IDA 9.3

Welcome to the IDA 9.3 release highlights. You can get your 9.3 installers in the Download Center of My Hex-Rays portal.

New V850 Decompiler

IDA 9.3 introduces decompiler support for the Renesas V850 (aka NEC850 / RH850) architecture, a 32-bit RISC processor extensively used in automotive ECUs and industrial control systems. Both the modern RH850 ABI and the legacy GCC V850 ABI are supported.

Beyond basic decompilation, the V850 module includes recognition of compiler-specific prolog/epilog helper functions, detection and hiding of padding instructions, proper handling of callt-invoked compiler helpers, and improved stack frame analysis. A wide range of low-level instructions are now decompiled including BSW, BSH, HSW, HSH, MAC, MACU, ABF, SBF, CLIP*, SAT*, SASF, SCH[01][LR], SYNC*, EI/DI, HALT, LDSR/STSR, and more.

Integrated IDA Teams

The IDA Teams UI is now built into stock IDA — no separate application needed. Users with a Teams add-on can collaborate on reverse engineering projects directly from within IDA.

• New Teams top-level menu: all major Teams functionalities and widgets are accessible directly from IDA's menu bar.

• Open remote files from Quick Start: open files from the Hex-Rays Vault Server directly through the Quick Start dialog.

• HVUI discontinued: the standalone HVUI application is no longer shipped. Its core functionality has been fully integrated into IDA.

See the Getting Started Guide to get up and running with integrated Teams.

Microcode Viewer

The Microcode Viewer, introduced in IDA 9.2 as a read-only window into the decompiler's intermediate representation, evolves into a more interactive analysis tool in 9.3.

Microcode Manipulation / Assertions

You can now delete instructions and add assertions, to specify values for registers and local variables — directly steering the decompilation process. This is invaluable for dealing with obfuscated code or exploring "what if" scenarios during analysis.

Take the following pseudocode:

From manual analysis of the context (not shown) we figure out

We can inject the first constant into the decompiler in the microcode via the new Insert assertion ... context menu action:

This simplifies the pseudocode to

Injecting the other two values simplifies the entire sequence to the (more readable)

Similarly, instructions can be deleted from the generated microcode. Deleting control flow instructions automatically repairs the CFG (up to MMAT_GLBOPT3)

Microcode Graphs

The viewer can now render microcode flow graphs and give insights into structural analysis. These graphical views make it easier to follow control flow through the decompiler's intermediate representation — especially when investigating how the decompiler processes complex constructs like nested loops, switch statements, or obfuscated control flow.

Display Def-Use / Use-Def Chains

A new "Display chains" action visualizes register and variable use-def and def-use chains — the connections between where a value is defined and where it is consumed and vice-versa. This is particularly useful for understanding how the decompiler tracks data flow across basic blocks.

Display Modes

New toggleable display modes give deeper visibility into the decompiler's internals:

• EA Prefix Display: optionally show effective addresses between instruction numbers and mnemonics

  Default (off):

  After toggle (on):

• Compact / Detailed View: toggle between a dense view (no block headers, no USE/DEF/DNU annotations) and the full detailed view

• Value Numbers: display GVN identifiers showing SSA value equivalence across microcode operands (e.g., rax.8{5} and r8.8{5} share the same value)

• Number Origins: reveal where constants originate (e.g., #3.8 becomes #[email protected], pointing back to the original cmp rax, 3 instruction)

• Display Local Types: opens a window showing types used during decompilation

Other Microcode Viewer Improvements

• Undo support: instruction deletions and comments are fully undoable

• Xref support: navigate to cross-references directly from the microcode view

• Desktop save/restore: the viewer state is preserved across IDA sessions

• Persistent preferences: display toggles (compact/detailed, value numbers, etc.) are remembered across invocations

• Tab to disassembly: press Tab to jump to the corresponding disassembly, just like in pseudocode

• "Highest maturity level" action: jump directly to the final optimization stage

• Del shortcut: quick delete/restore instruction toggle

Objective-C Parser

IDA 9.3 introduces a parser for Objective-C header files inside IDA, streamlining a common workflow in iOS and macOS reverse engineering. Feed it @interface, @protocol, and @property declarations, and IDA produces the corresponding C types and method prototypes — including auto-generated property accessors, protocol method implementations, and category extensions. This eliminates the tedious manual translation of Objective-C headers into IDA-compatible type definitions. To enable Objective-C parsing switch to the llvm-backed parser in Options -> Compiler -> Source parser -> clang and select Objective-C[++] in the Parser specific options.

Andes Andestar V3 (NDS32)

IDA 9.3 introduces a processor module for the Andes Andestar V3 NDS32 architecture — a 32-bit RISC ISA featuring mixed 16-/32-bit instructions optimized for power and code density. Widely deployed in IoT devices, microcontrollers, wearables, storage controllers, and drones, NDS32 firmware can now be analyzed natively in IDA.

Key capabilities:

• GP-relative addressing with automatic data reference creation

• Stack pointer tracing with push25/pop25 and smw/lmw (store/load multiple word) prolog/epilog recognition

• Extension instruction decoding: DSP, SIMD, ZOL (Zero-Overhead Loop), FPU, and coprocessor

• Extensive switch pattern detection

• noreturn analysis

• ex9.it instruction resolution from the $itb system register table (linker relaxation)

• Configurable options for encoding variants, register prefixes, macros, and GP values

Native Linux ARM64 Build

IDA 9.3 now ships as a native Linux ARM64 build, requiring glibc 2.28 or newer (Debian 10 / Ubuntu 20.04 / RHEL 8+). The C++ SDK does not yet include the static libraries needed to link plugins on this platform — those are planned for a future release. Local debuggers are also not yet included.

And yes, we've seen your efforts trying to run IDA via convoluted setups on Android phones — we won't ask why.

More Responsive Tabular Views

Working with large databases often means working with large lists — hundreds of thousands of functions, names, or types. In IDA 9.2, operations on these widgets could become frustratingly slow, particularly when dealing with large selections or filtering. IDA 9.3 delivers a first round of targeted performance improvements that make everyday interactions noticeably snappier:

• Widgets exposing tabular data — Functions, Names, Local Types, Bookmarks, Imports, Breakpoints — behave considerably better with large datasets

• Search operations are now much snappier for widgets with 100k+ entries

• Sorting and filtering (Ctrl+F) have been improved

Further performance optimizations are planned, so stay tuned!

Decompiler

Stock Comments

Manage reusable comments in the decompiler. Create, edit, and quickly apply frequently-used comments to pseudocode without retyping. Comments are organized by most-recently-used order — useful for documenting repetitive patterns like inlined C++ operations (e.g., std::string manipulations).

Value Range Optimization

The analysis of conditionals now includes enhanced value range tracking. For instance, in a conditional such as (unsigned int)(a2 - 1) <= 5, IDA can now determine that a2 falls within the interval [1, 6], allowing it to simplify or eliminate redundant subsequent checks:

The second if statement is now correctly discarded since its condition is always true given the outer condition.

Fine-Grained Assignment Propagation Control

A new "Forbid assignment propagation" option, available from the decompiler's context menu, gives analysts precise control over which assignments the decompiler is allowed to inline, improving readability in cases where automatic propagation produces overly complex expressions.

"Decompile All" in IDA Home & IDA Pro Essential

The "Decompile all" functionality is now available in IDA Home and IDA Pro Essential editions.

Type System

Create C Header File: Inline Anonymous Types

When exporting types to C header files, IDA previously created intermediate anonymous types with hash-based names. The new "Ignore IDA anonymous types" option inlines these types directly into the parent structure, producing cleaner and more portable output.

Before (anonymous types exported separately):

After (anonymous types inlined):

This also handles nested inline structures correctly.

Fixed Struct Support: Complete Import/Export Roundtrip

IDA 9.3 introduces __fixed and __at attributes for structures with explicit field offsets, enabling complete roundtripping of type export and import. Previously, types with explicit offsets (like function stack frames) could be exported to C headers but not re-imported — the offset information was lost. Now IDA-generated headers are fully re-parsable.

New syntax:

• __fixed(size) — declares a struct with explicit total size

• __at(offset) — specifies exact byte offset for a field

• __at(offset, bit) — specifies offset with bit-level precision for bitfields

Example — function stack frame:

Example — packed embedded structure (unaligned fields):

Improved Golang Type Recovery

Golang type recovery sees significant improvements affecting both the accuracy and organization of recovered types.

Full package paths in type names eliminate ambiguity between identically-named types from different packages:

Hierarchical type library organization now arranges types in folders matching Go package paths, making navigation much more intuitive:

Additional improvements include better FUNCINFO and Go version detection, replacement of the internal BUILTIN_STRING type with the standard Go string type, proper recognition of many standard Go types without the struct prefix, and improved handling of return types for anonymous functions in DWARF debug info.

Other Type System Changes

• Typedefs to anonymous UDTs are now printed properly, and DWARF debug info no longer produces unnecessary pointer-to-anonymous-UDT patterns

• The legacy "Parse declarations" dialog has been removed. Since IDA 9.2, the "Add type" editor in Local Types supports adding multiple types at once with syntax highlighting and autocompletion, making the old plain-text dialog redundant

• The clang-based type parser now has Print AST and Dump AST options (under Options → Compiler → Parser specific options). "Print AST" outputs a C-like pretty-printed representation of the parsed declarations, while "Dump AST" outputs the raw Clang AST tree — useful for diagnosing parsing issues or understanding how IDA interprets complex type declarations

Architecture Support

ARM64

SVE/SME Instructions for Apple Silicon Kernels

IDA 9.3 can now decode Scalable Vector Extension (SVE) and Scalable Matrix Extension (SME) instructions found in Apple's latest kernels. These instructions were previously shown as raw bytes or undefined opcodes.

Memory Tagging Extension (MTE) Intrinsics

The decompiler now produces clean intrinsic calls for ARM Memory Tagging Extension instructions, replacing inline assembly blocks. MTE is used in iOS 18+ and Android for hardware-enforced memory safety.

Before (9.2) — inline assembly:

After (9.3) - intrinsics:

The full set of supported MTE intrinsics:

NEON Cryptography and Math Intrinsics

New decompiler intrinsics for ARMv8.2 AES, SHA1, SHA256, SHA512, SHA3 and ARMv8.1 SQRDMX (Saturating Rounding Doubling Multiply Accumulate/Subtract) instructions replace inline assembly with readable intrinsic calls. In addition to recognizing the instructions, IDA now infers proper NEON vector types (uint8x16_t, uint32x4_t, int16x4_t, ...) instead of mapping SIMD registers to long double or double.

Before (9.2) - inline assembly:

After (9.3) — intrinsics, proper SIMD types:

Common Short Sequence Compression (CSSC) Intrinsics

The CTZ, CNT, ABS, SMAX, SMIN, UMAX, UMIN instructions from the ARMv8.7 FEAT_CSSC extension are now decoded in the disassembler and translated to their corresponding compiler intrinsics in the decompiler.

Disassembly:

Pseudocode:

MOV/MOVK Address Construction

The disassembler and decompiler now properly optimize ARM64 address construction from MOV/MOVK/MOVW/MOVT instruction sequences — even when scattered across non-adjacent instructions — producing proper cross references.

Minor ARM64 Improvements

• Support for MOVW_UABS_G[0-3] AARCH64 relocations with custom reference handlers

• Improved recognition of __auth_stubs sections (iOS PAC import trampolines)

• Recognition of Branch Target Identification (BTI)-enabled ELF PLT stubs

• Handling of new CSNEG-based switch patterns from iOS and macOS 26

• Detection of Objective-C stub padding (brk #1 instructions)

RISC-V

• Added support for the Andes V5 performance extension (XAndesPerf, 29 instructions) in both disassembler and decompiler. The extension covers GP-relative loads/stores, bitfield extraction (bfoz/bfos), branch-on-bit-test (bbc/bbs), constant comparison branches (beqc/bnec), scaled LEA, and string search helpers (ffb/ffmism/ffzmism/flmism, translated to intrinsics in the decompiler). Andes instructions are prefixed by nds., gp-relative accesses are resolved to symbolic names:

• Instruction set extensions are now configurable in processor options (default is "all"). When multiple extensions are selected and IDA comes across an instruction with ambiguous encoding, a comment indicating the alternative decoding is added:

• Improved recognition of several div/mod patterns on 32-bit RISC-V in the decompiler

• Added consistent xref computation for struct/enum members in all cases

ARC

The ARCv2 analysis sees improvements in IDA 9.3.

Memory load/store operations with auto-increment/decrement are now recognized as push/pop instructions, making function prologues and epilogues easier to read and stack layout computation more accurate:

Before (9.2):

After (9.3):

Additional ARCv2 improvements:

• Improved recognition of switch constructs using bi/bih instructions

• Improved detection of prolog helper functions

• Fixed decoding and printing of the aex instruction

V850

In addition to the new decompiler, the V850 disassembler sees numerous improvements:

• Recognition of compiler-specific prolog/epilog helper functions

• Detection and hiding of padding instructions

• Improved stack frame analysis for functions using compiler helpers

• Detection of compiler helpers invoked via the callt instruction

TriCore

• Improved register finder for better cross-reference detection (the module now supports the regfinder API for querying constant run-time values of registers)

• Enhanced detection of switch statements

• Simplified extended register representation

x86/x64

• Enabled following of indirect jumps where the target is known at analysis time

• Added decoding of VIA Padlock instructions

• Fixed MPX hintable NOP handling

PowerPC

• Improved LR recognition for Golang functions (including those with stack canary checks)

• Updated stack pointer tracking after load/store for correct stack address resolution

80196

• Added support for 8061, 8065, and 8096 processor types

Xtensa

• Added xrefs for enums and structure members

Loaders

CLI/.NET

• CLI metadata names are now applied to native code in mixed assemblies

• Fixed several infinite loops and crashes with malformed .NET files

• Resolved MethodSpec tokens (0x2B)

• Added handling of the ExtraData field in metadata tables stream

• Fixed loader failure when FieldRVA entry is missing for a field with fdHasFieldRVA flag

Mach-O / Dyld Shared Cache

• Faster reading of the local symbol table in shared caches

• Collected symbols are now preserved across loader invocations, avoiding redundant work when loading additional modules

• Loading additional DSC modules now triggers reanalysis for improved cross-referencing

Debugger

Android 14+ Native Debugging

The Android debugger now properly handles apps targeting Android 14 through 16. Since PAC is becoming prevalent in the Android world, IDA now supports stepping over protected indirect control flow transfer instructions (RETAA, ...).

Stack View Dereferencing

The debugger stack view now supports automatic dereferencing, matching the functionality previously available only in the register widget. View pointed-to values directly in the stack view during debugging sessions. Enable it via the context menu under Data format → Addresses with dereferencing.

UI

Enhanced Xref Tree

The Xref Tree widget now leverages the register tracker and decompiler to display known function argument values at call sites, providing immediate insight into parameters being passed without needing to navigate to each call site.

Additional improvements:

• Multi-selection support with standard Shift and Ctrl modifiers for batch operations

• Search functionality: press / to open search, then F3 to jump between matches

• Column management: reorder, resize, and toggle column visibility via header context menu

• Column sorting

• Rename support via N hotkey

• Action system integration: xref tree actions can be mapped and customized like any other IDA action

• Improved dark theme support on macOS

The Xref Tree now fully replaces the legacy Function Calls widget, which has been removed.

Improved Xref Graph

The Xref Graph introduced in 9.2 sees several interaction improvements:

• Pin nodes: press P to pin nodes in place — they will no longer drift when the cursor hovers over them

• Dark theme support

• Capacity warnings: a warning pops up when the graph's capacity is exceeded, preventing accidental slowdowns

• Trackpad pinching/zooming support

• Graph management relocated to View → Graphs → Manage...

• Now available on systems without GPU-accelerated OpenGL

Jump Anywhere Improvements

Jump Anywhere continues to mature as a full replacement for the classic "Jump to address" and "Jump to type offset" dialogs:

• Asynchronous searching for instant responsiveness on large databases

• Support for demangled names

• Improved search ranking algorithm

• History of user inputs

• Navigation to offsets within local types

• Added to the Jump menu

"Move to Folder" for Functions

A new "Move to folder..." action lets you organize functions into folders directly from the disassembly, pseudocode, or microcode views. Right-click on a function header to classify it — useful for triaging large binaries or grouping related functions during analysis.

New "Setting Type Renames Target" Option

New option in Options → General → Misc → Setting type renames target: when enabled, IDA updates the target's name while setting types (for one-shot renaming and retyping via Y). When disabled, IDA ignores naming changes and only applies types.

Windows 7 Compatibility

Qt 6.8 officially dropped support for Windows 7. For users who still need to run IDA on Windows 7, we provide a patched Qt 6.8 build that re-enables compatibility. The DLL bundle can be downloaded from the My Hex-Rays portal; replace the Qt DLLs in your IDA installation directory.

SDK & Build

Simplified Build Process

• The C++ SDK on GitHub now supports CMake for building plugins, loaders, and processor modules — including CI/CD workflows for Windows, Linux, and macOS. Thanks to Elias Bachaalany for the original contribution

• The IDAPython build process has been simplified to work with SWIG 4.2 and 4.3 from default package managers (apt on Linux, winget on Windows, brew on macOS), eliminating the need for manually-built SWIG

Direct Lumina API Access

Lumina functionality is now directly accessible via lumina.hpp (C++) and ida_lumina (Python), enabling developers to extract and apply Lumina metadata programmatically from within IDA.

Example — pulling metadata from Lumina and comparing with local state:

Example — computing metadata locally:

FLAIR

• New -X switch in FLAIR parsers to exclude symbols by regex during signature creation (can be passed more than once)

• sigmake: increased collision group size limit from 8192 to 65536

Segment Changes

Behavioral changes: segment_t default segment registers are now initialized to -1 (BADSEL) instead of 0, meaning segments default to having no default segment register values. add_segm_ex() now sets the default value of DS equal to CS.

Decompiler SDK Changes

STL-to-IDA container migration: All std::set and std::map typedefs in hexrays.hpp have been replaced with qset and qmap. This is a source-breaking change for plugins that directly use iterator types or STL-specific APIs on these containers. Affected typedefs include user_cmts_t, user_iflags_t, user_unions_t, user_labels_t, user_numforms_t, lvar_mapping_t, eamap_t, boundaries_t, voff_set_t, strings_t, and others. The <deque> and <queue> STL includes are removed.

ivl_t and ivlset_t de-templated: These interval types are no longer template instantiations (ivl_tpl<uval_t> / ivlset_tpl<...>). They are now standalone classes using uint64 for offsets and sizes. The template classes and the uval_ivl_t / uval_ivl_ivlset_t typedefs are removed.

block_chains_t is now qset<chain_t>: Previously an opaque byte array wrapping a platform-specific std::set, it now publicly inherits from qset<chain_t> with proper iterator access. The SIZEOF_BLOCK_CHAINS macros are removed. A new int serial member stores the block number.

New APIs:

• cfunc_t::serialize() / cfunc_t::deserialize() for persisting decompiler output

• mblock_t::verify_insn() for microinstruction validation

• vdui_t::ui_noprop_lvar() for forbidding assignment propagation

• int64_emulator_t: new non-throwing _mop_value() / _minsn_value() variants with vd_failure_t error reporting (the original throwing versions are kept as wrappers)

• New ivlset_t::is_subset_of() convenience method

• New ivlset_visitor_t abstract visitor for interval sets

New flags and constants:

• CVAR_NOPROP / LVINF_NOPROP — forbid assignment propagation for a local variable

• WARN_FRAME_ACCESS — new decompiler warning for illegal frame access

• MBA_SHOWEA — control EA display in microcode output

Breaking: mba_t::serialize() now takes bytevec_t* instead of bytevec_t&. The ivlset_t::has_common() overloads have swapped dispatch IDs (binary-breaking for plugins calling either overload).

UI SDK Changes

128-bit widget masks: request_refresh() is replaced by mark_builtin_widgets() using the new builtin_widgets_mask_t (uint128) type. Related replacements: is_refresh_requested() → is_builtin_widget_dirty(), get_dirty_infos() → get_builtin_widgets_state(). The IWID_ALL mask is now 128-bit. get_last_widget() also uses the new mask type.

Chooser/dirtree separation: All dirtree-related chooser flags are now obsolete: CH_HAS_DIRTREE, CH_TM_*, CH_NON_PERSISTED_TREE, CH_BUILTIN(), CH2_LAZY_LOADED, CH2_HAS_INODE2INDEX, CHCOL_INODENAME. The chooser API version is bumped to 4, with a new builtin_id (int8) field replacing the 6-bit encoding in flags. chooser_base_t::flags2 is narrowed from uint16 to uint8. The chooser_t::get_dirtree() and index_to_inode() methods are deprecated.

New widget types: BWN_TITREE (type library tree, replaces BWN_TICSR), BWN_XREF_TREE. BWN_CALLS and its callers/callees variants are now BWN_RESERVED_*.

New APIs:

• prompt_function_prototype_ex() adds an out_name output parameter returning the edited function name

• action_ctx_base_t::get_selection_as_ordinals() converts widget selections to type ordinals

• mark_builtin_widget_by_id() / is_builtin_widget_dirty() convenience helpers

• hexplace_gen_t: new dk_addr_deref data kind and get_dbg_deref_options() virtual method

Type System SDK Changes

• New TAUDT_IFACE (0x1000) flag and tinfo_t::is_iface() / set_iface() for Objective-C @interface support

• New udt_type_data_t::deduplicate_members() for renaming duplicate field names

• New parsing flags: PT_VOID_OK (accept void), PT_NO_MANGLE (don't mangle names), and corresponding HTI_VOID_OK / HTI_NO_MANGLE

• New PDF_NO_ANON_NAME flag for print_decls() to skip anonymous types

• New VTBL_LAYOUT_SUFFIX ("_layout") constant for virtual table layout type naming

• Variadic SIMD types: new simd_info_t::SIMD_VARIADIC constant and is_variadic() method

• New MAX_ARRAY_NELEMS (0x7FFFFFFF) constant for maximum array element count

• choose_local_tinfo() / choose_local_tinfo_and_delta() deprecated

• tinfo_t::build_anon_type_name() replaces the now-deprecated free function ::build_anon_type_name()

Dirtree API

• New dirtree_bulk_move() and dirtree_bulk_remove() for efficient batch operations

• New dirtree_add_event_handler() / dirtree_remove_event_handler() for subscribing to dirtree changes

• New dirtree_make_cursor() for creating cursors from paths

• set_natural_order() now returns dterr_t instead of bool

• New DSF_UNQ_NAMES flag, DTE_NOT_ORDERABLE error code

• dirspec_t::flags renamed to dsf_flags

• New IDB events: dirtree_ordering_changed, dirtree_bulk_move

Other New APIs

• get_install_root() — returns the IDA installation root directory (on macOS, higher than idadir())

• bookmarks_t::get_by_inode() — look up bookmarks by inode

• invalidate_regfinder_xrefs_cache() — update regtracker caches when data references change

• get_import_entry() — retrieve import module information by address (new import_entry_t struct)

• bpt_location_t::valid() — check breakpoint location validity

• reg_value_info_t::set_def_itype_for_mov() — set defining instruction type for mov instructions

• swap128() — byte-swap a uint128 value

• btoa128() — convert a uint128 to string representation

• New reglist_base_t<Derived> CRTP template class in ua.hpp for bitmask-based register lists (e.g., ARM PUSH {R4-R7,LR})

• New lexer_janitor_t (std::unique_ptr<lexer_t, lexer_deleter_t>) RAII wrapper

• New dbg_deref_options_t struct for debugger stack view dereferencing options

New Flags and Constants

• REF_LOW32 / REF_HIGH32 — reference types for low/high 32-bit halves of 64-bit offsets

• REFINFO_USER (0x2000) — ignore fixup when processing refinfo

• SRCLANG_OBJCPP (0x20) — Objective-C++ source language

• PLFM_NDS32 (76) — new processor ID for Andes NDS32

• PR2_IGNORE_IDA_GUESS — allow item creation inside IDA-guessed data arrays

• aux_hint_nop / PT_padlock (x86) — hintable NOP flag and VIA PadLock extensions

Core SDK Changes (pro.h, llong.hpp, loader.hpp, ua.hpp)

• qvector<T>: new initializer list constructor (qvector<int> v = {1, 2, 3})

• qlist<T>: new move constructor and move assignment operator

• qlist<T>::swap() now marked noexcept

• qvector<T>::truncate() now properly handles non-movable types

• save_database(): default flags parameter changed from -1 to 0 (both mean "use current flags")

• STKVAR_VALID_SIZE and STKVAR_KEEP_EXISTING flags removed from ua.hpp

• __HAS_INT128__ macro now auto-defined when __SIZEOF_INT128__ is available (GCC/Clang)

Processor Module SDK

• ev_get_simd_types: new insn and op optional parameters for filtering SIMD types by instruction context; out parameter type changed from void* to simd_info_vec_t*

• switch_info_t::set_jtable_element_size() and set_vtable_element_size(): fixed operator precedence bug

Network SDK

• rpc_engine_t constructor: new recv_timeout parameter

• Removed RECV_HELLO_TIMEOUT constant

• vault_credentials_t methods are now inline wrappers around exported vcred_* functions, enabling easier subclassing from plugins

New Headers

• lumina.hpp — Complete Lumina protocol, metadata types, serialization, and client API (previously internal)

• qset.hpp, qmap.hpp, qtree.hpp, qpair.hpp, qallocator.hpp, qalloc_shim.hpp, qida_alloc_shim.hpp, qiterator.hpp — ABI-stable container infrastructure backing the qset/qmap migration

No headers were removed.

Deprecations Summary

• Widget refresh: request_refresh(), is_refresh_requested(), get_dirty_infos() replaced by 128-bit equivalents

• open_calls_window(): Function Calls widget removed

• prompt_function_prototype(): use prompt_function_prototype_ex()

• choose_local_tinfo() / choose_local_tinfo_and_delta(): deprecated

• llong_scan(): deprecated in llong.hpp

IDAPython

• IDA's -S command line arguments now accessible from sys.argv

idalib

• Added pre-built idapro Python wheel (for installation from read-only locations)

• New idat -v option for verbose output

• idat no longer deletes existing IDBs

• Batch mode now works with temporary databases

• -S command line switch enabled for IDA Home

Security & Third Party Dependencies

• LLVM updated to 21.1.5

• z3 updated to 4.15.3

• pcre2 updated to 10.47 (fixes CVE-2025-58050)

• clp updated to 1.17.10 / CoinUtils 2.11.12

• libdwarf updated to 2.2.0

Minor Improvements / Bugfixes

• proc/pc: fixed hinted prefetch decoding

• proc/pc: fixed decoding of ud0 for recent Intel platforms

• proc/tricore: simplified extended registers

• proc/riscv: fixed endless auto-analysis in some cases

• proc/riscv: fixed immediate operand size of andi instruction

• proc/arm: fixed decoding of STLEX instruction

• proc/tms320c6: fixed decoding of compact dstk instructions

• ldr/pe: fixed incorrectly applied relocations in ARMv7 PE files

• ldr/macho: fixed wrong stub names for ARM64 Go binaries

• dwarf: enhanced RISC-V relocation support (R_RISCV_ADD*, R_RISCV_SUB*, R_RISCV_SET* families)

• vd: added HO_CPP_CONSTANTS option to print C++ style constants (true, false, nullptr) instead of their C equivalents

• vd: (cast1)*((cast2)x + N) is now simplified to *((cast1*)x + N) when sizes match, removing redundant casts

• vd/ppc: updated SP after load/store for correct stack address resolution

• vd/riscv: improved recognition of several div/mod patterns on 32-bit RISC-V

• vd/v850: major bug fixes and improvements

• ui: fixed an issue where stepping in pseudocode would wrongly reset synced disassembly view to function entry

• ui: moved "Dereferencing options..." under the Data format/ submenu

• ui: fixed an issue where double-clicking on a function in a filtered Functions view could cause IDA to become unresponsive

• ui: fixed an issue where jumping to a stack variable could add an unnecessary entry to the navigation history

• ui: fixed an issue where double-clicking on a struct field in pseudocode no longer popped up the rename dialog

• ui: made renaming types via Y hotkey consistent with global default

• ui: output window: added possibility to control auto scrolling (registry setting)

• ui: output window: added shift-click to set selections

• ui: fixed notepad cursor position being reset on database save

• ui: added "Don't save database" button to the close dialog

• ui: added license borrowing calendar selector

• ui: fixed listing start/end navigation shortcuts (Ctrl+Home/End vs Ctrl+PgUp/PgDown were swapped); macOS now uses native key sequences

• ui: fixed an issue where bookmarks could be lost after rebasing

• ui/fpe: added the ability to set void as a function return type in the Function Prototype Editor

• ui/wayland: fixed app icon display, improved docking behavior

• ui/macos: added dark mode toggle in toolbar, .i64 bundle type extension, Dock Menu with recent files

• ui/macos: addressed several shortcut issues and collisions

• ui/xref_graph: fixed transparency issue of node description widget

• ui/xref_graph: fixed crash on macOS 15.7.3

• ui/xref_tree: allowed canceling decompilation when showing argument values

• ui/xref_tree: fixed branch indicator visibility on Windows 11

• kernel: fixed an issue where IDA could lock up when analyzing some obfuscated code patterns

• kernel: fixed a crash on startup when idc.idc contained syntax errors

• types/demangler: added support for floating-point constants as template arguments

• dbg/arm64: worked around PTRACE_DETACH issue after single-stepping on Linux 3.x/4.x

• srv/lumina: increased the default HELO timeout from 1 to 10 seconds for all client-run Lumina servers