IDA 6.9

Highlights

Welcome to IDA 6.9! Below are the highlights:

  • The biggest news is the ARM64 decompiler, a long awaited tool. We are proud that it works well and can handle floating point and even some NEON instructions.

    Input:

    Output:

  • We reworked the way we handle the navigation in the user interface and many related things. Now it is possible to synchronize between views, use the navigation history in structure and enum views, etc. Overall the user interface is more responsive.

  • Our oldest processor module for x86 got improved to decode many new fancy instructions

  • We switched from PySide to PyQt; from Qt4 to Qt5; from VS2010 to VS2015. All these changes are mostly internal but using newer libraries and development tools should improve your experience with IDA.

Complete changelist

  • Processor Modules

    • 65816: many improvements

    • ARM: implemented reading of vfp registers for arm remote servers

    • ARM: implemented calculation of function argument locations for aarch64

    • ARM: improved register tracking

    • ARM: added support for security_push/pop_cookie functions (thumb mode)

    • ARM64: added support for varargs in non-framed function

    • PC: improved detection of function boundaries in PE+ files with unwinding metadata (.pdata section)

    • PC: added AVX comparison pseudo-ops

    • PC: added decoding of AVX-512 extensions

    • PC: added decoding of MPX extensions

    • PC: added decoding of SGX extensions

    • PC: added decoding of SHA extensions

    • PC: added decoding of XOP extensions

    • PC: added decoding of CLFLUSHOPT, CLWB, and PCOMMIT instructions

    • PC: added decoding of PREFETCHWT1 instruction

    • PC: added decoding of RDPKRU and WRPKRU instructions

    • PC: added decoding of XRSTORS, XSAVEC, and XSAVES instructions

    • PC: added support for switch patterns from more recent versions of clang

    • PC: added support for switch patterns from llvm-gcc

    • PC: improved prolog analysis

    • PIC18: added support for PIC18F2682/2685/4682/4685 devices

    • PPC: added support for PPC SystemV EABI and PPC64 AIX and SystemV ABIs

    • PPC: improved handling of function arguments

    • PPC: improved naming of stack variables

    • PPC: improved tracking of SP register

    • PPC: added support for memory mapping

    • MIPS64: convert standard sequences (lui, ori, li, etc) to dli macros

    • SH4: improved switch recognition (thanks to Zak Escano!)

    • SNES: improved loader, and included snes's spc loader. Thanks, Gocha

    • SPC700: new processor module for super nintendo spc700. Thanks, Gocha

    • avr.cfg: added description of ATmega644p (thanks to Aliaksandr Chailytko)

  • File Formats

    • DWARF: Environment variable IDA_NORELOC will be honored by the plugin, and no relocations will be performed in the DWARF sections (can be useful for VxWorks-produced binaries.)

    • ELF: added AArch64 relocations

    • ELF: improved detection of truncated files

    • ELF: tweaked a bit analysis options (added AF_PURDAT)

    • MACHO: small improvement for parsing Swift metadata

    • MACHO: support for OSX apple-protected binaries (at least for versions 10.6 - 10.11)

    • PE: improved parsing of CFGuard function tables (additional flag bytes are now recognized and skipped)

    • PE: unnamed export entries are no longer given a dummy name in the Exports window

    • PE: when using manual loading, it is now possible to use the "don't show again" checkbox to load (or skip) all subsequent sections at once

    • PE: print the PE timestamp in the file's info comment

    • .net: we use our own file parser on all platforms, including windows too

    • uimage: add support for images that use gzip compression

  • Debugger

    • added support for ARM64 Android binaries (android_server64)

    • mac_server now supports codesigning to avoid having to run it as root. it can be codesigned just like gdb

    • GDB: allow for additional features in the XML sent by the remote stub

    • GDB: allow the user to specify additional/custom register layouts using the config file and XML target descriptions

    • GDB: added support for x64 targets

  • Kernel/Misc

    • IDS: MS Windows IDS files have been updated to Windows XP SP3

    • IDS: added Windows 7 sp1 x64 IDS files

    • IDS: update wince/arm/coredll.idt with some missing ordinals

    • TIL: support for type definitions that have long names (> 512 characters)

    • added DEMNAME_FIRST config paramter (if both type and demangled name are present, it selects one of them)

    • added STORE_USER_INFO config parameter; if turned off, info about the database creator will not be stored in the database

    • added a config option XREF_CACHE_LIMIT to limit memory usage of the cross-references cache. This allows analyzing huge files in IDA at the cost of some slowdown

    • added signatures for ICL15

    • added signatures for VC12 (VS2013) and VC14 (VS2015)

    • added signatures for Embarcadero RAD Studio xe5 to xe10 Update 1

    • improved sigmake collision detection

    • improved sigmake speed

    • added support for Linux syscall-based system calls

    • any directives of any configuration files can overridden by user-specified files placed in %IDAUSR%/cfg/

    • IDA doesn't recognize the IDAPLG environment variable anymore: the more versatile IDAUSR should be used instead

    • IDAUSR environment variable can hold more than 1 path, which will be searched in order when looking for files

    • databases can be uploaded to Hex-Rays' web server in background

    • demangler: added support for __vectorcall, __clrcall

    • improved analysis speed of some obfuscated files

    • pelf: Added support for AARCH64 (ARM64)

    • added more noreturning function names

  • User Interface

    • ui: added functionality to synchronize between user-specified viewers

    • ui: added syntax highlighting for IDC and Python

    • ui: added support for multiple keyboard shortcuts per action

    • ui: "search all" can now be used in "Structures", "Enums", and any user-created viewer

    • ui: proximity view: double-clicking on an edge will take you to the node at the other end of the edge

    • ui: proximity view: it is now possible to see details about paths, and copy their information

    • ui: traced instructions are now highlighted in debug mode

    • ui: Ctrl+DblClick on name in idaview opens target in the new view

    • ui: Add syntax highlighting to Import/Export of colors + reset it when "Reset" button is pressed

    • ui: Listing views (IDA View-A, Structures, Enumerations, ...) can now be scrolled horizontally with 2-finger scrolling (e.g., on trackpads), or by using Alt+<mouse wheel> on Windows.

  • Scripts & SDK

    • IDC: added PrintLocalTypes()

    • SDK: added PR_OUTER that must be specified for processor modules that support outer operands

    • SDK: event hooks: changed the way new event listeners are registered. now new listeners are appeneded to the end of the list and therefore will receive events last. hopefully it will lead to better logic because usually it is the ui and the processor module who will get first hooked; and only then plugins. it means that the processor modules and ui will be first to react to the events

    • SDK: functions to retrieve the input file size

    • SDK: functions to calculate/retrieve the SHA256 hash of the input file

    • SDK: introduced the notion of 'ABI name' in IDA; it can be set using set_compiler2() function; processor modules are in general responsible for recognizing it and setting up various config bits in IDA accordingly

    • SDK: added new flag: SETMENU_FIRST: add item to the beginning of menu (to be used in attach_action_to_popup)

    • IDAPython: IDP_Hooks, IDB_Hooks, UI_Hooks & DBG_Hooks are now automatically generated from the list of notifications in the corresponding .hpp headers

    • switched from PySide to PyQt

  • BUGFIXES

    • BUGFIX: 'user-defined offset' dialog was broken if custom offset types were present (for tricore, for example)

    • BUGFIX: 64-bit ARM branch addresses to missing addresses would be truncated to 32 bits in the output

    • BUGFIX: 64bit mach-o loader: incorrect hangling of PRELINK_INFO

    • BUGFIX: ARM: GCC Thumb1 compressed switches that used the __gnu_thumb1_case_si helper were handled incorrectly

    • BUGFIX: ARM: incorrect calculation of locations for some big function arguments caused interr 50904 in decompiler

    • BUGFIX: ARM: incorrect disassembling of instructions FMAXV, FMAXNMV

    • BUGFIX: Automatic snapshot flag was not stored in snapshots of newly created databases

    • BUGFIX: DOS loader would accept an input file simply because it had a .exe extension

    • BUGFIX: COFF: parsing files with empty string tables was broken

    • BUGFIX: DWARF could fail with some complex ARM ADS 6.x-generated DWARF files

    • BUGFIX: DWARF relocations to '.debug_*' sections were erroneously handled

    • BUGFIX: DWARF: badly-broken files with corrupt .debug_abbrev sections could cause the DWARF plugin to segfault (NULL-pointer dereference.)

    • BUGFIX: DWARF: GCC-produced DWARF type information whose name is "__int128 unsigned" wasn't properly sanitized

    • BUGFIX: DWARF: Unexpected structuring of complex types in ADS-produced binaries could get the DWARF plugin cause an INTERR

    • BUGFIX: DWARF: some llvm7-generated construct could cause the plugin to INTERR

    • BUGFIX: During auto-analysis, don't rename stack locations of function F, if those names would conflict with register aliases within function F

    • BUGFIX: During debugging, it was impossible to set flag registers individually

    • BUGFIX: During debugging, when the user is asked for a mapping path, and presses 'Esc' to set it as ignored, and 'Esc' again to dismiss the 'Mappings' dialog, the path that would be ignored was that of the file, not that of the directory containing the file

    • BUGFIX: During debugging, when the user is initially asked for a mapping, he/she couldn't add another right after that, before dismissing the 'mappings' dialog

    • BUGFIX: ELF: IDA would refuse to load files with non-PT_LOAD segments lying outside of the file

    • BUGFIX: Exporting module-relative breakpoints to IDC wouldn't properly escape '\' path elements separators

    • BUGFIX: FLIRT: parsing of Watcom OMF libraries was broken

    • BUGFIX: Fixed binary search. Now this dialog can be used also for search of any input values up to uint64 size both for big/little endianness for any size of byte (8-, 16-, 24-, 32-bit)

    • BUGFIX: For 64-bit binaries, IDA could display truncated values in special segments (e.g., 'extern', 'abs', ...)

    • BUGFIX: IDA could abort with interr 1226 when repairing a corrupted database

    • BUGFIX: IDA could corrupt old databases when upgrading pages containing long (size>255) keys

    • BUGFIX: IDA could crash during debugging, when asked for a binary path mapping, and if the user choses to add yet another mapping but leaves it empty

    • BUGFIX: IDA could crash on osx when trying to clear the message window while the focus is in the script snippet window

    • BUGFIX: IDA could crash when zooming out of proximity view

    • BUGFIX: IDA could erroneously report 'database bitness differs from debugged application bitness' when attaching to a process in batch mode

    • BUGFIX: IDA could interr when passing 0 as the bufsize parameter to tag_remove()

    • BUGFIX: IDA could not create a 32-bit flat offset inside of a 16-bit segment in some cases (by default IDA creates seg:off pairs for 16bit segments)

    • BUGFIX: IDA could not load dwarf debug info for a module when remote debugging

    • BUGFIX: IDA could show in hints wrong value of a FPU/XMM register operand

    • BUGFIX: IDA was not able to jump to a secondary IDA View, Hex View or Pseudocode window from search results, in case the last-visited view was closed

    • BUGFIX: IDA was unnecessarily retrieving the python GIL in a callback called by the kernel, resulting in a significant slowdown on mac

    • BUGFIX: IDA would fail to load PDB symbols for .pdb files selected via the file browser

    • BUGFIX: IDA would reject the names of some types from newer windows executables

    • BUGFIX: IDAPython couldn't set the language of a breakpoint condition, and thus couldn't express conditions in other languages than IDC

    • BUGFIX: IDAPython's get_idasgn_desc() doesn't return the number of matches. Added get_idasgn_desc_with_matches()

    • BUGFIX: IDAPython's get_member_by_fullname() was not usable, and only 1 variation of get_member_by_id() was usable

    • BUGFIX: If the IDA View was in graph mode before starting a debugging session, it wouldn't be restored to graph mode after the debugging session ends

    • BUGFIX: In 64-bit IDA, IDAPython would fail to generate proper wrappers for the objects returned by calc_switch_cases()

    • BUGFIX: In case a "Fat" Mach-O file had 2 versions of the _same_ architecture (e.g., ARMv7 & ARM64), the DWARF plugin could attempt loading the wrong one

    • BUGFIX: In the "Function calls:" window's "callers" part, the address of the call instruction would be printed twice, instead of having the address only once and then the function name

    • BUGFIX: JumpOpXref was not working on a name with forbidden (non-identifier) characters if pressed on the name at the beginning of the disassembly listing

    • BUGFIX: LX: loader could return garbage data for packed pages

    • BUGFIX: Leaving a mark, and then right-clicking on the address of an instruction could cause IDA to INTERR with the code 520

    • BUGFIX: Loading an additional non-IDS/IDT file could cause IDA to INTERR

    • BUGFIX: PC: fixed VSIB index registers

    • BUGFIX: PC: fixed operand size for scalar FMA instructions

    • BUGFIX: PDB: Remote PDB could return garbage data on unix

    • BUGFIX: PIN, instant debugging mode: module could report incorrect process bitness after attaching

    • BUGFIX: PIN: in some cases IDA could not suspend running process

    • BUGFIX: PIN: pintool could hang on a multithreaded windows application (race condition)

    • BUGFIX: PIN: pintool did not suspend application before reporting PROCESS_ATTACH event to IDA

    • BUGFIX: PIN: pintool reported broken module name with PROCESS_ATTACH event

    • BUGFIX: PPC ddedpd, ddedpdq, denbcd, denbcdq opcodes were not properly supported

    • BUGFIX: PPC: IDA did not display the function stack frame correctly

    • BUGFIX: Pressing Home,End when in the "quick filter" of a chooser will move the cursor to the beginning or to the end of the filter line, instead of scrolling the list of items to the beginning or the end

    • BUGFIX: RVCT-produced DWARF info with duplicate typedefs could cause the DWARF plugins some issues

    • BUGFIX: Selecting an area, pressing 't' to choose between matching structs (or almost-matching structs), and requesting to "Add missing fields" to a struct that would otherwise match, could crash IDA

    • BUGFIX: Setting NLSPATH to a very large value could cause IDA to crash at startup

    • BUGFIX: Setting a module-relative breakpoint, without specifying the module name, could crash IDA at database-save time

    • BUGFIX: Shift+Up/Down/PageUp/PageDown when modifying the quick filter of a chooser wouldn't add rows to the selection but rather clear the selection, and select only 1 item

    • BUGFIX: Some ARM ELF relocations (R_ARM_CALL, R_ARM_JUMP24, ...) could be incorrect

    • BUGFIX: Some PPC opcodes were causing IDA to exit with interr 10185

    • BUGFIX: The DWARF plugin could fail loading GCC 3.3.3-produced UDTs with declared-only inherited types

    • BUGFIX: The DWARF plugin could fail spotting colliding typedefs in clang-produced DWARF information

    • BUGFIX: When exporting types, IDA could crash after trying to forward declare a non-local type

    • BUGFIX: When failing to updating a breakpoint's size/type through update_bpt(), IDA could leave the breakpoint in a state preventing it from being usable anymore

    • BUGFIX: When making code, if segments had to be adjusted, IDA could crash because of recursive calls to generate_disassembly()

    • BUGFIX: When selecting negative "standard constant" enumerators, IDA could display the operand as a faulty number, instead of as that symbolic constant

    • BUGFIX: When the start address of function with chunks was changed, the "owner" and "referers" field of function tails were not updated and could hold the address of non-function area. In this case any modification of function using screanEA from tails range fails. The problem is solved by fixing "owner" and "referers" of tails using new start ea of the function

    • BUGFIX: Win32 debugging: could leave EIP in the middle of an instruction, in some cases a step over/into an x86/x86_64 callgate was requested (i.e., system call), and if that callgate called us back, hitting a breakpoint in user code

    • BUGFIX: __declspec(align(x)) was parsed incorrectly in some cases

    • BUGFIX: alignment for complex situations like "void (***func[])() was not parsed/printed correctly

    • BUGFIX: aloc_visitor_t could not be fully utilized from idapython

    • BUGFIX: area_visitor2_t could not be fully utilized from idapython

    • BUGFIX: c166: Fixed ida crash if bad cc code for jmpr, jmpa, calla, jmpi, calli instructions is stored in the database

    • BUGFIX: calling QTime::elapsed() from idleEvent() would significantly slow down analysis time on mac

    • BUGFIX: checking for the new versions the second time could fail

    • BUGFIX: coldfire: ida was decoding illegal addressing modes for the move instruction

    • BUGFIX: copying from customer views to clipboard was broken

    • BUGFIX: dbg: dalvik: the unregistered request for deferred breakpoint prevented the debugger detach

    • BUGFIX: dbg: fixed wrong 64-bit address truncation to 32-bit

    • BUGFIX: dbg: win32: dirty memory block was returned in memory info

    • BUGFIX: debugger: fixed interr 1203 which could happen in presence of DLLs with very long (>1024 bytes) export names

    • BUGFIX: defining a new structure oe enum in the presence of a forward declaration would change the ordinal number of the forward declaration

    • BUGFIX: ebc: fixed some wrong references and exceptions

    • BUGFIX: error color was printed as blue when generating html files

    • BUGFIX: exception code was displayed incorrectly in the 'edit exception' dialog

    • BUGFIX: fixed handling of empty structs: ida was considering them to be 1-byte size while gcc treats them as 0-byte size

    • BUGFIX: fixed interr 1060 which could occur if the target compiler was not set

    • BUGFIX: fixed interr 40178

    • BUGFIX: fixed interr 50295

    • BUGFIX: fixed interr 984 which could occur during importing pdb files

    • BUGFIX: fixed memory corruption (seemingly without any consequences) made by askstr()

    • BUGFIX: floating point operands of data items would be printed incorrectly for big endian processors

    • BUGFIX: gdb: 64-bit debuggers were using 32-bit register layouts

    • BUGFIX: hcs12x: Fixed instruction opcodes for xgate instruction set (sub and sbc instructions and their aliases were swapped)

    • BUGFIX: highlighting and scrolling could be sluggish in the disassembly views, especially on osx

    • BUGFIX: ida could crash if the user closed the database and terminated the debugger session at once (only in some rare circumstances)

    • BUGFIX: ida could crash on some corrupted 64-bit PE files

    • BUGFIX: ida could crash when deleting a segment

    • BUGFIX: ida could fail with "rpc timeout" if the debugger server was trying to print while ida was waiting for debug events

    • BUGFIX: ida could hang trying to display nested varsize structs in the middle of a struct (where they do not make sense)

    • BUGFIX: ida could interr with code 1006 when deleting local types

    • BUGFIX: ida could not parse some nested types (like type1::type2 inside a struct)

    • BUGFIX: ida was not using the default calling convention for validating function types; if it was set to something wrong, interrs could occur in the decompiler

    • BUGFIX: ida would fail to launch debugger after copying the dll to debug to the remote computer (only if debugging dll, not exe)

    • BUGFIX: idal/idaw couldn't generating valid GDL graphs when run in batch mode

    • BUGFIX: idapython: ui/qt: docking: ida could crash if the dock wich is active is moved using set_dock_pos

    • BUGFIX: idaw could sometimes reset the window size to 80x24 even if not asked to do so

    • BUGFIX: idc: ParseTypes could not parse a enum if some of its members were already used in other types

    • BUGFIX: idc: sizeof() function was broken

    • BUGFIX: in linux text version of IDA, it was impossible to cancel a long-running operation

    • BUGFIX: in some cases IDA could abort with mesage "page allocation error"

    • BUGFIX: in the 'Structures' view, removing fields from aggregated structure (leading to gaps appearing in aggregating structure), and then re-defining those fields wouldn't reclaim those bytes

    • BUGFIX: interr 50913 could occur if a previously valid type was rendered invalid

    • BUGFIX: interr 543 was occurring at the exit time

    • BUGFIX: interr 814 could occur when deleting local types

    • BUGFIX: interr 973 could be displayed by mistake in some rare cases

    • BUGFIX: it was impossible to create a usable instance of enum_member_visitor_t from idapython

    • BUGFIX: it was impossible using ui to add sp change point to express changes between function chunks

    • BUGFIX: ldr: elf: preserved patch_mode noform bits during "Local options" dialog; option "Create base for debugging" setting cannot be changed, fixed

    • BUGFIX: ldr: elf_x64: callback x64_patch() used patch_mode from the wrong place

    • BUGFIX: linux_server: fallback to accept() if accept4() is not implemented

    • BUGFIX: mc68k module was not generating xrefs to struct members

    • BUGFIX: mc68k: address bus width for mc68000, mc68010, cpu32 reduced to 24 bits

    • BUGFIX: name color for references into the middle of a struct/array was wrong

    • BUGFIX: offset expressions for wide-byte processors were truncated

    • BUGFIX: osx: once idaq was launched, double clicking on idaq64 would not launch idaq64 but simply switch to idaq

    • BUGFIX: pc: when deleting segments basereg info was still retained

    • BUGFIX: replacing a enum with another enum that had fewer member could lead to interr 1263

    • BUGFIX: sdk: tinfo_t::get_final_type_name() would return wrong names for typedefs to forward declarations

    • BUGFIX: searching for binary patterns would fail in some cases for processors with non-standard byte size

    • BUGFIX: sh3: "bad optype" message could be displayed if the user changed an operand type when staying after comma inside an operand like this: (h'XX, rY)

    • BUGFIX: sh3: ida would not detect that after indirect calls to non-returning functions the execution flow stops

    • BUGFIX: sigmake could interr with code 577

    • BUGFIX: sigmake would output corrupt data with pattern lengths greater than 255

    • BUGFIX: some data cross references would not be deleted when deleting the corresponding data item

    • BUGFIX: srec output was broken (markers in format strings were not replaced properly.)

    • BUGFIX: stack analysis could cause an internal error in some very rare cases

    • BUGFIX: struct_field_visitor_t and related functions could not be fully utilized from idapython

    • BUGFIX: the string window was missing some strings when the debugger was active

    • BUGFIX: tinfo_visitor_t could crash on yet unresolved tinfo objects

    • BUGFIX: tinfo_visitor_t could not be fully utilized from idapython

    • BUGFIX: tricore would print empty @HIS() if the target address of the HIGHA16 offset was wrong (it should print the operand as a number in this case)

    • BUGFIX: ui/qt: display_tform() could still place the widget back into the main window, in case that widget had a title with ',' in it (amends 59726, really.)

    • BUGFIX: ui: Fixed broken layout of "Enter reference information" dialog if custom reference info is used

    • BUGFIX: ui: forms: "Change segment attributes" dialog set wrong attribute alignments

    • BUGFIX: ui: local variable type cast in "Watch View" was broken, added test cases

    • BUGFIX: ui: qt: Fixed the behavior of display_tform ( or ui_show_form or form.Show() in python). If the form already exists then its position is not changed

    • BUGFIX: ui: qt: Removed displaying of empty popup menus for IdaCustomMemos

    • BUGFIX: ui: qt: set AutoFillBackground property to true for TMyDialog. Overwise in some cases background is not painted

    • BUGFIX: user graph nodes could be rendered too small on osx

    • BUGFIX: v850: Fixed decoding of ld.hu instruction

    • BUGFIX: watches could not be deleted from the watch list via the Debugger menu

    • BUGFIX: windbg debugger could fail with interr 520

    • BUGFIX: windbg, kernel mode: in some cases ida failed to resume execution after a breakpoint

    • BUGFIX: windbg: in some cases DETACH request could return incorrect code (FAIL instead of SUCCESS)

    • BUGFIX: windmp: dump loader would incorrrectly try to continue if the debugging engine initialization failed, leading to a crash

    • BUGFIX: PE: some sections with valid data were skipped by default because the discardable flag was set

    • BUGFIX: PE: intentionally corrupted .NET PE files could corrupt heap or could trigger a static buffer overwrite

    • BUGFIX: PE: it was not possible to manually load a section which is skipped by default

    • BUGFIX: ntapi.til: definition of ULONGLONG was wrong (it was defined as "double")

    • BUGFIX: sdk: function addresss iterator might return a wrong address for some special cases;

    • BUGFIX: the 'xrefs to' view would duplicate the list for every refresh

    • BUGFIX: ui: Fixed graph printing. Added the menu item "print graph" to the popup menu

    • BUGFIX: ui: IDA would crash when clicking "Compile" in breakpoint's condition editor and the condition was empty.

  • BUGFIXES in the SERVICE PACK

    • BUGFIX: After performing a search with "Find all occurrences" checked, jumping by double-clicking on a result in the list wouldn't reset the cursor's Y position to the 5th line from the top of the screen

    • BUGFIX: Badly-damaged unpacked databases could cause IDA to crash at startup (while repairing.)

    • BUGFIX: CLI: stack buffer overrun could happen when disassembling .net files with very long method prototypes

    • BUGFIX: Color options dialog could be too tall for the screen, making it impossible to click 'Ok'

    • BUGFIX: DWARF plugin could be very slow to process DWARF debug information with huge type graphs

    • BUGFIX: Deleting a structure could cause the view to jump to an unexpected position

    • BUGFIX: Don't activate/raise IDA View-? when selecting a thread

    • BUGFIX: Double-clicking an edge in the graph view, would correctly move to the target node, but wouldn't create a new location history entry

    • BUGFIX: Double-clicking on a 'Caller' or 'Callee' in the "Function calls" window could crash IDA

    • BUGFIX: EA-capable views would store their bookmarks in a per-view-type-specialized storage space, which wouldn't allow sharing them between "IDA View-?", "Hex View-?" & "Pseudocode-?" views

    • BUGFIX: ELF 'extern' segment could be misaligned for 64-bit files

    • BUGFIX: GDB: software breakpoint bytes were swapped for big-endiand and little-endian MIPS, leading to bogus exceptions during debuggging

    • BUGFIX: IDA could crash at exit-time if some events happened in a very short amount of time

    • BUGFIX: IDA could crash when moved from screen to screen, if a widget had an empty area (https://bugreports.qt.io/browse/QTBUG-43489)

    • BUGFIX: IDA could fail loading configuration from files included by "#softinclude" (e.g., 'idausert.cfg')

    • BUGFIX: IDA on OS X could lose the ability to click to move the cursor in the listing after performing some navigation

    • BUGFIX: IDA would always load symbols when loading a PDB file, even if the 'Types only' option was specified

    • BUGFIX: IDA would freeze after opening a file via drag-and-drop while a file dialog was open

    • BUGFIX: IDA would often implicitly create a QString from a char *, leading to a number of encoding issues

    • BUGFIX: IDAPython on Linux would not honor $PYTHONHOME when using the system's python

    • BUGFIX: IDAPython's IDC emulation of idc.GetTevRegMem() was not working

    • BUGFIX: IDAPython's choose.choose() was broken

    • BUGFIX: IDAPython/IDC: del_hotkey() failed to unregister the corresponding action

    • BUGFIX: IDAPython: execute_ui_requests() could crash IDA

    • BUGFIX: IDAPython: on linux, some form-related controls could fail to show, because of pointer conversion issues

    • BUGFIX: IDAPython: retrieve_exceptions()/store_exceptions() was not usable because of unknown vector type

    • BUGFIX: It was impossible to override a core action's shortcut(s) to "no shortcuts"

    • BUGFIX: It was impossible to place breakpoints in source-level debugging with actual source files (i.e., not pseudocode provided by Hex-Rays)

    • BUGFIX: Jumping to 'linked node' (by pressing Ctrl+Up/Down) in the graph view, would correctly move to the target node, but wouldn't create a new location history entry

    • BUGFIX: Jumping to end of "Structures" view could fail to display the members of the last structure (if it is expanded.)

    • BUGFIX: Menus & toolbars were created after the PLUGIN_FIX plugins were initialized, and thus it was impossible to, e.g., attach_action_to_menu() from idapythonrc.py

    • BUGFIX: Moving left/right on a line where a search result was found, could lead IDA to fail subsequent "search again" operations (i.e., Ctrl+T)

    • BUGFIX: Navigating back & forth in a view that has a corrupt history could cause INTERR 40464 or 40465

    • BUGFIX: Opening an IDA 6.8 IDB with empty bookmarks in IDA 6.9, could cause INTERR 1312

    • BUGFIX: PE: intentionally corrupted .NET files could trigger invalid memory reads

    • BUGFIX: Pressing <Enter> in the "Select file to disassemble" could, in some cases, crash IDA

    • BUGFIX: Pressing Alt+L wouldn't provide visual feedback as it did before

    • BUGFIX: Separators in menus could, on some platforms, be prepended by '(...)'

    • BUGFIX: THREAD_EXIT event during appcall would cause problems

    • BUGFIX: The title of the Xrefs dialog that shows when pressing 'x', could be erroneous

    • BUGFIX: When loading an IDB and/or starting/stopping a debugging session, the main window could be maximized, but the widgets would remain in the top-left corner

    • BUGFIX: When pressing 'Down' in the "Structures" window, it might happen that the last line of a non-collapsed union would repeat multiple times

    • BUGFIX: calling idaapi.del_hotkey() twice with the same argument could crash IDA

    • BUGFIX: dwarf: be more resilient when saving a type to the TIL fails because of duplicate names

    • BUGFIX: fixed interr 40208 that could occur when closing the database after a fatal debugger error (disconnection from the remote host, for example)

    • BUGFIX: forms could not display filenames containing chinese characters

    • BUGFIX: non-ascii characters in the input file name would not be displayed correctly

    • BUGFIX: setting memory based variable values from the watch and locals view was broken

    • BUGFIX: spc700 processor data references could be missing

    • BUGFIX: structs with embedded arrays could be erroneously displayed in terse form even when it was not possible

    • BUGFIX: text IDA: pressing Ctrl+F4 to toggle to hex dump wouldn't refresh the screen right away

    • BUGFIX: text version of IDA could display the cursor in the wrong place if there was horizontal scrolling on the view

    • BUGFIX: text version of IDA could fail to draw the cursor after pressing 'End' to get to the end of a line of disassembly

    • BUGFIX: text version of IDA could fail to update the horizontal scrollbar upon cursor moves

    • BUGFIX: the wrong font might be selected when re-opening the font selection dialog

    • BUGFIX: win32 debugging: a hardware breakpoint located at an instruction right after another instruction that also has a breakpoint, could fail being triggered

    • BUGFIX: windbg could fail to load dbgeng.dll under Windows 7

    • BUGFIX: decompiler: arm64: in some cases condition flags could be calculated incorrectly

    • BUGFIX: decompiler: arm64: v8 was erroneously used to pass function arguments

    • BUGFIX: decompiler: arm: some conditional instructions could be translated without conditions

    • BUGFIX: decompiler: moving the mouse around could interfere with the "current location", and some actions could act in the wrong place (e.g., placing comments.)

    • BUGFIX: decompiler: stack arguments could not be recognized..., improved calculation of stack bytes used in a function call..

    • BUGFIX: decompiler: fixed numerous interrs (most of them very rarely occurring)

Last updated