IDA Pro 6.2 feature list (October 5, 2011)

• GUI installers for Linux and OS X No more manual extraction of tar archives for Linux or OS X. A new installer is provided for ease of installation.
  
  

  



• Proximity view The proximity viewer allows the user to see and browse the relationships between functions, global variables, constants, etc... It can be used, for example, to visualize the complete callgraph of a program, to see the path between 2 functions or what global variables are referenced from some function.
  
  

  



• UI shortcut editor With this feature, it is possible to change and re-assign the shortcuts of built-in IDA actions and the default shortcuts of plugins, external menu entries and IDC scripts.
  
  

  



• UI filters in choosers This feature is very handy when it comes to filtering out the content of choosers in order to show or highlight the items that matter.
• 
  PE+ support for Bochs (64-bit PE files) Now the Bochs debugger plugin supports debugging basic PE+ executables. API emulation via scripting also works as usual. Click here for more details.


• Database snapshots In this version, it is possible to take database snapshots and restore them when needed (hierarchical snapshots are supported as well).
  
  

  



• Automatic new version check Checking for new Hex-Rays products version has been improved. This new addition checks for new versions of IDA Pro or the Hex-Rays Decompilers.
  
  

  



• Cross-references to structure members Another nice addition are xrefs to structure members. This features comes in handy when reversing/tracking data structure use in a program for example.
  
  

  



• Apple is not standing still and in iOS 5 the default compiler will be LLVM instead of GCC. It produces somewhat different code and we have improved our processor module to handle it. Compare two snippets of the same file.
  
  IDA 6.1:
  
  
  IDA 6.2:
  
  We now also parse and analyze Objective-C 2.0 metadata structures produced by the compiler. Using that information, we rename methods, create structures for classes, and apply C-style prototypes to methods for better results in the decompiler.
  
  
  
  We have also added support for the dyld_shared_cache format used in current iOS versions.
  
  
  
  kernelcache files are also recognized now and are split into separate KEXTs.
  


• IDAPython 1.5.3 IDAPython has been updated. The most notable additions: More form control support (refer to AskUsingForm() documentation in the SDK) New processor and UI notification callbacks New APIs and samples IDC compatible netnode support ! and ? pseudo commands to shell execute and retrieve documentation Support for extending IDC functions using Python Working with patched bytes Binding of hotkeys with Python functions (no need to go through IDC anymore)


• Floating licenses An IDA Pro with floating license can be installed on many computers but only the purchased number of seats can be used simultaneously. Floating licenses require installation of a license manager to track the license use. This feature is useful for enterprises who want to optimize the license use.

Changelist

Processor Modules

• + 65816: A 65816 CPU module (used in SNES consoles)
• + ARM: better tracking of cross-references in code produced by LLVM compiler (MOVW+MOVT pairs)
• + Dalvik: decode instructions produced by dexopt (odex)
• + HCS12X: implemented extended direct addressing (using DIRECT Direct Page register)
• + PC: improve recognition of x64 switches produced by GCC
• + PC: most assemblers encode mov ds, ax and mov ds, eax differently; handle it in the same way
• + PC: some sparse switches produced by Visual C++ for x64 were not recognized
• + PC: __SEH_prolog and similar functions were not properly handled in debugged modules
• + PC: display "66 90" as "xchg ax, ax"
• + PPC: decode tlbie and tlbiel with an optional immediate operand
• + SuperH: track values loaded into the gbr register
• + Z8: added configuration file for device-specific registers, including the Extended Register File banks
• + Z8: detect the use of different register banks by tracking changes to the register pointer (RP) value

File Formats

• + SMC: added a SNES rom loader
• + ELF: added support for MN10200 and MN10300 (AM33, AM34) files
• + ELF: added support for x64 TLS relocations in object files
• + ELF: ARM: added support for R_ARM_THM_PC8 relocation
• + LOD: added a loader for Motorola DSP56000 .LOD files
• + MACHO: entry point was not set properly for some packed files
• + MACHO: parse Objective-C 2.0 metadata, rename methods, create structures
• + MACHO: support dyld_shared_cache file format
• + MACHO: detect OS X/iOS kernelcache files and split the image into kext subfiles
• + PE: added support for ARMv7 relocations (MOV32T)
• + PE: create segments for gaps between sections when complete file is mapped to memory
• + PE: manually loading PE files will prompt before processing the export directory and the TLS entries
• + PE: overlays can now be loaded in manual mode
• + UImage: added a loader for U-Boot images
• + PDB: support PDBs for ARMv7 files

Kernel

• + Improved display of self-modifying code which changes during debugging
• + Track cross-references to structure members

FLIRT & TILS

• + TIL: tilib: added support the new constructs from VC10 header files
• + TIL: added VC10 TIL file
• + FLIRT: pelf: added R_ARM_THM_PC8 support

Scripts & SDK

• + IDAPython: added add_hotkey and del_hotkey() to associate hotkeys with Python functions
• + IDAPython: added execute_sync() to insert a function call into the UI message queue
• + IDAPython: added execute_ui_requests()
• + IDAPython: added idatuils.ProcessUiActions() to process more than one UI action at a time
• + IDAPython: added IDC array functions in idc.py module
• + IDAPython: added IDC hash functions in idc.py module
• + IDAPython: Added MakeCustomData() (and related MakeCustomDataEx)
• + IDAPython: added ph_get_operand_info()
• + IDAPython: Added Structs() and StructMembers() generator functions
• + IDAPython: added support for multiline text input in the Form class
• + IDAPython: added the assemble callback
• + IDAPython: added timer functions
• + IDAPython: added ui_term/ui_save/ui_saved/ui_get_ea_hint UI notifications
• + IDAPython: added visit_patched_bytes()
• + IDAPython: better error reporting for plugin scripts, loaders and processor modules
• + IDAPython: introduced the '!' (shell command) and '?' (Python help) pseudo commands to the CLI
• + IDAPython: it is now possible to add/register new IDC functions from Python
• + IDC: added GetNsecStamp()
• + IDC: DecodeInstruction() now exposes the canonical feature and mnemonic
• + IDC: it is now possible to catch IDC script interruption (with a try/catch) and resume exection if needed
• + IDC: renimp.idc: added support for PE+
• + SDK: added ALOPT_IGNPRINT option for get_max_ascii_length()
• + SDK: added execute_ui_requests() to execute a list of UI requests asynchronously
• + SDK: added extlang->run_statements() callback
• + SDK: added find_extlang_by_name()
• + SDK: added gen_rand_buf() to generate random data
• + SDK: added get_ascii_contents2()
• + SDK: added LP_USE_SHELL bit to launch_process() to launch commands using a shell
• + SDK: added new breakpoint management functions to work with source and module relative breakpoints
• + SDK: added qcopyfile()
• + SDK: added qfsize() and deprecated efilelength()
• + SDK: added qtime64_t and supporting functions
• + SDK: added read/write_dbg_memory(), set_reg_vals() and get_dbg_memory_info()
• + SDK: added register_addon() to allow registration of plug-ins and other add-ons for the About box
• + SDK: added save_database_ex()
• + SDK: added snapshot management plugin sample
• + SDK: added snapshot manipulation functions
• + SDK: added ui_requests plugin sample
• + SDK: added visit_patched_bytes()
• + SDK: exec requests can now set code = 0 inside their execute method to delegate their destruction to handle_exec_request
• + SDK: exported base64_encode/base64_decode functions
• + SDK: introduced ASKBTN_XXX constants for askyn() and askbuttons() functions
• + SDK: moved debugger related functions to dbg.hpp (get_dbg_byte, etc)
• + SDK: updated the "uunp" plugin to support PE+ when used in manual reconstruction mode
• + SDK: Windbg: added debugger extension interface
• + SDK: removed support for create_flow_chart() and flow_chart_t. Please use qflow_chart_t instead.
• + SDK: UI: added a way to specify and retrieve user data in forms
• + SDK: UI: added the close() method to form actions
• + SDK: UI: added timers API for plugins
• + SDK: UI: qt: added the code viewer control
• + SDK: UI: qt: added the get_attrs callback to embedded choosers

User Interface

• + GUI installer for Linux and OS X
• + UI: added the proximity browser view
• + UI: added IDA_NOEH environment variable to disable IDA exception handler on Windows
• + UI: setting IDA_MINIDUMP=NO disables minidump writing on Windows
• + UI: File/IDC command (Shift-F2) has been replaced with File/Script command to execute a statement with a selected extlang
• + UI: Edit/Patch functionality is now enabled by default
• + UI: added "Edit/Patch/Apply patches to input file" functionality to directly save the patches back to the input file
• + UI: added combobox and multi-line edit controls to forms (AskUsingForm())
• + UI: added a menu item "Report a bug or an issue..."
• + UI: added a status bar context menu item for quick access to processor-specific analysis options
• + UI: added an option to automatically check for new versions and request updates for IDA
• + UI: added database snapshots support
• + UI: added the 'select nodes of this color' right click menu command (available in the graph mode)
• + UI: AskUsingForm_c() no longer exits IDA in case of form syntax error. Very useful when building forms dynamically from IDAPython
• + UI: idag.exe and idau.exe are discontinued
• + UI: idaq now uses CHM (HTML Help) under Windows
• + UI: plugins can now be quickly executed using the "Quick plugin run" functionality (Ctrl-3)
• + UI: qt: added the MSG_DELAYED_UPDATE configuration option
• + UI: qt: added the shortcut editor
• + UI: qt: all Ctrl-Ins copy shortcuts were changed to Ctrl-C
• + UI: OSX: 'I' key is used in place of 'Ins' on OS X

Debugger

• + Added the '-I' command line switch to install IDA as a just-in-time debugger
• + debugger: added "event condition" debugger option to allow breaking when a debug event matches a given criteria
• + debugger: huge zero filled arrays are displayed faster in the debugger (do not use the dup construct for them)
• + Bochs: added option to disable Activation context and SearchPath() usage (this allows loading libraries from current directory or search path w/o activating context applied)
• + Bochs: added support for PE+ (64-bit PE files)
• + PDB: handle MIPS16 and ARMv7 files (low bit of the symbol address specifies Thumb/MIPS16 bit)
• + Win32/Linux/Mac debuggers now support I/O redirection
• + Win32 debuggers now have a new window to show the SEH list
• + Windbg: added option to disable debugger auto launch for crash dump files

Bugfixes

• BUGFIX: 'edit breakpoints' dialog was still wrong in 6.1
• BUGFIX: 'search for undefined address' (Ctrl-U) was not working correctly in debugger segments
• BUGFIX: an exception in asynchronious execution request (execute_sync) could crash ida
• BUGFIX: ARM: instructions combined into macros inside IT blocks could lead to wrong disassembly
• BUGFIX: armuclinux server was probably broken (it was using a separate thread to listen to debugee events but uclinux seems to have issues with that)
• BUGFIX: associating .idb extension with idaq was broken
• BUGFIX: Bochs debugger in disk image mode would display wrong addresses sometimes (caused by optimizer bug in VS2010 compiler)
• BUGFIX: bochs was not handling sections with vsize==0 properly
• BUGFIX: bochsrc loader was failing to load the boot sector of the disk images if it was larger than 4GB
• BUGFIX: choosing a device configuration in some processors could crash IDA on Windows
• BUGFIX: clicking on the title of a group node could crash IDA
• BUGFIX: debthread could not handle a hung remote server correctly
• BUGFIX: debugger: long DNS lookup for the connected peer name could lead to failure of the remote debugging session
• BUGFIX: demangler option "no return types of functions" had no effect for Borland mangled names
• BUGFIX: DOS: programs with Borland overlays (FBOV) were loaded incorrectly
• BUGFIX: EPOC: imports from hal.dll were not renamed
• BUGFIX: Executing a script that could cause a desktop switch (start or stop debugger) from the recent scripts window would crash IDA
• BUGFIX: find_binary() was crashing if radix of 0 was passed
• BUGFIX: find_strmem2() with STRMEM_INDEX was broken
• BUGFIX: get_next_struc_idx(-1) was not returning -1 as it should
• BUGFIX: get_type_size() could return >0 value for some illegal types
• BUGFIX: High 64 bit addresses were not being parsed properly by IDAPython in idaq64
• BUGFIX: IDA could crash if starting the application the first time failed (e.g. application path was wrong)
• BUGFIX: IDA could interr when trying to edit an address name in stack view
• BUGFIX: ida was failing with interr 40419 while rendering some graphs
• BUGFIX: IDAPython: Calling set_script_timeout() from callbacks may show the script wait box dialog with no possibility to close it
• BUGFIX: IDAPython: dbg_bpt was called instead of dbg_trace for a DBG_Hooks class implementation
• BUGFIX: IDAPython: dbg_read|write_memory() and dbg_get_thread_sreg_base() were broken
• BUGFIX: IDAPython: del_menu_item() was failing to delete menu items inserted in the middle of a menu list
• BUGFIX: IDAPython: get_blob() was returning a buffer with at most MAXSPECSIZE bytes
• BUGFIX: idapython: idaapi.get_item_head() was ignored
• BUGFIX: IDAPython: idc.GetString()/idaapi.get_ascii_contents()/idautils.Strings() were limited to MAXSTR string length
• BUGFIX: IDC: DelStruc() was behaving as a 'void' function (always returning 0)
• BUGFIX: IDC: on OS X, macros with 6 or more arguments would cause a syntax error
• BUGFIX: IDC: rotate_left() was broken
• BUGFIX: if a function lost some basic blocks (for example, because the user truncated it), its flowchart might be rendered with some empty nodes
• BUGFIX: if a read or read/write hardware breakpoint and a software breakpoint were defined at the same address, IDA would get confused when such such a breakpoint gets hit
• BUGFIX: illegal graph group info in the IDB could crash IDA
• BUGFIX: immediate search could not match the search criteria against defined data items
• BUGFIX: import libraries for gcc under ms windows were erroneously including _alloca and _main symbols.
• BUGFIX: in some cases IDA was trying to read memory outside of ranges provided by a debugger module
• BUGFIX: It was not possible to suspend Bochs if the debuggee was continously calling an API which is emulated by an IDC script
• BUGFIX: launch_process() was crashing in unix if command line arguments were NULL
• BUGFIX: linker directives with non-ascii characters in coff files would be displayed incorrectly
• BUGFIX: location of relative breakpoint was displayed in absolute notation in some cases
• BUGFIX: multithreaded Android applications could not be debugged on some devices
• BUGFIX: non-null terminated strings were printed incorrectly for assemblers with ASCIIZ directives (such as AIX PPC assembler)
• BUGFIX: Opening a crash dump file was failing in some cases
• BUGFIX: opening a malicious idb could lead to launching of debugger on any file (including files accessible with webdav)
• BUGFIX: PC: handling of __fastcall calling convention for Delphi was wrong
• BUGFIX: PC: mov to/from CRn/DRn ignore the mod field and always treat operands as registers (thanks to Ange Albertini)
• BUGFIX: PC: type information from .til files was not used for __fascall APIs (e.g. KfAcquireSpinLock)
• BUGFIX: PPC: dccci instruction with non-zero operands was decoded incorrectly
• BUGFIX: PDB: loading symbols for a module in memory (during debugging) could fail
• BUGFIX: PDB: old way of retreiving symbols (via dbghelp.dll) did not work for 64-bit modules loaded above 4GB
• BUGFIX: PDB: the "Load debug symbols" command was trying to use local files even when debugging remotely
• BUGFIX: PE loader could not properly handle relocations of type IMAGE_REL_BASED_DIR64
• BUGFIX: PE: files with exceedingly big relocation table size could not be loaded
• BUGFIX: PE: MIPS16 and ARMv7 exports and .pdata entries were not handled correctly
• BUGFIX: PE: some files with bogus/huge ImageSize could not be loaded (thanks to Ange Albertini)
• BUGFIX: qrealloc() was freeing the original pointer if allocation failed
• BUGFIX: qsem_create() was ignoring the initial value in mac
• BUGFIX: qt: askfile_c() was returning paths with forward slashes (/) on Windows; this broke some old plugins
• BUGFIX: qt: custom graphs were sometimes displaying some additional misplaced context-menu items
• BUGFIX: qt: forms with no dialog buttons (yes, no, cancel) would cause a crash
• BUGFIX: qt: jump buttons in the CPU Registers window were not working correctly on OSX
• BUGFIX: Qt: On OS X, shortcuts not defined inside idagui.cfg could contain the wrong modifier
• BUGFIX: qt: rendering on mac had problems because of a bug in the Carbon API
• BUGFIX: qt: some actions were not disabled in the stack frame view
• BUGFIX: qt: the jump xref action was missing in the stack frame view
• BUGFIX: qt: the strings sub-menu was missing letter shortcuts
• BUGFIX: qthread_kill() was freeing qthread_t in Windows; it should not
• BUGFIX: running ida with -z10000 could lead to deadlocks or crashes (for win32/linux/mac debugger modules)
• BUGFIX: SDK: askfile_c() default answer was not populated properly if it contained an absolute file path
• BUGFIX: SDK: qfilesize() now returns 0 if file is too large or does not exist (use get_qerrno() to tell between the two).
• BUGFIX: second failed attempt to launch the debugger would lead to interr
• BUGFIX: some edges of the graph would be rendered incorrectly after deleting an uncollapsed group (only if the graph contained more than one group)
• BUGFIX: text version of ida could hang while executing a script that handles numerous debug events
• BUGFIX: the form change callback of AskUsingForm() may be called recursively (leading to a crash) when using fa.set_field_value()
• BUGFIX: the function flowchart with custom layout and collapsed groups could be refreshed incorrectly in some cases
• BUGFIX: UI: "set segment register value dialog" was still using segment selectors even if the processor module had PR_SGROTHER flag set
• BUGFIX: UI: it was not possible to set a structure member's type to Float from the menus
• BUGFIX: UI: refreshing the graph was not resetting all the variables, some were still pointing to old nodes
• BUGFIX: UI: text version was crashing when calling up "Processor-specific options"
• BUGFIX: UI: the "Analysis enabled" checkbox in the load file dialog did not work as expected for non-x86 files
• BUGFIX: UI: the notepad text could exceed the maximum size and overwrite other blob indexes
• BUGFIX: under Windows, IDA still loaded a plugin even if it was renamed to e.g. plugin.plw1 (because the short name extension was still .plw)
• BUGFIX: Windbg 64bit was always proposing to run the dbgsrv even for 32bit apps
• BUGFIX: Windbg debugger in kernel mode would show one big segment called MEMORY in some cases
• BUGFIX: windbg debugger plugin was ignoring the DBGTOOLS value in ida.cfg
• BUGFIX: Windbg plugin was not able to restore absolute breakpoints on the process start if the memory was not already mapped
• BUGFIX: Windbg plugin was not working properly in kernel debugging with reconnect mode
• BUGFIX: Windbg: re-attaching to the kernel debugger may in some cases yield an empty module list (in the modules list window)
• BUGFIX: Windows plugins that used create_flow_chart() function (e.g. Color Loops) were crashing IDA 6.1.
• BUGFIX: IDAPython: calling reserve() on a movable type regvals_t was crashing due to regval_t.clear() with grabage values

IDA Pro 6.1 feature list (April 8, 2011)

PROCESSOR MODULES
-----------------

+ DALVIK: new processor module (Android Dalvik VM)
+ SPU: new processor module (Cell Broadband Engine Synergistic Processor Unit); contributed by Felix Domke
+ ARM: turned on BL-as-jump analysis for ARM code. Before it was enabled only for Thumb code
+ AVR: added XMega instructions DES, LAC, LAS, LAT, XCH
+ AVR: decode eijmp and eicall instructions
+ C166: allow double-word and floating-point items in the disassembly
+ EBC: discover and comment function thunks
+ EBC: implemented instruction auto comments
+ EBC: made disassembly syntax closer to the one used in UEFI specification
+ EBC: trace stack pointer and create stack variables
+ MIPS: added support for Cavium Networks (Octeon) instructions
+ MIPS: added support for MIPS64r2 instructions (doubleword bit manipulation)
+ MIPS: added support for Sony PSP (Allegrex) instructions
+ MIPS: added type system support (parameter identification and tracking)
+ MSP430: added support for MSP430X (20-bit) instructions
+ MSP430: resolve PC-relative (aka symbolic) addresses
+ PC: recognize prologs of VB6 applications (substantially speeds up analysis in some cases)
+ PC: show Intel conditional branch hints (prefixes 2E/3E)
+ PC: disassemble retn/retf opcodes with operand size override
+ PC: disassemble undocumented bswap ax instruction
+ PIC: automatically track changes to the PA0 status bit (bank selector) for 12-bit PIC processors
+ PIC: track values of BANK and PCLATH registers through the code flow - this improves disassembly of code that resides in multiple banks
+ PPC: added support for AltiVec instructions (including Cell BE extensions)
+ PPC: added support for VLE (Variable Length Encoding) instructions
+ PPC: it is now possible to specify a fixed base for the r13 register (small data area, often used in embedded PPC processors) and automatically convert all references to it
+ PPC: recognize switches used in 64-bit code with 32-bit addressing
+ PPC: updated GNU register names to reflect current conventions
+ SuperH: added option to disable immediates substitution (pre-6.0 behavior)
+ SuperH: it is now possible to use zero-offset structure fields in indirect register operands

FILE FORMATS
------------

+ DEX: new loader for Dalvik Executable files
+ COFF: added support for TI MSP430 files
+ COFF: handle Xbox 360 files (PPCBE). Also small improvements for ARM and MIPS files
+ DOS: added support of loading of CodeView debug info for DOS .exe files
+ ELF: added support for Cell SPU files (no relocations supported yet)
+ ELF: added support for PPC64 relocations
+ ELF: added support for R_*_IRELATIVE relocations
+ ELF: Android prelinked files are detected and loaded at the correct address
+ ELF: handle files produced by Tasking C166/ST10 compiler
+ ELF: if data at entry point is not present in the section list, use program headers to load the missing code.
+ ELF: implemented some workarounds to load Cisco IOS files
+ ELF: PPC: handle files with VLE code sections and mark them as such
+ ELF: PPC: handle VLE relocations
+ ELF: support PSP PRX files
+ NE: support self-loading NE files
+ PE: added support for ARMv7 files

KERNEL
------

+ added support for arbitrarily big types in the type parser
+ added support for custom data formats inside structures
+ improved PIT (parameter identification and tracking) to better handle compex functions
+ improved the speed of rebasing the program
+ IDS: added ceddk.ids for Windows CE

FLIRT & TILS
------------

+ FLIRT: added autodetection of the programs written in the D language
+ FLIRT: added Digital Mars FLIRT signatures
+ FLIRT: added FLIRT signatures for the Intel Compose XE 2011 ICL compiler
+ FLIRT: pcf: handle ARMv7 COFF files
+ FLIRT: pcf: handle PowerPC BE (Xbox 360) COFF files
+ FLIRT: pelf: i386 TLS related relocations require special handing because the linker modifies instructions
+ FLIRT: pelf: added support for SuperH files
+ prepared new mssdk til files based on the Windows SDK 7.0a

SCRIPTS & SDK
-------------

+ IDAPython: added PluginForm class which adds the possibility to extend the UI with PyQt or PySide

+ IDAPython: Python statement execution and script timeout are configurable
+ IDAPython: added AskUsingForm() with embedded choosers support
+ IDAPython: added idautils.DecodePreviousInstruction() / DecodePrecedingInstruction()
+ IDAPython: added idc.BeginTypeUpdating() / EndTypeUpdating() for fast batch type update operations
+ IDAPython: added more IDP callbacks
+ IDAPython: added UI_Hooks with a few notification events
+ IDAPython: added process_ui_action()
+ IDAPython: better handling of ea_t in 32/64bit
+ IDAPython: Added netnode.index() method
+ IDC: added DbgRead/DbgWrite functions to access the debuggee memory directly
+ IDC: added highlevel breakpoint management class
+ IDC: added get_nsec_stamp()
+ IDC: added SetBptCndEx(), unlink(), rename(), mkdir() functions
+ IDC: added ProcessUiAction()
+ IDC: added sp register change points functions
+ SDK: added begin_type_updating() / end_type_updating() functions to allow faster updates to the types
+ SDK: added get_strmem2()
+ SDK: added support for asynchronious execute_sync() calls (MFF_NOWAIT)
+ SDK: added system-independent functions to work with pipes
+ SDK: added process_ui_command()
+ SDK: IDC engine is thread safe. However, multiple threads should not access/modify the same IDC variables, this is not supported
+ SDK: implemented choosers embeddable in forms
+ SDK: introduced get_full_data_elsize(), useful for wide-byte processors
+ SDK: introduced qisspace and similar functions to avoid problems with signed chars
+ SDK: introduced thread-local functions to handle error codes (set_qerrno/get_qerrno)
+ SDK: renamed init_process() to launch_process()
+ SDK: trim() removes all whitespace at the string end (before it was removing only spaces and tabs)

USER INTERFACE
--------------

+ wingraph for Qt, kindly shared by Chris Eagle
+ graph: respect the selection priority when displaying nodes and clicking on them
+ added "New instance" menu entry
+ added "Produce header file from local types" menu entry
+ added 'Unsort' command in choosers
+ added Select All/Deselect All context menu items to the structure offset dialog
+ allow to open any file by drag&dropping on IDA icon (previously only .idb files could be opened this way)
+ allow multiple selection in the recent scripts window
+ enabled multi-selection in the Strings List
+ improved 'rename register' dialog box
+ improved the rebase dialog
+ it is now possible to set a string's encoding from "Setup ASCII types" dialog (Alt-A)
+ pressing Ctrl+K will always jump to the stack variable under the cursor (even if stack window is already open)
+ qt: implemented functions to load/free custom icons to be used in contexts like the chooser
+ qt: improved scroll speed
+ qt: improved the windows list dialog (Ctrl-Tab)
+ qt: improved wait dialog speed
+ txt: implemented the Load Binary dialog
+ gui: this is the last release of VCL based idag.exe

DEBUGGER
--------

+ added support for server-side low-level breakpoint conditions. Such conditions are evaluated on the remote computer, without causing any network traffic
+ added support for Android debugger target (native ARM only)
+ Bochs: added debugging support for 64bit code snippets

+ Bochs: path to Bochs can now only be specified through IDA.CFG or PATH environment variable
+ GDB: added support for debugging x64 code
+ GDB: enabled "Run external program" option for Linux and OS X
+ GDB: handle read/write memory breakpoints if the stub supports them (e.g. VMWare)
+ GDB: improved debugging of MIPS16 code
+ Windbg: added support for the 'reconnect' option
+ Windbg: the debugging tools path can now only be specified through IDA.CFG or PATH environment variable

BUGFIXES
--------

all bugfixes since the initial release of IDA 6.0:

BUGFIX: 'open file' dialog in idal was not sorting directories to the end of the list
BUGFIX: "copy structure" and "create structure from data" commands should copy the type information
BUGFIX: "Produce HTML file" functionality was susceptible to Javascript injection vulnerability
BUGFIX: .NET: opcode "constrained." was decoded incorrectly
BUGFIX: a variable name was accepted and ignored in "enum : int mystupidvarname"

BUGFIX: Adding an enum or struct from an already parsed typeinfo that does not correspond to an enum or struct would cause IDA to crash
BUGFIX: AIF: a specially crafted file could trigger arbitrary code execution
BUGFIX: appcall was failing on high addresses
BUGFIX: arm debuggers could lose control after stepping over pop {pc} insn (the target address was calculated incorrectly)
BUGFIX: ARM: ARM processor module was ignoring the "Mark typical code sequences as code" autonalysis setting
BUGFIX: ARM: in rare cases, bogus data interpreted as code could crash IDA with a stack overflow
BUGFIX: ARM: TBB/THB switch constructs were marked up incorrectly, leading to incorrect decompilation in Hex-Rays
BUGFIX: Bochs debugger plugin was hanging if bochsdbg was terminated due to a crash or VM OS shutdown
BUGFIX: Bochs debugger run menu item was not present in the list when no database is opened
BUGFIX: change_storage_type() was creating sparse flags very inefficiently in some cases
BUGFIX: coff/psx/geos loaders had an integer overflow bug in memory allocation
BUGFIX: COFF: a specially crafted file could trigger a heap overflow
BUGFIX: COFF: relocation REL_ARM_SECREL was not handled
BUGFIX: convert_codepage() was prone to buffer overflow exploits
BUGFIX: debugger / stack view address size was incorrect when debugging without an initial database
BUGFIX: debugger options were not restored if the database had no segments
BUGFIX: demangler: for Borland names do not unmangle procedure/template name when it contains >= 36 arguments
BUGFIX: EBC: indirect register operands without index were disassembled incorrectly
BUGFIX: ELF: import list for ELF files was attaching one of the linked .so files to all imports. Since ELF imports use global namespace, don't attach a library name to them.
BUGFIX: ELF: some SuperH files marked as "sh2a-or-sh3" were loaded incorrectly
BUGFIX: ELF: symbols were not loaded from some ELF files with non-standard section names
BUGFIX: enums with custom size were printed incorrectly and thus their names were lost after editing in "Local Types" list
BUGFIX: EPOC: a specially crafted file could cause a heap overflow
BUGFIX: Executing a script with File/Script file could add a wrong file name to the recent scripts list in some cases
BUGFIX: exiting IDA at the very start of debugging would lead to an internal error
BUGFIX: EXPLOAD: a specially crafted file could trigger a heap overflow
BUGFIX: fixed a longstanding 'nrect(..)' internal error that was occurring in rare cases
BUGFIX: fixed a very rare btree error (there was no logic to handle a double page overflow during a key deletion; only single page overflows were handled)
BUGFIX: fixed DLL hijacking exploit for windmp, windbg and pdb plugins
BUGFIX: Fixed multiple execution of the same sync request for blocking operations like launching modal dialog as the chooser.
BUGFIX: fixed occasional crash when opening the breakpoint list
BUGFIX: GDB: for big-endian ARM targets, PSR register value was sent in wrong byte order
BUGFIX: get_flags_novalue() could fail in some rare circumstances (when the debugger is running and a previously defined memory area disappears it could return garbage)
BUGFIX: header() callback was not working in scripted processor modules
BUGFIX: HEX files for wide-byte processors (e.g. AVR) were loaded at a wrong address if a start address record was present
BUGFIX: hardware breakpoints were not deleted correctly on OSX
BUGFIX: hppa: delay slots were calculated wrongly while applying type information to function calls
BUGFIX: IDA could interr when parsing a C header with the same type name as in a loaded standard type library.
BUGFIX: IDA would crash on Mac / Linux when exiting after the user has attached to a process without an initial database
BUGFIX: IDA could fail to detect some address space overflows (when too many big segments were created)
BUGFIX: idag -S switch was not working properly for file names with spaces
BUGFIX: IDC: open_loader_input() would leak linput_t handles
BUGFIX: IDC: SetSegmentAttr() could crash if passed wrong segment address
BUGFIX: implemented the "CLOSED_BY_ESC" configuration parameter for idaq
BUGFIX: in some cases, trying to focus the recent scripts window with Alt-F9 after having added a new script may not work properly unless the window is closed and reopened
BUGFIX: in some cases, when the cursor was on a structure member, IDA was proposing to rename the whole structure instead of the member
BUGFIX: integer overflow was possible in qcalloc()
BUGFIX: get_chooser_object() was broken in the text UI
BUGFIX: it was impossible to launch idaq64 with command line arguments on OS X
BUGFIX: it was impossible to remotely debug 32-bit programs from IDA64
BUGFIX: it was not possible to rename stack variables from the listing at the start of the function in PowerPC files
BUGFIX: it was possible to rename a register to a name with a space
BUGFIX: it was possible to specify malicious plugins to be autorun at the database opening time; introduced an option to enable/disable autorun plugins and set it to 'off' by default
BUGFIX: kernel: on big-endian processors, float values in collapsed (terse) structures were displayed wrong
BUGFIX: OS X debugger could fail if a hardware breakpoint and software breakpoint occurred at the same address simultaneously
BUGFIX: Mach-O: buffer overflow when loading Mach-O files with corrupted export information
BUGFIX: Mach-O: some corrupted files could cause IDA to crash with out-of-memory exception
BUGFIX: MSP430: sub and subc instructions were swapped
BUGFIX: on very rare occasions the graph overview window would process a paint event after having closed a file and access invalid memory
BUGFIX: opcode bytes were not always printed along with the insruction for TMS320C6
BUGFIX: PatchByte() and similar functions were not refreshing the disassembly view
BUGFIX: PC: pushfq and some other 64-bit stack operating instructions were not handled during stack pointer tracing
BUGFIX: PC: some memory references were displayed incorrectly in TASM Ideal mode (for example: [name[eax*4], note the second bracket)
BUGFIX: PC: some switch constructs were marked up incorrectly by IDA leading to wrong decompilation in Hex-Rays
BUGFIX: PC: the wait instruction could be printed with erroneous prefix byte which belonged to the following non-FPU instruction
BUGFIX: PDB plugin would crash on certain input files
BUGFIX: PEF: a specially crafted file could trigger heap overflow
BUGFIX: PPC: immediate operands for some binary instructions (ori, xori, etc.) were incorrectly displayed as signed values
BUGFIX: pressing Esc in a form with Yes/No/Cancel buttons would return 0 (must return -1)
BUGFIX: qt: added graphs toolbar and implemented prev/next toolbar menu
BUGFIX: qt: adding items to the top-level Edit/Jump/Search menus of enum and struct views would fail
BUGFIX: qt: adding menu items to the Edit menu could fail if it was invisible
BUGFIX: qt: after executing custom menu items from the menu by keyboard on Windows the current focus might be lost
BUGFIX: qt: breakpoint dialog was missing the "Refresh debugger memory" option
BUGFIX: qt: call the sizer() callback in the chooser only for refresh events
BUGFIX: qt: calling msg() from chooser's sizer() and getl() callbacks would crash idaq
BUGFIX: qt: correctly associate the idb extension on Windows
BUGFIX: qt: correctly restore arrows width in disassembly when loading a saved database
BUGFIX: qt: correctly restore focus on Windows after having executed an action in the menu (make sure the focus doesn't remain on the menu)
BUGFIX: qt: correctly restore focus with floating docks under Linux
BUGFIX: qt: correctly restore row selection in a sorted list in a chooser after an edit action
BUGFIX: qt: correctly update navigation history when clicking on an edge in graph mode
BUGFIX: qt: could crash when calling Exit() or idaapi.qexit() from scripts
BUGFIX: qt: could sometimes crash when renaming structure members from the disassembly
BUGFIX: qt: couldn't close dock tabs with the middle mouse button
BUGFIX: qt: debug actions were not updated when an instant debugging session ended
BUGFIX: qt: docking the graph overview in a tab view would lead to problems
BUGFIX: qt: don't ask twice in the Save File dialog to overwrite an existing file
BUGFIX: qt: don't show the Sync submenu in a stackview.
BUGFIX: qt: fixed -t command line switch behavior
BUGFIX: qt: fixed a problem with the shortcut system on mac
BUGFIX: qt: fixed case insensitive completer for input fields in forms.
BUGFIX: qt: fixed incremental search in choosers
BUGFIX: qt: fixed some minor graph rendering glitches
BUGFIX: qt: fixed specific group box frame drawing issue in forms
BUGFIX: qt: fixed the not working Follow in Dump command in the hex editor
BUGFIX: qt: fixed the setting of the initial focus in forms
BUGFIX: qt: fixed wait dialog problems on Linux
BUGFIX: qt: fixed wrong behavior of the numpad Enter
BUGFIX: qt: implemented alternative key to Ins on OS X
BUGFIX: qt: implemented blinking arrows in graph view when debugging
BUGFIX: qt: implemented HELP/ENDHELP in custom forms
BUGFIX: qt: implemented external help support for Windows
BUGFIX: qt: implemented FORM_PERSIST flag in open_tform
BUGFIX: qt: implemented auto-indentation in comment/script dialog
BUGFIX: qt: implemented set_dock_pos()
BUGFIX: qt: improved quality of graph rendering in zoom mode
BUGFIX: qt: improved shortcuts behavior on OS X
BUGFIX: qt: input fields in forms were not generating change events
BUGFIX: qt: it was not possible to open Struct window if a function stack window was open before
BUGFIX: qt: it was not possible to overwrite menu label shortcuts with user created shortcuts
BUGFIX: qt: mac: fixed minor glitch in drawing the cursor
BUGFIX: qt: make sure that after closing an idb all actions are refreshed.
BUGFIX: qt: message box shortcuts now work without pressing Alt
BUGFIX: qt: Produce HTML file was using wrong font
BUGFIX: qt: remember the position of the cursor in the struct view when saving database
BUGFIX: qt: reset desktop was not working properly sometimes on mac
BUGFIX: qt: restore focus after a dock drag operation
BUGFIX: qt: select current thread in debug mode
BUGFIX: qt: set_custom_viewer_popup and add_custom_viewer_popup work now even on non-TCustomViewer IDA memos
BUGFIX: qt: set_focused_field in forms would fail at initialization time
BUGFIX: qt: shortcuts for custom data types were not set correctly
BUGFIX: qt: show lock status on the Highlight toolbar button
BUGFIX: qt: show text cursor in the output window
BUGFIX: qt: some entries of the quick open dialog may fail because of wrong context
BUGFIX: qt: the '.' shortcut now activates the command line when the current focus is in the output window already
BUGFIX: qt: the Cancel button in forms was not returning -1
BUGFIX: qt: the chooser now accepts Home and End even from the numpad and acts the same when Ctrl is pressed. Also, the fast search is cleared when pressing these keys
BUGFIX: qt: the Del shortcut in the watchlist was not always working
BUGFIX: qt: the jump to neighbor node shortcuts were working only on mac
BUGFIX: qt: the main window would not show when starting to debug from the command line
BUGFIX: qt: UI would hang if typing a non-matching letter at the last item of a chooser
BUGFIX: qt: was eating too much cpu time when idle
BUGFIX: qt: was not using system locale to convert text data, so localized comments, file paths, etc. were not displayed properly
BUGFIX: qt: would hang if trying to incrementally search for an item in a chooser without having a selection first
BUGFIX: qt: would not revert to default stack variable name if the name was cleared
BUGFIX: text: chooser was leaking memory on destruction
BUGFIX: right click menu was not listing structures with unions and unions as creatable variable types
BUGFIX: rebase_program() was not updating the xref cache, so cross-references could be wrong immediately after rebasing
BUGFIX: Recent scripts window displays blank script file names if no database was open
BUGFIX: result of custom_ana notification was not handled properly, breaking some processor extension plugins.
BUGFIX: IDC: Qword() was not returning 64bit values in IDA32
BUGFIX: SBN: a specially crafted input file could lead to buffer overflow
BUGFIX: SDK: get_default_reftype() was not working correctly for processors with wide bytes
BUGFIX: The IDC engine was failing on __get/setattr__ functions for IDC objects if those functions were registered from the SDK via set_idc_getattr()/set_idc_setattr()
BUGFIX: SDK: launch_process(formerly init_process) function did not handle properly quoted command-line arguments on Linux and OS X
BUGFIX: SDK: OutMnem() did not work properly for values of 'width' different from default
BUGFIX: set_auto_plugins() was allowing arbitrary plugin path (including UNC) thus leading to malicious code execution
BUGFIX: shortcuts for custom graph actions were not working
BUGFIX: some win32 OEM keys  were incorrectly converted to qt codes
BUGFIX: SPARC: R_SPARC_JMP_SLOT relocation was not processed properly in 64-bit files
BUGFIX: SPARC: some WR instructions were decoded incorrectly in V8 mode
BUGFIX: stack view was always using 64-bit addressing in IDA64, even for 32-bit programs
BUGFIX: Symbian debugger was not clearing the old process list before retrieving a new one.
BUGFIX: text version: in the 'create array' dialog box, it was impossible to switch back from binary indexes to any other number base
BUGFIX: The "OK" button in the Choose Structure window was not being enabled when a struct is selected for the first time
BUGFIX: The debugger popup menu to open a register class window was not working
BUGFIX: type parser: type definitions without the terminating ; were silently ignored at the end of the input file (or line)
BUGFIX: ui: a byte with value 0xFF was not printed as a character, even if it was in the AsciiStringChars list.
BUGFIX: ui: avoid duplicate upper/lower-case history entries on Windows
BUGFIX: ui: binary search was searching for wrong pattern if a too long number was entered
BUGFIX: ui: buffer overflow could happen when trying to display a very long string
BUGFIX: ui: Calculator (Shift-/ key) was picking up wrong value from disassembly on OSX and Linux
BUGFIX: ui: fill the Edit->Plugins menu with PLUGIN_FIX plugins when no IDB is open
BUGFIX: ui: IDA could hang while trying to display a hint in some rare situations
BUGFIX: ui: IDA could lock up for some time while trying to display a hint.
BUGFIX: ui: in the 'User Offset' dialog, set initial focus to the 'Base address' field
BUGFIX: ui: the cross reference list would show empty if already open for the same target
BUGFIX: unix: unicode strings were not handled correctly for some locales
BUGFIX: while undecorating names try to preserve the suffix after '@'. remove it only in some special cases
BUGFIX: Windbg debugging mode option was not saved in instant debugging mode
BUGFIX: zero values were always represented as "0" in terse structure representations, even if they should be replaced by offsets or enums or something else

IDA Pro 6.0 feature list (Oct 1, 2010)

PROCESSOR MODULES
-----------------
 
+ 6812: support an alternative memory layout for paged segments which allows to use short offsets inside the segment
+ ARM: added a switch pattern that uses BX to jump to case labels
+ ARM: display the optional operand of the MRC/MCR instructions, as preferred by the ARM documentation
+ ARM: support another variation of GCC Thumb-2 switches
+ PPC: added SPE (Signal Processing Engine) instructions, including floating-point and vector FP
+ PPC: trace stack pointer for 64-bit code
+ SuperH: added SH-4a instructions
+ SuperH: display immediates loaded from literal pool in the instruction itself
+ SuperH: trace stack pointer and create stack variables
+ TMS320C54x: added register definitions for TI Calypso chipset (thanks to Sylvain Munaut)
+ TMS320C54x: better handling of multi-section files (thanks to Sylvain Munaut)
+ TMS320C54x: better handling of multi-section files (thanks to Sylvain Munaut)
 
FILE FORMATS
------------
 
+ Added loader for HP-UX core files (non-ELF), provided by Avi Cohen Stuart
+ ELF: added support for more IA64 relocations
+ LE: added support for bound DOS/4G executables
 
KERNEL
------
 
+ kernel: improved database loading and saving times (new crc32 algorithm)
+ Configurable plugins can specify which platform they can operate on in plugins.cfg
+ demangler: demangle GCC local names (_ZLxxx)
+ FLIRT: added parser for Mach-O object files (pmacho)
+ 'volatile' keyword is automatically removed from function return types
 
IDC & SDK
---------
 
+ IDAPython: added auto completion support
+ IDC: added ItemHead()
+ IDC: added Exec() to execute IDC statement(s)
+ SDK: added idb events for segment name/class modifications
+ SDK: get_many_bytes_ex() to retrieve bytes and information about initialized and unitialized bytes from the database
 
USER INTERFACE
--------------
 
+ it is now possible to jump to a structure cross-reference (default hotkey: Ctrl-X in the structures window)
+ Added "Save to file" to save the trace window contents
+ added a checkbox for sparse segments to the 'create segment' dialog box
+ multiple segments can be selected and moved using the segments window
 
DEBUGGER
--------
 
+ debugger: added support for virtual modules (user-defined modules can be added from api)
+ debugger: non-integer register values can be displayed as hints
 
 
BUGFIXES
--------
 
BUGFIX: 'analyze module' was failing on modules with unknown size; now it tries to estimate it
BUGFIX: -B switch fails to generate ASM files if idb path contains the '.' character
BUGFIX: a structure with pointers to functions with non-empty argument names was incorrectly converted to a local type
BUGFIX: adding a segment could erroneously delete a selector (if the start address of the new segment was equal to the start address of an existing segment and the selector was used only by that segment and the selector of the new segment was equal to the selector of the existing segment)
BUGFIX: after attaching to a linux process the names of the main process module were not available
BUGFIX: arm relative-mode elf files were loaded incorrectly (thumb was not used when required)
BUGFIX: ARM: LDMFD SP (no writeback) was incorrectly decoded as POP in Thumb-2 mode
BUGFIX: binary search could return a result outside of the search region
BUGFIX: Bochs could crash in some cases when setting a bp at data locations
BUGFIX: bochs direct commands were not working under linux
BUGFIX: calc_bare_name() could not handle gcc mangled names with '.' prefix
BUGFIX: command line arguments with backslashes were parsed incorrectly under MS Windows: backslashes were escaped even without quotes
BUGFIX: dummy_name_ea() was failing for dword_xxx dummy names
BUGFIX: GDB debugger: resolved incompatibility with VMWare 7.x GDB stub
BUGFIX: global idc variables of object type would crash ida if they were present at the exit time; now we get rid of them when we close the database
BUGFIX: GUI: chooser window may be improperly resized if moved from a low resolution screen to a higher resolution screen
BUGFIX: IDA could crash if an unsuccessful search backwards was done while the debugger was active
BUGFIX: IDA could crash when trying to display custom data items bigger than 16 bytes in size on big-endian processors
BUGFIX: IDA could endlessly loop on some x86 files
BUGFIX: if a search was performed within a selected text, the screen was not redrawn correctly
BUGFIX: if full stack analysis was turned off and a pdb file was loaded at the idb creation time, the decompiler would interr
BUGFIX: it was not possible to create 64-bit segments from UI for PowerPC
BUGFIX: kernel: user-defined offsets with non-zero bases were not adjusted properly during rebasing
BUGFIX: linux debugger was processing 'detach from process' command not quite correctly
BUGFIX: MIPS: basic block boundaries were determined incorrectly for MIPS16 code (MIPS16 branches do not have a delay slot)
BUGFIX: modal recent script box would crash if no script was selected
BUGFIX: moving the vertical scrollbar thumb in the disassembly listing was not handled correctly for 64-bit programs
BUGFIX: MS DOS: rebasing EXE files was not properly adjusting relocations
BUGFIX: PE loader: a bad load config directory can cause an infinite loop
BUGFIX: qvector's insert/erase methods were moving vector elements incorrectly
BUGFIX: replacing a type the comes from a til file might lead to a crash (if there were no defined local types yet)
BUGFIX: script processor module could crash if 'codestart' and 'retcodes' fields were used under Linux/MAC
BUGFIX: the 'switch debugger' command was available only when a disassembly window had focus
BUGFIX: the disassembly text that was copied to clipboard could contain odd characters at the begining in some cases
BUGFIX: the help subsystem of the text version was using memory allocation functions incorrectly
BUGFIX: UI: indexes printed for array of structures were incorrect
BUGFIX: UI: it was not possible to set the type of a structure member ('Y' key) if the cursor was on an undefined area in the disassembly view.
BUGFIX: Windbg plugin now forbids starting a process in non-invasive mode. Only non-invasive attach is supported.