# IDA 9.1 **IDA 9.1.250226**, **February 28, 2025** ## IDA 9.1 Highlights ### zstd compression in IDB files * Compressed IDBs now use zstd compression, which results in smaller IDBs and faster saving time. ### IDATeams delta changes * IDA Teams versioning functionality can now send and receive small binary delta files instead of whole IDBs, delivering faster version management operations and less network traffic * Deltas can also be stored on the Vault server, saving the disk space ### Processor module improvements * TMS320C6: the compact (16-bit) encodings from TMS320C66x and TMS320C674x series are now disassembled ![C674x compact instructions in IDA 9.0](https://920252027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXnMt6HMopakRTMzxxSKh%2Fuploads%2Fgit-blob-43548780449eb0b1c249aab90e52675e25243d22%2Fc674x_90.png?alt=media) ![C674x compact instructions in IDA 9.1](https://920252027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXnMt6HMopakRTMzxxSKh%2Fuploads%2Fgit-blob-263cec2bae9d59552e63914f5f29b9b9cca953cf%2Fc674x_91.png?alt=media) * RISCV, RH850: improved disassembly and analysis * Tricore: mfcr/mtcr instructions use symbolic names for the CSFRs, when known ### Decompiler improvements * ARM64: ILP32 mode (32-bit pointers with 64-bit instructions, e.g. Apple watchOS) is supported now ![ILP32 decompilation](https://920252027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXnMt6HMopakRTMzxxSKh%2Fuploads%2Fgit-blob-3624b956d604fde7951dc2c46c0bb7d9ab098368%2Farm64_ilp32.png?alt=media) * ARM64: improved decompilation of system code. System register names are now shown in pseudocode, in addition to disassembly ![system registers in ARM64 decompilation](https://920252027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXnMt6HMopakRTMzxxSKh%2Fuploads%2Fgit-blob-0e3952d0a8d184a271dc2a1dfc2da536de49245d%2Farm64_sysreg.png?alt=media) * PPC: EFP (Embedded floating point) extension instructions from SPE are supported now ![EFP instructuons in IDA 9.0](https://920252027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXnMt6HMopakRTMzxxSKh%2Fuploads%2Fgit-blob-60269c1f02c37a26d42f39ac605cb73230156002%2Fppc_efp_90.png?alt=media) ![EFP instructuons in IDA 9.1](https://920252027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXnMt6HMopakRTMzxxSKh%2Fuploads%2Fgit-blob-2eb23b80d150bec1517b5c05415b7f9b469744f4%2Fppc_efp_91.png?alt=media) * RISCV: more intrinsics have been added, so you should see fewer `__asm` fragments in the pseudocode ![RISC-V atomics decompilation](https://920252027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXnMt6HMopakRTMzxxSKh%2Fuploads%2Fgit-blob-aef06f0c61399f923ab4bc369721a49c7dfde937%2Friscv_amoadd.png?alt=media) ### Debugger improvements * Windbg: TTD (time travel debugging) is now supported (requires recent version of dbgeng.dll) ![new debugging actions](https://920252027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXnMt6HMopakRTMzxxSKh%2Fuploads%2Fgit-blob-e860a2b27bf71f0ba10769181df9286a1ba64ceb%2Fttd_91.png?alt=media) * Windbg: switch from 32-bit to 64-bit mode in Wow64 processes (aka Heaven's Gate) can be debugged now * IPv6 adresses can now be used for remote debuggers ### idalib * you can now pass IDA's command-line arguments to the `open_database()` function. This allows, for example, processing raw binaries for non-x86 using idalib. ### goomba * the goomba deobfuscation plugin adds deobfuscation of some non-linear MBAs without the extra oracle file ![goomba in IDA 9.0](https://920252027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXnMt6HMopakRTMzxxSKh%2Fuploads%2Fgit-blob-4245d0e99e25d44eed67c60911e3c9f4ebfee3ac%2Fgoomba_90.png?alt=media) ![goomba in IDA 9.1](https://920252027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXnMt6HMopakRTMzxxSKh%2Fuploads%2Fgit-blob-49f0fb819c1941ddc5e11398a5c9ed76f24f29cf%2Fgoomba_91.png?alt=media) ### ida\_feeds * implemented detection of Rust version for the loaded binary and creation of custom, version-specific FLIRT signatures ![rust compiler detection](https://920252027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXnMt6HMopakRTMzxxSKh%2Fuploads%2Fgit-blob-fe52c00376e461caab414fc8dcd85425eca53549%2Fida_feeds_autorust_1.png?alt=media) ![rust signature creation](https://920252027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXnMt6HMopakRTMzxxSKh%2Fuploads%2Fgit-blob-f59450654e1298e63c2a4862425962d440851e65%2Fida_feeds_autorust_2.png?alt=media) ### UI Improvements * local types: Add Type > C syntax tab can now show field offsets when adding a single type. ![adding new structure](https://920252027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXnMt6HMopakRTMzxxSKh%2Fuploads%2Fgit-blob-29400b555ef8deffb7f083edd51af5f02eab7af8%2Foffset_size_highlighting_new_type.png?alt=media) ## Watch what's new in IDA 9.1 Curious about the new IDA? Watch the feature overview on the All Things IDA channel. {% embed url="" %} Courtesy of Elias Bachaalany ([@allthingsida](https://www.youtube.com/@allthingsida)) ## Full list of changes and new features: ### Processor modules * ARM: support MVE (M-profile Vector Extension, aka Helium Technology) from ARMv8.1-M * ARM64: simplify 64-bit immediate loads built using four MOVK instructions * TMS320C6: the compact (16-bit) encoding instructions from the TMS320C66x and TMS320C674x series are now disassembled * RISCV: atomic operation standard extension (`amoadd`, `amoswap` etc.) is now supported * RISCV: improved recognition of switch patterns * RISCV: skip unrecognized custom instructions * V850, RH850: stack accesses which use `ep` register equal to `sp` are now recognized * RH850: accesses to system registers (LDSR/STSR) with non-zero selID are displayed using proper symbolic names * Tricore: mfcr/mtcr instructions now use symbolic names for the CSFRs, when known * Tricore: added "Simplified" assembler with more natural representation of string literals, immediates, stack variables * Tricore: print resolved target address for indirect call/jump instructions, if known ### File formats * ELF: RISCV: handle more relocation types * ELF: ARM: recognize and handle ILP32 files (32-bit ELF with AArch64 instructions) * ELF: added indirect function resolvers to the list of entrypoints ### Standard plugins * pdb: add return type for constructors (MSVC constructors return `this` and this fact can be exploitd by the compiler) * ida\_feeds: implemented detection of Rust version for loaded binary and creation of custom, version-specific FLIRT signatures * makesig: use the current database path and not original input filename for the output .pat/.sig file * goomba: support deobfuscation of some non-linear MBAs * dwarf: updated libdwarf to 0.11.1, fixing multiple vulnerabilities and issues in parsing debugging info generated by recent compilers ### Teams * vault: hvui can now send and receive small binary delta files instead of whole IDBs * vault: store deltas or full IDBs depending on the workflow and size thresholds * hvui: improved behavior of the progress bar during sync * hv: added `hv optsrv` to optimize the server storage * hv: added `hv gc` for client cache garbage collection ### Kernel/Misc * installer: bundle `lsadm` (floating license management tool) with IDA * installer: bundle FLAIR, idaclang, idsutils, loadint, tilib tools with IDA (under `tools` subdirectory) * licensing: document `-Olicense` commandline switch * licensing: improve messages about wrong/unusable license files * licensing: accept license files with CRLF line endings * database: added zstd compression and made it default for compressed IDBs * licsrv: print available IDA LIDs and seat counts instead of saying "Using a license with 1 seat" * licsrv: error out on startup if no floating licenses were found ### Scripting & SDK * SDK: introduced flags IRI\_... to be used in is\_ret\_insn(), ev\_is\_ret\_insn instead of 'bool strict' * SDK: tinfo: added IDB events for enum type manipulations (lt\_edm\_created, lt\_edm\_deleted, lt\_edm\_renamed, lt\_edm\_changed) * SDK: tinfo: added tinfo\_t::get\_alignment() * idalib: floating license checkout could fail when using idalib from Python * IDAPython: added ida\_kernwin.parse\_tagged\_line\_sections, to retrieve semantic information from generated lines with color tags * IDAPython: added 'modify\_struct\_member.py' sample, showing how to perform non-trivial modifications to structure members * IDAPython: added `ida_funcs.func_t.frame_object`, to facilitate retrieval of function frame structures * IDAPython: added `ida_funcs.func_t.prototype` and `ida_typeinf.tinfo_t.iter_func`, to facilitate retrieval of function prototypes * IDAPython: added `udt_type_data_t.get_best_fit_member` * IDAPython: automatically remove leading whitespace from input pasted into the CLI * IDAPython: replace `ea_t` with `int`, and `qstring` with `str` ### UI * asmtil: Added syntax highlighting for user defined types in the freetext editor * asmtil: show field offets/sizes if adding a single type using the C syntax tab * asmtil: more correct syntax for asm-style struct definitions (e.g. `dd` and not `int`, `ends` tag etc.) * decompiler: added the "Jump to matching brace" action to the context menu (was hotkey only) * licensing: added cancellable wait dialog when trying to connect to server * licensing: removed floating options from non-pro IDA flavors * licensing: fall back to default license path if the preferred license file is not valid * licensing: do not connect to server if there is a valid borrowed license * new function prototype editor is now available from pseudocode * idagui.cfg: added SHOW\_BANNER variable allowing to hide the initial "About" dialog ### Debuggers * Windbg: TTD (time travel debugging) is now supported with recent version of dbgeng.dll * Windbg: switch from 32-bit to 64-bit mode in Wow64 processes (aka Heaven's Gate) can be debugged now * IPv6 adresses can now be used for remote debuggers ### Decompilers * ARM64: ILP32 mode is supported now * ARM64: CASP/CASPL instructions are lifted into atomic intrinsics * ARM64: ARMv8 system registers are shown in pseudocode using symbolic names * ARM64: recognize more output function arguments passed in X8 * PPC: EFP (Embedded floating point) extension instructions are supported now * PPC: improved decompilation of code which directly accesses the `cr` register to check flags * RISCV: added intrinsics for more commonly used system instructions (frflags, fsflags, ebreak, wfi, rdtime, sfence) * RISCV: improved switch recognition * ignore calls to `chkstk_darwin` in macOS binaries * ARM/PC: improved recognition of TLS variables access * improved handling of \&gvar+N expressions (e.g. optimized string literal references in BC++ compiled executables) * improved recognition of shr64 ### Bugfixes * BUGFIX: asmtil: cross-references from typedefs to target types could be missing * BUGFIX: asmtil: fixed interr 2952 when adding multiple enum forward declarations * BUGFIX: asmtil: TID was not preserved when renaming enum constant * BUGFIX: arm: fixed interr 2762 * BUGFIX: elf: deliberately misleading info about section headers could confuse IDA and make it miss loading some code from the file * BUGFIX: IDC: function add\_struc\_member() - offset = -1 (add at the end of the structure) was not working correctly * BUGFIX: decompiler: fixed interrs 52781, 52836, 50312, 52194 * BUGFIX: decompiler: fixed wrong decompilation when not all instructions of a switch are marked as such * BUGFIX: decompiler: do not override user-specified return type when the same register is used for first argument and return value (add a cast instead) * BUGFIX: decompiler: it was impossible to use the decompiler during instant debugging * BUGFIX: licsrv: fail on start if db is readonly instead of crashing on first borrow * BUGFIX: arm: Fixed error popup when hovering mouse over NEON registers or XZR during debugging * BUGFIX: arm: some ARMv8-M ELF files could have "Thumb" set to "No" in architecture options * BUGFIX: lumina: Lumina server would still try to look for legacy `lumina.lic` * BUGFIX: ida\_feeds: don't override global logging module configuration * BUGFIX: idalib: Python plugins or processsor modules would not work in idalib context started from an external Python process * BUGFIX: installer: qwingraph binary was missing in IDA Classroom * BUGFIX: debugger: linux/android: fixed interr 30060 on recent Linux kernels (changes in format of file `/proc/PID/status`) * BUGFIX: debugger: dbg: appcall: it was not possible to call 64-bit pointers from IDC * BUGFIX: debugger: gdb: snippet debugging would fail with "Could not load ELF loader module" * BUGFIX: debugger: IDA could appear to freeze when attaching to remote process (e.g. on Android) * BUGFIX: UI: adding a variable-size struct with selection active did not use the full size of selection * BUGFIX: UI: asmtil: shortcut for 'Import standard enum by enum name' in Add Type dialog didn't work due to conflict with "Enum" tab name * BUGFIX: UI: asmtil: shortcut for 'Import standard structure' in Add Type dialog didn't work due to conflict with "Structure size" label * BUGFIX: UI: asmtil: standard structure was not imported automatically when adding it by name * BUGFIX: UI: asmtil: in fixed layout structs the suggested array size was wrong on last member * BUGFIX: UI: fixed a deadlock in license monitor thread * BUGFIX: UI: graph view could fail to show a blinking edge during debugging * BUGFIX: UI: pressing Space in "Setup Data" dialog would close it instead of creating a byte (default button) * BUGFIX: UI: italic font style was ignored on Windows * BUGFIX: UI: in some cases after opening the chooser the focus was not set * BUGFIX: UI: noret flag/attribute synchronization between function properties and prototype was buggy * BUGFIX: UI: on Windows, IDA was not uploading IDBs properly when sending a bug report * BUGFIX: MIPS: fixed interr 2765 * BUGFIX: kernel: avoid stack overflow on files with a very long chain of jump thunks * BUGFIX: IDA could display erroneous contact information in the disassembly header * BUGFIX: IDAPython: fix documentation for ida\_bytes.bin\_search * BUGFIX: IDAPython: 'ida\_idaapi.loader\_input\_t' was not usable * BUGFIX: IDAPython: 'call\_nav\_colorizer' was broken * BUGFIX: IDAPython: fixed incorrect argument name in 'pack\_object\_to\_idb' * BUGFIX: IDAPython: fixed idc.gen\_file() * BUGFIX: IDAPython: made `ida_bytes.get_stroff_path` significantly easier to use --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hex-rays.com/release-notes/9_1.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.