (blue by default)
The Search Toolbar now allows to search incrementally for text, names, functions, addresses, etc.
Hovering the mouse over a label displays a hint with the instructions/data at that label
The Rename command is available only if the cursor is either on a valid identifier or address or at the beginning of the list (to the left of the instruction mnemonics)
Direct conversion to code/data without intermediate step of undefining the existing item. Use the options dialog box if you want to customize this behaviour.
Improved highlighting of identifiers. The highlight color can be changed
The listbox and messages window contents can now be copied to the clipboard
Unhide all functions
Names: ask confirmation to delete a name from the list
In the structures window it is possible to jump to the desired structure using the "Jump by name" command. The hotkey is Ctrl-L. The same command is available in the enumerations window.
Welcome box:
delete removes previous projects from the list
hovering over the project now displays the full name of the file
It is possible to specify the number of bytes purged for the imported functions (through Edit->Function)
A command line window can now be used to enter IDC commands: (IDAGUI.CFG, DISPLAY_COMMAND_LINE should be YES to activate this).
Immediate help on an IDC function
Text version: a local clipboard is added to the dialog forms. (Ctrl-Ins - copy, Shift-Del - cut, Shift-Ins - paste, Ctrl-Del - delete).
Kernel Improvements
Better demangling of Borland C++ names, including the templates. Since there is no way to distinguish the new and the old naming schemes, now IDA tries both methods. This can sometimes lead to wrongly demangled names.
Borland CBuilder v6 FLIRT signatures are added
Bug Fixes
For some PE files, the exported function names were missing.
Negative 16-bit structure offsets with non-zero delta would be displayed wrongly.
Structures with embedded unions aligned to 8 bytes could have wrong member offsets.
IBM PC: if "Allow references with different segment bases" was set, then the complex offset expressions would have wrong values.
OS/2 version was broken.
OMF COMDEF far records were processed incorrectly.
Negative 8/16-bit values were badly represented as enumeration constants. The logic has been changed to make it easier to handle
Binary files for wide byte processors (line PIC16) were not loaded completely.
H8/500: 16-bit jumps in the page different from page0 would still refer to the page0
H8/500: the values segment registers BR and DP are used and stored
COFF 386: IMAGE_REL_I386_SECREL relocation type is supported
It was possible to scroll past the end of the disassembly listing using the mouse wheel
Some kinds of corrupted PE files are loaded better than before
Some segment:offset address expressions were parsed incorrectly
It was impossible to create local labels with data references
get_screen_ea() was broken.
IDA PIC Limited Edition
A reduced price version that offers all the power of IDA for the PIC family of microcontrollers only. (14/03/2002)
New features in version 4.20 (19/12/2001)
Processsors
TMS 320C54xx
The Motorola 8/16-bit processor modules (except 6812) now support configuration files with the memory, interrupt vector, and I/O port definitions. See files named 68xx.cfg. Currently only 6805.cfg and 6811.cfg are available and other files will be made available later.
The C166 module displays an information box explaining about the memory mapping feature present in the Options, General, Analysis,cessor specific options.
File Formats
Microsoft.Net Beta2 files are supported.
Stricter check for RT-11 SAV file format. The file extension should be "SAV". There were too many false recognitions.
PE files: IDA now recognizes TLS callback entries and properly comments them.
ELF files with destroyed SHT are supported.
Interface
Arrows: The graphics version displays the execution flow in the form of small arrows to the left of the disassembly text.
IDA starts to scroll the window without waiting the cursor to reach the window top/bottom. Also it is possible to scroll the window by using Ctrl-Up, Ctrl-Down arrows.
Shift-Enter or Shift-DoubleClick selects the current identifier.
Edit, Function, Rename register: Register renaming definitions start at the cursor position and last up to the next definition. The address range of the existing definition is automatically truncated at the cursor position.
Kernel Improvements
The function boundaries are automatically changed if an item overlapping it is created.
the LoadSym.Idc has been improved to work with dbg2map and mapsym
Bugfixes
ARM BX instruction was not disassembled.
TXT version: Ctrl-Up, Ctrl-Down and other keys were not recognized as valid keycodes.
PPC ELF R_PPC_EMB_SDA21 relocation type is handled differently. Since there is not enough documentation, this could still be wrong.
Motorola movec instruction wouldn't be disassembled if an unknown control register is present in the instruction
delphi.sig doesn't load bcb5win.til anymore
TXT version: Ctrl-N was not working in the Enumerations window
H8 in the advanced mode would use 32-bits for the @aa:8, @aa:16, @aa:24 addressing modes
IDA under Windows could crash if "comment ascii references" was on
Motorola 6805 brclr/brset/bclr/bset syntax now conforms regular conventions
IBM PC: redundant rep/repne prefixes were in the wrong order
Enumerations window: the text search could fail if there was only one defined enumeration
netnode::getblob could return nonexistent blob
TMS320C6 module could crash is a specific illegal opcode is encountered (ldb.d2 *+b14[35], b1 with 'dst' field bit 0x10 set)
It was not possible to expand a variable sized structure just before its last member
New features in version 4.18 (19/10/2001)
Processsors
Fujitsu F2MC-16L and F2MC-16LX (Professional version).
PIC12xx , PIC14xx, PIC18xx processors in addition to the already supported 16xx family. (Starter version)
Intel 960 module enhanced: FLIRT and types are supported I/O port names are added to i960.cfg
W65C02S support has been added to the 6502 module.
File Formats
the PDB plugin recognizes the Windows XP SymDia symbols. Thanks to Mark Russinovich for the contribution.
OpenBSD aout files are supported
COFF files for Intel 960 are supported
ELF AR libraries are supported
Interface
a new window listing callers and callees is available.
Wingraph 32 can now print.
Zooming in and out on graphs can be controlled by the mouse.
a small notepad has been added. The notes are saved and opened each time the database is reloaded.
IDA is now able to check for the availability of updates and warns when the free update period is about to expire.
Patching has been removed from the default installation but can be activated by the DISPLAY_PATCH_SUBMENU option.
'Undefine' now warns before proceeding. this option can be turned off by the CONFIRM_UNDEFINE_COMMAND parameter in the IDAGUI.CFG or IDATUI.CFG files.
Kernel Improvements
Enhanced recognition of the function calling conventions.
Floating point numbers in the instruction operands are supported
Slightly improved vc6.til file.
Automatically resize the saved registers area in the function frame if there is a reference into the area from the function body.
New linux system calls are recognized by IDA
Bugfixes
ARM BX instruction was not disassembled.
The last character of unicode strings would be missing sometimes for the big endian processors.
MC6811 LDA instructions would create 16-bit data item.
IDA would miscalculate the program end after loading binary files
"rename stack variable" at place would rename a wrong variable
Uninitialized array elements with the specified width would not be displayed
A plugin that opened a non-modal window would be unloaded at the exit before having chance to clean up the window, which would lead to a crash
A bitfield with one member equal to -1 mask -1 could not be converted into a normal enumeration.
New features in version 4.17 (22/06/2001)
Processsors
Intel 960 support
ST20/C2-C4 support
.Net module improved
DEC Alpha processor improved and supports the type system. Thanks to Ahmon Dancy for help.
PowerPC module improved
File Formats
IDA can now load hexadecimal and octal memory dumps in free format. (A set of heuristics is used to recognize and load such files) .
Mach-O executable files are supported. (The relocation information is ignored for the moment.)
Microsoft X-box XBE files are supported. (However, the module may not cover all possible file format particularities).
Compaq Tru64 dynamic loader information is supported.
Interface
external graphing module displays functions flow charts..
Array element indexes can be displayed as comments
The MakeAnyName (Ctrl-N) command is removed. The MakeName command is enhanced to handle all cases.
The Welcome dialog box is improved and keeps track of several previous disassemblies.
The GUI version has a Strings Window which contains all string constants present in the program.
GUI version: Alt-Enter = go to address in a new disassembly window.
GUI version: a special hotkey to create unicode strings can be assigned. See the IDAGUI.CFG file, the parameter name MakeUnicode.
GUI: the RAM/ROM sizes and addresses can be specified for binary files if the processor module doesn't handle it automatically.
Kernel Improvements
New configuration parameter: ASCII_SAVECASE. If set, then IDA will preserve the case of the string contents when generating the string name.
Public global variables with anonymous structure or enumeration types are supported by the type system.
Bugfixes
IDA would crash if the database was saved when the IDAView-A window was closed.
Microsoft.Net: the closing curly brace was missing for the classes with some fields but no methods.
the text version would crash if the analysis options were accessed from the "load file" dialog box.
Sparc V8 fmovs/fnegs/fabss instruction couldn't be disassembled.
C166 bmov/bmovn/bxor/band/bcmp instructions had the operands swapped.
it was not possible to declare a structure member as an enumeration type.
ST-20 module disassembled nfix prefix incorrectly.
in some rare cirsumstances the sizes of the standard structures would be calculated incorrectly. This would render the structure definition useless and would make impossible to import it into the database.
IDA wouldn't work on very old Win95 boxes due to GetFreeDiskSpace problem.
Some processor-module specific dialog boxes could crash IDA.
Java module was badly broken.
An empty "if(1) {}" statement would cause a stack overflow in IDC runtime.
An error message in IDC parse is fixed. Before it would say: Compilation error: longname.idc,1: Too long identifier '(null)' without displaying the variable name.
Java module wouldn't show the instruction opcodes.
Hitachi H8S @aa:16 addressing mode was not sign extending the 16-bit address
It was not possible to add a standard structure which consisted of one anonymous field (an example: the Visual C++ VARIANT structure).
IDA would exit with the "empty type name" message if a global variable with an anonymous type is encountered in the program .
New features in version 4.16 (22/03/2001)
Intel Itanium IA64 support (Professional).
Microsoft.Net CLI (Common Language Infrastructure) support (Starter).
Motorola 68HC12 support (Starter).
Register argument type propagation is implemented. It can be turned off in the kernel analysis options 2.
Plugins can hook to the processor and kernel events.
Plugins can be written in either Visual C/C++ or Borland C/C++.
Processor extension plugins can be used to add instructions to processor modules.
IDA's interfaces with the external world have been redefined.
Unicode strings are recognized even if the default string type is "zero-terminated C string". This behaviour can be turned off using the analysis options. The terminating zero is included in the unicode strings.
Enumerations can have several symbolic constants with the same value.
128bit operands and data items can be displayed (only binary and hexadecimal formats are supported for the moment).
MFC IDS files are improved: number of purged bytes are added into the function descriptions.
Linux system call numbers (int 80h) are commented properly.
Backups of the databases can be created.
User-defined line prefixes can be defined. See a sample in the SDK to learn how to use it.
ELF Playstation 2 loader is improved.
ELF H8 files are supported.
PE files: TLS directory information is taken into account; new delayed import tables are supported (Characteristics & 1)
PE files: it is possible to load files to arbitrary addresses using the manual load feature.
IBM PC: Pentium 4 instructions are supported.
IBM PC: redundant instruction prefixes are supported.
IBM PC: AMD syscall/sysret instructions are supported.
SPARC: the type system is supported. The type propagation is not implemented yet.
SPARC: the SPARC assembler is now supported. (special thanks to Ahmon Dancy)
SPARC: some minor bugs are fixed, Sparc assembler is supported.
SPARC: architecture V8 in addition to V9 is supported.
PowerPC module is improved: jump tables are recognized, lis/addi pairs are more aggresively converted to offsets
H8 module is improved: jump tables are recognized
C166 module is improved and several bugs are fixed. Thanks (again) to Ahmon Dancy for the information
UNC file names are supported
Many small interface enhancements
Instruction opcodes are not displayed on xref/public lines.
GUI: a fully synchronized scrollable hex viewer has been added.
GUI: column widths in the list boxes are remembered
The "Mark variable" command is removed.
BUGFIX: IBM PC: movhps/movlps instructions were disassembled as movhlps/movlhps for opcodes 0F, 13 and 0F,17.
BUGFIX: IDC.IDC: some macro definitions would cause syntax errors.
BUGFIX: Text version: an attempt to exit with some "find all" windows open would crash IDA.
BUGFIX: GUI version: in some rare circumstances the first item of the sorted lists would refresh incorrectly.
BUGFIX: some bugs in the type system are fixed.
BUGFIX: It was not possible to declare some standard structures.
BUGFIX: MAP files for PE files sometimes had incorrect segmentation information.
BUGFIX: Intel 8051: 24-bit addressing was good only for ecall/ejmp instructions.
BUGFIX: The stack argument type propagation could hang on functions which access their stack without allocating it.
Update to 4.15 (10/01/2001)
We have added support for the Pentium 4 new instructions.
New features in version 4.15 (02/12/2000)
Feature : CodeView NB11 debug information support
Feature : Struct offset deltas are supported. They allow to convert, for example, mov ax, 3 to mov ax, mystruct.field5-2
Feature :stack argument information propagation. (Since this feature is somewhat experimental,it can be turned off in Analysis options, Kernel options 2).
Feature : MakeArray command will now attempt to create an array even when some array elements are already defined as data items.
Feature : some find dialog boxes allow to find and display all occurences of the desired instructions.
Feature : MC86xx: enhanced operand type support (offsets, enums, stack vars, struct offsets can be applied to any complex operand)
New processor PROFESSIONAL : Siemens C166 and family ( C161 C161V-L16M, C161K-L16M, C161O-L16M, C161RI-L16M, C161RI-L16F C163 C163-LF, C163-L25F, C163-16F25F, C164, C164CI-8EM, C164CI-8RM, C165, C165-LM, C165-L25M, C165-RM, C165-LF, C165-L25F, C166, SAB80C166-M, SAB80C166-M25, SAB83C166-5M, SAB83C166-5M25, SAB88C166-5M, SAB80C166W-M, SAB83C166W-5M, SAB88C166W-5M, C167, C167-LM, C167S-4RM, C167SR-LM, C167CR-LM, C167CR-L25M, C167CR-4RM, C167CR-16RM, C167CR-16FM )
New processor: Starter : SGS-Thomson ST7, SGS-Thomson ST20
Improved processor : MIPS : MIPS16 encoding is supported
Improved processor : PIC : port mapping like STATUS as at addresses 3, 83, 103, 183 are supported, PCLATH register is traced (see the segment registers), all modifications of PCL register are taken into account.
Improved Processor : AVR: MegaAVR new instructions are supported. Thanks to Chris Dalla for information.
Improved Processor : MIPS r5900: parallel shift and SA register instructions are added
FLIRT: ELF preprocessor is added. Currently it supports only MIPS processor
GEOS loader takes into account the uninitialized data segment, knows about the process class and the structure of the exported entries
GEOS standard types are supported
BUGFIX: Motorola 68K module would crash in response to Alt-R, Ctrl-S, etc.
BUGFIX: The script toolbar would contain references to bad IDC script names
BUGFIX: MIPS R5900 processor was not available from the load dialog box
BUGFIX: IDA would use metapc as the default processor for all except the first file opened in the gui environment regardless of the DEFAULT_PROCESSOR parameter in IDA.CFG
BUGFIX: some flavors of PIC HEX files were incorrectly loaded
BUGFIX: it was not possible to delete items from the problem list using the Del key.
BUGFIX: some MIPS R5900 instructions were not disassembled
TXT version: the search direction indicator was not refreshed immediately after a direction change.
TXT version: the text version confused the "manual operand" and "text search" commands.
New features in version 4.14 (27/09/2000)
New Processor : Motorola 56K DSP
New Processor : Motorola ColdFire
PowerPC Embedded Controller Instructions have been added to the PPC module
New Processor : H8/500
New Processor : Z80 derived Gameboy Processor
Preliminary version of R5900 processor support (Sony Playstation 2)
ARM architecture version 5 support
GEOS executables are supported
PIC: now pic.cfg can be modified for different devices
EPOC SIS files are now directly supported.
PPC: Loading of LinuxPPC executables is enhanced
A "program navigator" band is available in the GUI version
All list viewers have been enhanced to support sorting.
Structs/enums can be hidden/unhidden with +/- hotkeys
The state of the script toolbar is saved between sessions.
New TIL files have been added to the type system.
Zero constants with one bit masks are allowed in the bitfields. For example:
defines 2 states of a one bit mask.
The user name is saved in the database.
Parameters names derived using the type information are automatically changed when the function declaration is changed.
IDA can mark the boundaries of the basic blocks by inserting an empty line after them. A basic block is a sequence of instructions with no jumps to/from the middle of the block.
PE: Forwarder exports are supported.
IDC: the recursion depth can be changed using IDC_CALLDEPTH and IDC_STACKSIZE parameters in IDA.CFG
IDC: new function SetStatus(). This function allows the user to change the IDA status indicator (green, yellow, red)
BUGFIX: COFF PC: 32bit offsets to 16bit segments are handled properly
BUGFIX: disassembling a WDM driver with unknown VxD/VMM calls could crash IDA
BUGFIX: it was not possible to use predefined structures with anonymous fields, e.g. the SYSTEM_INFO structure was not available in the disassembly
BUGFIX: movem instruction with pc-relative addressing mode from memory to register would not disassemble (Motorola 68k module)
BUGFIX: IDA would crash trying to load some watcom executables.
BUGFIX: sometimes it was not possible to create the .align directive at the very end of a segment.
BUGFIX: the return size of the function stack frame was unchangeable even when the function return type (far/near) was changed.
BUGFIX: In some special circumstances local variables would get wrong names from the type libraries (the first 2 characters would be missing).
BUGFIX: 6809 leax instruction pc-relative mode used the wrong target address.
BUGFIX: the enumerated dummy names count could be wrong is some curcumstances (for example, there could be 2 labels "loc_55").
BUGFIX: some virus-tainted PE files would not load.
BUGFIX: "produce diff file" would hang IDA in some circumstances.
BUGFIX: GUI version could crash trying to reload the same database.
Disassembly Gallery
Visit our disassembly gallery
Training in Reverse Engineering (21/08/2000)
Reverse Engineering Seminars are now available.
New Features in version 4.10 (19/06/2000)
Introduction of the Type System : standard function types are recognized and the information about their parameters is used in the disassembly. The type System is initially available for Windows binaries.
USER added types : the type system allows the user to define his own types and to load external header files. This means that IDA now includes significant parts of a compiler, namely: the C preprocessor, lexer, parser, and semantic analyser of type declarations. We expect some problems in this new part of software.
Standard structures, enumerations and union definitions can be applied to the disassembly directly from the type database.
MS Windows WDM calls are now supported and commented.
HP PA RISC Processor : all v2 architecture instructions are supported, the HP SOM file format is supported but relocations are not supported (Professional).
The free compiler BCC 5.5 can now be used to compiled processor modules and plugins.
All operands, including registers, can now be modified through the manual operand command.
NB10 Plugin now integrated.
Borland RTTI plugins
80196 : support has been added for the windows selection registers WSR and WSR1
IDC : the function GetIdbPath() returns the full path name to the current IDB file.
TEXT_SEARCH_CASE_SENSITIVE cfg parameter added.
BIN_SEARCH_CASE_SENSITIVE cfg parameter added.
BUGFIX : some comments in vxd.cmt were wrong.
BUGFIX : the external help (CTRL-F1- would not work when the cursor was past the end of the line.
BUGFIX : it is now possible to define the default value of the last segment register.
BUGFIX : the GNU H8 assembler now uses ';' as a comment symbol.
BUGFIX : MS COFF 16 bits segments are now loaded correctly.
New plugin (13/05/2000)
We have released a plugin that helps you deal with Microsoft's NB10 debugging information and its external PDB files.
New Features in version 4.04 (04/04/2000)
First release of the Alpha Disassembler (ELF and COFF file formats are supported)
Sony Playstation 2 ELF Disassembler
ARM thumb mode is now disassembled
Commenting of Windows NT Int 2E calls
Variable bytes in search strings
Local names are not demangled anymore
The delayed import tables of PE Files are supported.
the information found in the AIX COFF optional header is now used to improve the disassembly.
BUGFIX : some Windows CE IDS files should have been platform-specific.
BUGFIX : dummy names in the tail bytes were not deleted.
BUGFIX: .align 2 was inaccessible from the user interface in some cases.
BUGFIX: cvttps2pi, cvtps2pi (IBMPC) instructions were incorrectly disassembled.
BUGFIX: sections with wrong size in the file header (PE) were not loading at all.
BUGFIX: IDA could crash apparently randomly.
BUGFIX: search was not possible in the enumerations and structures window.
BUGFIX: the import section of some PE files was loaded incorrectly.
BUGFIX: it was not possible to stop analysis from the "load file" dialog box
New Features in version 4.03 (09/03/2000)
Register Variables (allows you to rename processor registers - improves the usability of the RISC disassembler) .
Local Labels in functions.
GUI : String Manipulation Toolbar.
GUI : toolbars can now be hidden.
The ARM disassembler module has been improved.
IDC : new function GetInputFilePath()
MISC : if the IDA_NOWIN environment variable is defined, the console version of IDA will run under WINE.
BUGFIX : arrays can now be defined as element of structures.
BUGFIX : some XCOFF files could not be loaded and disassembled, IDAW disk space routine could crash.
New Features in version 4.02 (11/02/2000)
We now disassemble SPARC V9 and UltraSparc II (Professional version).
We now disassemble EPOC executable and EPOC ROM image files.
Disassembler module for the 80196NU & NP processor.
Improved PalmOS 3.0 support.
Improved the Atmel AVR disassembler. Thanks to Chris Dalla.
Microsoft AR import libraries are supported.
Amiga Hunk File Loader (preliminary support).
IDC : SetManualInsn/GetManualInsn IDC functions have been added.
IDC : OpNot() bitwise NOT on the operand.
New ascii string types: unicode-pascal (2 byte length) and wide-unicode-pascal (4 byte length).
IBMPC: the SFENCE instruction is now disassembled, even with an illegal ModRM byte.
if the database is closed while Shift is depressed, IDA will save it without any question.
Ctrl-Shift will close the database without saving it into the disk.
GUI: the structure and the enum windows now have a menubar and a popup menu.
GUI : IDC programs can now be loaded, executed and edited from a toolbar.
GUI : double clicking an address in the message area moves in the disassembly.
GUI: "secondary windows always on top" feature is added.
GUI: "hide all functions" is added.
GUI: lazy jumps and autohide/unhide features(see options/navigation page).
GUI: file offsets are now constantly displayed on the status bar.
GUI: the syntax highlighting color setup dialog has been improved.
GUI : navigation between open windows using Alt-<n> hotkeys.
The number of lines per item is now configurable. See MAX_ITEM_LINES parameter in IDA.CFG file. The default is 5000.
Bugs were fixed.
New Features in version 4.01 (05/11/99)
Disassembler module for the Zilog Z180 and Z380 (Starter version)
Disassembler module for Pic 16xxx (Starter version)
Disassembler module for MC6303 ASxxxx: bitwise OR and NOT operators.
text search and other potentially lengthy operations can now be aborted
several bugs have been fixed.
New Features in version 4.0 (21/09/99)
Windows GUI Version
Disassembler module for AMD Athlon (std)
MacOS A-TRAPS
PE Files : the imports segment is created even if it was absent from the original file.
COFF debug information in PE files is now loaded.
80x86 undocumented instructions
8085 undocumented instructions
PC_ANALYSE_DIFBASE : new analysis configuration option.
Help is available in HTML
Last updated