IDA 9.1beta

IDA 9.1 Highlights

zstd compression in IDB files

  • Compressed IDBs now use zstd compression, which results in smaller IDBs and faster saving time.

IDATeams delta changes

  • IDA Teams versioning functionality can now send and receive small binary delta files instead of whole IDBs, delivering faster version management operations and less network traffic

  • Deltas can also be stored on the Vault server, saving the disk space

Processor module improvements

  • TMS320C6: the compact (16-bit) encodings from TMS320C66x and TMS320C674x series are now disassembled

  • RISCV, RH850: improved disassembly and analysis

  • Tricore: mfcr/mtcr instructions use symbolic names for the CSFRs, when known

Decompiler improvements

  • ARM64: ILP32 mode (32-bit pointers with 64-bit instructions, e.g. Apple watchOS) is supported now

  • ARM64: improved decompilation of system code

  • PPC: EFP (Embedded floating point) extension instructions from SPE are supported now

  • RISCV: more intrinsics have been added, so you should see fewer __asm fragments in the pseudocode

Debugger improvements

  • Windbg: TTD (time travel debugging) is now supported (requires recent version of dbgeng.dll)

  • Windbg: switch from 32-bit to 64-bit mode in Wow64 processes (aka Heaven's Gate) can be debugged now

  • IPv6 adresses can now be used for remote debuggers

idalib

  • you can now pass IDA's command-line arguments to the open_database() function

ida_feeds

  • implemented detection of Rust version for the loaded binary and creation of custom, version-specific FLIRT signatures

UI Improvements

  • local types: Add Type > C syntax tab can now show field offsets when adding a single type.

Full list of changes and new features:

Processor modules

  • ARM: support MVE (M-profile Vector Extension, aka Helium Technology) from ARMv8.1-M

  • ARM64: simplify 64-bit immediate loads built using four MOVK instructions

  • TMS320C6: the compact (16-bit) encoding instructions from the TMS320C66x and TMS320C674x series are now disassembled

  • RISCV: atomic operation standard extension (amoadd, amoswap etc.) is now supported

  • RISCV: improved recognition of switch patterns

  • RISCV: skip unrecognized custom instructions

  • V850, RH850: stack accesses which use ep register equal to sp are now recognized

  • RH850: accesses to system registers (LDSR/STSR) with non-zero selID are displayed using proper symbolic names

  • Tricore: mfcr/mtcr instructions now use symbolic names for the CSFRs, when known

  • Tricore: added "Simplified" assembler with more natural representation of string literals, immediates, stack variables

  • Tricore: print resolved target address for indirect call/jump instructions, if known

File formats

  • ELF: RISCV: handle more relocation types

  • ELF: ARM: recognize and handle ILP32 files (32-bit ELF with AArch64 instructions)

  • ELF: added indirect function resolvers to the list of entrypoints

Standard plugins

  • pdb: add return type for constructors (MSVC constructors return this and this fact can be exploitd by the compiler)

  • ida_feeds: implemented detection of Rust version for loaded binary and creation of custom, version-specific FLIRT signatures

  • makesig: use the current database path and not original input filename for the output .pat/.sig file

Teams

  • vault: hvui can now send and receive small binary delta files instead of whole IDBs

  • vault: store deltas or full IDBs depending on the workflow and size thresholds

  • hvui: improved behavior of the progress bar during sync

  • hv: added hv optsrv to optimize the server storage

  • hv: added hv gc for client cache garbage collection

Kernel/Misc

  • installer: bundle lsasm (floating license management tool) with IDA

  • installer: bundle FLAIR, idaclang, idsutils, loadint, tilib tools with IDA (under tools subdirectory)

  • licensing: document -Olicense commandline switch

  • licensing: improve messages about unusable license files

  • licensing: accept license files with CRLF line endings

  • database: added zstd compression and made it default for compressed IDBs

  • licsrv: print available IDA LIDs and seat counts instead of saying "Using a license with 1 seat"

  • licsrv: error out on startup if no floating licenses were found

Scripting & SDK

  • SDK: introduced flags IRI_... to be used in is_ret_insn(), ev_is_ret_insn instead of 'bool strict'

  • SDK: tinfo: added IDB events for enum type manipulations (lt_edm_created, lt_edm_deleted, lt_edm_renamed, lt_edm_changed)

  • SDK: tinfo: added tinfo_t::get_alignment()

  • idalib: floating license checkout could fail when using idalib from Python

  • IDAPython: added ida_kernwin.parse_tagged_line_sections, to retrieve semantic information from generated lines with color tags

  • IDAPython: added 'modify_struct_member.py' sample, showing how to perform non-trivial modifications to structure members

  • IDAPython: Automatically remove leading whitespace from input pasted into the CLI

  • IDAPython: Replace ea_t with int, and qstring with str

  • IDAPython: Use native python types int and str for integral and string types where possible

UI

  • asmtil: Added syntax highlighting for user defined types in the freetext editor

  • asmtil: show field offets/sizes if adding a single type using the C syntax tab

  • asmtil: more correct syntax for asm-style struct definitions (e.g. dd and not int, ends tag etc.)

  • decompiler: added the "Jump to matching brace" action to the context menu (was hotkey only)

  • licensing: added cancellable wait dialog when trying to connect to server

  • licensing: removed floating options from non-pro IDA flavors

  • licensing: fall back to default license path if the preferred license file is not valid

  • licensing: do not connect to server if there is a valid borrowed license

  • new function prototype editor is now available from pseudocode

  • idagui.cfg: added SHOW_BANNER variable allowing to hide the initial "About" dialog

Debuggers

  • Windbg: TTD (time travel debugging) is now supported with recent version of dbgeng.dll

  • Windbg: switch from 32-bit to 64-bit mode in Wow64 processes (aka Heaven's Gate) can be debugged now

  • IPv6 adresses can now be used for remote debuggers

Decompilers

  • ARM64: ILP32 mode is supported now

  • ARM64: CASP/CASPL instructions are lifted into atomic intrinsics

  • ARM64: ARMv8 system registers are shown in pseudocode using symbolic names

  • ARM64: recognize more output function arguments passed in X8

  • PPC: EFP (Embedded floating point) extension instructions are supported now

  • RISCV: added intrinsics for more commonly used system instructions (frflags, fsflags, ebreak, wfi, rdtime, sfence)

  • RISCV: improved switch recognition

  • ignore calls to chkstk_darwin in macOS binaries

  • ARM/PC: improved recognition of TLS variables access

Bugfixes

  • BUGFIX: asmtil: cross-references from typedefs to target types could be missing

  • BUGFIX: asmtil: fixed interr 2952 when adding multiple enum forward declarations

  • BUGFIX: IDC: function add_struc_member() - offset = -1 (add at the end of the structure) was not working correctly

  • BUGFIX: vd: fixed interrs 52781, 52836, 50312, 52194

  • BUGFIX: vd: fixed wrong decompilation when not all instructions of a switch are marked as such

  • BUGFIX: vd: do not override user-specified return type when the same register is used for first argument and return value (add a cast instead)

  • BUGFIX: vd: it was impossible to use the decompiler during instant debugging

  • BUGFIX: licsrv: fail on start if db is readonly instead of crashing on first borrow

  • BUGFIX: arm: Fixed error popup when hovering mouse over NEON registers or XZR during debugging

  • BUGFIX: arm: some ARMv8-M ELF files could have "Thumb" set to "No" in architecture options

  • BUGFIX: lumina: Lumina server would still try to look for legacy lumina.lic.

  • BUGFIX: ida_feeds: don't override global logging module configuration

  • BUGFIX: debugger: linux/android: fixed interr 30060 on recent Linux kernels (changes in format of file /proc/PID/status).

  • BUGFIX: debugger: dbg: appcall: it was not possible to call 64-bit pointers from IDC

  • BUGFIX: debugger: gdb: snippet debugging would fail with "Could not load ELF loader module"

  • BUGFIX: UI: adding a variable-size struct with selection active did not use the full size of selection

  • BUGFIX: UI: asmtil: shortcut for 'Import standard enum by enum name' in Add Type dialog didn't work due to conflict with "Enum" tab name

  • BUGFIX: UI: asmtil: shortcut for 'Import standard structure' in Add Type dialog didn't work due to conflict with "Structure size" label

  • BUGFIX: UI: asmtil: standard structure was not imported automatically when adding it by name

  • BUGFIX: UI: asmtil: in fixed layout structs the suggested array size was wrong on last member

  • BUGFIX: UI: fixed a deadlock in license monitor thread

  • BUGFIX: UI: graph view could fail to show a blinking edge during debugging

  • BUGFIX: UI: pressing Space in "Setup Data" dialog would close it instead of creating a byte (default button)

  • BUGFIX: UI: italic font style was ignored on Windows

  • BUGFIX: UI: in some cases after opening the chooser the focus was not set

  • BUGFIX: UI: noret flag/attribute synchronization between function properties and prototype was buggy

  • BUGFIX: MIPS: fixed interr 2765

  • BUGFIX: kernel: avoid stack overflow on files with a very long chain of jump thunks

  • BUGFIX: IDAPython: fix documentation for ida_bytes.bin_search

  • BUGFIX: IDAPython: 'ida_idaapi.loader_input_t' was not usable

  • BUGFIX: IDAPython: 'call_nav_colorizer' was broken

  • BUGFIX: IDAPython: fixed incorrect argument name in 'pack_object_to_idb'

  • BUGFIX: IDAPython: fixed idc.gen_file()

Last updated

Was this helpful?