IDA 8.4
Last updated
Last updated
IDA 8.4.240215 February 15, 2024
The presence of Structures, Enums and Local Types views and synchronization between them confused many users, especially those new to IDA. We have decided to add all missing features (such as structure field representation) to Local Types and now all type manipulations (still with familiar hotkeys!) can be done there. New databases will only have Local Types by default and Structures and Enums are deprecated.
The new Local Types Widget allows editing structures like the classic Structures widget, or via a free-text editor.
The same goes for enum
types:
We added support for common Apple-specific instructions and system registers commonly encountered in iOS and macOS software. This means you should see fewer instances of undefined bytes breaking disassembly and more understandable code when working with these files.
ARMv8.6-A support. We've added most of mandatory and optional instructions from ARMv8.6-A (with notable exception of SVE). In particular, we added the following instruction set extensions:
FEAT_SHA3
: (4) Advanced SIMD SHA3 instructions
FEAT_SHA512
: (4) Advanced SIMD SHA512 instructions
FEAT_DotProd
: (2) Advanced SIMD dot product instructions
FEAT_BF16
: (8) BFloat16 (Brain Floating Point) instructions
FEAT_FHM
: (2) Floating-point half-precision multiplication instructions
FEAT_I8MM
: (5) Int8 matrix multiplication instructions
ARMv8-M support: we now properly disassemble accesses to the new system registers introduced since ARMv7-M (for example, NS variants of some registers)
The Mach-O loader now offers fine-grained control over the selection of dyld shared cache modules and their dependencies:
The ARM32 decompiler supports hard-float ABI (floating point values passed and returned in FPU registers):
We added support for recent Android versions and made it more robust when working with apps without debug information. If running on a recent (API28+) Android, IDA will try to guess the variable type automatically. Since in the Dalvik VM the value of a variable cannot be displayed without knowing its type, this boosts the debugging experience significantly.
Dalvik debugger without type information:
The same app, but with successfully guessed types for all local variable slots that are in scope:
Environment variables can now be specified for Windows/Linux/Mac debuggers in process options:
We made various improvements to the debugging backends:
Address Space Layout Randomization (ASLR) can now be disabled for most platforms that support it (local debuggers and remote gdbstub). This simplifies debugging in cases where deterministic addresses are desired.
We enabled NoAck mode on iOS, saving one round trip time. This is beneficial for anybody debugging remote devices over high-latency connections (typically cloud-based emulators).
Finally, our remote debugging server now is available for ARM64 Linux.
We replaced all icons with brushed-up, vectorized versions and added a crosshair effect to the minigraph view for orientation in large graphs.
Moreover, pixelated fonts are a thing of the past. Texts in graph mode now render crisp at any zoom level.
Scrolling and zooming via the trackpad now works smoothly (especially, but not limited to, macOS)
Old version:
New version:
better graph layouts with fewer(none?) edge intersections, even on big functions
We added a plugin for parsing Rust-specific data and constructs. As a consequence, the huge string pools typically observed in Rust binaries are now split up properly. Moreover, the plugin adds demangling of both legacy and the v0 Rust name mangling format.
ARM: added some Apple-specific A64 system registers
ARM: added support for most ARMv8.6-A instructions: FHM, BF16, SHA3, SHA512, SM3, SM4
ARM: decode Apple-specific instructions used in iOS and macOS (GXF, AMX, SDSB etc.)
ARM: detect calls in A64 mode when X30 (LR) points to the address after a branch
ARM: expand the architecture settings dialog with explicit options for ARMv8-A, ARMv8-M and ARMv9
ARM: improved handling of references to fields of structure instances
ARM: improved xref creation for LDP and STP instructions
PC: added decoding of new Sapphire Rapids instructions (UINTR and HRESET)
PC: support x86 switch variation produced by GCC 4.8
PPC: implemented a simple regtracker (regfinder)
PPC: improved handling of references to fields of structure instances
MIPS: added support of $s1 as frame register in mips16 functions
MIPS: improved handling of references to fields of structure instances
NEC850: implemented a simple regtracker (regfinder)
NEC850: print the target for indirect jumps and calls (when available)
NEC850: support a new switch pattern (uses 'bnc' after 'addi')
TMS320C28X: added support for extended instructions (FPU, FPU64, VCU, VCRC, VCU-II, TMU, FINTDIV)
MACHO: overhaul of the dyld shared cache module selection system
MACHO: properly describe versioned arm64e ABI Mach-O files
MACHO: support relocations provided by the __chain_starts
section in Apple's firmware components (e.g. SPTM, TXM)
MACHO: added support for dyld slide info version 5 (macOS 14.4)
FLIRT: added signatures for icl 231 (Intel C++ 2023.1.0)
FLIRT: go: runtime signatures for go1.22 (x86_64)
FLIRT: go: startup and runtime signatures for go1.21 (x86_64)
FLIRT: VC: added signatures for vc14.36 (Visual Studio 2022.16)
FLIRT: VC: added signatures for vc14.37 (Visual Studio 2022::VC17.7)
TIL: MacOSX12.0 SDK
TIL: MacOSX13.0 SDK
TIL: MacOSX14.0 SDK
TIL: iPhoneOS15.0 SDK
TIL: iPhoneOS16.4 SDK
TIL: iPhoneOS17.0 SDK
makesig: new plugin to generate FLIRT signatures from the current database
makesig: Added File > Produce file > Create SIG file... action
DWARF: Handle oversized bitfield groups at the end of structures
idaclang: parse __attribute__((annotate("...")))
OBJC: added support for relative lists of properties and protocols (iOS17 optimization)
OBJC: got rid of extra cast to 'Class' in the calls to objc_alloc()
and objc_alloc_init()
OBJC: handle object initialization using objc_opt_new
OBJC: simplify calls to the 'objc_msgSend$method' helpers and add cross-references to destination method using the decompiler
rust: new plugin for parsing rust-specific data and constructs (e.g. splitting merged string literals)
rust: support demangling of both legacy and the v0 mangling format (RFC 2603)
SWIFT: group functions by the module name; added an option to swift.cfg
SWIFT: updated demangler for Swift 5.9
kernel: added a new analysis option "Merge strlits" (enabled by default, disabled for golang)
kernel: allow constant with value 0 for bitmask enum if zero is not the only one constant in group and there is more than 1 group
kernel: allow register names as struct/union member names.
kernel: assume g++ 3.x (Itanium ABI) name mangling by default
kernel: improve strlit discovery from cross-references
kernel: parse __attribute__((annotate("...")))
IDAPython: implemented idc.sizeof(), equivalent of the IDC function
IDAPython: improve doc and error message for ida_typeinf.calc_type_size()
IDC: highlight more keywords in the script editor
SDK: improved get_utf8_char() not to move the pointer past the terminating zero
SDK: improved idb_event::local_types_changed to include more detailed info about the modified types
SDK: renamed get_ordinal_qty -> get_ordinal_limit
UI: added "Find register definition" and "Find register use" to the IDA View context menu
UI: debugger: added environment variables to the process options dialog
UI: enable folders in the Functions window by default
UI: FLIRT signatures can now be loaded from arbitrary location and not just IDA's sig
folder
UI: graph: add ability to select graph edges, in addition to nodes
UI: graph: highlight item under mouse after jump on edge (when the animation stops)
UI: graph: improved readability of the graph overview's focus area
UI: highlight focused area in the mini graph view
UI: improved displaying of string literals in terse structure view
UI: improved Local Types view to be a complete replacement for assembler-style Enums and Structs (which are deprecated)
UI: improved output of array of structs and output of varstruct (if last field is not empty)
UI: improved output of terse struct with nested varstruct
UI: improved wheel scrolling, to make it smoother (and more accurate)
UI: new icon set, SVG-based and with a refreshed palette
UI: reduce the delay when invoking 'Convert to array' action
UI: save "Turn on synchronization" and "Show Folders" Functions window setting in desktop
UI: when wheel-zooming into the graph view, snap to 1:1 in the event of a trackpad "elastic" wheel motion
debugger: added 'disable ASLR' to the common debugger options for supported platforms (Linux, Win32, macOS)
debugger: arm: added debug server for ARM64 Linux
debugger: dalvik: added IDC functions for raw JDWP calls
debugger: dalvik: improved local variable type detection/guessing
debugger: dalvik: warn about missing APK debuggable flag
debugger: gdb: now we accept xml files lacking the "target" node
debugger: ios: support for changes in the debugserver protocol for iOS17
debugger: ios: try to use NoAckMode by default (improves latency over slow connections)
debugger: support for ipv6 address notation for hostname in the -r commandline option
debugger: x64: improved stack trace recovery
decompiler: "Split expression" can now be used on inlined memcpy/strcpy/memset helpers to split them into individual operations
decompiler: "Extract Function" can now delete unreferenced local types
decompiler: added hxe_callinfo_built and hxe_calls_done events
decompiler: arm: decompile ARMv8.3 LDAPR instruction
decompiler: arm: support ARM32 hard-float ABI (FP values passed in FPU registers)
decompiler: colorize floating point numbers
decompiler: colorize non-trivial strlit forms (such as CFSTR)
decompiler: double-clicking on a symbolic constant opens its definition
decompiler: if a bitmask operation is used to check the sign bit of a signed expression, replace it with the "less than zero" expression
decompiler: ppc: improved handling of code manipulating the conditon register (CR) directly
decompiler: renamed "Force variable" to "Split variable"; its hotkey is Shift-S now
BUGFIX: ARM: ARMv8-M MSR/MRS instructions accessing newly introduced system registers (e.g. MSP_NS) were not decoded
BUGFIX: ARM: calls to _mcount
in ARM64 Linux kernel modules would cause the stack to be unbalanced
BUGFIX: ARM: fixed some T32 UAL mnemonics (FMXR -> VMSR and FMRX, FMSTAT -> VMRS)
BUGFIX: ARM: some Thumb32 MSR instructions accessing xPSR fields were not decoded correctly
BUGFIX: AVR: immediate operands to subi/sbci instructions would be incorrectly displayed as negative numbers for values >127
BUGFIX: dalvik: allowed setting breakpoints on methods with empty variable table
BUGFIX: dalvik: fixed race condition that would prevent attaching to the process on API30+
BUGFIX: dalvik: removed excessive warnings when connecting without running debug target
BUGFIX: debugger: gdb debugger was printing wrong error messages about system errors
BUGFIX: debugger: the win32 debugger would miss exports from ntdll.dll on some systems
BUGFIX: decompiler: "copy to assembly" had line numbers off by one
BUGFIX: decompiler: __stdcall
functions must follow Windows ABI even when the current compiler is gcc64
BUGFIX: decompiler: arm: fixed decompilation of PKHBT and PKHTB instructions
BUGFIX: decompiler: arm: fixed wrong decompilation of LDADDLH instruction (result was not zero-extended)
BUGFIX: decompiler: c++ implementation of vds6 sample was buggy
BUGFIX: decompiler: dead code elimination pass could incorrectly remove code when an indirect jump was converted to a goto
BUGFIX: decompiler: extract_func() could hang trying to collect the used types
BUGFIX: decompiler: fixed a case of too aggressive propagation leading to wrong decompilation
BUGFIX: decompiler: hints for the offsets of the base class members were wrong
BUGFIX: decompiler: magic division by 641 and its multiplies was not properly recovered
BUGFIX: decompiler: mba_t::find_mop() could miss call arguments
BUGFIX: decompiler: print correct shortcut for expanding collapsed local variables declarations
BUGFIX: decompiler: the "Split variable" action was not always visible when clicking on the variable name; clicking on the beginning of the line was required
BUGFIX: decompiler: the decompiler was failing on the calls to runtime.morestack in golang binaries
BUGFIX: decompiler: user-defined calls were not honored in outlined functions
BUGFIX: decompiler: when the cursor is put in a block comment in pseudocode, synchronized idaview would jump to the beginning of the function
BUGFIX: decompiler: x coordinates of the xrefs to types mentioned in function prototypes were miscalculated
BUFGIX: DSCU: IDA would appear to hang when loading an arm64_32 DYLD shared cache for WatchOS
BUGFIX: eh_parse: analysis could hang on some win32 binaries with many unwind blocks
BUGFIX: golang: plugin was creating REF_OFF64 fixups in all cases, even for 32-bit applications
BUGFIX: IDA could silently ignore failed rebasing attempts in some databases; now an error is shown
BUGFIX: IDAPython: ida_bytes.op_stroff
was unusable
BUGFIX: IDAPython: ida_kernwin.get_[named|numbered]_type
would return "fields comments" as a string, which was incompatible with ida_kernwin.set_[named|numbered]_type
BUGFIX: IDAPython: ida_hexrays: IDA could crash on accessing the 'it' member of an empty ctree_item_t instance
BUGFIX: IDAPython: ida_idaapi.as_int32 could compute an erroneous value
BUGFIX: IDAPython: ida_idaapi.as_signed() could return numbers that were not truncated to the specified width
BUGFIX: IDAPython: IDAPython would fail to initialize on Python 3.12 release due to missing 'imp' module
BUGFIX: IDAPython: plugins using PyQt5 would crash IDA when using Python 3.12 release build
BUGFIX: IDC: get_flags() and get_full_flags() were still returning 32 bits instead of 64 bits.
BUGFIX: installer: installer would try and fail to configure IDA for Python 2 on macOS
BUGFIX: kernel: improved tracking of SP when the stack pointer is changed in delay slot of a branch
BUGFIX: kernel: on Linux/Mac, IDA would create useless btree records for some big arrays, leading to substantial increase of the database size
BUGFIX: kernel: some offsets could be truncated in wide-byte processors resulting in missed or wrong cross-references
BUGFIX: kernel: specifying a different processor name with -p for old databases would cause an odd error message; now ida quits after showing a correct message
BUGFIX: kernel: the C parser was accepting wrong type names like "WRONG_PREFIX::name", now it complains about them
BUGFIX: kernel: when loading a corrupted til file, IDA would exit with interr 97 instead of reporting the problem
BUGFIX: kernel: xref to enum constant with value greater than 0xFF was improperly calculated
BUGFIX: MACHO: fixed wrong warnings during loading of DSC modules
BUGFIX: MACHO: IDA could load wrong type library (from macOS) for MH_FILESET kernelcashes (iOS16+)
BUGFIX: MACHO: parsing of DSC slide chain could continue past end of page (on corrupted files) and display bogus warnings
BUGFIX: NEC850: rh850 LDSR/STSR instructions with selID != 0 would incorrectly use system register names from the selID=0 set
BUGFIX: OBJC: "jump to selector" action could have failed on calls which use helper stubs
BUGFIX: OBJC: RunUntilMessageReceived could fail on macOS ARM64
BUGFIX: OBJC: small direct method selectors in dyld shared cache could be parsed incorrectly if libobjc.A.dylib was not loaded
BUGFIX: OBJC: some types which referred to blocks (typestring "@?") were parsed incorrectly
BUGFIX: OBJC: stack block analysis in DSC could fail if libsystem_blocks was loaded into the database
BUGFIX: OBJC: the objc plugin would fail to add cross-reference to destination method in case of tail-call to _objc_msgSend
BUGFIX: PC: fixed error when loading x64 .net modules
BUGFIX: pc: fixed multiple issues with segments ending at 0x100000000 for 32-bit files in IDA64
BUGFIX: PC: IDA would crash with an internal error 10129 when disassembling some 64-bit instructions in an originally 32-bit database
BUGFIX: PDB: some well-formed typedefs were not added to local types
BUGFIX: PIC: ROM sizes were wrong for some members of the PIC18F family
BUGFIX: picture_search: disable automatic picture detection while debugging
BUGFIX: RISCV: add stack variables in function that use a frame pointer (s0)
BUGFIX: RISCV: set stack variable size based on store and load instruction whenever possible
BUGFIX: SDK: tinfo_visitor_t with TVST_DEF was not visiting the typedef targets
BUGFIX: SWIFT: a deliberately crafted IDB could cause IDA to load an arbitrary DLL (potentially from a remote host) and lead to code execution
BUGFIX: SWIFT: newly loaded modules from DSC would not be detected as having Swift metadata
BUGFIX: TEAMS: fixed multiple instances of database corruption/internal errors during merging
BUGFIX: TEAMS: folder structure could be corrupted during merging
BUGFIX: TEAMS: handling a large number of the deleted types could lead to interr 1949
BUGFIX: TEAMS: IDA always borrowed the first license in "Borrow license" dialog even if there were other appropriate candidates to borrow
BUGFIX: TEAMS: in some cases IDA refused to use a valid borrowed license
BUGFIX: TEAMS: merging bookmarks could corrupt their folder structure
BUGFIX: TEAMS: remembering credentials could silently fail
BUGFIX: TIL: added checks to type visitor to prevent OOB
BUGFIX: TIL: tilib could produce an error "Cannot get information about @__security_check_cookie@4" when dumping TILs created by idaclang
BUGFIX: TMS320C8: IDA could incorrectly show read cross-references as write and vice versa
BUGFIX: UI: color highlighting in the code snippet editor could be off by one for some words
BUGFIX: UI: correctly handle paths containing spaces when opening a new ida instance
BUGFIX: UI: drag and drop selection is now possible to a cell which is not the first column for chooser in full tree mode
BUGFIX: UI: graph: default graph layout in huge functions could have some edges intersecting with nodes
BUGFIX: UI: graph: edges were sometimes not redrawn correctly after undo
BUGFIX: UI: graph: fixed discrepancies between selection and highlight colors for nodes/edges
BUGFIX: UI: graph: option 'Re-layout graph if nodes overlap' didn't work in some situations
BUGFIX: UI: graph: resetting graph ('Layout graph') didn't work in some cases (database after rebasing)
BUGFIX: UI: hexadecimal values higher than 0x8000000000000000 were not sortable in choosers
BUGFIX: UI: IDA could fail to display menus created in plugin's init() method
BUGFIX: UI: IDA could jump to wrong address when double-clicking a function in the list during autoanalysis
BUGFIX: UI: some actions invoked through the context menu could not be undone
BUGFIX: UI: some combo boxes had too little space for text in the dark theme
BUGFIX: UI: trying to request an update from the UI in IDA Home or Teams would fail with "time limited version cannot be updated"
BUGFIX: UI: using "Reload file" on previously opened file without extension could fail with "you can't disassemble file with such an extension"