<
MAJOR FEATURES
Support for non contiguous, fragmented, multiple chunks functions has been added. The analysis of theses functions has been greatly improved.
a LINUX console version of IDA Pro is now available. The source code of the TVision library used for the interface will be freely downloadable!
REMOTE DEBUGGING between Linux and Windows systems. (only singlethreaded linux applications are supported by the debugger). Source code will also be available.
NEW PROCESSOR MODULES
DSP561XX: new processor (in the advanced version)
TMS320C3: new processor (in the advanced version)
Angstrem KR1878: new processor
Motorola HCS12: new processor
KERNEL IMPROVEMENTS
+ Mulitple chunk functions are supported. IDA will automatically create function tails if this option is tued on. The option is tued on by default for the new databases, for the old database, it is tued off.
+ the idc engine does not use disk files anymore and is now faster.
+ created subdirectories for input file loaders, processor modules, configuration files.
+ Added an option to allow the recognition several copies of the same function
+ Added an option to comment anonymous library functions with the description of the FLIRT signature
+ Argument type information is propagated more actively
+ flair application collisions are marked with comments
+ improved handling of spoiled structure and function frame definitions
+ renaming a function as "exit" stops the execution flow
+ type information is saved for the structure members coming from the type libraries
+ better handling of trivial jump functions
+ slight improvement of jump table handling: .got entries are never considered to be big jump tables
+ the function boundary determination algorithm has been improved
PROCESSOR MODULES ENHANCEMENTS
+ 6502: immediate instruction operands are unsigned by default (were signed)
+ 6812 debugger: beta test version is ready and included in the distribution
+ 6812: better configuration file; CASM assembler is added
+ 6812: pc relative references are resolved and displayed as comments; cross references for them are created
+ ARM: ADD PC, ... stops execution flow
+ ARM: ADD Rn, SP, offset is automatically converted to a stack variable
+ ARM: ARM processor module has been improved in many aspects thanks to Willem Hengeveld
+ ARM: IDA knows that LDM Rx, {reg} spoils the register
+ ARM: IDA knows that some BL instructions should be treated as B instructions
+ ARM: MOV PC,... and LDR PC,... instructions are handled better
+ ARM: RVA32 relocation type is supported
+ ARM: arm < > thumb thunks are recognized
+ ARM: better reaction to the execution flow going to an unexisting address: before there was an error message that it is impossible to assign the segment register T, now the offending address is stored in the problem list.
+ ARM: better register tracing to detect the target of the BX instructions
+ ARM: better support for the thumb mode relocations
+ ARM: glue code is recognized as a jump function
+ ARM: improved the analysis of the jump tables and the glue code
+ ARM: modifying the T register reanalyzes the current instruction
+ ARM: the following sequence does not stop execution: MOV LR, PC; MOV PC, ... or BX Rx
+ ARM: thumb instruction can be converted to macros too
+ HPPA: basic blocks are detected properly; added type system; better analysis in general
+ HPPA: option to use mnemonic register names is added. off by default.
+ HPPA: stw/ldw instructions have ",ma/b" completers; unused sr0 registers are not displayed
+ IA64: better detection of operand sizes
+ IA64: multibyte character constants are allowed for GNU as (desipte the fact that it does not support them)
+ IBM PC: type information for functions called indirectly with complex offset expressions is propagated properly
+ IBM PC: push /pop eax is recognized as a sequence equal to "mov eax, "
+ PPC: addi instruction is taken into account when tracing the stack pointer
+ PPC: operands are converted to offsets only if the target is present in the program
+ PPC: support for GNU assembler is added
+ PPC: support for R_PPC_ADDR16_HI relocation type is added
+ PPC: type system support is added
FILE FORMATS
+ ELF: added an option to force PHT instead of SHT (useful for viruses and malicious programs)
+ ELF: ARM relocations are supported properly
+ ELF: HPPA relocation information is processed. Since there is enormous number of relocation records, we process only a limited number of them
+ ELF: IDA knows about some inteal symbols generated by the ARM compiler
+ ELF: a bad section declaration is not considered as a fatal error during loading; PHT manual load is supported
+ ELF: pressing cancel in the manual mode aborts the whole loading process
+ ELF: introduced environment variable IDA_ELF_PATCH_MODE which can be used to override the patching made by IDA to the database when a new elf file is loaded
+ EPOC: condition and option lines in SIS files are properly recognized and skipped
+ HPSOM: $DLT$ entries are ignored during loading imports
+ AR libraries with \n embedded in the file names are processed correctly
+ MS DOS COM files use the metapc processor by default
+ MACH O: MAC OSX support for the type system is added
USER INTERFACE
+ support for multiple selections in various lists has been added
+ debugger: 0, + and keys can now be used to quickly zero, increment or decrement register values
+ debugger: Toggle value command added to registers window (useful to quickly toggle flags)
+ debugger: added Add breakpoints, Enable breakpoints, Disable breakpoints and Delete breakpoints commands in popup menu of various lists (functions, names, ...) these commands also accept multiple selection
+ debugger: during debugging, addresses in import section are now displayed as data: allows to easily view and jump to the target
+ debugger: Cancel is now the default button in the debugger waing message (appearing the first time the debugger is started)
+ tracing: added an option in the Tracing options window to suspend tracing over library functions (enabled by default)
+ tracing: can now browse in Trace window even if process is not suspended
+ tracing: green arrow (target arrow) is refreshed during backtracing
+ tracing: in the trace window, a trace event selection is conserved (while it is in the trace buffer) if the last trace event is selected, the selection will continuously remain on the last inserted trace event
+ added option to tu off the autoappend feature
+ can open more than one hex view these hex views arent anymore synchronized with IDA Views by default (to synchronize a hex view with an existing IDA View, use the Synchronize with command in the hex views popup menu)
+ command line status is now saved in the desktops
+ improved the offsets en masse command: now ida verifies if the offset can be applied
+ it is possible to hide the question about a debug file from MSDN
+ most Jump and Search commands now work in hex views
+ positions of dialog boxes related to database are now saved to desktops
+ jumping to a problem does not delete the problem from the list anymore
+ it was not possible to choose an xref to a structure, so this command has been disabled
+ wrong values for the z switch are catched and reported properly
+ dump to idc can dump a selected part of the database
+ the offset in the Structure offsets dialog box can be specified as a decimal or hexadecimal value
SDK IDC (please look at the history file in the SDK for the details)
+ IDC: loadsym.idc is improved to support VisualAge (thanks to Dietrich Teickner)
+ IDC: import directive can be used instead of include
+ IDC: SegByName() retus the segment selector instead of its base address. The base address can be calculated from the selector by using the AskSelector(x)<<4 expression.
+ IDC: Set/GetFunctionAttr(), SetSegmentAttr() functions are added; existing functions are converted to macros using these new functions
+ IDC: added a comment about the color coding
+ IDC: added a flag to generate HTML files for GenerateFile()
+ IDC: loaddef.idc is donated by Dietrich Teickner; loadsym.idc has also been improved.
+ IDC: long running IDC scripts can be cancelled
+ IDC: optimization: idc.idc is parsed only once at the database loading time (used for inline expressions and the calculator; idc scripts including idc.idc will parse it at each compilation)
+ IDC: ord() function to get code of a character is added
+ IDC: removed the 64K limit for the compiled function length
+ IDC: rotate_left() function to rotate bit field is added
+ IDC: the built in parser looks for the include files in the directory of the current file as well as in the directory of the main input file for " includes
+ IDC: SegAlign() and SegComb() functions are converted to macros; fixed a bug with SEGATTR_DEF_.. constants
+ SDK: HIGH22 and LOW10 offset types are generalised to be VHIGH and VLOW. The processor module can specify the widths of these fixups in the ph.high_fixup_bits field. Currently they are used in the SPARC and HPPA processors.
+ SDK: NULL value may be passed as the tester function to the nexthat, prevthat functions. It means that any address satisfies the criterium.
+ SDK: PR_FULL_HIFXP is introduced. It means: VHIGH fixup type expects the operand value to be equal to the full address of the target, not only the high bits. Used for HPPA HIGH21 fixup types.
+ SDK: UI list functions (choose(), choose2(), ...) now support multiple selection > the delete callback prototype was changed accordingly (older plugins can simply retu true to remain compatible)
+ SDK: added possibility to pass command line options to plugins (get_plugin_options)
+ SDK: added set/get_idc_func_body() to avoid frequent recompilation of IDC functions
+ SDK: debugger: enable_XXX_trace() functions can now disable tracing but conserve trace over breakpoints
+ SDK: gen_use_arg_types() is added
+ SDK: lread() function is added; this function should be used in the loaders instead of eread(). The lread() function verifies if the read is ok, if not, it informs the user about it and asks if he wants to continue. If the user does not want to continue, the loader_failure() function is called
+ SDK: regex_match() to match regular expressions is added
+ SDK: removed support for the watcom compiler
+ SDK: set_idc_func() to add/remove IDC functions written in C++
+ SDK: the keel knows about macroinstructions (cmd.flags INSN_MACRO); fixup information for macroinstructions is handled in a special way: partial fixups are combined into one full fixup
+ SDK: AS2_BYTE1CHAR is added: for wide byte processors, one character per byte
+ SDK: added the FILE option to the AUTOHIDE keyword for message boxes, to save hidden message box results to IDAMSG.CFG
+ SDK: get_next/prev_member_idx() functions are added; guess_func_type() understands stacks growing up (not tested yet)
BUGFIXES
BUGFIX: Attach to process... and Detach from process commands were sometimes not visible
BUGFIX: Change stack pointer... command in context menu was sometimes displayed 2 times + we now always display it if Stack pointer is visible
BUGFIX: Reset desktop command was not resetting settings from default hidden windows
BUGFIX: b command line switch was broken
BUGFIX: AMD64 RIP addressing was decoded incorrectly if the second operand of the instruction was an immediate value
BUGFIX: ARM thumb BLX direct addr could not be disassembled
BUGFIX: AS_STRINV flag could revert the value of inf.wide_high_byte_first if the input string for the get_ascii_contents() function was too long to be stored in the buffer.
BUGFIX: C166 exts instruction was not emulated properly
BUGFIX: EIP was sometimes not properly invalidated on the screen when the debugger was running
BUGFIX: HPPA stack frame is created correctly
BUGFIX: IDA could enter an endless loop if a data item with an offset was visible on the screen along this the referenced instruction which was leading to the reanalysis of the data item (in other words, the data item causes the reanalysis of the instruction; the instruction leads to the reanalysis of the data). Scrolling aways from such a place would break the loop.
BUGFIX: IDA was loading some elf sections even if the user asked not to load them in the manual mode
BUGFIX: IDA would report not enough disk space on Windows98 if started in a directory with a double extension (like c:\dir\4.3.2\)
BUGFIX: IDC conditions (for breakpoints and tracing) referencing memory bytes were sometimes not properly evaluated
BUGFIX: IDC: ltoa() function was broken
BUGFIX: IP view was not properly refreshed if IP was not visible and the user switched between threads with same IP (for example 2 sleeping threads)
BUGFIX: Intel 8051: IDA crashes if at the loading time the user clears the "create segments" checkbox.
BUGFIX: MC6816 module: offset xrefs were not properly created for some operands
BUGFIX: PE loader would crash if only the PE header was loaded into the database and all other segments were skipped; made many PE loader messages hideable
BUGFIX: PrevHead() IDC function was retuing wrong results
BUGFIX: R_PPC_ADDR16_LO relocation type was processed incorrectly for object files
BUGFIX: TXT: a segfault could occur after closing the Structures or Enums window
BUGFIX: TXT: on Windows 9X, it was not possible to enter some characters (like the @ character by pressing AltGr+Q on a German keyboard) > define the TV_IGNORE_RIGHT_ALT_PRESSED environment variable to let IDA ignore such key combinations on Windows 9X
BUGFIX: TXT: segfault when you grab the lower right coer of the disassembly window with the mouse and drag it to the left, shrinking the window (qsnprintf() should never retu 1)
BUGFIX: an xref window would become empty if a modal window with xrefs to the same ea is opened and closed
BUGFIX: better handling of thread suspends/resumes for multi threaded debugging
BUGFIX: closing Enums window by pressing ALT F3 was causing a segfault
BUGFIX: colors of hidden areas were restored incorrectly
BUGFIX: column widths for the function list were wrong for 64 bit version
BUGFIX: epoc: the export table was located incorrectly
BUGFIX: debugger: DLL rebasing was not working properly in some cases
BUGFIX: debugger: FPU registers were sometimes not properly printed and detected as modified
BUGFIX: debugger: IDA was displaying non readable memory as 0xFF bytes (for example in PAGE_GUARD and PAGE_NOACCESS pages on Windows)
BUGFIX: debugger: a breakpoint at address 0 was added if pressing Enter from the Insert command in the Breakpoints window
BUGFIX: debugger: addresses in the Breakpoints list were not properly resolved because lists refresh was initialized before the process was properly suspended
BUGFIX: debugger: after a suspend, breakpoint conditions containing registers couldnt be evaluated properly
BUGFIX: debugger: breakpoints were not properly handled during library loading (if Stop on library load option was enabled)
BUGFIX: debugger: database desktop was sometimes overwritten by debugger desktop when process was not properly stopped
BUGFIX: debugger: debugger status in the main window titlebar was sometimes not accurate
BUGFIX: debugger: exported names (from loaded DLLs) were sometimes not properly displayed during debugging
BUGFIX: debugger: fixed minor disassembly view refresh issues when adding or editing breakpoints
BUGFIX: debugger: if a user forced a process termination and a pause request was already pending, the Pause process command wasnt working anymore in new debugger sessions
BUGFIX: debugger: in some particular cases, segment reorganisation was not working properly after a debugger event
BUGFIX: debugger: it was not possible to add a hardware breakpoint at once from the breakpoints window
BUGFIX: debugger: it was sometimes impossible to disable hardware breakpoints at runtime
BUGFIX: debugger: the Clear trace command was not properly refreshing some information like register views, arrows, ...
BUGFIX: debugger: the Detach from process command was sometimes not properly resuming threads
BUGFIX: debugger: thread related segments (stack PAGE_GUARD) were sometimes not properly named Segments view was not properly updated in some cases
BUGFIX: deleting a record from a non leave leads to a move of another record from a leave page to the freed place, an underflow occurs in the leave page, some records from the sibling of the underflowed page are moved to it, doing so leads to the modification of another record in the parent page, which leads to the overflow of the parent and the parent gets split. At this moment because of the bug we work with a freed page and the database gets corrupted. A bug with a similar situation had been corrected ten years ago.
BUGFIX: disassembly paint function was leaking GDI resources
BUGFIX: dsp56k ports are attached to the X space, not P space. dsp561xx: better version
BUGFIX: entering a long comment with tabulations could crash ida
BUGFIX: fixed a typo in sparc autocomments
BUGFIX: get_original_long() was wrong
BUGFIX: hardware breakpoint (with a size bigger than 1) background color was not red for additionnal lines (like a multi line comment)
BUGFIX: in navigation bar, it was impossible to Zoom in if Zoom out was disabled (because maximum range was reached)
BUGFIX: in some really rare cases get_next_fcref() could never retu BADADDR
BUGFIX: increased the width of the segment register window columns to fit narrow register values
BUGFIX: it was impossible to rename or double click on a structure stack variable
BUGFIX: it was impossible to use function local vars/args in breakpoint conditions
BUGFIX: it was not possible to rename bitfield members from the interface
BUGFIX: jump tables were not analyzed correctly after Changelist 979
BUGFIX: jump to near addresses (which were not visible on the screen but already cached) was not working anymore, probably since Changelist 2655
BUGFIX: maximized windows in a saved desktop were sometimes restored as non maximized
BUGFIX: mc6812 module did not know about the "wavr" pseudo instruction
BUGFIX: mc6812 module was not disassembling "etbl", "tbl" instructions
BUGFIX: multiline instructions were not displayed correctly in the graphs
BUGFIX: nextaddr(BADADDR) was retuing the first address of the program
BUGFIX: number of applied functions of a flirt signature takes into account all functions (before some function types were ignored)
BUGFIX: patching bytes during debugging would make IDA memorizes the database was patched
BUGFIX: register views creation was sometimes leaking GDI resources
BUGFIX: repetitive rebasing of the database might lead to a crash
BUGFIX: scroll buttons in IDA view scrollbars were not working properly
BUGFIX: scrolling the disassembly view using the mouse whlle with the hex view open could lead to an access violation at the beginning and end of the file
BUGFIX: segfault when typing an address into the search toolbar if no disassembly view was open
BUGFIX: set_debug_name() might cause an access violation
BUGFIX: some PE files with bad relocation table could not be loaded
BUGFIX: some Visual Age and GNU C++ names were not demangled correctly
BUGFIX: some strings couldnt be typed in the search toolbar due to auto completion
BUGFIX: text version was not displaying error messages about the configuration file
BUGFIX: text version: the disassembly window was not refreshed immediately after renaming a stack variable and similar
BUGFIX: the Batch() IDC function does not disable the auto analysis in TXT version anymore
BUGFIX: the elf loader was complaining about unusual usage of relocations for some incorrectly stripped executables
BUGFIX: the keel was not saving the current instruction data before calling ph.create_func_frame(); this might lead to worse analysis (mostly for the arm processor)
BUGFIX: tracing: addresses not available in database were not displayed during backtracing
BUGFIX: tracing: if Trace over debugger segments was enabled, tracing in KiUserCallbackDispatcher() function (used for keel > userland callbacks) was sometimes stopping with a "Breakpoint instruction reached (not inserted by the debugger)" message
BUGFIX: tracing: if the process is running, tracing is started while EIP is in a debugger segment, and Trace over debug segment option is enabled, IDA will not add anymore trace events for these debugger segment instructions
BUGFIX: tracing: properly log modified register values over debug segments (when Trace over option is active)
BUGFIX: unloading some corrupted databases to idc would lead to a crash, now ida should complain and continue
BUGFIX: unwanted hint of the address zero was displayed in the stack variables window for the processors with : after the data labels
BUGFIX: when closing a database, last address in IDA view was sometimes continuously saved on the previous addresses stack
BUGFIX: Z80 was not allowing to modify the out, in, and similar instruction operands
BUGFIX: creating an item crossing a hidden area boundaries would pose display problems in the future
BUGFIX: deleting a structure element at the end of the structure might lead to a wrong display (one superfluous data definition line beyond the end of the structure)
BUGFIX: if the Print flow chart labels option was enabled, labels without valid names were preceded by a 7 character + IDA now uses the prefix line color for these labels
BUGFIX: sometimes the application title was not reflecting the database name correctly
BUGFIX: using the navigation band with all IDAViews closed could lead to crashes
BUGFIX: when creating a flow graph, local labels were redefined as globals
BUGFIX: H8: the @ character was erroneously highlighted as a valid identifier character
BUGFIX: debugger: the destination arrow (green arrow) was not properly updated for JLE/JNG instructions
BUGFIX: if the database was created in the directory other than the input file directory, the input file name would be replaced by the database name
BUGFIX: it was not possible to search with Ctrl T after pressing Esc in the Alt T dialog even if the old search string was existing
BUGFIX: the stack tracing could be spoiled if the function end was moved back and forth
BUGFIX: when creating a new structure, the proposed structure name was incremented if the Cancel button was pressed
BUGFIX: when opcode bytes were displayed with a +, IDA was not extracting the following name properly (if any) > it was then impossible to change this name
Discontinued
OS/2 and DOS4GW versions are discontinued. Please make a backup copy if you plan to use them in the future
BUY DataRescue IDA Pro 4.7.0.830 Standard for Linux 15$
TAGS\: order DataRescue IDA Pro 4.7.0.830 Standard for Linux, buy DataRescue IDA Pro 4.7.0.830 Standard for Linux, low cost DataRescue IDA Pro 4.7.0.830 Standard for Linux
No comments:
Post a Comment