# IDA 9.4 Beta ![](/files/chz9rjAlv3sTtmSRqMFc) ## IDA 9.4 Beta Welcome to the IDA 9.4 Beta Release, and thank you to all our beta testers for joining us! Below are the key highlights and changes introduced in this beta version. {% hint style="info" %} **Share your feedback** Spotted a bug or have a suggestion for the beta? Let us know and contribute to IDA evolution through one of the following channels: * [Hex-Rays Support](https://support.hex-rays.com) (*Early access* feedback form), * Email: , or * Slack: Join the discussion in our dedicated beta channel. If you didn’t receive the invitation link, [contact us](mailto:support@hex-rays.com). {% endhint %} ## Highlights ### New Apple Dyld Shared Cache Infrastructure IDA 9.4 completely overhauls the approach to analyzing Dyld Shared Cache's: * dedicated widgets * specialized workflows & actions * seamless navigation between shared cache components * improved (& correct) analysis Apple ecosystem reversers should have a much easier time with the new system. See [the documentation](https://docs.hex-rays.com/9.4/core/disassembler/concepts/dsc-workflow) on the general concepts & workflows! ![The initial DSC open dialog](/files/g8yxkrCvj9JcDPpmd8kC) ### Swift ABI Recognition The decompiler and type system now understand the Swift calling convention. Add `__swiftself` to a function argument to declare it being passed in `x20` (arm64) / `r13` (x86-64). The function-level attributes `__swiftasync` and `__swiftthrows` causes the decompiler to rewrite accesses to/from the designated registers as intrinsics. #### Example 1 — Throwing method: `BankAccount.withdraw(_:)` Showcases `__swiftself`, `__swiftthrows`, the swift error-register (x19) plumbing, and more runtime types (`Swift::BoxPair`). (Also notice how the undefined variable warnings disappear.) **Before** ```c Swift::Int __swiftcall __spoils<...> BankAccount.withdraw(_:)( Swift::Int a1) { _QWORD *v1; // x20 __int64 (*v3)(void); // x23 unsigned __int64 v4; // x0 __int64 v5; // x1 Swift::Int result; // x0 __int64 v7; // x8 bool v8; // vf Swift::Int v9; // x8 _BYTE v10[24]; // [xsp+8h] [xbp-38h] BYREF v3 = *(__int64 (**)(void))(*v1 + 96LL); if ( v3() >= a1 ) { result = swift_beginAccess(v1 + 14, v10, 1, 0); v7 = v1[14]; v8 = __OFSUB__(v7, a1); v9 = v7 - a1; if ( v8 ) { __break(1u); } else { v1[14] = v9; return ((__int64 (__fastcall *)(Swift::Int))v3)(result); } } else { v4 = lazy protocol witness table accessor for type AppleError and conformance AppleError(); swift_allocError(&type metadata for AppleError, v4, 0, 0); *(_OWORD *)v5 = xmmword_100008C50; *(_BYTE *)(v5 + 16) = 1; return swift_willThrow(); } return result; } // 100001F9C: variable 'v1' is possibly undefined // 100001FF0: variable 'v5' is possibly undefined ``` **After** ```c Swift::Int __swiftcall __spoils<...> __swiftthrows BankAccount.withdraw( void *__swiftself self, Swift::Int a2) { void *error; // x19 __int64 (*v4)(void); // x23 Swift::Int v5; // x0 __int64 v6; // x1 const void *v7; // x2 const Swift::WitnessTable *v8; // x0 Swift::BoxPair v9; // kr00_16 Swift::Int result; // x0 __int64 v11; // x8 bool v12; // vf Swift::Int v13; // x8 _BYTE buffer[24]; // [xsp+8h] [xbp-38h] BYREF error = __swift_get_error(); v4 = *(__int64 (**)(void))(*(_QWORD *)self + 96LL); v5 = v4(); if ( v5 < a2 ) { v8 = lazy protocol witness table accessor for type AppleError and conformance AppleError(v5, v6, v7); v9 = swift_allocError((const Swift::Metadata *)&type metadata for AppleError, v8, nullptr, false); error = v9.object; *(_OWORD *)v9.value = xmmword_100008C50; *((_BYTE *)v9.value + 16) = 1; __swift_set_error(v9.object); swift_willThrow(self); LABEL_5: __swift_set_error(error); return result; } swift_beginAccess((char *)self + 112, buffer, (void *)1, nullptr); v11 = *((_QWORD *)self + 14); v12 = __OFSUB__(v11, a2); v13 = v11 - a2; if ( !v12 ) { *((_QWORD *)self + 14) = v13; result = v4(); goto LABEL_5; } __break(1u); return result; } ``` *** #### Example 2 — Async function: `actorSampler` continuation at `0x100002374` Showcases `__swiftasync`, the typed `async_context` (x22) and removed PAC check. **Before** ```c __int64 actorSampler()() { __int64 v0; // x22 __int64 v1; // x20 __int64 result; // x0 __int64 v3; // x8 bool v4; // vf __int64 v5; // x8 __int64 v6; // x8 __int64 (*v7)(); // x16 __int64 v8; // [xsp+18h] [xbp-8h] v1 = *(_QWORD *)(v0 + 48); result = swift_beginAccess(v1 + 112, v0 + 16, 1, 0); v3 = *(_QWORD *)(v1 + 112); v4 = __OFADD__(v3, 100); v5 = v3 + 100; if ( v4 ) { __break(1u); goto LABEL_11; } *(_QWORD *)(*(_QWORD *)(v0 + 48) + 112LL) = v5; v4 = __OFADD__(v5, 50); v6 = v5 + 50; *(_QWORD *)(v0 + 56) = v6; if ( v4 ) { LABEL_11: __break(1u); goto LABEL_12; } *(_QWORD *)(*(_QWORD *)(v0 + 48) + 112LL) = v6; if ( v6 + 0x4000000000000000LL < 0 ) { LABEL_12: __break(1u); return result; } if ( v6 > 74 ) { *(_QWORD *)(*(_QWORD *)(v0 + 48) + 112LL) = v6 - 75; v7 = actorSampler(); } else { v7 = actorSampler(); } if ( ((v8 ^ (2 * v8)) & 0x4000000000000000LL) != 0 ) __break(0xC471u); return swift_task_switch(v7, 0, 0); } // 10000239C: variable 'v0' is possibly undefined // 100002434: variable 'v8' is possibly undefined ``` **After** ```c void __swiftcall __swiftasync actorSampler()() { struct actorSampler$AsyncCtx *async_context; // x22 _QWORD *v1; // x20 __int64 v2; // x8 bool v3; // vf __int64 v4; // x8 __int64 v5; // x8 void (__swiftcall __swiftasync *v6)(); // x16 async_context = __swift_get_async_context(); v1 = async_context->field_30; swift_beginAccess(v1 + 14, &async_context->field_10, (void *)1, nullptr); v2 = v1[14]; v3 = __OFADD__(v2, 100); v4 = v2 + 100; if ( v3 ) { __break(1u); goto LABEL_9; } *((_QWORD *)async_context->field_30 + 14) = v4; v3 = __OFADD__(v4, 50); v5 = v4 + 50; async_context->field_38 = (void *)v5; if ( v3 ) { LABEL_9: __break(1u); goto LABEL_10; } *((_QWORD *)async_context->field_30 + 14) = v5; if ( v5 + 0x4000000000000000LL < 0 ) { LABEL_10: __break(1u); return; } if ( v5 > 74 ) { *((_QWORD *)async_context->field_30 + 14) = v5 - 75; v6 = actorSampler(); } else { v6 = actorSampler(); } swift_task_switch(v6, nullptr); } ``` ### SVE2 Support ARM SVE2 and SME extensions are now fully disassembled. ![ARM SVE disassembly](/files/vpjxV8nhRQM5NM0K5xUi) ![ARM SVE decompilation](/files/B7cjbAgI4DI1Tv4jLQqt) ### Decompiler Strings Strings recovered during decompilation now automatically show up in the list of strings. Note that the list is filled lazily and only contains strings of functions that were previously decompiled. ![Decompiler Strings](/files/Nz2cvzxKf9He9plSXBlz) ### Qualcomm Hexagon Disassembler & Loader A brand-new Hexagon (QDSP6) processor module brings Qualcomm DSP firmware into reach, paired with a Qualcomm MBN boot-image loader (SBL/XBL containers, multi-ELF, hash validation). ![Qualcomm Hexagon Disassembler & Loader](/files/4GpIYhAcOmTu8vMBBdGE) ![Qualcomm Hexagon Disassembler & Loader](/files/fjlJosAbaD5cfekkLztU) ![Qualcomm Hexagon Disassembler & Loader](/files/WIK1V9RFve9nXPfFEIqK) ![Qualcomm Hexagon Disassembler & Loader](/files/mi09swqDV7RfRURaxWXG) See the [Hexagon disassembler](https://docs.hex-rays.com/9.4/core/disassembler/concepts/hexagon) reference for details on packet-based execution, ISA coverage, processor-specific display options, and loading Hexagon binaries. ### MCore/CSkyV1 Disassembler A new processor module for the MCore aka CSky V1 architecture. ![CSkyV1 Disassembler](/files/z1vSLaXuCgpvuPAz1aKZ) ![MCore Disassembler](/files/loAenM7g03p58mMbsVM8) ### New Pathfinder Widget How does execution get from *here* to *there*? IDA 9.4 can now answer that directly: the new **Pathfinder** widget (View > Open subviews > Pathfinder, `Shift-F9`) finds call paths between functions: * pick two or more waypoints - paths are found segment by segment, visiting them in order * add the function under the cursor as a waypoint with `Ctrl-Shift-F9`, straight from a disassembly or pseudocode view * exclude functions to keep known noise (logging helpers, generic wrappers) out of the results * tune the search: include data xrefs, shortest path only, maximum depth * view the results as a pre-expanded cross-references tree, or as an Xrefs Graph with the path highlighted Pathfinder graphs are regular Xrefs Graphs: they are saved with your database and organized in the new graph manager (see the Xrefs Graph section). Find out [what it can answer](https://docs.hex-rays.com/9.4/core/disassembler/concepts/pathfinder) about your binary! ### IDB Deep Links & Snippet Sharing Share work without shipping files around. [Deep links](https://docs.hex-rays.com/9.4/core/user-interface/how-tos/using-deep-links) navigate to a specific location in a database and can be opened in an already-running IDA through a new local IPC channel (also usable by external tooling such as HCLI). !["Copy link" context menu](/files/tkoRcF0wvAd1cKfCeROp) !["Jump to link" dialog](/files/RpfjtTSc1YOCIUUn0UHH) ### Git-Based Teams Server The “Teams” add-on for IDA Pro can now run with Git servers too… Share IDB files with your team using the Git provider you already use e.g. GitHub, GitLab, Bitbucket, or self-hosted. No server to deploy. No new credentials to issue. Just clone, analyze, commit, push. !["Teams Git menu](/files/ckQlQuKwwCWb47wEuXYl) A few guides to help you get started or migrate: * Migrating from Vault? See the [Vault to Git Migration](https://docs.hex-rays.com/9.4/add-ons/teams/how-tos/migrating-from-vault-to-git) tutorial. * Need a self-hosted Git server? See our recommended [Gitea setup](https://docs.hex-rays.com/9.4/add-ons/teams/admin/git-backend-on-premise-setup). * Already have a Git repository? See the [setup guide](https://docs.hex-rays.com/9.4/add-ons/teams/getting-started/getting-started-git) and the [everyday tasks](https://docs.hex-rays.com/9.4/add-ons/teams/how-tos/working-with-git) walkthrough. ### Jump Anywhere Becomes the Default Jump Action [Jump Anywhere](https://docs.hex-rays.com/9.4/core/user-interface/concepts/jump-anywhere) is now bound to the default `g` shortcut, replacing the legacy jump-to-address dialog with a unified, type-ahead navigator: * index and jump to function comments * accept IDC/Python expressions like `cpu.EIP` * live previews as disassembly, pseudocode, or hex * jump history with previews * ![Jump anywhere dialog](/files/T09Dcdus9pCRai27LsXN) ### IDA Domain API: new release A new version of the [IDA Domain API](https://github.com/HexRaysSA/ida-domain) is available. The latest release ([v0.5.0](https://github.com/HexRaysSA/ida-domain/releases/tag/v0.5.0)) adds microcode and pseudocode access along with object store/retrieve APIs. See [What's new in the IDA Domain API](https://hex-rays.com/blog/whats-new-in-the-ida-domain-api) for details. ### ARM64 Windows Build of IDA IDA is now available as a native ARM64 build for Windows-on-ARM. ### Compilation Units Folders Functions can now be grouped in the Functions list by the compilation unit they came from. The compilation-unit structure is reconstructed from COFF, PSX, OMF, TDS, DWARF, PDB and GO, mirroring the original source-file layout of the binary. It's also reconstructed from any user's loader that calls `add_sourcefile()`. ![Compilation Units Folders](/files/FdSqiX0YIdScbaLTpcCT) ![Compilation Units Folders](/files/AU4RvDJzctGNfLRY2mm5) ### Unified "Scripts" Window Replaces the old "Execute script" / "Snippets" dialog with a single dockable "Scripts" window. The window hosts four vertical tabs, each backed by an independent tree widgets: * "Execute script"/"Snippets" - IDB-resident snippets, now exposed as a tree * "Recent scripts" - externally-loaded scripts (filesystem paths), with single-child folder chains coalesced and per-row extlang icons. * "Examples" (NEW) - IDAPython-shipped examples. * "Search" (NEW) - allows searches across the three sources above ### Xrefs Graph: UI Improvement Xrefs Graph can now display call paths found by the new Pathfinder (see above): the path spine and waypoints are highlighted with dedicated colors, and a path-aware aligned layout keeps the route readable. The xrefs graph interface has been significantly redesigned in IDA 9.4: * A new graph manager for managing graphs, following the same paradigm as the other views * Headers have been added to nodes, containing quickly readable information about comments, bookmarks, breakpoints, and missing references * Redesigned widgets: some of them have been moved out of the overlay for improved usability * The settings have been redesigned so that they are now less cluttered and organized more logically See the [Xref Graph](https://docs.hex-rays.com/9.4/core/disassembler/concepts/xref-graph) reference for the full picture. Xrefs Graph is now more consistent with the rest of IDA and easier to use - try it! *** ## Higher Level Language Support * rust: display the detected rust version and used crates in the header * rust: type panic locations, detect rustc version and crate list * rust: add `CM_CC_RUST` calling convention * golang: add configutation var `GOLANG_MAX_ANON_NAME_SIZE` * golang: parse `buildinfo` module dependencies for Go 1.18+ * golang: improve `pclntab` discovery for PIE ELF binaries * golang: remove zero-sized fields from Go struct types * golang: derive return type for `runtime.newobject` from `RTYPE` arg * golang: dwarf: inject hidden dictionary parameter for Go generic functions * golang: improve detection of stack arguments (vs spill space) * golang: improve detection of standard go arguments and return types * improve transforming of duffcopy/duffzero calls * objc: add possibility to show / hide objective-C ARC functions and recognize iOS16+ ARC helpers ![Rust version and crates showing up in the heading comment](/files/tUQ7YnJbwC2v1g3kWtW2) ## Decompiler * vd: introduce `Edit type...` action (hotkey `e`) to edit a type from the decompiler * ui: render argument names at the callsite (`Edit` -> `Plugins` -> `Hex-Rays Decompiler Options` -> `Options 3` -> `Argument name hints` to configure/disable) * ui: add possibility to collapse code blocks in the interactive ui (chevrons on the left) * ui: add possibility to invert then-else for if statement" * stkvars: more aggressive array detection * x64: dereference references to read-only memory * vd: add `Add cast` action for decompiler expressions * vd: convert `0`/`1` to `true`/`false` in bool contexts and `0` to `nullptr` when `HO_CPP_CONSTANTS` is enabled * vd: collapse trailing `v = x; return v;` inside try/catch bodies * vd: recognize `fabs`/negation from IEEE 754 sign-bit manipulation * vd: fold constant `rol`/`ror`/`bswap` operations * vd: prefer explicit comparison against zero for non-bool conditions * vd: structure phi-arm diamond merges as if-then-else instead of gotos * mbui: support for microcode xrefs to registers, stack/local variables, and blocks * mbui: hints describe the subinsn under the cursor * cbui: add a (very basic) c-tree viewer * vd: invert short `if (cond) goto L; ...; L:` forward jumps * vd: transform `memcpy()` calls to simple assignments when possible * vd: more aggressive application of scattered variables * vd: better recognition of big function arguments (UDTs, arrays in golang/rust) ## Disassembler * arm: `SVE2`/`SME` support * arm: add `SVE`/`SME` architecture detection and UI support for options * arm: recognize more switch case constructs observed in modern console SDKs * arm: add `SVE`/`SME` architecture detection and UI support for options * tricore: integrate new regfinder * tricore: better switch table recognition * tricore: full type system support * tricore: support byte- and word-sized registers in `tricore.cfg` * tricore: add relocations support * tricore: respect memory mapping during switch handling * riscv: support harzard3 (RP2350) extensions * riscv: support compressed instructions `Zcmp`/`Zcmt`/`Zclsd` * riscv: support Soteria extensions * v850: recognize more switch patterns * mcore: add stack pointer tracking and automatic stack variable creation * mcore: improve disassembly output quality and fix the decoding of various instructions ## Loaders * elf: compact relative-relocation support (`DT_RELR`) * coff: omf: psx: group functions in dirtree according to compilation units * elf: recognize and improve loading of Linux kernel modules, add modinfo to listing header * elf: arm: infer hardfloat ABI from ELF `.ARM.attributes` `Tag_ABI_VFP_args` ## Debuggers * win32/windbg: fix incorrect TEB segment labeling and add PEB segment * gdb: general modernization of gdb remote protocol implementation * gdb: retrieve loaded libraries from remote on startup * riscv: add riscv debugging support for GDB backend ## Plugins, SDK & API * ida-domain: new release ([v0.5.0](https://github.com/HexRaysSA/ida-domain/releases/tag/v0.5.0)) adds microcode and pseudocode access plus object store/retrieve APIs * idapython: detect/support pythons managed by uv/anaconda/homebrew * idapython: warn on libpython/venv version mismatch * idapython: expose `ida_loader.import_module()` * idapython: expose `ida_lines.add_sourcefiles` batch API * idapython: expose `ida_indexer` API (backend of "Jump Anywhere") * idalib: automatically activate idalib during installation * idalib: add support for async event processing and `execute_sync()` * sdk: new header `dscu.h` (and corresponding module `ida_dscu`) for programmatic access to the new dyld shared cache infrastructure * sdk: add color codes used in `tiplace_t` * sdk: add support for extlang custom icons * sdk: idapython: publish api for idb indexer * sdk: expose user-defined microinstruction in the api (`user_minsn_t`, `user_minsn_action_t`, `minsn_locator_t`) * sdk: new events: `ev_sanitize_name`, `ev_query_unmapped_address`, `ev_load_unmapped_address` * sdk: add new events `ev_query_unmapped_address`, `ev_load_unmapped_address`, `ev_sanitize_name`, `ev_should_handle_switch` * sdk: new `codegen_t::should_handle_switch()` hook for processor modules * sdk: new methods `mba_t::get_numform`/`set_numform`/`clr_numform` * sdk: add new struct field `string_info_t::decompiler_string` * sdk: add EA-based method `tinfo_t::get_func_frame()` * sdk: new ea-based APIs avoiding ida-allocated pointers -- see the porting guide (segments, funcs/frames, decompiler `decompile_function`/`decomp_ranges_t`, `hidden_range_info_t`, `get_sourcefile_by_ea()`, `qflow_chart_ea_t`) * sdk: new event `ev_get_stkarg_parts` for multi-slot stkarg stores * sdk: add `set_func_flag()` to set/clear individual function flags * sdk: add `is_name_defined_locally_ea()` ea-based API * sdk: add `qflow_chart_ea_t` ea-based flow chart API * sdk: add `get_prev_function_addr()`/`get_next_function_addr()` ea-based API * sdk: add `set_function_name_if_jumpfunc()` ea-based API * sdk: add read-only accessors for `func_t` internal array fields * sdk: add `outctx_t::gen_function_header`/`gen_function_footer` * sdk: add `ev_out_function_header`/`ev_out_function_footer` events * sdk: add new API function `add_regarg_ea()` * sdk: add new API class `function_item_iterator_t` * sdk: add new API class `function_parent_iterator_t` * sdk: add new API class `function_tail_iterator_t` * sdk: ea-based migration: the porting guide covers the deprecations, but it also adds many new APIs ## UI & UX * pathfinder: new widget to find call paths between functions (`Shift-F9`) * pathfinder: multi-waypoint paths, function exclusions, data-xref/shortest-path/depth options * pathfinder: view results as a cross-references tree or a path-highlighted Xrefs Graph * xref-graph: Sugiyama-style layered graph * xref-graph: visual cues on nodes (xrefs, bookmarks, breakpoints, comments) * xref-graph: new graph management widget * xref-graph: display and highlight call paths found by Pathfinder * xref-graph: improve UI * ui: show release notes on first launch * scripts: new "export headless" action for exporting script snippet as idalib standalone script * ldr: modernize image base/segment ux in initial load dialog * ldr: render referenced shared object for imported symbol names * licensing: improve worfklows when using borrowed floating licenses ## Performance * dwarf: speed up loading and reduce memory usage on large DWARF files * kernel: speed up loading of files which added a large amount of names (e.g. DYLD shared caches) * btree: reduce cache and free-page cleanup overhead * pc: speed up frame analysis * pc: add write xref cache ## Deprecations * idaclang: migrated to tilib with the new clang parser ## Bugfixes ### Higher Level Languages * vd: wrong argument optimization in golang functions * golang: some Go types were not recognized in certain databases * golang: fix `itablinks` processing for Go 1.18+ * vd: fix a hang in `duffcopy`/`duffzero` handling ### Decompiler * mbui: structural analysis action did not show intermediate reduction steps in non-debug builds * mbui: xref-to chooser could jump to block header instead of instruction line * mbui: double-click in graph mode failed to follow the entity under the cursor * mbui: failed decompilation when opening mbui would result in the viewer being leaked * mbui: graph rendering mode was lost across desktop save/restore * mbui: cached microcode could remain stale after edits to other functions * mbui: comments could be duplicated if neighboring minsns had the same ea * vd: "create new struct type" was not working in ILP32 binaries * vd: use correct operand size for division when split optimization shrunk subtraction * vd: reject FP comparisons in 64-bit subtraction carry pattern * vd: the field offset displayed in the hint could be wrong * vd: skip corrupted user microinstructions during deserialization * vd: missing return statement for functions using `push rax` for stack allocation * vd: arm: fix INTERR 50920 for ARM64 `NGCS` instruction * vd: pc: fix INTERR 50708 for pointer-to-array dereference in assignments * vd: pc: fix INTERR 52368/53023 on x64 chained switches sharing a default * vd: arm: fix INTERR 50920 for ARM64 SME `MOVA` instructions * vd: arm: `PC` reference inside an unsupported insn could trigger INTERR 50920 * vd: arm: `PC` reference inside `SMLAL`-family insn could trigger INTERR 50920 * vd: arm: `MOVT PC` could trigger INTERR 50920 * vd: arm: `STRD` storing the `LR`,`PC` register pair could trigger INTERR 50920 * vd: fix INTERR 51264 on functions with conditional add of side-effecting value * vd: fix wrong decompilation when user splits a call's return value * vd: fix INTERR 50757 on deep low/high slicing of UDT scatters * vd: `-Ohexrays` could not handle Windows paths with drive letters * vd: fix INTERR 50757 on `m_low`/`m_high` slicing memfunc mov into non-power-of-2 size * vd: fix INTERR 50709 on wide-mop high-half access with `cot_cast` lvalue * vd: fix INTERR 50708 on `memcpy` restored from a call source * vd: fix INTERR 53023 in `combine_sar_sar` with intermediate uses of low half * vd: avoid INTERR 52368 when a plugin injects edges into a `kreg` jtbl * vd: reject `memcpy` when source is any non-addressable `mop_d` * vd: preserve udt flag when replacing scattered operand * vd: refuse 64-bit add/sub/mul combine when `cins`'s def is used between `cins` and `dins` * vd: do not propagate `fpinsn` from embedded sub-insns to the combined struct copy * vd: do not unpack scattered packing when `kreg` destination has uncovered bytes * vd: convert array=array assignment to `memcpy` to avoid INTERR 50708 * vd: outlined code that accesses the caller's stack frame was inlined at the wrong stack offset * vd: fix error message printing for invalid deserealisation * vd: fix wrong `OPROP_UDT` flag in operands * vd: fix `resolve_pair()` breaking 64-bit multiplication patterns * vd: ppc spe: wrong handling of helper args wider than 4 bytes * vd: permit propagation of void-returning `memcpy` calls * vd: INTERR 50710 (casting to array is forbidden) for usercall functions * vd: conflict between scattered local var and arguments * vd: risc-v: fix minor spec mismatches in the microcode * vd: reset decompilation failures if config is changed ### Disassembler * pc: also apply ds-segreg flatten rule in the switch-detector path * pc: don't shift `[imm32]` by auto-tracked `ds` in 32-bit code * arm: recognize `STM SP` as a stkarg store * arm: fix INTERR 51312 when decompiling SVE-encoded `XAR` * arm: fix `SVE`/`MVE` setting for metarm; * arm: fix analyzing `UDF` for AArch64 * ppc: fix interr 2765 which could happen in SPE files with sign extended addresses * ppc: VLE displacement operands with `r0` base were incorrectly converted to direct address accesses * ppc: fix wrong data offsets on register-based displacements * analysis: stack args' types or comments could be wrong when sequential calls reused stack slots * 80196: fix handling of indirect and indexed addressing modes * arc, mips: fix indirect register being modified in the delay slot * arc: fix decomding of `dbnz` and `xbfu` * risc-v: fix a bunch of decoding bugs * risc-v: improve fence instruction printing * risc-v: fix `c.addiw` with `rd` = `x0` being decoded * risc-v: fix buggy 'alternative name' for every symbol * risc-v: handle pair operands correctly * risc-v: support `shXadd` for jump table detection * risc-v: print `c.` prefix for compressed instructions * risc-v: fix bug with sign extension on RV64 `ADDIW` * arm: fix infinite loop with self-referential frame pointer ### Debug Info * dwarf: import C++ classes that reuse base-class tail padding * dwarf: import SIMD vector types as struct/union members * dwarf: ignore post-prolog spill locations for arglocs * dwarf: fix handling of duplicated Go formal parameters * dwarf: render AArch64 reg 31 as canonical `SP`, not literal `XSP` * dwarf: fix handling of 0-address symbols * dwarf: skip line numbers with out-of-range addresses * dwarf: line-number import was very slow on large binaries * dwarf: incorrect handling of `DW_OP_bit_piece` * dwarf: incorrect parsing of `xmm` register locations on x86\_64 ### Type System * tinfo: guard `unpack_typestr` against `NULL` from `unpack_str` * types: removing a `__shifted` type's parent could crash IDA * types: structure xrefs to stack variables with dotted member names showed raw netnode keys * tinfo: stale frame cache hit tripped INTERR 955 * tinfo: do not save empty tinfo * tinfo: `PRTYPE_DEF` need to be reset after usage * frame: function return address frame slot should not be overlapped ### Core * network: Windows TLS: 'Failed to load baked-in Root Certificate' * analysis: opening a large database could hang while propagating function argument names * idb: fix a crash at the database closing time * funcs dirtree: Windows source paths were not properly supported * idb: in a corrupted database, a function may contain another function as a tail * eh\_parse: optimized xref traversal in `get_xref_info_for_ea()` * kernel: take into account a flow cref for function tail ### Plugins, API & SDK * idc.py: trailing commas turned constants into tuples * idapython: don't crash on launch when Python is not configured * idapython: prevent crash when IDAPython initialization fails halfway * idapython: replace old contact email with github link * idapython: fix `idc.get_min_spd_ea()` implementation * kernel: duplicate warning when a fixed plugin failed to init * idalib: `parse_tagged_line_sections()` was not available * idalib: flush database on process exit * idalib: honor `-Olicense:...` when passed via `open_database(args=...)` * idalib: suppress spurious "bad hotkey" warning in headless/text mode * idapython: a failed `ida_*` module import made all of IDAPython unusable * idapython: declare lines range SWIG dep so `sourcefile_t` inherits `start_ea`/`end_ea` * cli: fix completion crash, redundant hints, and hint placement on multi-screen wayland * ui: fix IDA crash at exit when a plugin held PySide6 widgets in Python globals * idat: support `-Ohexrays:-Dname=value` in parse\_options ### UI & UX * ui: jumping to a structure from the pseudocode, could fail to place the cursor at the right type/offset * ui: IDA could UAF accessing freed out `line_data_t` instances * ui: restore Dalvik chooser widgets when applying desktop * ui: snippets: `get_cur_snippet()` returns a pointer, null when cur idx is stale * ui: status bar analysis indicator now updates synchronously when toggled * ui: fix possible wrong matches and internal error when quick-filtering a list whose item is filed under several folders * ui: xref graph: minimap froze IDA when two graphs were visible * ui: xref graph: zooming could get stuck when fit-to-view left the graph beyond the zoom limits * ui: xref graph: fix color for dark mode on MacOS * ui: in the License Manager dialog, retrying a failed borrow could crash IDA * ui: crash when using chooser actions dispatched via command palette * ui: jump to stack memory on dbl-click of stack var under debugger * ui: navbar click on data did not switch from pseudocode to IDA-View * ui: fix interr 40567 when switching from graph to flat view * ui: jump anywhere: restore focus around Jump Anywhere modal `exec()` * ui: jump anywhere: stop the Jump Anywhere preview from being picked as a jump fallback * ui: jump anywhere: clamp negative-underflow offsets in JumpAnywhere local-type expr * ui: jump anywhere: a trailing space in the query no longer clears the result list * ui: jump anywhere: result list no longer flickers when refining a query * ui: jump anywhere: drive history mirror from explicit gestures * ui: jump anywhere: improve history list contrast across themes * ui: jump anywhere: only select the mirrored input at dialog open * ui: jump anywhere: keep history selection across an empty-input round trip * ui: hint popup title was unreadable on macOS in dark mode with the default theme * ui: about dialog: show the version / build-type line without bold * ui: about dialog: bottom groupbox border was clipped by the buttons and artwork on some platforms ### Licensing * licensing: a local borrowed license still produced a connection attempt to the license server * licensing: don't INTERR on borrowed license with an unsigned hexlic * licensing: borrowed license stuck in License Manager when Return failed * licensing: switching the license server silently kept using a borrow from the previous one * licensing: remove license as a requirement for update check ### Debugger * pin: fix appcalls and exception handling * pin: improve exception handling in the pintool * dbg: elf: make executable libs runnable * dbg: gdb: auto-resume threads that hit breakpoints during a step * dbg: gdb: fix memory reads where the first byte is `0xE0`-`0xEF` * dbg: gdb: log unexpected `SIGTRAP` from threads not resumed by client * dbg: gdb: prefer wildcard `vCont` to avoid common stub bug * dbg: gdb: fix gdb test listing and disable `pc_gdb_notepad_replay` * dbg: gdb: fallback step packets for older stubs * dbg: gdb: avoid redundant `vCont;Cxx;c` continue packets for bad servers * dbg: gdb: perform multiple `qSupported` probes for bad servers * dbg: gdb: fix broken `X`-write fallback to `M` writes * dbg: gdb: fix error handling in `qGetTIBAddr` probe * dbg: gdb: properly handle `swbreak` and `hwbreak` in gdb server * dbg: gdb: fix crashing gdbserver on Windows * dbg: gdb: refactor the way pausing and stepping is handled * dbg: gdb: fix duplicate/empty modules * dbg: gdb: send default continue action for other threads * dbg: gdb: handle library stop reason * dbg: gdb: get the image base from the TIB in `setup_exeimg` * dbg: gdb: attempt `qGetTIBAddr` for every thread * dbg: gdb: fix missing multiprocess gdb feature {% hint style="info" %} **Share your feedback** Spotted a bug or have a suggestion for the beta? Let us know and contribute to IDA evolution through one of the following channels: * [Hex-Rays Support](https://support.hex-rays.com) (*Early access* feedback form), * Email: , or * Slack: Join the discussion in our dedicated beta channel. If you didn’t receive the invitation link, [contact us](mailto:support@hex-rays.com). {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hex-rays.com/release-notes/9_4beta.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.