# IDA 9.1 **IDA 9.1.250226**, **February 28, 2025** ## IDA 9.1 Highlights ### zstd compression in IDB files * Compressed IDBs now use zstd compression, which results in smaller IDBs and faster saving time. ### IDATeams delta changes * IDA Teams versioning functionality can now send and receive small binary delta files instead of whole IDBs, delivering faster version management operations and less network traffic * Deltas can also be stored on the Vault server, saving the disk space ### Processor module improvements * TMS320C6: the compact (16-bit) encodings from TMS320C66x and TMS320C674x series are now disassembled ![C674x compact instructions in IDA 9.0](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-43548780449eb0b1c249aab90e52675e25243d22%2Fc674x_90.png?alt=media) ![C674x compact instructions in IDA 9.1](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-263cec2bae9d59552e63914f5f29b9b9cca953cf%2Fc674x_91.png?alt=media) * RISCV, RH850: improved disassembly and analysis * Tricore: mfcr/mtcr instructions use symbolic names for the CSFRs, when known ### Decompiler improvements * ARM64: ILP32 mode (32-bit pointers with 64-bit instructions, e.g. Apple watchOS) is supported now ![ILP32 decompilation](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-3624b956d604fde7951dc2c46c0bb7d9ab098368%2Farm64_ilp32.png?alt=media) * ARM64: improved decompilation of system code. System register names are now shown in pseudocode, in addition to disassembly ![system registers in ARM64 decompilation](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-0e3952d0a8d184a271dc2a1dfc2da536de49245d%2Farm64_sysreg.png?alt=media) * PPC: EFP (Embedded floating point) extension instructions from SPE are supported now ![EFP instructuons in IDA 9.0](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-60269c1f02c37a26d42f39ac605cb73230156002%2Fppc_efp_90.png?alt=media) ![EFP instructuons in IDA 9.1](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-2eb23b80d150bec1517b5c05415b7f9b469744f4%2Fppc_efp_91.png?alt=media) * RISCV: more intrinsics have been added, so you should see fewer `__asm` fragments in the pseudocode ![RISC-V atomics decompilation](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-aef06f0c61399f923ab4bc369721a49c7dfde937%2Friscv_amoadd.png?alt=media) ### Debugger improvements * Windbg: TTD (time travel debugging) is now supported (requires recent version of dbgeng.dll) ![new debugging actions](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-e860a2b27bf71f0ba10769181df9286a1ba64ceb%2Fttd_91.png?alt=media) * Windbg: switch from 32-bit to 64-bit mode in Wow64 processes (aka Heaven's Gate) can be debugged now * IPv6 adresses can now be used for remote debuggers ### idalib * you can now pass IDA's command-line arguments to the `open_database()` function. This allows, for example, processing raw binaries for non-x86 using idalib. ### goomba * the goomba deobfuscation plugin adds deobfuscation of some non-linear MBAs without the extra oracle file ![goomba in IDA 9.0](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-4245d0e99e25d44eed67c60911e3c9f4ebfee3ac%2Fgoomba_90.png?alt=media) ![goomba in IDA 9.1](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-49f0fb819c1941ddc5e11398a5c9ed76f24f29cf%2Fgoomba_91.png?alt=media) ### ida\_feeds * implemented detection of Rust version for the loaded binary and creation of custom, version-specific FLIRT signatures ![rust compiler detection](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-fe52c00376e461caab414fc8dcd85425eca53549%2Fida_feeds_autorust_1.png?alt=media) ![rust signature creation](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-f59450654e1298e63c2a4862425962d440851e65%2Fida_feeds_autorust_2.png?alt=media) ### UI Improvements * local types: Add Type > C syntax tab can now show field offsets when adding a single type. ![adding new structure](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-29400b555ef8deffb7f083edd51af5f02eab7af8%2Foffset_size_highlighting_new_type.png?alt=media) ## Watch what's new in IDA 9.1 Curious about the new IDA? Watch the feature overview on the All Things IDA channel. {% embed url="" %} Courtesy of Elias Bachaalany ([@allthingsida](https://www.youtube.com/@allthingsida)) ## Full list of changes and new features: ### Processor modules * ARM: support MVE (M-profile Vector Extension, aka Helium Technology) from ARMv8.1-M * ARM64: simplify 64-bit immediate loads built using four MOVK instructions * TMS320C6: the compact (16-bit) encoding instructions from the TMS320C66x and TMS320C674x series are now disassembled * RISCV: atomic operation standard extension (`amoadd`, `amoswap` etc.) is now supported * RISCV: improved recognition of switch patterns * RISCV: skip unrecognized custom instructions * V850, RH850: stack accesses which use `ep` register equal to `sp` are now recognized * RH850: accesses to system registers (LDSR/STSR) with non-zero selID are displayed using proper symbolic names * Tricore: mfcr/mtcr instructions now use symbolic names for the CSFRs, when known * Tricore: added "Simplified" assembler with more natural representation of string literals, immediates, stack variables * Tricore: print resolved target address for indirect call/jump instructions, if known ### File formats * ELF: RISCV: handle more relocation types * ELF: ARM: recognize and handle ILP32 files (32-bit ELF with AArch64 instructions) * ELF: added indirect function resolvers to the list of entrypoints ### Standard plugins * pdb: add return type for constructors (MSVC constructors return `this` and this fact can be exploitd by the compiler) * ida\_feeds: implemented detection of Rust version for loaded binary and creation of custom, version-specific FLIRT signatures * makesig: use the current database path and not original input filename for the output .pat/.sig file * goomba: support deobfuscation of some non-linear MBAs * dwarf: updated libdwarf to 0.11.1, fixing multiple vulnerabilities and issues in parsing debugging info generated by recent compilers ### Teams * vault: hvui can now send and receive small binary delta files instead of whole IDBs * vault: store deltas or full IDBs depending on the workflow and size thresholds * hvui: improved behavior of the progress bar during sync * hv: added `hv optsrv` to optimize the server storage * hv: added `hv gc` for client cache garbage collection ### Kernel/Misc * installer: bundle `lsadm` (floating license management tool) with IDA * installer: bundle FLAIR, idaclang, idsutils, loadint, tilib tools with IDA (under `tools` subdirectory) * licensing: document `-Olicense` commandline switch * licensing: improve messages about wrong/unusable license files * licensing: accept license files with CRLF line endings * database: added zstd compression and made it default for compressed IDBs * licsrv: print available IDA LIDs and seat counts instead of saying "Using a license with 1 seat" * licsrv: error out on startup if no floating licenses were found ### Scripting & SDK * SDK: introduced flags IRI\_... to be used in is\_ret\_insn(), ev\_is\_ret\_insn instead of 'bool strict' * SDK: tinfo: added IDB events for enum type manipulations (lt\_edm\_created, lt\_edm\_deleted, lt\_edm\_renamed, lt\_edm\_changed) * SDK: tinfo: added tinfo\_t::get\_alignment() * idalib: floating license checkout could fail when using idalib from Python * IDAPython: added ida\_kernwin.parse\_tagged\_line\_sections, to retrieve semantic information from generated lines with color tags * IDAPython: added 'modify\_struct\_member.py' sample, showing how to perform non-trivial modifications to structure members * IDAPython: added `ida_funcs.func_t.frame_object`, to facilitate retrieval of function frame structures * IDAPython: added `ida_funcs.func_t.prototype` and `ida_typeinf.tinfo_t.iter_func`, to facilitate retrieval of function prototypes * IDAPython: added `udt_type_data_t.get_best_fit_member` * IDAPython: automatically remove leading whitespace from input pasted into the CLI * IDAPython: replace `ea_t` with `int`, and `qstring` with `str` ### UI * asmtil: Added syntax highlighting for user defined types in the freetext editor * asmtil: show field offets/sizes if adding a single type using the C syntax tab * asmtil: more correct syntax for asm-style struct definitions (e.g. `dd` and not `int`, `ends` tag etc.) * decompiler: added the "Jump to matching brace" action to the context menu (was hotkey only) * licensing: added cancellable wait dialog when trying to connect to server * licensing: removed floating options from non-pro IDA flavors * licensing: fall back to default license path if the preferred license file is not valid * licensing: do not connect to server if there is a valid borrowed license * new function prototype editor is now available from pseudocode * idagui.cfg: added SHOW\_BANNER variable allowing to hide the initial "About" dialog ### Debuggers * Windbg: TTD (time travel debugging) is now supported with recent version of dbgeng.dll * Windbg: switch from 32-bit to 64-bit mode in Wow64 processes (aka Heaven's Gate) can be debugged now * IPv6 adresses can now be used for remote debuggers ### Decompilers * ARM64: ILP32 mode is supported now * ARM64: CASP/CASPL instructions are lifted into atomic intrinsics * ARM64: ARMv8 system registers are shown in pseudocode using symbolic names * ARM64: recognize more output function arguments passed in X8 * PPC: EFP (Embedded floating point) extension instructions are supported now * PPC: improved decompilation of code which directly accesses the `cr` register to check flags * RISCV: added intrinsics for more commonly used system instructions (frflags, fsflags, ebreak, wfi, rdtime, sfence) * RISCV: improved switch recognition * ignore calls to `chkstk_darwin` in macOS binaries * ARM/PC: improved recognition of TLS variables access * improved handling of \&gvar+N expressions (e.g. optimized string literal references in BC++ compiled executables) * improved recognition of shr64 ### Bugfixes * BUGFIX: asmtil: cross-references from typedefs to target types could be missing * BUGFIX: asmtil: fixed interr 2952 when adding multiple enum forward declarations * BUGFIX: asmtil: TID was not preserved when renaming enum constant * BUGFIX: arm: fixed interr 2762 * BUGFIX: elf: deliberately misleading info about section headers could confuse IDA and make it miss loading some code from the file * BUGFIX: IDC: function add\_struc\_member() - offset = -1 (add at the end of the structure) was not working correctly * BUGFIX: decompiler: fixed interrs 52781, 52836, 50312, 52194 * BUGFIX: decompiler: fixed wrong decompilation when not all instructions of a switch are marked as such * BUGFIX: decompiler: do not override user-specified return type when the same register is used for first argument and return value (add a cast instead) * BUGFIX: decompiler: it was impossible to use the decompiler during instant debugging * BUGFIX: licsrv: fail on start if db is readonly instead of crashing on first borrow * BUGFIX: arm: Fixed error popup when hovering mouse over NEON registers or XZR during debugging * BUGFIX: arm: some ARMv8-M ELF files could have "Thumb" set to "No" in architecture options * BUGFIX: lumina: Lumina server would still try to look for legacy `lumina.lic` * BUGFIX: ida\_feeds: don't override global logging module configuration * BUGFIX: idalib: Python plugins or processsor modules would not work in idalib context started from an external Python process * BUGFIX: installer: qwingraph binary was missing in IDA Classroom * BUGFIX: debugger: linux/android: fixed interr 30060 on recent Linux kernels (changes in format of file `/proc/PID/status`) * BUGFIX: debugger: dbg: appcall: it was not possible to call 64-bit pointers from IDC * BUGFIX: debugger: gdb: snippet debugging would fail with "Could not load ELF loader module" * BUGFIX: debugger: IDA could appear to freeze when attaching to remote process (e.g. on Android) * BUGFIX: UI: adding a variable-size struct with selection active did not use the full size of selection * BUGFIX: UI: asmtil: shortcut for 'Import standard enum by enum name' in Add Type dialog didn't work due to conflict with "Enum" tab name * BUGFIX: UI: asmtil: shortcut for 'Import standard structure' in Add Type dialog didn't work due to conflict with "Structure size" label * BUGFIX: UI: asmtil: standard structure was not imported automatically when adding it by name * BUGFIX: UI: asmtil: in fixed layout structs the suggested array size was wrong on last member * BUGFIX: UI: fixed a deadlock in license monitor thread * BUGFIX: UI: graph view could fail to show a blinking edge during debugging * BUGFIX: UI: pressing Space in "Setup Data" dialog would close it instead of creating a byte (default button) * BUGFIX: UI: italic font style was ignored on Windows * BUGFIX: UI: in some cases after opening the chooser the focus was not set * BUGFIX: UI: noret flag/attribute synchronization between function properties and prototype was buggy * BUGFIX: UI: on Windows, IDA was not uploading IDBs properly when sending a bug report * BUGFIX: MIPS: fixed interr 2765 * BUGFIX: kernel: avoid stack overflow on files with a very long chain of jump thunks * BUGFIX: IDA could display erroneous contact information in the disassembly header * BUGFIX: IDAPython: fix documentation for ida\_bytes.bin\_search * BUGFIX: IDAPython: 'ida\_idaapi.loader\_input\_t' was not usable * BUGFIX: IDAPython: 'call\_nav\_colorizer' was broken * BUGFIX: IDAPython: fixed incorrect argument name in 'pack\_object\_to\_idb' * BUGFIX: IDAPython: fixed idc.gen\_file() * BUGFIX: IDAPython: made `ida_bytes.get_stroff_path` significantly easier to use