IDA 9.1

IDA 9.1.250226, February 28, 2025

IDA 9.1 Highlights

zstd compression in IDB files

• Compressed IDBs now use zstd compression, which results in smaller IDBs and faster saving time.

IDATeams delta changes

• IDA Teams versioning functionality can now send and receive small binary delta files instead of whole IDBs, delivering faster version management operations and less network traffic

• Deltas can also be stored on the Vault server, saving the disk space

Processor module improvements

• TMS320C6: the compact (16-bit) encodings from TMS320C66x and TMS320C674x series are now disassembled

• RISCV, RH850: improved disassembly and analysis

• Tricore: mfcr/mtcr instructions use symbolic names for the CSFRs, when known

Decompiler improvements

• ARM64: ILP32 mode (32-bit pointers with 64-bit instructions, e.g. Apple watchOS) is supported now

• ARM64: improved decompilation of system code. System register names are now shown in pseudocode, in addition to disassembly

• PPC: EFP (Embedded floating point) extension instructions from SPE are supported now

• RISCV: more intrinsics have been added, so you should see fewer __asm fragments in the pseudocode

Debugger improvements

• Windbg: TTD (time travel debugging) is now supported (requires recent version of dbgeng.dll)

• Windbg: switch from 32-bit to 64-bit mode in Wow64 processes (aka Heaven's Gate) can be debugged now

• IPv6 adresses can now be used for remote debuggers

idalib

• you can now pass IDA's command-line arguments to the open_database() function. This allows, for example, processing raw binaries for non-x86 using idalib.

goomba

• the goomba deobfuscation plugin adds deobfuscation of some non-linear MBAs without the extra oracle file

ida_feeds

• implemented detection of Rust version for the loaded binary and creation of custom, version-specific FLIRT signatures

UI Improvements

• local types: Add Type > C syntax tab can now show field offsets when adding a single type.

Watch what's new in IDA 9.1

Curious about the new IDA? Watch the feature overview on the All Things IDA channel.

Full list of changes and new features:

Processor modules

• ARM: support MVE (M-profile Vector Extension, aka Helium Technology) from ARMv8.1-M

• ARM64: simplify 64-bit immediate loads built using four MOVK instructions

• TMS320C6: the compact (16-bit) encoding instructions from the TMS320C66x and TMS320C674x series are now disassembled

• RISCV: atomic operation standard extension (amoadd, amoswap etc.) is now supported

• RISCV: improved recognition of switch patterns

• RISCV: skip unrecognized custom instructions

• V850, RH850: stack accesses which use ep register equal to sp are now recognized

• RH850: accesses to system registers (LDSR/STSR) with non-zero selID are displayed using proper symbolic names

• Tricore: mfcr/mtcr instructions now use symbolic names for the CSFRs, when known

• Tricore: added "Simplified" assembler with more natural representation of string literals, immediates, stack variables

• Tricore: print resolved target address for indirect call/jump instructions, if known

File formats

• ELF: RISCV: handle more relocation types

• ELF: ARM: recognize and handle ILP32 files (32-bit ELF with AArch64 instructions)

• ELF: added indirect function resolvers to the list of entrypoints

Standard plugins

• pdb: add return type for constructors (MSVC constructors return this and this fact can be exploitd by the compiler)

• ida_feeds: implemented detection of Rust version for loaded binary and creation of custom, version-specific FLIRT signatures

• makesig: use the current database path and not original input filename for the output .pat/.sig file

• goomba: support deobfuscation of some non-linear MBAs

• dwarf: updated libdwarf to 0.11.1, fixing multiple vulnerabilities and issues in parsing debugging info generated by recent compilers

Teams

• vault: hvui can now send and receive small binary delta files instead of whole IDBs

• vault: store deltas or full IDBs depending on the workflow and size thresholds

• hvui: improved behavior of the progress bar during sync

• hv: added hv optsrv to optimize the server storage

• hv: added hv gc for client cache garbage collection

Kernel/Misc

• installer: bundle lsadm (floating license management tool) with IDA

• installer: bundle FLAIR, idaclang, idsutils, loadint, tilib tools with IDA (under tools subdirectory)

• licensing: document -Olicense commandline switch

• licensing: improve messages about wrong/unusable license files

• licensing: accept license files with CRLF line endings

• database: added zstd compression and made it default for compressed IDBs

• licsrv: print available IDA LIDs and seat counts instead of saying "Using a license with 1 seat"

• licsrv: error out on startup if no floating licenses were found

Scripting & SDK

• SDK: introduced flags IRI_... to be used in is_ret_insn(), ev_is_ret_insn instead of 'bool strict'

• SDK: tinfo: added IDB events for enum type manipulations (lt_edm_created, lt_edm_deleted, lt_edm_renamed, lt_edm_changed)

• SDK: tinfo: added tinfo_t::get_alignment()

• idalib: floating license checkout could fail when using idalib from Python

• IDAPython: added ida_kernwin.parse_tagged_line_sections, to retrieve semantic information from generated lines with color tags

• IDAPython: added 'modify_struct_member.py' sample, showing how to perform non-trivial modifications to structure members

• IDAPython: added ida_funcs.func_t.frame_object, to facilitate retrieval of function frame structures

• IDAPython: added ida_funcs.func_t.prototype and ida_typeinf.tinfo_t.iter_func, to facilitate retrieval of function prototypes

• IDAPython: added udt_type_data_t.get_best_fit_member

• IDAPython: automatically remove leading whitespace from input pasted into the CLI

• IDAPython: replace ea_t with int, and qstring with str

UI

• asmtil: Added syntax highlighting for user defined types in the freetext editor

• asmtil: show field offets/sizes if adding a single type using the C syntax tab

• asmtil: more correct syntax for asm-style struct definitions (e.g. dd and not int, ends tag etc.)

• decompiler: added the "Jump to matching brace" action to the context menu (was hotkey only)

• licensing: added cancellable wait dialog when trying to connect to server

• licensing: removed floating options from non-pro IDA flavors

• licensing: fall back to default license path if the preferred license file is not valid

• licensing: do not connect to server if there is a valid borrowed license

• new function prototype editor is now available from pseudocode

• idagui.cfg: added SHOW_BANNER variable allowing to hide the initial "About" dialog

Debuggers

• Windbg: TTD (time travel debugging) is now supported with recent version of dbgeng.dll

• Windbg: switch from 32-bit to 64-bit mode in Wow64 processes (aka Heaven's Gate) can be debugged now

• IPv6 adresses can now be used for remote debuggers

Decompilers

• ARM64: ILP32 mode is supported now

• ARM64: CASP/CASPL instructions are lifted into atomic intrinsics

• ARM64: ARMv8 system registers are shown in pseudocode using symbolic names

• ARM64: recognize more output function arguments passed in X8

• PPC: EFP (Embedded floating point) extension instructions are supported now

• PPC: improved decompilation of code which directly accesses the cr register to check flags

• RISCV: added intrinsics for more commonly used system instructions (frflags, fsflags, ebreak, wfi, rdtime, sfence)

• RISCV: improved switch recognition

• ignore calls to chkstk_darwin in macOS binaries

• ARM/PC: improved recognition of TLS variables access

• improved handling of &gvar+N expressions (e.g. optimized string literal references in BC++ compiled executables)

• improved recognition of shr64

Bugfixes

• BUGFIX: asmtil: cross-references from typedefs to target types could be missing

• BUGFIX: asmtil: fixed interr 2952 when adding multiple enum forward declarations

• BUGFIX: asmtil: TID was not preserved when renaming enum constant

• BUGFIX: arm: fixed interr 2762

• BUGFIX: elf: deliberately misleading info about section headers could confuse IDA and make it miss loading some code from the file

• BUGFIX: IDC: function add_struc_member() - offset = -1 (add at the end of the structure) was not working correctly

• BUGFIX: decompiler: fixed interrs 52781, 52836, 50312, 52194

• BUGFIX: decompiler: fixed wrong decompilation when not all instructions of a switch are marked as such

• BUGFIX: decompiler: do not override user-specified return type when the same register is used for first argument and return value (add a cast instead)

• BUGFIX: decompiler: it was impossible to use the decompiler during instant debugging

• BUGFIX: licsrv: fail on start if db is readonly instead of crashing on first borrow

• BUGFIX: arm: Fixed error popup when hovering mouse over NEON registers or XZR during debugging

• BUGFIX: arm: some ARMv8-M ELF files could have "Thumb" set to "No" in architecture options

• BUGFIX: lumina: Lumina server would still try to look for legacy lumina.lic

• BUGFIX: ida_feeds: don't override global logging module configuration

• BUGFIX: idalib: Python plugins or processsor modules would not work in idalib context started from an external Python process

• BUGFIX: installer: qwingraph binary was missing in IDA Classroom

• BUGFIX: debugger: linux/android: fixed interr 30060 on recent Linux kernels (changes in format of file /proc/PID/status)

• BUGFIX: debugger: dbg: appcall: it was not possible to call 64-bit pointers from IDC

• BUGFIX: debugger: gdb: snippet debugging would fail with "Could not load ELF loader module"

• BUGFIX: debugger: IDA could appear to freeze when attaching to remote process (e.g. on Android)

• BUGFIX: UI: adding a variable-size struct with selection active did not use the full size of selection

• BUGFIX: UI: asmtil: shortcut for 'Import standard enum by enum name' in Add Type dialog didn't work due to conflict with "Enum" tab name

• BUGFIX: UI: asmtil: shortcut for 'Import standard structure' in Add Type dialog didn't work due to conflict with "Structure size" label

• BUGFIX: UI: asmtil: standard structure was not imported automatically when adding it by name

• BUGFIX: UI: asmtil: in fixed layout structs the suggested array size was wrong on last member

• BUGFIX: UI: fixed a deadlock in license monitor thread

• BUGFIX: UI: graph view could fail to show a blinking edge during debugging

• BUGFIX: UI: pressing Space in "Setup Data" dialog would close it instead of creating a byte (default button)

• BUGFIX: UI: italic font style was ignored on Windows

• BUGFIX: UI: in some cases after opening the chooser the focus was not set

• BUGFIX: UI: noret flag/attribute synchronization between function properties and prototype was buggy

• BUGFIX: UI: on Windows, IDA was not uploading IDBs properly when sending a bug report

• BUGFIX: MIPS: fixed interr 2765

• BUGFIX: kernel: avoid stack overflow on files with a very long chain of jump thunks

• BUGFIX: IDA could display erroneous contact information in the disassembly header

• BUGFIX: IDAPython: fix documentation for ida_bytes.bin_search

• BUGFIX: IDAPython: 'ida_idaapi.loader_input_t' was not usable

• BUGFIX: IDAPython: 'call_nav_colorizer' was broken

• BUGFIX: IDAPython: fixed incorrect argument name in 'pack_object_to_idb'

• BUGFIX: IDAPython: fixed idc.gen_file()

• BUGFIX: IDAPython: made ida_bytes.get_stroff_path significantly easier to use