# IDA 9.2 Beta

{% hint style="success" %}

#### Official Release 9.2 Now Available

The beta testing phase for version 9.2 has concluded, and the **official 9.2 release is available**. For a complete and up-to-date overview of new features and changes, please refer to the [9.2 Release Notes](https://docs.hex-rays.com/release-notes/9_2)
{% endhint %}

Welcome to the IDA 9.2 Beta Release, and thank you to all our beta testers for joining us! Below are the key highlights and changes introduced in this beta version. Prefer a quick overview? Watch the [IDA 9.2 Beta Highlights](#video) video.

{% hint style="info" %}

#### Share your feedback

Spotted a bug or have a suggestion to the IDA 9.2 beta release? Let us know and contribute to IDA evolution through one of the following channels:

* [Hex-Rays Support](https://support.hex-rays.com) (*Early access* feedback form),
* Email: <support@hex-rays.com>, or
* Slack: Join the discussion in our dedicated beta channel. If you didn’t receive the invitation link, [contact us](mailto:support@hex-rays.com).
  {% endhint %}

## New in Beta 6 (RC3)

### Bugfix

* Fix crash when closing the Jump Anywhere through window titlebar controls on macOS

## New in Beta 5 (RC2)

### Bugfixes

* "Create C file…" did not produce any output in IDA Home, Essential & Classroom
* Got rid of confusing build information in "About…" dialog, on macOS

## New in Beta 4 (RC)

Following the feedback from Beta 3, we're releasing Beta 4, the Release Candidate of IDA 9.2.

### Lumina

Added the `LUMINA_RECV_HELO_TIMEOUT` environment variable, which can be used to set the server timeout between the TLS handshake and the first packet arriving from a client, in milliseconds. Setting it to -1 disables the timeout, allowing an indefinite amount of time for users to authenticate.

A lumina connection works in 3 phases:

1. TLS handshake
2. HELO phase (client sends license information in order to authenticate with the server)
3. Once authenticated, clients can perform any operation without this timeout affecting them.

This variable sets the timeout between steps 1 and 2. If not set, it defaults to 1000 ms.

Note that when a client attempts to connect, the lumina server creates a new thread and keeps it running for the duration of this timeout. Hence, for publicly exposed lumina servers, it is advised to keep the duration of this timeout short.

### Architecture Support

#### Tricore

* Add chipset definitions of tc29x, tc27x, tc32xLP, tc33xLP, tc33xDA, tc35x, tc36x, tc37x, tc38x, tc39xQ, tc39xX.

#### RISCV

* Fix xref creation issues from local types

### Apple Ecosystem

* Performance improvements in the register tracking algorithm. By updating the cache invalidation policy of some internal data structures, we have reduced the analysis time of large iOS DSCs.
* Improved recognition of PAC `__auth_stubs` (commonly used by iOS import trampoline patterns).

### Microcode Viewer

* Fix vertical scrollbar size and some problems with hint boxes
* Properly safe/restore widget/desktop state across idb lifecycle

### UI

* Scrolling through local types could become very slow on macOS
* Better support for docking of widgets on Wayland
* Remember the preference of history sharing
* Fixed a crash when hovering over "Jump to next/previous position"
* Register `.i64` file extension on macOS
* Restore old behaviour of setting prototype as user-defined when hitting return in "Set item type" (`y` shortcut) dialog
* Revert to "old" `windowsvista` theme on Windows 11
* Respect OS-level settings for dark mode
* fix crashes on macOS when opening files with `SHOW_BANNER=NO`

#### Xref Tree

* Display references to non-item-head addresses with proper offsets
* The widget state is now serialized to and restored from the IDB
* Add new widget icon

#### Xref Graph

* Don't crash on "last" undo
* Actions are now properly updated when the selection changes
* Fix selection behavior
* Prevent some crashes due to missing OpenGL support on the current platform

#### Jump Anywhere

* Make search case-insensitive by default
* Use `Ctrl-Alt-G` as hotkey

### Misc

* IDA manual is now fully browsable offline (uncheck `Help > Online Help`)
* IDA Home & Essential now provide the `Decompile all` functionality

### Bugfixes

* pdb: Update version of MSDIA backend of the PDB parser to 14.44
* pdb: fix logic error when reusing enums via typedefs
* licensing: offer to save idb when connection to license server is not re-established within grace period
* parser: fix reparsing of specialized templates
* parser: ignore error for top-level anonymous structure
* parser: handle function arguments named "this"

## New in Beta 3

Following the feedback from Beta 2, we're releasing an improved Beta 3 of IDA 9.2. Remaining issues can be found in [Beta 3 known issues](#known-issues-in-beta-3) section.

### Microcode Viewer

* Fixed erratic behavior of selections inside microcode viewer
* Fixed "lazy" double clicks, only moving the cursor inside the current "page"
* Introduced more concise formatting

### Qt6

* We *disabled* the PyQt5 shim by default (to not confuse abstraction layers like qtpy). A message box will appear in the UI when importing anything PyQt5 related, asking whether the PyQt5 compatibility shim should be enabled.
* Bundle `libqt-shell.so` and `libxdg-shell.so` libs with IDA to enable compatibility with wlroots-based compositors

### Architecture Support

#### v850/rh850

* pelf: added support for v850/rh850 relocatables
* pelf: added processing of GHS/Renesas specific-relocations

### TriCore

* Added Chipset definitions for TC1100

### TMS6

* Added `TMS6_SCALE_OFFSETS` processor specific option (default = YES). You can turn it off to view raw, un-scaled offsets.

### ARM

* Better handle AND operations on stack pointer during stack pointer tracking

### DWARF

* Support scattered structures, arrays, and integral types

### Decompiler

* New decompiler action: "Show all call decompilations" now also works for data xrefs. It is available by right-clicking a global variable in the decompiler and picking "Show all xref decompilations..."
* For functions in x86\_64 PE+ executables that have `UNWIND_INFO` data available, the stack is reconstructed according to the information contained in the exception directory

### Licensing

* Implemented `MAX_BORROW_HOURS` environment variable

### Xref Tree

* Enabled xref tree action from pseudocode views
* Fixed root node double-click to jump to original address
* Fixed double-click cycling for UNDEF/import items
* Prevented jumping on tree section headers
* Renamed "allow duplicates" to "show duplicates"
* Fixed size calculation for compact display
* Fixed deduplication in References To section

### Bugfixes

* TMS320: fixed decoding of EXT/EXTU TMS320C67xx instructions
* Makesig: generating signature from selected functions now works also when demangling is enabled
* UI: drag & drop'ing a floating area on Wayland would crash IDA
* UI: when adding multiple types via `Add type...` C syntax tab, some types would be silently lost
* UI: fixed crash when changing desktop geometries / switching to debug desktop
* idalib: respect `$IDAUSR` environment variable
* ELF: fixed `gnu_debugdata_t: XZ decode error` message on some ELF files
* Macho: fixed handling of `DYLD_CHAINED_IMPORT` records (name\_offset==0 was wrongly considered invalid)
* VD: `split expression` was not available in some contexts
* VD: field member names were omitted for seemingly anonymous structs
* Parser: legacy parser would reject a usercall function sometimes
* Xref\_graph: bundle plugin with all editions of IDA
* Parser: do not use fake name "\_" for abstract type declarator
* IDAPython: added `ida_kernwin.BWN_MICROCODE` constant to identify microcode subviews
* PC: improved switch recognition for cases where table base is encoded in an immediate

### Known issues in Beta 3

* Crash on start on macOS 26 beta 6
* Double clicking on decompiler helpers jumps to unrelated addresses
* Unable to dock two windows side-by-side on Linux with Wayland

***

## New in Beta 2

Based on the feedback collected during the Beta 1, we’re releasing an improved Beta 2 of IDA 9.2. While we've addressed as many reported issues as possible, some problems remain unresolved. Before submitting a new bug report, please review the existing issues assigned to features or listed under [other known issues](#other-known-issues).

### Improved Stack Frame Analysis of 32-bit ARM Code

* Added support of STMIA pseudo-instructions. For example, `STM` at `DE6` is used to store R1-R3 at the frame top (space was allocated by the `SUB` at `DD4`).

  ```
  00000DD4 000 SUB     SP, SP, #0xC   ; PROLOG
  00000DD6 00C PUSH    {R4-R7,LR}     ; PROLOG
  00000DD8 020 ADD     R7, SP, #0xC   ; PROLOG
  00000DDA 020 PUSH.W  {R8,R10} ; PROLOG
  00000DDE 028 SUB     SP, SP, #0x34  ; PROLOG
  00000DE0 05C MOV     R4, R0
  00000DE2 05C ADD     R0, SP, #0x34+varg_r1
  00000DE4 05C LDR     R6, [SP,#0x34+arg_4]
  00000DE6 05C STM.W   R0, {R1-R3}    ; PROLOG
  ```
* Improved detection of non-PROLOG instructions. For example, `PUSH` at `B910` and `B91C` are not prolog instructions, because `R12` is not a callee-saved register.

  ```
  0000B910 000 PUSH    {R12}
  0000B914 004 LDR     R12, =(off_C1A4 - 0xB920)
  0000B918 004 ADD     R12, PC, R12 ; off_C1A4
  0000B91C 004 PUSH    {R12}
  ```
* Improved frregs and fpd.

These updates lead to more accurate decompilation results.

### Decompiler

* Rather than creating extra variable and assigning the result expression right before returning, directly return the expression.
* New decompiler action:
  * "*Show all call decompilations*". Right-click any function call in the decompiler, and select this option to open a window displaying all decompiled call sites to the selected function.

### TriCore

* Added chipset definitions for: tc1762, tc1764, tc1782, tc1784, tc1792, tc1791, tc1793, tc1798
* Added generic devices: tc1xxx, tc2xxx, tc3xxx, tc4xxx
* The .cfg file format now supports folders (e.g., `tc1xxx/tc1762`), allowing for better organization of chipset definitions. Additionally, multiple devices that have the same parameters can now be defined in a single line, e.g., `tc1791,tc1793,tc1798`.

### Microcode Viewer

* New widget displaying the decompiler microcode at arbitrary maturity levels
* Displays micro instructions, block types, control flow transfers, and use-def chains
* Syncable with Disassembly, Pseudocode, and other Microcode Viewer widgets

#### Shortcuts and controls

* Invocable by <kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>F8</kbd>
* Increase maturity level with <kbd>></kbd>
* Decrease maturity level with <kbd><</kbd>

![Microcode View](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-27e9b9b6597da0d3864c9ad6458079470eb263ca%2Fmicrocode-view.png?alt=media)

#### Known issues

* Selection misbehaves

### Unified Location History

* History sharing now also includes the Stack View. This change revealed a known issue where <kbd>ESC</kbd> doesn't consistently work in all cases.
* Moved "Enable history sharing" to **Options → General → Browser** instead of Misc
* Widgets can now sync with history sharing enabled. The current widget automatically moves to a non-shared history stack during sync and rejoins shared history when un-synced.

### Xref Tree

* Performance optimizations with large trees
* Made all columns respect font size
* Improved focus management:
  * Focus is put on the tree when the widget opens
  * When switching to the Xref Tree window, the last child widget that had focus will receive focus
  * Root item is preselected
* Section headers use keyword color for better readability
* Fixed occasional crash on exit
* Xref Tree can collect "References To" for data items
* If no name is present in the IDB for an item, generate a fallback one (`off_...`)
* Reference jumping and cycling mechanism has been reworked:
  * (<kbd>Shift</kbd> +)<kbd>F10</kbd> has been removed
  * <kbd>Enter</kbd>/double-click automatically cycles on repeated triggers
  * By default, <kbd>Enter</kbd> will update the previous IDA View to the location that was selected but keep focus in the tree to let the user cycle or select another location
  * The "Change Focus" option was added for testing purposes. It modifies the behavior of <kbd>Enter</kbd> to "Jump" to the location that was selected in the previous IDA View (just like "Jump to xref")

{% hint style="info" %}

#### Request for Feedback | [Feedback Form](https://support.hex-rays.com)

* Does the cycling behavior work as expected?
* Do you prefer to "Change Focus" when using <kbd>Enter</kbd>/double-click or to update the IDA View?
  * Should both options be available to the user? How? (Modifiers? UI buttons? Suggestions welcome!)
* If the cursor is located inside of a function in an IDA View, Xref Tree will select that function as the root node. Would you prefer if it behaved similarly to "Jump to xref to operand..." (<kbd>X</kbd> shortcut) — using the operand below the cursor as the root node when applicable?
  {% endhint %}

#### Known issues

* It is not possible to jump to references gathered for data items
* Double-clicking on the root node doesn't behave as expected
* Double-clicking on section headers (e.g. "References To") continues cycling
* "Allow Duplicates" doesn't seem to have an impact on "References To"
* Position of widget is not preserved across sessions
* The tree's information density is not high enough
* Some references to items that aren't heads may have incorrect names (e.g. SUB\_...)
* Xref Tree is not available from Pseudocode views

### Jump Anywhere

* Fixed broken support for address expressions
* Action has been renamed from `JumpToAnywhere` to `JumpAnywhere`
  * Users who used the "Feature Flags" dialog to remap it will have to go through that manipulation again
* A Preview pane is displayed on the right-hand side of the dialog that corresponds to the entry that is currently selected
  * This can be disabled in the "Feature flags" dialog

#### Known issues

* JumpAnywhere window appears to blink during search
* Indexer may not be up to date with type information
* Preview pane isn't correct for first entry (interpreted as address expression)
* macOS: using <kbd>Up</kbd> or <kbd>Down</kbd> will move cursor to Begin/End of input

### Xref Graph

* Xref Graph window title prefixed with 'Xref Graph: '
* Selected initial node on graph creation
* Fix plugin dialog shortcuts & focus
* Removed default shortcut
  * Recommending to invoke Xref Graph using "Xrefs graph \[to|from]..."

#### Known issues

* Slow layout on large graphs
* Actions presented in context menu may not be up to date with selection
* Not preloading OpenGL seems to make IDA crash on exit if Xref Graph was used; please set `$IDA_PRELOAD_OPENGL` if you wish to use Xref Graph with Beta 2

### New Parser

* Renamed the parser names to more descriptive: `default` → `legacy`, `clang` → `old_clang`, `future` → `clang`. For this Beta 2 release,`legacy` remains the default. The default will switch to `clang` in one of the upcoming releases.
* The parser name is taken from `ida.cfg` instead of the registry. See the `TYPE_PARSER` option.
* The following functions have been added to the `ida_srclang` Python module:
  * `parse_decls_with_parser_ext(parser_name: str, til: 'til_t', input: str, hti_flags: int) -> int`
  * `get_parser_option(parser_name: str, option_name: str) ->str`
  * `set_parser_option(parser_name: str, option_name: str, option_value: str) -> bool`

### Golang

* Added recognition of Golang-specific inlined `memcpy`/`memset` patterns in the MIPS and RISC-V decompiler.

### Other Bugfixes since Beta 1

* Xref Graph: added plugin to Home edition
* Linux/Wayland: now bundles `libqt-plugin-wayland-egl.so`
* Decompiler (PC):
  * fixed issue where splitting assignments made using `xmm` instructions was not working
  * improved recognition of shifts performed via combination of cvtsi128 and srli
* Decompiler: Fixed crash when editing the prototype of an imported function
* Golang:
  * fixed built-in declarations
  * added recognition of inlined for inlined memcpy/memset on riscv and mips
* Parser:
  * now allows specifying only the argument type when editing a function argument
  * fixed missing calling convention in pointer to function
  * Resolved handling of qualified names when using `__shifted()`
  * fixed incorrect treatment of `__hidden` as a simple annotation
  * fixed parsing failure when an argument was named this
* Types: fixed issue where method `tinfo_t::expand_udm()` was spoiling the type
* CFG (idagui): increase output scrollback to 128k lines
* Function prototype editor: Fixed issue where the default prototype was ignored by IDA
* DWARF: improved handling of `stkvars`
* Mac: fixed missing Dock Tile (when multiple IDA instances are open)
* Fixed ICC profile of collapsible icon (used to produce warnings in libpng)
* Not preloading QOpenGL (causes issues on older Windows 10 and Windows on ARM systems
  * set `$IDA_PRELOAD_OPENGL` to preload anyway

### Other known issues

* Linux: crash on Wayland when trying to dock a floating window
* Mac: missing custom Dock Menu, warning about "missing call to 'qt\_mac\_set\_dock\_menu'"
* Mac: hangs on macOS 26 beta 3
* Mac: `SHOW_BANNER=NO` can cause crash when opening files
* Qt: light/dark theme rendering issues
* Qt: sluggish UI when scrolling in some listings (e.g. local types)
* Feature Flags: overriding 'G' shortcut will also disable that shortcut in earlier versions of IDA
* "Copy full type(s)" in Function Prototype editor available and will fail

***

## UI Improvements

### Jump Anywhere

* Jump Anywhere is a new dialog created to simplify quick jumps to locations anywhere in the IDB. It is envisioned to become the successor of the `JumpAsk` ("Jump to address...", bound to the <kbd>G</kbd> key) dialog.
* It can be opened via the `JumpAnywhere` action that is bound to <kbd>Ctrl</kbd> + <kbd>Alt</kbd> + <kbd>F</kbd> (<kbd>CMD</kbd> + <kbd>Alt</kbd> + <kbd>F</kbd> on macOS) by default. A checkbox was also added in the (new) Feature flags dialog (**Options → Feature flags...**) to quickly map/unmap `JumpAnywhere` to the <kbd>G</kbd> key.
* Currently we index **functions**, **local types**, **names**, **segments**, later we plan to introduce a public API, allowing users to extend the index, querying it, and much more.
* For now the dialog is fairly simple: it presents an input box where the user can type in a name and below that a list of search matches is populated.
* The list can be navigated using arrow keys. Pressing <kbd>Enter</kbd> jumps to the currently selected entry.
* If the user input is interpretable as an [address expression](https://docs.hex-rays.com/user-guide/disassembler/navigation/how-to-enter-an-address), a result entry for the corresponding destination will appear at the top of the search result list.
* The behavior of the dialog can be changed in `idagui.cfg` to your preference:

```
//-------------------------------------------------------------------------
//      Jump anywhere parameters (requires ENABLE_INDEXER = YES in ida.cfg)
//-------------------------------------------------------------------------

#ifdef __QT__
JUMP_ANYWHERE_MAX_RESULTS = 10000  // maximum number of search results (0 = no limit)
#endif
```

Disabling of the indexer is possible in `ida.cfg`, by setting `ENABLE_INDEXER = NO`, this may be useful if you use IDA in headless mode (eliminating the small overhead of building & maintaining the index).

#### Future plans

* We would like to support fuzzy string matching in `JumpAnywhere`
* We will also add a preview pane inside of the dialog to provide context about the entry that is currently selected.

{% hint style="info" %}

#### Request for Feedback | [Feedback Form](https://support.hex-rays.com)

* Do you find the performance of the Jump To Anywhere dialog satisfying? Are you able to input your search smoothly?
* Would you like to be able to filter by type of match (only functions, only types etc.)?
* Did we miss anything that would make this dialog better?
  {% endhint %}

### Unified Location History

* Global history stack across multiple widgets. Addresses issues like:
  * double clicking on a static variable switching to disassembly view, but <kbd>ESC</kbd> would not navigate back to Pseudocode
  * double clicking on a type or stack variable would "trap" navigation with no easy way to return back to the origin
* Activated automatically for Disassembly, Pseudocode, Local Types, and Stack. Old behavior can be re-instantiated by disabling "Enable history sharing in **Options → General → Browser**.

### New Debugger Regs Widget

* New register widget for the debugger. It applies coloring, dereferences pointers, and in general tries to be smart about register values. This behavior can be controlled via the context menu.

### Autocompletion for Types in Local Types

* Autocompletion when editing/creating types in Local Types via the free text editor.
* Either automatically triggered when typing, or manually invoked using <kbd>Ctrl</kbd> + <kbd>Space</kbd>.
* When adding a new type in the "C syntax" tab, autocompletion is available.
* Autocompletion uses the existing types in the database and C/C++ keywords (such as "struct", "int"...).
* Simply start typing the beginning of the desired type name and a list of completions will appear, they can be navigate using arrow keys.
* Additionally, a very useful hint will appear on the side to provide more context about the suggested type, allowing you to distinguish between "foobar1", "foobar2" or even "FooBar".
* If autocompletion suggestions are in your way, you can discard them by pressing <kbd>Esc</kbd>.
* It is also possible to deliberately request to show completions at any moment using <kbd>Ctrl</kbd> + <kbd>Space</kbd> (the `ForceTypesAutoCompl` action, the shortcut is configurable).
* We also added automatic completion of curly braces and auto-indentation: when entering '{', '}' will be automatically added, and between them an empty line with an indentation.
* After working with older builds that lacked autocompletion, we were reminded how much easier editing types is with it. It's one of those things you only truly appreciate once it's gone. If for one reason or another you're not keen on autocompletion, you can disable it partially or fully: **Options → General... → Misc**. At the bottom of that page you will find a group of settings "Types autocompletion":
  * Enable autocomplete for types — enables or disables the entire mechanism. If you uncheck the box, the behavior will not differ from previous versions. Enabled by default.
  * Case sensitive — changes case sensitivity. If you check the box, then, for example, the "f" prefix will show "foobar", but not "Foobar". Disabled by default.
  * Enable autocomplete for curly braces — enables or disables autocompletion of curly braces and indents. Enabled by default.
  * Enable type hints — enables or disables hints when choosing a type from suggestions during autocompletion. Enabled by default.

{% hint style="info" %}

#### Request for Feedback | [Feedback Form](https://support.hex-rays.com)

* Suggestion list appearance for autocomplete:
  * Does it always appear when you want it to? (when entering keywords)
  * Are there any situations where the list appears when you don't want it to? (when entering a type or member name)
* Suggestion list size:
  * Are 7 types in the list without scrolling enough or should it be larger? Or smaller?
  * Are the suggestions in the list covered by scrollbars?
    {% endhint %}

### Xref Graph

* New widget graphically displaying inter-function relationships (code and data).
* Replaces the following widgets / actions / tools:
  * Qwingraph
  * Xrefs graph from ... (function name context menu)
  * Xrefs graph to ... (function name context menu)
  * Function call graph
  * User call graph
* The graph gathers a set of nodes connected by xrefs. For now the nodes are laid out using a force-directed approach.
* The controls are quite simple:
  * dragging nodes around moves them
  * clicking and dragging around the graph pans around (holding the <kbd>Shift</kbd> key will pan without unintentionally grabbing a node)
  * holding <kbd>Ctrl</kbd>/<kbd>CMD</kbd> while scrolling will zoom in/out
  * double-clicking on a node will jump to the corresponding item in an IDAView
  * nodes can be added to/remove from the graph using right-click on a node (e.g. "Add xrefs from node")
* The layout mechanism can be played/paused using the <kbd>Space</kbd> key.

{% hint style="info" %}
**Request for Feedback | |** [**Feedback Form**](https://support.hex-rays.com)

* Would you like to be able to use other layouts for the graphs?
* Do you find such graph representations useful for your workflows? If not, what would make them more powerful?
  {% endhint %}

### Xref Tree

* New widget textually displaying inter-function relationships (code and data).
* New widget enabling textual, interactive, non-modal traversing of xrefs to provide a better overview of the function call hierarchies and data references. This view complements, and will eventually be tightly integrated with, the new xref graph and xrefs in general.
* Replaces the following widgets:
  * Function Calls
  * Cross References
* The tree shows both references *to* and *from* the current function, in a fashion similar to call hierarchy views in IDEs. Both code and data references are displayed.
* The tree is non-modal and there can be multiple instances of it open at the same time, each displaying a different function. The tree state is not preserved between sessions.
* The tree nodes are lazily loaded, and the tree is updated in real-time as the user navigates. Any changes to function and object names are reflected in the tree.
* It is possible to make the tree synchronize with the current IDA View, by checking the "Sync" checkbox.
* Some unnecessary functions can be filtered out, by checking the "Add filter" button, or by using the <kbd>Ctrl</kbd> + <kbd>F</kbd> shortcut (<kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>F</kbd> to remove the filter).
* By default the tree displays function names in simplified form, such as `main(argc, argv)` instead of `int main(int argc, char **argv)`. This can be changed by unchecking the "Simplified view" checkbox.
* The tree can be navigated with mouse and keyboard, using the common cursor keys.
* If there are multiple xrefs to the same function, they are deduplicated by default. This can be changed by checking the "Allow Duplicates" checkbox.

#### Access and shortcuts

* It is accessible via:
  * **View → Open Subview → Cross References Tree**,
  * The Command Palette (action name: `OpenXrefsTree`),
  * <kbd>Shift</kbd> + <kbd>X</kbd> on any function or address with incoming/outgoing Xrefs
* One can press <kbd>F10</kbd>/<kbd>Shift</kbd> + <kbd>F10</kbd> to cycle through the xrefs to the currently selected function.

{% hint style="info" %}

#### Request for Feedback | [Feedback Form](https://support.hex-rays.com)

* Performance with complex graphs. The tree is lazily-loaded, does it feel instantaneous?
* Filter usability: is it easy to use?
* Color scheme and visual style: is it easy to read?
* Is there some crucial functionality missing?
* Would it be beneficial to keep this tree view visible in the default layout? (just like the Functions chooser)
  {% endhint %}

### IDA is now running on Qt6

* We provide shims to make sure plugins written for Qt5 remain operational.

{% hint style="info" %}

#### Request for Feedback | [Feedback Form](https://support.hex-rays.com)

* Please report any parts of the (now legacy) Qt5 API that we forgot to cover (except `QRegExp`)
* Qt6 addresses many known issues on Wayland Linux (self-detaching menus, popups not gaining focus, missing window decorations, ...). Please report any remaining bugs that you encounter.
  {% endhint %}

### Actions for font size controls

* Available under the **View** menu, the "Increase|Decrease|Reset Font size" actions let the user directly control the font size of the (family of) the widget they're currently using.
* Previously users had to open the font selection dialog ("Font...") to adjust the size of fonts.
* The actions have been mapped to <kbd>Ctrl</kbd> + <kbd>+</kbd>, <kbd>Ctrl</kbd> + <kbd>=</kbd>, <kbd>Ctrl</kbd> + <kbd>-</kbd> and <kbd>Ctrl</kbd> + <kbd>0</kbd>, respectively (CMD on macOS).

{% hint style="info" %}

#### Request for Feedback | [Feedback Form](https://support.hex-rays.com)

* Are you happy with the selected shortcuts?
  * how do you typically control font size in other apps?
* Should we make these actions available elsewhere?
* Do the expected UI elements react?
  * note that in graph view these shortcuts are still mapped to zoom in/out and not increase/decrease font size
    {% endhint %}

### Feature Flags Dialog

* New dialog enabling/disabling experimental features
* Can be opened via **Options → Feature Flags**
* Currently only allows to quick map the new "Jump to Anywhere" feature to the <kbd>G</kbd> hotkey

### Sunsetting idat's Terminal Interface

* As of this release, `idat` does not support interactive mode anymore (read: the TUI is gone!)
* Batch mode processing is still available (and will stay), so infrastructure relying on batch processing still works

## Architecture Support

### ARM

* Instruction set extensions:
  * ARMv8.7-A: FEAT\_WFxT Extension (fixes most recent Apple SPTMs)
  * ARMv8.7-A: FEAT\_xNS Extension (fixes most recent Apple SPTMs)
  * Low Overhead Branch Extensions
  * Custom Datapath Extension
* Load ARM64EC Windows COFF files (ARM64EC PE support pending)
* Speed improvements of the internal register tracking logic
* FLIRT:
  * ARMv8 support for pmacho
  * pcf: New option `-f` to filter for ARM64EC/ARM64 objects in Windows COFF files (supports any COFF OBJ magic.)
  * pcf: Fix processing of ARM64 relocations
  * properly emit and consume ARMv7 THUMB bits in PAT files

### MIPS

* Added support for O64 ABI

### RH850

* Support more relocation types
* Make TP, GP, CALLT registers user-assignable global registers
* Many small improvements in macro building

### RISCV

* Dramatically improved function discovery
* Recognition of table based switch constructs making use of THEAD instructions

### TriCore

#### Support for TC4x (TC1.8) instructions

50+ new instructions from the TC1.8 architecture are now fully supported in the disassembler. This includes double-precision FPU instructions, virtualization instructions, and new Q (quad-sized) registers.

![TC1.8](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-0ba44949bb194989d41db23a2bb01675407b8ad7%2Ftricore-tc18.png?alt=media)

#### Make A0, A1, A8, A9 user-specifiable global registers

Support for setting global address registers (A0, A1, A8, A9) as segment registers. TriCore uses these registers for global address computation, typically via GP-relative access. By configuring them via **Edit → Segments** (or <kbd>Alt</kbd> + <kbd>G</kbd>), you help IDA resolve memory references more accurately.

![Segreg](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-1b703652fde7fb489b08eab0f998739d563c81c5%2Fsegreg-tricore.gif?alt=media)

#### New chipset definitions

* Added support for new chipsets: tc1765, tc1724, tc1728, tc1130, tc1762, tc1764, tc1782, tc1784, tc1791, tc1792, tc1793, tc1798.
* Improved existing chipsets definitions.
* Added generic devices: tc1xxx, tc2xxx, tc3xxx, tc4xxx.

These chipsets are used across the automotive and railway industries, including real-world train firmware.

### TMS320

* Support 32bit SIMD instructions (tms320c6)

## Type System

### New Parser

There are 3 parsers currently available:

1. **legacy** - old internal IDA parser (will become obsolete)
2. **old\_clang** - previous parser based on clang
3. **clang** - new parser based on clang's libtooling llvm-20.1.0 (will become a default one with one of the next releases)

We're planning to drop support for the idaclang plugin in the next release (9.3).

#### Using the parser

You can switch between them by tweaking the **Options → Compiler...** options settings.

![Compiler options](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-7593dd73389e662b7f40dc7155a89bcc6b36ddd5%2Fcompiler-options.png?alt=media)

Additionally, you can use the `-Oclang:on` command line switch to activate the new parser in IDA, or set the `IDA_CLANG_PARSER` environment variable to `1`. To activate the new parser in tilib, pass the `-IC` command line switch. You may also pass additional arguments down to clang using `-CT`(e.g. `-CT-target -CTx86_64-pc-linux`).

The `clang` parser is fully migrated to clang's libtooling, and it unifies all type parsing done by IDA into a single backend. This means that the same parser will be used in the type editor, in idaclang and in tilib.

A convenient way to tweak the new parser is via the "Parser specific options" dialog.

![Parser Properties](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-aba476442dc504639021f6a2a14599ca39c7af44%2Fparser-properties.png?alt=media)

You may set defaults for these options and check their documentation in `idaclang.cfg`.

#### Python API

Using the parser from the Python API can be done via the `ida_srclang` module.

```python
import ida_srclang

argv = [ "-target x86_64-apple-darwin-macho",
         "-x c++",
         "-std=c++17",
         "-Werror",
         "-Wno-incompatible-sysroot",
       ]
ida_srclang.set_parser_argv("clang", " ".join(argv)) 

ida_srclang.set_parser_option("clang", "CLANG_SMART_POINTERS", "OSSharedPtr")
ida_srclang.parse_decls_with_parser_ext("clang", None, "header_file.h", idaapi.HTI_FIL)
```

For example, the new parser can be used to parse C++ templates:

```cpp
struct std::char_traits<char>
{
};
```

![New Parser](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-c822a3afd1cba26de969702c0dc85752bc950041%2Fida-clang-parser.gif?alt=media)

Note that two new HTI flags are available in `ida_typeinf`:

* `HTI_SEMICOLON`: do not complain if the terminated semicolon is absent
* `HTI_STANDALONE`: should parse standalone declaration, which may contain qualified names and type names (IDA-Pro specific declaration)

#### Backwards Compatibility

There are two approaches to define a `__usercall`:

1. `int __usercall f<eax>(int *a<edx>[])` - obsolete
2. `int __usercall f@<eax>(int *a@<edx>[])` - recommended way

Approach (1) is not supported by the new parser.

### Tuples

* Added the notion of tuples (\~structs where exact member allocation is ignored)
* Use via keyword `__tuple`
* Currently they behave as structs with a few differences:
  * two tuples having matching member are considered to be equal
  * tuples are returned from functions in a different manner

## Disassembler/Decompiler Integration

* Disassembler automatically uses structure offsets found by the decompiler
* New analysis option: Copy xrefs found by decompiler to disassembler (disabled by default)

## Major Golang Analysis Improvements

* Significant improvements of decompiling Golang code:
  * Fully support Golang's stack-based ABI for return values
  * Improved dataflow tracking / recognition of object copy operations
  * Improved string pool handling
  * Recognition of Golang compiler idioms:
    * `runtime.convTnoptr`, `runtime.convT`, `runtime.growslice`, `runtime.makeslicecopy`, `runtime.duffcopy`, `runtime.duffzero`
  * Better metadata parsing (`FUNCDATA`, `PCLNTAB`)

![Ineffective Golang string recognition in IDA 9.1 - Pseudocode](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-ca001df203307a783fae94e370b54d8d2f4cf2f5%2Fpseudocode-91.png?alt=media) ![Improved Golang string recognition in IDA 9.2 - Pseudocode](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-a82e09ddfb225059563a44b0e61c24ca86260c6e%2Fpseudocode-92.png?alt=media)

* Now we have two different Golang calling conventions:
  * `CM_CC_GOSTK` - stack abi: default for old apps (golang version < 1.17)
  * `CM_CC_GOLANG` - regabi: default one for newer apps
  * For old databases (prior to IDA 9.2) we preserve the old behavior: `CM_CC_GOLANG` is the stack abi for old Go apps (go version < 1.17) and regabi for the newer ones.

![Unused dummy arguments in IDA 9.1](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-3e8d70bd77daa42af0af9380eae6e4a499539b6e%2Fgostk-91.png?alt=media) ![\_\_gostk functions recognition in IDA 9.2](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-bb61a0fbaff62dea2094068385a62a786e5da357%2Fgostk-92.png?alt=media)

## Multiple Names as Comments

* When multiple names are discovered for the same address, they are shown as comments. This behavior existed before, but we extended the list of supported file formats from which multiple names are recovered.

![Multiple Names](https://3899235193-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fd4yKxBBBv1qcoSuL2US4%2Fuploads%2Fgit-blob-080358869f37509d3889fb228e89ac340b3ff0fe%2Fmultiple-names.png?alt=media)

## Deobfuscation

* New algorithm backing Goomba's MBA Deobfuscation
* Simplify away non-satisfiable cases in switch statements (limited by config variable `OPT_VALRNG_SWITCH_NCASES`)

## IDA Feeds

* Recover more Rust compiler versions from binaries

## IDAlib

* Pass down IDA command line arguments in `open_database`
* Do not pollute file history when opening files with IDAlib
* Bugfix: Debugging in VS Code

## API

* New event: `idb_event::local_type_renamed`
* New event: `hexrays_event_t::hxe_mba_maturity` event
* New convenience function `extend_sign_bits()`
* pro: added a new bit function `bitcountr_zero()` (like in C++20)
* IDAPython: provide compiled\_binpat\_vec\_t.parse

### Deprecated APIs

* Deprecate `hook_to_notification_point()`

## Watch what's new in IDA 9.2 Beta <a href="#video" id="video"></a>

Excited about what’s coming in IDA 9.2? Watch the feature overview based on the 9.2 Beta release on the *All Things IDA* channel.

{% embed url="<https://www.youtube.com/watch?v=BeeXHWvCG9M>" %}

Courtesy of Elias Bachaalany ([@allthingsida](https://www.youtube.com/@allthingsida))

## Misc

* UI: made 'Cancel' button by default in 'Send database' dialog
* UI: added confirmation on public Lumina metadata push
* UI: add actions to control font size
* UI: add standard ZoomIn shortcut for font increase
* PDB: added more wait boxes during PDB loading, giving users a chance to cancel the process and return back to the UI
* UI: `AUTO_CLOSE_MSGBOX` gui configuration option (useful for long-running operations)
* DWARF: support DWARF5 debug info in Mach-O binaries
* PE (LDR): add new `IMAGE_LOAD_CONFIG_DIRECTORY` member

## Security Fixes

* Remote Code Execution via Debugger Attachment
* Format string vulnerability in pdbparser

## BUGFIXES

* VD: MACHO-O Wrong segment name used with `USE_SEG_PREFIXES=YES`
* UI: double-clicking/Enter on the header of a type, wouldn't open the editor
* UI: double-clicking/Enter on a structure member name, wouldn't offer to rename it
* UI: fix macOS drag\&drop under `SHOW_BANNER=NO`
* UI: do not suggest shortcut migration
* Kernel: fixed regarg comments for an argument in the register pair in big endian MIPS
* IDC: wrong enum flag was returning for character representation of constants
* GDB: avoid usage of already freed memory
* Kernel: now `append_cmt()` respects the repeatable flag for the function start
* Kernel: fixed handling of the special Go assembler characters

{% hint style="info" %}

#### Share your feedback

Spotted a bug or have a suggestion to the IDA 9.2 beta release? Let us know and contribute to IDA evolution:

* via [support](https://support.hex-rays.com) (*Early access* feedback form), or
* at <support@hex-rays.com>
  {% endhint %}