IDA 9.3 Beta

Welcome to the IDA 9.3 Beta Release, and thank you to all our beta testers for joining us! Below are the key highlights and changes introduced in this beta version.

What's New in Beta 3 (RC)

Decompiler

ARM Common Short Sequence Compression (CSSC)

The ctz, cnt, abs, smax, smin, umax, umin instructions are now translated to their corresponding compiler intrinsics.

Architecture Support

NDS32 EX9.IT

The ex9.it instructions are now properly resolved from the table that the $itb system register points to. Such instructions occur as part of linker relaxation and commonly observed in firmware or other space-constrained environments.

Bugfixes / Minor

• vd: add HO_CPP_CONSTANTS option to print c++ style constants (true/false/nullptr)

• vd: transform (cast1)*((cast2)x + N) into *((cast1*)x + N) when sizeof(cast1) == sizeof(*cast2) to get rid of some redundant casts

• vd/riscv: improve recognition of several div/mod patterns on 32-bit RISC-V

• vd/v850: major bug fixes and improvements

• ui/vd: make renaming types via y hotkey consistent with global default

• ui/xref_graph: apply macOS "dark mode" to xref-graph

• ui/xref_graph: fix fit-in-view behaviour

• ui/xref_graph: add trackpad pinching/zooming

• ui/xref_tree: fix disappearing chevrons

• ui/xref_tree: add column sorting

• ui/xref_tree: add rename support via n hotkey

• ui/jump_anywhere: allow jumping to offsets within local types

• ui/jump_anywhere: store user input history

• dbg/arm64: work around PTRACE_DETACH issue after single-stepping on Linux 3.x/4.x

• plugins/idapython: add missing qvector types to ida_lumina

• plugins/idapython: make ida's -S command line arguments accessible from sys.argv

• plugins/idapro: ship pre-built idapro python wheel (for installation from r/o installations)

What's New in Beta 2

Decompiler

Stock Comments

Manage reusable comments in the decompiler. Create, edit, and quickly apply frequently-used comments to pseudocode without retyping. Comments are organized by most-recently-used order. Useful for documenting repetitive patterns like inlined C++ operations (e.g., std::string manipulations).

Microcode Viewer

New toggles and display options:

• EA Prefix Display

Default (off):

After toggle (on):

The effective address now appears between instruction number and mnemonic.

• Compact/Detailed View

Detailed:

Compact:

Compact view removes block headers, maturity info, USE/DEF/DNU comments, and u=/d= annotations.

• Value Numbers

Display GVN identifiers showing SSA value equivalence:

• Number Origins

Show where constants originate (e.g., #3.8 becomes #[email protected]):

Off:

On:

Corresponding disassembly showing the origin of constant 3:

• Display Local Types: Opens a window showing types used during decompilation

Programming Language Support

Golang

• Improved type parsing, version detection, and moduledata handling (especially for versions before 1.18)

• Refactored string user detection

• Refactored version-dependent logic and improved documentation

• Bugfixes and improvements in FUNCINFO parsing

• Added argument type derivation for more Go-specific functions

• Set types for global arguments of Go runtime functions

Architecture Support

RISC-V

• Added support for Andes V5 extension (XAndesPerf only) in decompiler and disassembler. Instruction set extensions are now configurable in processor options (default is "all", with comments on ambiguous instructions):

• Fixed xrefs to structure members in all cases

ARM

Added NEON intrinsics for ARMv8.2 AES, SHA[1|256|512|3] and ARMv8.1 SQRDMX (Saturating Rounding Doubling Multiply Accumulate/Subtract) instructions in the decompiler.

Before:

After:

V850

• Recognize compiler-specific prolog/epilog helpers

• Recognize padding instructions and hide them

• Improve stack frame analsysis of functions using compiler helpers

• Detect compiler helpers invoked using the callt instruction

• Decompile more low-level instructions (BSW, BSH, HSW, HSH, MAC, MACU, ABF, SBF, CLIP*, SAT*, ST, SASF, SCH[01][LR], SYNC*, EI/DI, HALT, LDSR/STSR etc.)

PC

• Add decoding of VIA Padlock instructions

80196

• Add support for 8061, 8065, 8096 processor types

NDS32

• GP-relative addressing improvements

• Create dr_O references when adding gp-derived values into general purpose registers

• Create dr_R/W references when resolving phrase targets

• Add address comments whenever addresses are successfully resolved

• Report unresolvable memory accesses as problems (helps with firmware base address detection)

• Better stack pointer tracing, recognize push25/pop25 prolog/epilog

• Add auto comments

• Add decoding of DSP extension instructions

• Detect many more switch patterns

• Filtering and application of ELF mapping symbols ($c/$d)

• Add noreturn analysis

• New config options:

  • Display encoding variant and dollar register prefixes

  • Enable/disable use of macros

  • Enable/disable use of gp values

Loaders

CLI/.NET

• Applied CLI metadata names to native code in mixed assemblies

• Fixed several infinite loops and crashes with malformed .NET files

• Resolved MethodSpec tokens (0x2B)

• Handled ExtraData field in metadata tables stream

• Fixed loader failure when FieldRVA entry is missing for a field with fdHasFieldRVA flag

ELF

• v850: implement support for the R_V850_PC17 relocation

UI

New option: Options -> General -> Misc -> Setting type renames target

When enabled, IDA updates the target's name while setting types (for one-shot renaming and retyping via Y). When disabled, IDA ignores naming changes and only applies types.

Bugfixes

• decompiler/ppc/golang: improved LR recognition (also for functions with stack canary check)

• decompiler/ppc: updated SP after load/store for correct stack address resolution

• pc: fixed hinted prefetch decoding

• pc: fixed decoding of ud0 for recent Intel platforms

• xtensa: added xrefs for enums and structure members

• tricore: simplified extended registers

• arm: handled new switch pattern using CSNEG from iOS and macOS 26

• ui: fixed an issue where stepping in pseudocode would wrongly reset synced disassembly view to current function entry

• ui: added "don't save database" button to the close dialog

• ui: moved "Dereferencing options…" under the "Data format/" submenu

• ui: fixed an issue where double-clicking on a function name in a filtered "Functions" view could cause IDA to become unresponsive

• ui: fixed an issue where jumping to a stack variable could add an unnecessary entry to the navigation history.

• ui: fixed an issue where double-clicking on a struct field in pseudocode no longer pops up the rename dialog

• ui: added Jump Anywhere to the Jump menu

• ui/xref graph: fixed transparency issue of the node description widget

• ui/xref_graph: fixed crash on MacOS 15.7.3

• ui/xreftree: allowed canceling decompilation when showing argument values

• ui/xreftree: fixed branch indicator visibility on Windows 11

• licsrv: fixed an issue when IDA 9.2 would crash when trying to get a license from the 9.3 license server

What's New in Beta 1

Highlights

• Decompiler: New V850 decompiler, microcode manipulation, viewer improvements and more

• Type system: Objective-C parser, more Golang types

• Teams add-on: Improved Teams UI now fully integrated into IDA, eliminating the need for HVUI

• Architecture support: Apple SVE, SME, MTE ARM64 extensions, Andes Andestar V3 NDS32 (not included in Beta 1), improvements to Tricore, ARC, x86/x64, PowerPC, RISC-V, ARM64

• Debuggers: Android 14-17 native debugging, Stack view dereferencing

• UI: Improved Xref Tree and Xref Graph, along with other performance improvements

• FLIRT 2.0 (The new signatures are not included in Beta 1 and are planned for a later beta release)

• New Linux ARM64 Installers

Teams add-on

IDA Teams is now merged into stock IDA. Collaborate on reverse engineering projects with your team without launching any external applications.

• A New Teams top-level menu: all previously known major functionalities and widgets available from Teams menu.

• Easy access to remote files: open files from the Hex-Rays Vault Server directly through the Quick Start dialog.

• Discontinued HVUI Application: the standalone HVUI app is no longer included. Its core functionality has been fully integrated into the main IDA interface.

See the Getting Started Guide to get up and running with integrated Teams.

Type System

Objective-C Parser

Example - Input Objective-C header:

Generated type library output:

Create C Header File: Inline Anonymous Types

When exporting types to C header files, IDA creates intermediate anonymous types with hash-based names. The new "Ignore IDA anonymous types" option inlines these types directly into the parent structure, producing cleaner and more portable output.

Before (anonymous types exported separately):

After (anonymous types inlined):

This also handles nested inline structures correctly:

Fixed Struct Support: Complete Import/Export Roundtrip

IDA 9.3 introduces __fixed and __at attributes for structures with explicit field offsets, enabling complete roundtripping of type exporting and importing. Previously, types with explicit offsets (like function stack frames) could be exported to C headers but not re-imported: the offset information was lost. Now IDA headers are fully re-parsable.

New Syntax:

• __fixed(size) - Declares a struct with explicit total size

• __at(offset) - Specifies exact byte offset for a field

Example - Function Stack Frame:

Example - Packed Embedded Structure (unaligned fields):

More Golang Types

Full Package Paths in Type Names: Types now include complete package paths, eliminating ambiguity between identically-named types in different packages:

Hierarchical Type Library Organization: Types are organized in folders matching Go package paths:

Additional Improvements:

• Better FUNCINFO and Go version detection

• Replaced internal BUILTIN_STRING with standard Go string type

• Many standard Go types are now properly recognized without the struct prefix:

• Better handling of return types of anonymous golang functions when parsing DWARF

Architecture Support

Tricore

Improved regfinder for better cross-reference detection and enhanced detection of switch statements.

ARC: Push/Pop Idiom Recognition

Memory store/load operations with auto-increment are now recognized as push/pop instructions, making function prologues and epilogues much easier to understand.

Before (9.2):

After (9.3):

x86/x64

• Follow indirect jumps where target is known at analysis time

• Fixed MPX hintable NOP handling

PowerPC

• Fixed wrong plain offset on addi instruction

RISC-V

• Fixed endless auto-analysis loop

• Enum members now get proper xrefs

ARM64

SVE/SME Instructions for iPhone 17 Kernel

IDA 9.3 can now decode Scalable Vector Extension (SVE) and Scalable Matrix Extension (SME) instructions used in Apple's iPhone 17 kernel:

These instructions were previously shown as raw bytes or undefined opcodes.

Memory Tagging Extension (MTE) Intrinsics

The decompiler now produces clean intrinsic calls for ARM Memory Tagging Extension instructions, replacing inline assembly blocks. MTE is used in iOS 18+ and Android for memory safety.

Before (9.2) - inline assembly:

After (9.3) - clean intrinsics:

Supported MTE Intrinsics:

ARM64: Decoding of CSSC Instructions

Added decoding for comparison and min/max instructions (SMAX, SMIN, UMAX, UMIN, ABS, CNT, CTZ)

MOV/MOVK Address Construction

Disassembler and decompiler now properly optimize ARM64 address construction patterns using MOV/MOVK/MOVW/MOVT instruction sequences, even if scattered, and produce proper cross references.

Before (9.2):

After (9.3):

Minor

• AARCH64 Relocations: Support for MOVW_UABS_G[0-3] with custom reference handlers

• iOS PAC Stubs: Improved recognition of __auth_stubs sections

• BTI-enabled PLT: Recognition of Branch Target Identification-enabled ELF PLT stubs

Andes Andestar V3 NDS32

IDA now features a processor module for the Andestar V3 NDS32 architecture.

The Andes AndeStar V3 NDS32 is a patented, 32-bit, RISC-style instruction set architecture (ISA) featuring mixed 16-bit/32-bit instructions for power and code density efficiency. It is most used in a wide range of deeply embedded systems and low-power applications, such as IoT devices, microcontrollers, wearables, storage devices and drones.

Decompiler

V850 Decompiler

IDA 9.3 introduces decompiler support for the Renesas V850 (aka NEC850 aka RH850) architecture, a popular 32-bit RISC processor used extensively in automotive ECUs and industrial applications. It supports both the modern RH850 ABI and the legacy GCC V850 ABI.

Microcode Manipulation

The Microcode Viewer now supports deleting instructions and specifying values for registers and local variables to influence the decompilation process.

Fine Grained Control of Assignment Propagation

Added user-controllable "Forbid assignment propagation" option (available from the context menu).

Value Range Optimization

The analysis of conditionals now includes enhanced value range tracking. For instance, in a conditional such as (unsigned int)(a2 - 1) <= 5, we can determine that a2 falls within the interval [1, 6].

Real-world example:

The second if statement is now discarded since its condition will always be true.

"Decompile all" now in IDA Home & IDA Pro Essential

Now available in IDA Home & Essential editions

Debuggers

Android 14+ native debugging

The Android debugger now properly handles Android 14 (and more recent) apps. Since PAC is becoming more prevalent also in the Android world, we also added support for properly stepping over protected indirect control flow transfer instructions (RETAA, ...).

Stack View Dereferencing

The debugger stack view now supports automatic dereferencing, matching the functionality previously available only in the register widget. View pointed-to values directly in the stack view during debugging sessions. You can enable this option via the context menu, under Data format → Addresses with dereferencing.

User Interface

Faster Dirtree Widgets

We have done a first pass of speed improvements. While IDA 9.2 could at times take a very long time to respond (esp. with large selections), IDA 9.3 will be much more pleasant to work with.

• Widgets exposing tabular data should be behaving considerably better with large datasets

• Search operations are now much snappier for widgets with huge amounts of entries (100k+)

• Sorting & filtering (e.g., Ctrl+ F) have been improved along the way

Further performance optimizations are planned, so stay tuned!

Xref Tree

The Xref Tree widget introduced in IDA 9.2 has been significantly enhanced. The tree can now leverage the register tracker and decompiler to display known function argument values at call sites, providing immediate insight into the parameters being passed to functions without needing to navigate to each individual call site.

Additional improvements include:

• Multi-selection support with standard Shift and Ctrl modifiers for batch operations

• Search functionality: press / to open search, then use F3 to jump between matches (only works with data that has already been expanded in the tree)

• Column management: columns can be reordered and resized, with a context menu on column headers to control which columns are displayed

• Action system integration: xref tree actions can now be mapped and customized just like any other IDA GUI action, allowing for personalized keyboard shortcuts and workflow integration

• Improved dark theme support on macOS

Xref Graph

This release improves mostly the graph interaction.

• Now, you don't need to chase the nodes anymore, as they won't move when the cursor is hovering over them. Additionally, it's now possible to pin the nodes in place so you can always know exactly where they are - just press P to do so.

• Furthermore, in order to keep the graph responsive, we've added a warning that will pop up when the graph's capacity is exceeded. This way, you won't accidentally overload the graph and cause it to slow down. The capacity can be adjusted in the configuration file.

• Graph management is now located in a logical place: View → Graphs → Manage... and a lot of tiny improvements done.

• Finally, the Xref Graph now supports a dark theme. Your eyes will thank us!

Jump Anywhere Improvements

• Faster parallel search for large databases (improved search responsiveness)

• Added support for demangled names

• Improved search ranking algorithm

• Better integration with the "undo" mechanism

Platform-Specific

• Linux Wayland: Fixed app icon display, improved docking behavior

• macOS: Dark mode toggle in toolbar, .i64 bundle type extension, DockMenu with recent files

General Improvements

• System shortcuts for listing start/end navigation (Ctrl+ Home/End)

• License borrowing calendar selector

• Local Types: Removed redundant "Parse declarations" command

Minor

• arm: detect objc stubs padding (brk #1 instructions)

• ui: output: add possibility to control auto scrolling (registry setting)

• ui: output: shift-click to set selections

• ui: jumpanywhere: efficient indexer search algorithm

SDK & Build

• Simplified build process for developers:

  • The C++ SDK now supports CMake for building

  • The IDAPython build process has been simplified to work with SWIG 4.2 and 4.3 from default package managers (apt on Linux, winget on Windows, brew on macOS), eliminating the need for manually-built SWIG

• Direct Lumina API access via lumina.hpp (C++) and ida_lumina (Python), enabling devs to extract and apply Lumina metadata programmatically from within IDA.

• Other Enhancements:

  • Added get_import_entry() public function (for PE files only!)

• Hex-Rays SDK: Split hexrays.hpp into 4 files for better modularity:

  • hexrays.hpp (main header, reduced size)

  • hexrays_ctree.hpp (C tree definitions)

  • hexrays_defs.hpp (definitions and constants)

  • hexrays_micro.hpp (microcode definitions)

idalib

• idat -v option for verbose output

• Prevent idat from deleting existing IDBs

• Allow batch mode for temporary databases

• -S command line switch enabled for IDA Home

Security & Third Party Dependencies

• llvm: update llvm to 21.1.5

• z3: update z3 to 4.15.3

• pcre: update pcre to 10.47 (fixes CVE-2025-58050)

• clp: update to clp 1.17.10 / CoinUtils 2.11.12

• libdwarf: update libdwarf to 2.2.0

Known Issues

• PySide6 crashes under Python 3.14