New Features in the IDA Pro v4.8  (3/15/05)

Major Features

Instant Debugger: The debugger can be launched and a process started without a database. This feature is available locally and remotely and allows the debugger to be attached to any running process in the system. IDA can be used as the default system debugger.

Remote 64-bit debugger for MS Windows 64 running on AMD64/EMT64. IDA itself runs in 32-bit mode while the debugger server runs in 64-bit mode to launch and debug 64-bit applications.

Ffull type system support for the ARM processor. IDA supports the function calling conventions and comments function parameters in the same way as it does on PC. The ARM module has been significantly improved: see a list of all the ARM specific enhancements below.

Wizard-like interface to load new files. IDA assists the user in the initial load process by asking relevant questions about the file. This interface is configurable with XML files.

Processor Modules

New processor: Analog Devices ADSP 218x (advanced version)

ARM: "no automatic arm-thumb switch" option has been added.

ARM: conditional instructions modifying SP are not taken into account while tracing SP.

ARM: ADDAL PC,... always stops the execution flow.

ARM: EPOC imported function glue code is recognized.

ARM: IDA creates ALIGN directives before and after jump tables in the thumb mode.

ARM: IDA displays jump table comments for all types of jump tables.

ARM: IDA knows about function calling conventions.

ARM: IDA propagates the T bit for all code xrefs; since there are many ARM/THUMB switches now, superfluous directives to switch the mode are not displayed.

ARM: R_ARM_PC13 relocation type is supported.

ARM: a function consisting of MOV PC,LR in the thumb mode is recognized as a nullsub.

ARM: for jump targets: do not automatically switch to another mode if there is already an instruction disassembled in the current mode.

ARM: it is possible to modify the operand type of indirect operands like '=xxx'.

ARM: jump table recognition has been improved.

ARM: some BL instructions are treated as simple B (not as function calls): if the target destroys the LR in its first basic block.

ARM: thumb mode EPOC apps are recognized and analyzed properly.

ARM: IDS files for MFC.

ARM: Windows CE types are added.

ARM: function creation is improved very much.

ARM: new IDS files.

ARM: updated flair signatures.

IBM PC: "test x, y" operands are reversed if x and y both are registers. For some obscure reason all assemblers reverse them.

IBM PC: alternative collapsed output of structures.

IBM PC: better detection of the function frame size.

IBM PC: emulator knows about functions starting with mov rX, rX

IBM PC: for instruction "lea xxx, ds:###" the second operand is automatically converted to an offset if it makes sense.

IBM PC: imul instruction always has signed immediate operand because unsigned negative operands are compiled incorrectly.

IBM PC: int xx instructions generate xref to low addresses only in the binary files.

IBM PC: support for TASM ideal mode has been added.

IBM PC: parameters of linux system calls for pc are commented (there are some problems with some syscalls, like socket())

IBM PC: better handling of the _alloca_probe() function: ida does not blindly delete the stack frame of functions using the __alloca_probe function - this might lead to more unreferenced variables.

IBM PC: __chkstk is recognized as a function changing the stack (as __alloca_probe).

MC68K: immediate instruction operands are represented as unsigned numbers by default (with some exceptions)

68K: better treatment of pea/lea instructions (please reanalyze existing databases!)

PPC: added support for subi/subic instructions based on TOC/segment registers

80196: changing to processor type to 80186NP makes the segment registers available immediately (no need to reload the database)

DSP56K: many nops in a row are not disassembled automatically

H8/500: considerably improved the analysis, fixed bugs

better handling of segment registers for ARM, M7700

File Formats

Wizard-like interface to load new files into the database.

COFF: Windows AMD64 files are supported. Relocation information is not handled since documentation is not available.

COFF: added support for Window64 object file relocations. Since there is no documentation on the topic, some relocation might be incorrectly handled

COFF: improved file format detection for zero filled files

COFF: labels with '$' have less priority than normal names

COFF: added support for ARM THUMB files (relocations are not supported yet)

ELF loader allows to load files for unknown machine types

ELF: AMD64 .got relocation types are handled (.plt is not handled yet)

PE: crippled files with unusual information about the PE header can be loaded into the database with the file header./LI>

PE: in the manual mode IDA rounds up the exact segment size in the header to the file alignment.

PE: new option: create flat group. The segment registers will use flat group instead of the real segment names.

The default value is specified with the PE_CREATE_FLAT_GROUP parameter in the IDA.CFG file.

PE: files with partially corrupt relocation table can be loaded into the database.

PE: ida can load truncated import tables.

Palm Pilot program analysis is improved (recognize pea/rts sequence, some pilot debug info, handle pea in a special way to create more code)

Palm file loader uses 68K universal emulator by default.

binary files: by default ida creates 32-bit segments if the input file is bigger than 64K

file loaders do not exit() to the operating system in the case of problems with the input file but rather stop the loading process and return to ida

the analysis of MS DOS 32-bit extender files has been improved

Kernel Enhancements

dump database to idc': local names are saved to the IDC file

added support for __declspec(align(#)) keyword in the type system.

bitwise negation works for structure members.

checkarg knows about nested structures (yh)

coagulation algorithm has been improved

flirt: tiny (less than 8 bytes) unnamed library functions are ignored

frame pointer delta has been introduced. This delta is useful for functions with the frame pointer pointing to the middle of the stack frame. Usually the frame pointer points either to the top or to the bottom of the frame. However some new compilers set the frame pointer midway. IDA knows about IBM PC function prologues with such frames and automatically determines the frame pointer delta. For other compilers/processors, the user can specify the detla value in the 'edit function' dialog box.

+ ida uses new memory allocation scheme; the old memory allocation algorithm was too conservative in the memory use.

if the structure offset is equal to the structure size, then it is displayed as "size struct_name".

it is possible to include local names in the output map file.

new environment variable: IDAUSR. This variable specifies the directory with the user-specific settings.

speed: ida tries to create function tails only if there is a reference from a function to a non-function.

structure variables can be displayed in the terse one-line form if the target assembler supports this representation

new output file type: assembly include file.

added conditional expressions to the 'idsnames' file til selection. Now IDA loads appropriate ntdkk file depending on the input file bitness.

the default offset type depends on the current item size (before only the current segment bitness was used to determine it).

type system: added support for __declspec(align(#)) and __unaligned keywords.

FLAIR utilities are updated to support AMD64 files; Visual C++ v8.0 signature files are added.

TIL files for AMD64 are added; tilib is improved to handle constructs in the new header files.

combined vc6win.til and vc6winr.til - vc6winr.til does not exist anymore.

the use the -p switch is permitted for old databases.

new analysis option: create data offsets when possible. This option leads to more aggressive offset creation which improves the disassembly in most cases.

IDA does not comment function call parameters referencing to strings because such comments make the string invisible at the call site

__imp_ prefix is ignored in the type libraries.

pointers to functions are supported in the parameter propagation; trying to apply a data type to an instruction generates an error message.

when creating a thunk function, IDA copies the target prototype to the thunk.

in the type libraries, _name@## is the same as 'name' (visual c++ uses both names to denote the same function)

more aggressive parameter type propagation.

better algorithm to create data arrays

SDK and IDC

IDC: added MakeNameEx() function to have full control on renaming program addresses.

SDK,IDC: added functions to manipulate XML values in the internal XML tree.

SDK: IDC functions can be called without a database. Built-in functions have a special flag EXTFUN_BASE telling that they must be called with an open database.

SDK: SetFileExt, FileExt, hasExt functions are renamed as set_file_ext, make_file_ext, get_file_ext. Additional parameters to check buffer overflows are added.

SDK: added a possibility to tell 'this is definitely not a thunk function' in the ph.is_jump_func notification for the processor modules; this leads to the slight API change which should not pose any problems with the existing modules.

SDK: added more segment alignment codes.

SDK: added netnode::end() and netnode::prev() functions.

SDK: additional parameter for parse_type() - the name of the declared variable.

SDK: bit masks are supported by get_name_value().

SDK: find_error(), find_notype(), tag_skipcode() functions are added.

SDK: functions dealing with the signness and bitwise negation are revised; now the bitwise negation has a bit in the flags which allows to use it in the structure and enum definitions.

SDK: gen_idc_file() is removed; use gen_file() instead.

SDK: introduced 'stack variable scaling factor'. Used for processors which implicitly scale stack variable references, e.g. tms320c55.

SDK: introduced the notion of 'ephemeral' segments: debugger segments which are not loader segments. The kernel does not analyze ephemeral segments.

SDK: introduced the notion of a 'loader' segment. All segments created by loaders have this attribute.

SDK: is_32bit_func() is replaced by get_func_bitness().

SDK: leading_zero_important() function has been added.

SDK: only debugger segments can be created when the debugger is active. you can use change_segment_status() to convert debugger segments to regular segments afterwards.

SDK: ph.kernel_config_loaded callback has been added - for plugins who want to set their own config settings

SDK: removed the ph.align_size() callback from the type system callbacks.

SDK: shortened some field names in the debugger related structures (thread_id -> tid, etc).

SDK: the string list is available to plugins.

SDK: new function set_sreg_at_next_code(); ph.setsgr parameters are changed.

SDK: introduced AS2_COLONSUF for assemblers with :xx suffixes in the address expressions.

SDK: renamed 'analyse' -> 'analyze' in all function names.

SDK: added auto_queue_empty callback.

SDK: choose_ioport_device() has no default parameters (so we have a compilation error instead of wrong runtime behaviour).

SDK: get_member_ti() accepts NULL as the buffer.

SDK: interface to the file loader has been changed. Instead of FILE *, now we use linput_t * (see functions in diskio.hpp). linput_t allows to work with local and remote files.

SDK: modified the interface of many functions to avoid buffer overflow vulnerability problems.

SDK: new function sanitize_file_name()

SDK: renamed cmangle_name() -> decorate_name()

SDK: splitSRarea() has been removed. Use splitSRarea1()

SDK: added a comment about the necessity of using the invalidate_... functions from the debugger notification callbacks.

SDK: added func_t * to the display_flow_graph()

SDK: added qisdir() function.

SDK: added qvector and qstring template classes to IDA API.

SDK: method to obtain the debugger description has been changed: now the init() function of a debugger plugin must fill the 'dbg' global variable if it wants to stay in the memory; the run() method is not used for the debuggers anymore

User Interface

new command: take memory snapshot.

new command: 'generate include file'. 'generate assembler file' does not generate the type declarations anymore.

new commands: find error operand and find all error operands. these commands look for operands in red; 'search for immediate' has new mode: look for untyped immediate values.

'disable addresses' checkbox in the 'edit segment' dialog is taken into account even if 'move adjacent segments' is on.

added a warning message telling that IDA does not handle relocation information of Mach-O files (in other words, external references in Mach-O object files are not resolved).

added checkbox to modify 'loader segment' attribute.

added separate menus to run and attach to processes with no existing database (local & remote).

arrows to/from locations with huge number of xrefs are displayed fast.

faster display of data items (we do not analyze them repeatedly anymore).

graphing commands are available in the text version; the GRAPH_VISUALIZER parameter is moved from idagui.cfg to ida.cfg.

gui: added an option to confirm the 'undefine' command only if there is a selected area.

gui: command line switches are used only for the first database.

hidden areas have short comment with the current address by default, words "[PRESS PRESS + TO UNCOLLAPSE]" are not added to the comment.

if ida is launched with the file name in the command line and the user decided not to load it, then ida quits immediately.

mark location: the name of the marked location is proposed as the default mark description. up to 1024 locations can be remembered.

the notepad now uses the same font as the disassembly views.

the strings window is available in the text version.

text: multiple selections are supported in various lists.

text: the text version uses the system clipboard under MS Windows.

tv: better handling of the keyboard input under NT; fixed a bug with macro_ready; window resizing (YH)

tvlinux: xterm-scokey supports Shift-PgUp/Shift-PgDwn key combinations.

ui: eventually create 64-bit words by pressing D if the input file contained 64-bit segments.

ui: increased the limit on the number of marked locations to 1024 (see the next Changelist!)

ui: it is possible to edit the type of data items; the item must have a name in order to have a type.

ui: remembers the last settings used in the 'make array' command.

WINDIR parameter is back in the gui version.

'Jump to new hex window' command added in disassembly view popup menu for addresses and operand values

'log breakpoint instructions' controls all breakpoint instructions, not only the breakpoints not set by the debugger.

CONFIRM_SETFUNCEND_COMMAND config file parameter makes IDA to ask for a confirmation of the 'set functon end' command.

library module sizes in the library display are shown in hex with the leading zeroes - makes it possible to sort by size.

txt: multi-column lists with wide last column (like list of strings) can be scrolled left to see the whole strings.

txt: text version always asks for a confirmation of 'undefine' command.

ui: Shift-F12 opens the strings window in the text version (the same hotkey as in the gui version).

ui: the default button for the 'undefine' command confirmation dialog box is 'no'

Debugger

debugger: -r switch to run IDA and debugger without a database.

debugger: handle int3 SEH exceptions.

debugger was not active if the PE subsystem was not Windows. Now unknown subsystems can be debugged too.

debugger knows about fs:xxx references (ida api has changed!); the debugger reference view has been improved (text mode)

debugger segments are created in the collapsed form.

debugger: 'Library unloaded' events display the full path to the unloaded DLL if available (exactly like 'Library loaded' events).

debugger: IDA automatically detaches from a previously attached process if the user closes the database.

debugger: network errors are handled properly and do not lead to ida crashes.

debugger: the debugger server checks the interface version number upon connection to ida interface.

debugger: changed the default background color.

debugger: added a button to reload the exceptions table from the exceptions.cfg file.

debugger: exception handling is improved, added exceptions.cfg: the exception handling information for new databases; the exception info originates from this file and is passed to the debugger module.

ida can be used as the system just-in time debugger in windows.

it is possible to delete problems directly from the 'choose problem' modal dialox box.

text debugger: 'set current ip' and 'show application screen' commands have been added.

text debugger: added possibility to save/restore the application screen so that ida and the debugger application can share the same screen (YH).

text debugger: display the current operand value/address

Bugfixes

'dump to database to idc' was producing incorrect Function_###() functions.

'reload input file' of a database with the resources section of a PE file would not reload the resources section.

'search for void' was not stopping at the correct operand in the text version.

16 and 8 bit offset expressions are calculated with appropriate arithmetic.

6812: memory mapping of data references was sometimes wrong; other modifications.

68K module was incorrectly tracing SP for some instructions.

8051: addressing to FSR and RAM has been corrected.

AIF loader was not loading properly big endian files.

AVR uses OOFW_8 instead of OOFW_IMM+dt_byte to represent numbers because dt_byte has 16 bits.

AnalyseArea(0, BADADDR) was not working.

COFF loader could reject some correct files.

Ctrl+V was not working in the notepad.

IBM PC movmskps instruction was disassembled incorrectly ; movddup, movsldup, movshdup instructions were unknown; (everything due to intel manuals from 2003); only mm form of pmulhuw was disassembled.

IBM PC: sldt/str instruction have 16 bit operands because 32 bit operands are rejected by the existing assemblers. Intel docs say that these instruction may have 32-bit operands.

IDA complains about patching relocation bytes only if they really change their values.

IDA could crash if a function in the navigation stack was destroyed and the user decided to return to it.

IDA could spend huge amount of time refreshing the navigation band when loading some files.

IDA was too agressive in function tail creation.

IDC: if(...) {} could not be executed.

IDC: the definition of function with long names were properly parsed but it was impossible to call them properly.

MC68K: IDA was not taking into account that lea xxx(sp),sp instruction modifies the stack pointer.

MC68K: pea/lea instructions with offset operands were not creating xrefs; fixed a small typo in processor specific options dialog box.

MS DOS overlayed exe files were incorrectly assigned the small memory model.

PPC module was incorrectly using general registers instead of floating point registers in some instructions.

PPC: IDA was too aggressively creating xrefs to lis/addi pairs.

PPC: do not truncate TOC offsets to 16 bits anymore.

PPC: lfsx first operand is a floating point register.

Palm pilot module was using big endian mode for all processors (and the base == 0 regardless of the user settings).

SP was not properly traced for F2MC, MC6816, TMS320C54, TMS320C55.

TMS320C3 module could crash on some opcodes.

TMS320C54 had several problems: wrong data type of memory operands; (DP<<&)+Smem operands were displayed incorrectly; wrong xref type of macp, macd instructions.

TMS320C54: stack variables were not correct because the return address size was not specified for the module.

access violation during analysis if the data segment was not loaded (manual load; refuse to load the .data segment).

access violation in the following case: start idag with a wrong file name in the command line, press cancel on the file selection dialog and close ida by pressing the 'close' window cross.

autoanalysis queue was losing requested addresses in some rare circumstances.

collapse the current segment only if the cursor is at the segment start; this is done to avoid segment collapsing when the user presses '-' inadvertently.

comhelper plugin was accepting only "_GUID" as the structure name.

compiling an idc file from a running idc script could pose problems.

debugger register views were not wide enough.

debugger: IDA was sometimes returning wrong paths for loaded DLLs - we now try two different technics to determine the full DLL path, and finally return the export name from the DLL in case of failure.

debugger: in some cases it was impossible to manually detach/terminate a process.

debugger: attaching to a remote process several times might cause problems.

debugger: modifying a register value inside an IDC condition was not working properly for multi-threaded applications.

debugger: stepping over "repne jmp short label" would lead to running the application.

debugger: the EFLAGS register was not properly updated after the user manually modified a CPU flag.

debugger: when switching the main registers window from MDI to desktop/on top, some controls were disappearing.

del_cref() might delete a data, not only instruction if there were no references to the target address.

displaying hints to collapsed hidden areas could hang ida for long time.

double clicking in the list of found items would change the position in the disassembly view but would not switch to it, confusing the user.

en masse operations with the value range would not affect non-void operands.

function addresss iterator might return a wrong address for some special cases (for functions with several tails and a condition which is not satisfied for some for them). In particular, the list of xrefs to stack variables might be wrong if the function had several tails without any stack variables in them.

guess_type() could crash if the address of a pointer referencing to itself was passed.

hopefully the problem with persistent 'please wait' box is fixed.

ida could loop infinitely if a function tail would call itself and could not be converted to a function.

if IDA has been minimized, chaning the desktop color would crash IDA.

in PE files IDA thought there was a relocation attached to the first address of a segment with relocations. This might have lead to the treatment of entry points at the segment starts as non-function exports but as data exports.

it was impossible to cancel an offset operand by pressing 'o' in some cases.

it was impossible to detach from a process in the suspended state (process would crash).

it was impossible to disassemble files with the 'reg' extension.

it was impossible to load resources of LX files.

it was impossible to select one line address range in the text version.

it was impossible to set a software breakpoint in a readonly page.

it was impossible to specify a function prototype to insert/shift arguments + the type of function arguments in the stack frame is adjusted when modifying the function prototype.

it was impossible to use any keystrokes in the cpu register window is the focus was on a register value field. Now it reacts only to hex values and backspace.

item types are displayed regardless of how the demangled names are displayed. before they were not displayed if demangled names were displayed in the listing as names (not as comments).

linux debugger was not closing file handlers before launching the debugged application.

linux version was creating ~/.idapro with wrong permissions.

linux: information about hidden messages is saved in the user directory, not in ida directory.

linux_stub file was missing which made impossible to debug linux programs from ms windows.

locret_ labels are generated correctly for wide byte processors with high byte first.

message boxes could not be displayed recursively.

output map files were wrong after rebasing a PE file.

pelf was not aware of module names separated by '\n'

qbasename() does not crash on NULL (it seems that it was designed not to crash but there was a bug).

rebasing the database would lead to the corruption of the function list.

references to stack variables at offset 0 from esp were not listed in the xrefs window.

removed minor memory leaks (occuring in some cases for IDC expressions returning a string).

renaming a variable with a dummy name to which there was a reference from a manual operand would leave the manual operand unchanged.

some key combination in the text version were not available.

some object files from libraries could not be loaded.

structure definitions were not padded correctly at the end.

structure pathes were one byte too long in the case of normal members (not really important); added a comment about structure pathes in nalt.hpp.

structure sizes were not properly padded.

temporary input file from an archive was not deleted at the end.

text mode debugger would have a garbage character in the line prefixes of continuation lines.

text version was not handling properly database rebasings.

text version: displaying a wait box does not change the cursor position in the input line.

the 'Flow chart' command was broken for a selected code area.

the 'IDC scripts' toolbar was disappearing when loading scripts and was not restored properly.

the 'Lock highlight' button was not properly refreshed.

the first operand of the 68K moveq instruction should be signed extended to 32-bit.

the strings window was empty at the file loading time if a hex view was open.

tv (text version): it was not possible to use the clipboard in the notepad.

wide byte data array might be displayed incorrectly.

windows gcc library was wrong in the sdk.

wrong "variable %s not found" message could appear after running an idc script.

wrong ARM-THUMB switching after some BX instructions.

z180 configuration file had wrong definitions.

"reset hidden messages" was not resetting the hidden welcome box.

ARM could make the T register value 2 or even 3

H8/500 rtd instruction was disassembled incorrectly.

a memory leak in the lexical analyzer is fixed.

if the user zooms in on the navigation band and clicks on the left arrow and holds the left mouse button to scroll, and moves the mouse cursor to the left outside of the navigation band window (while holding the button), the band starts scrolling to the right instead of to the left.

in some cases IDA would not undecorate the function name for the 'set type' command.

trying to disassemble a file in the root directory undef linux would crash IDA.

when loading .h files IDA was not decorating the function names.

'Clear trace' and breakpoints menu items in popup menus of the Trace, Entry points, Functions & Names windows could be duplicated.

IDA could crash if a stack view was open, then the corresponding function was deleted and the user tried to create a new stack varaible for the dead function.

IDA could hang trying to guess function types for HPPA.

IDA could undefine items in the imports segment trying to apply type information; now items in the imports segment are not undefined.

Jump commands were not available in popup menu for operands pointing to an undefined value.

M32R displacement operands were truncated during display; addi and other instruction operands are signed by default.

SDK: debugger: calling run_requests() from a debug event handler was processing waiting step requests too slowly (in fact during idle time).

adding/deleting tils always refreshs the disassembly view.

fixed a memory leak in the name handling.

fixed a memory leak with til files.

h8/500: clr.w @-sp was not modifying the stack pointer; slightly changed the output of fucntion headers (always output far/near keyword).

hint for the "create flat group" checkbox of the 'load file' dialog box was incorrect in the gui version.

it was not possible to jump to a location if the cursor was just behind the end of the line on the screen.

the xrefs list would not be immediately refreshed after changing the xref parameters using the Options menu.

there was a GDI resource leak in the colors dialog box.

txt: open the strings window without closing it would make it empty.

while deleting debugger segments, IDA could delete the first non-zero flag of the next segment.

New Features in the IDA Pro v4.7  (8/30/04)

MAJOR FEATURES

Support for non contiguous, fragmented, multiple chunks functions has been added. The analysis of theses functions has been greatly improved.

a LINUX console version of IDA Pro is now available. The source code of the TVision library used for the interface will be freely downloadable.

REMOTE DEBUGGING between Linux and Windows systems. (only singlethreaded linux applications are supported by the debugger). Source code will also be available.

NEW PROCESSOR MODULES

DSP561XX: new processor (in the advanced version)

TMS320C3: new processor (in the advanced version)

Angstrem KR1878: new processor

Motorola HCS12: new processor

KERNEL IMPROVEMENTS

+ Mulitple chunk functions are supported. IDA will automatically create function tails if this option is turned on. The option is turned on by default for the new databases, for the old database, it is turned off.

+ the idc engine does not use disk files anymore and is now faster.

+ created subdirectories for input file loaders, processor modules, configuration files.

+ Added an option to allow the recognition several copies of the same function

+ Added an option to comment anonymous library functions with the description of the FLIRT signature

+ Argument type information is propagated more actively

+ flair application collisions are marked with comments

+ improved handling of spoiled structure and function frame definitions

+ renaming a function as "exit" stops the execution flow

+ type information is saved for the structure members coming from the type libraries

+ better handling of trivial jump functions

+ slight improvement of jump table handling: .got entries are never considered to be big jump tables

+ the function boundary determination algorithm has been improved

PROCESSOR MODULES ENHANCEMENTS

+ 6502: immediate instruction operands are unsigned by default (were signed)

+ 6812 debugger: beta test version is ready and included in the distribution

+ 6812: better configuration file; CASM assembler is added

+ 6812: pc relative references are resolved and displayed as comments; cross references for them are created

+ ARM: ADD PC, ... stops execution flow

+ ARM: ADD Rn, SP, #offset is automatically converted to a stack variable

+ ARM: ARM processor module has been improved in many aspects thanks to Willem Hengeveld <itsme@xs4all.nl>

+ ARM: IDA knows that LDM Rx, {reg} spoils the register

+ ARM: IDA knows that some BL instructions should be treated as B instructions

+ ARM: MOV PC,... and LDR PC,... instructions are handled better

+ ARM: RVA32 relocation type is supported

+ ARM: arm <-> thumb thunks are recognized

+ ARM: better reaction to the execution flow going to an unexisting address: before there was an error message that it is impossible to assign the segment register T, now the offending address is stored in the problem list.

+ ARM: better register tracing to detect the target of the BX instructions

+ ARM: better support for the thumb mode relocations

+ ARM: glue code is recognized as a jump function

+ ARM: improved the analysis of the jump tables and the glue code

+ ARM: modifying the T register reanalyzes the current instruction

+ ARM: the following sequence does not stop execution: MOV LR, PC; MOV PC, ... or BX Rx

+ ARM: thumb instruction can be converted to macros too

+ HPPA: basic blocks are detected properly; added type system; better analysis in general

+ HPPA: option to use mnemonic register names is added. off by default.

+ HPPA: stw/ldw instructions have ",ma/b" completers; unused %sr0 registers are not displayed

+ IA64: better detection of operand sizes

+ IA64: multibyte character constants are allowed for GNU as (desipte the fact that it does not support them)

+ IBM PC: type information for functions called indirectly with complex offset expressions is propagated properly

+ IBM PC: push ##/pop eax is recognized as a sequence equal to "mov eax, ##"

+ PPC: addi instruction is taken into account when tracing the stack pointer

+ PPC: operands are converted to offsets only if the target is present in the program

+ PPC: support for GNU assembler is added

+ PPC: support for R_PPC_ADDR16_HI relocation type is added

+ PPC: type system support is added

FILE FORMATS

+ ELF: added an option to force PHT instead of SHT (useful for viruses and malicious programs)

+ ELF: ARM relocations are supported properly

+ ELF: HPPA relocation information is processed. Since there is enormous number of relocation records, we process only a limited number of them

+ ELF: IDA knows about some internal symbols generated by the ARM compiler

+ ELF: a bad section declaration is not considered as a fatal error during loading; PHT manual load is supported

+ ELF: pressing cancel in the manual mode aborts the whole loading process

+ ELF: introduced environment variable IDA_ELF_PATCH_MODE which can be used to override the patching made by IDA to the database when a new elf file is loaded

+ EPOC: condition and option lines in SIS files are properly recognized and skipped

+ HPSOM: $DLT$ entries are ignored during loading imports

+ AR libraries with '\n' embedded in the file names are processed correctly

+ MS DOS COM files use the metapc processor by default

+ MACH-O: MAC OSX support for the type system is added

USER INTERFACE

+ support for multiple selections in various lists has been added

+ debugger: '0', '+' and '-' keys can now be used to quickly zero, increment or decrement register values

+ debugger: 'Toggle value' command added to registers window (useful to quickly toggle flags)

+ debugger: added 'Add breakpoints', 'Enable breakpoints', 'Disable breakpoints' and 'Delete breakpoints' commands in popup menu of various lists (functions, names, ...) - these commands also accept multiple selection

+ debugger: during debugging, addresses in import section are now displayed as data: allows to easily view and jump to the target

+ debugger: Cancel is now the default button in the debugger warning message (appearing the first time the debugger is started)

+ tracing: added an option in the 'Tracing options' window to suspend tracing over library functions (enabled by default)

+ tracing: can now browse in Trace window even if process is not suspended

+ tracing: green arrow (target arrow) is refreshed during backtracing

+ tracing: in the trace window, a trace event selection is conserved (while it is in the trace buffer) - if the last trace event is selected, the selection will continuously remain on the last inserted trace event

+ added option to turn off the autoappend feature

+ can open more than one hex view - these hex views aren't anymore synchronized with IDA Views by default (to synchronize a hex view with an existing IDA View, use the 'Synchronize with' command in the hex view's popup menu)

+ command line status is now saved in the desktops

+ improved the 'offsets en masse' command: now ida verifies if the offset can be applied

+ it is possible to hide the question about a debug file from MSDN

+ most Jump and Search commands now work in hex views

+ positions of dialog boxes related to database are now saved to desktops

+ jumping to a problem does not delete the problem from the list anymore

+ it was not possible to choose an xref to a structure, so this command has been disabled

+ wrong values for the -z switch are catched and reported properly

+ 'dump to idc' can dump a selected part of the database

+ the offset in the 'Structure offsets' dialog box can be specified as a decimal or hexadecimal value

SDK & IDC (please look at the history file in the SDK for the details)

+ IDC: loadsym.idc is improved to support VisualAge (thanks to Dietrich Teickner)

+ IDC: #import directive can be used instead of #include

+ IDC: SegByName() returns the segment selector instead of its base address. The base address can be calculated from the selector by using the AskSelector(x)<<4 expression.

+ IDC: Set/GetFunctionAttr(), SetSegmentAttr() functions are added; existing functions are converted to macros using these new functions

+ IDC: added a comment about the color coding

+ IDC: added a flag to generate HTML files for GenerateFile()

+ IDC: loaddef.idc is donated by Dietrich Teickner; loadsym.idc has also been improved.

+ IDC: long running IDC scripts can be cancelled

+ IDC: optimization: idc.idc is parsed only once at the database loading time (used for inline expressions and the calculator; idc scripts including idc.idc will parse it at each compilation)

+ IDC: ord() function to get code of a character is added

+ IDC: removed the 64K limit for the compiled function length

+ IDC: rotate_left() function to rotate bit field is added

+ IDC: the built-in parser looks for the include files in the directory of the current file as well as in the directory of the main input file for '"' includes

+ IDC: SegAlign() and SegComb() functions are converted to macros; fixed a bug with SEGATTR_DEF_.. constants

+ SDK: HIGH22 and LOW10 offset types are generalised to be VHIGH and VLOW. The processor module can specify the widths of these fixups in the ph.high_fixup_bits field. Currently they are used in the SPARC and HPPA processors.

+ SDK: NULL value may be passed as the tester function to the nexthat, prevthat functions. It means that any address satisfies the criterium.

+ SDK: PR_FULL_HIFXP is introduced. It means: VHIGH fixup type expects the operand value to be equal to the full address of the target, not only the high bits. Used for HPPA HIGH21 fixup types.

+ SDK: UI list functions (choose(), choose2(), ...) now support multiple selection => the delete callback prototype was changed accordingly (older plugins can simply return 'true' to remain compatible)

+ SDK: added possibility to pass command line options to plugins (get_plugin_options)

+ SDK: added set/get_idc_func_body() to avoid frequent recompilation of IDC functions

+ SDK: debugger: enable_XXX_trace() functions can now disable tracing but conserve trace-over breakpoints

+ SDK: gen_use_arg_types() is added

+ SDK: lread() function is added; this function should be used in the loaders instead of eread(). The lread() function verifies if the read is ok, if not, it informs the user about it and asks if he wants to continue. If the user does not want to continue, the loader_failure() function is called

+ SDK: regex_match() to match regular expressions is added

+ SDK: removed support for the watcom compiler

+ SDK: set_idc_func() to add/remove IDC functions written in C++

+ SDK: the kernel knows about macroinstructions (cmd.flags |= INSN_MACRO); fixup information for macroinstructions is handled in a special way: partial fixups are combined into one full fixup

+ SDK: AS2_BYTE1CHAR is added: for wide byte processors, one character per byte

+ SDK: added the FILE option to the AUTOHIDE keyword for message boxes, to save hidden message box results to IDAMSG.CFG

+ SDK: get_next/prev_member_idx() functions are added; guess_func_type() understands stacks growing up (not tested yet)

BUGFIXES

BUGFIX: 'Attach to process...' and 'Detach from process' commands were sometimes not visible

BUGFIX: 'Change stack pointer...' command in context menu was sometimes displayed 2 times + we now always display it if Stack pointer is visible

BUGFIX: 'Reset desktop' command was not resetting settings from default hidden windows

BUGFIX: -b command line switch was broken

BUGFIX: AMD64 RIP addressing was decoded incorrectly if the second operand of the instruction was an immediate value

BUGFIX: ARM thumb BLX direct-addr could not be disassembled

BUGFIX: AS_STRINV flag could revert the value of 'inf.wide_high_byte_first' if the input string for the get_ascii_contents() function was too long to be stored in the buffer.

BUGFIX: C166 exts instruction was not emulated properly

BUGFIX: EIP was sometimes not properly invalidated on the screen when the debugger was running

BUGFIX: HPPA stack frame is created correctly

BUGFIX: IDA could enter an endless loop if a data item with an offset was visible on the screen along this the referenced instruction which was leading to the reanalysis of the data item (in other words, the data item causes the reanalysis of the instruction; the instruction leads to the reanalysis of the data). Scrolling aways from such a place would break the loop.

BUGFIX: IDA was loading some elf sections even if the user asked not to load them in the manual mode

BUGFIX: IDA would report not enough disk space on Windows98 if started in a directory with a double extension (like c:\dir\4.3.2\)

BUGFIX: IDC conditions (for breakpoints and tracing) referencing memory bytes were sometimes not properly evaluated

BUGFIX: IDC: ltoa() function was broken

BUGFIX: IP view was not properly refreshed if IP was not visible and the user switched between threads with same IP (for example 2 sleeping threads)

BUGFIX: Intel 8051: IDA crashes if at the loading time the user clears the "create segments" checkbox.

BUGFIX: MC6816 module: offset xrefs were not properly created for some operands

BUGFIX: PE loader would crash if only the PE header was loaded into the database and all other segments were skipped; made many PE loader messages hideable

BUGFIX: PrevHead() IDC function was returning wrong results

BUGFIX: R_PPC_ADDR16_LO relocation type was processed incorrectly for object files

BUGFIX: TXT: a segfault could occur after closing the Structures or Enums window

BUGFIX: TXT: on Windows 9X, it was not possible to enter some characters (like the @ character by pressing AltGr+Q on a German keyboard) => define the TV_IGNORE_RIGHT_ALT_PRESSED environment variable to let IDA ignore such key combinations on Windows 9X

BUGFIX: TXT: segfault when you grab the lower right corner of the disassembly window with the mouse and drag it to the left, shrinking the window (qsnprintf() should never return -1)

BUGFIX: an xref window would become empty if a modal window with xrefs to the same ea is opened and closed

BUGFIX: better handling of thread suspends/resumes for multi-threaded debugging

BUGFIX: closing Enums window by pressing ALT-F3 was causing a segfault

BUGFIX: colors of hidden areas were restored incorrectly

BUGFIX: column widths for the function list were wrong for 64-bit version

BUGFIX: epoc: the export table was located incorrectly

BUGFIX: debugger: DLL rebasing was not working properly in some cases

BUGFIX: debugger: FPU registers were sometimes not properly printed and detected as modified

BUGFIX: debugger: IDA was displaying non-readable memory as 0xFF bytes (for example in PAGE_GUARD and PAGE_NOACCESS pages on Windows)

BUGFIX: debugger: a breakpoint at address 0 was added if pressing Enter from the Insert command in the Breakpoints window

BUGFIX: debugger: addresses in the Breakpoints list were not properly resolved because lists refresh was initialized before the process was properly suspended

BUGFIX: debugger: after a suspend, breakpoint conditions containing registers couldn't be evaluated properly

BUGFIX: debugger: breakpoints were not properly handled during library loading (if 'Stop on library load' option was enabled)

BUGFIX: debugger: database desktop was sometimes overwritten by debugger desktop when process was not properly stopped

BUGFIX: debugger: debugger status in the main window titlebar was sometimes not accurate

BUGFIX: debugger: exported names (from loaded DLLs) were sometimes not properly displayed during debugging

BUGFIX: debugger: fixed minor disassembly view refresh issues when adding or editing breakpoints

BUGFIX: debugger: if a user forced a process termination and a pause request was already pending, the 'Pause process' command wasn't working anymore in new debugger sessions

BUGFIX: debugger: in some particular cases, segment reorganisation was not working properly after a debugger event

BUGFIX: debugger: it was not possible to add a hardware breakpoint at once from the breakpoints window

BUGFIX: debugger: it was sometimes impossible to disable hardware breakpoints at runtime

BUGFIX: debugger: the 'Clear trace' command was not properly refreshing some information like register views, arrows, ...

BUGFIX: debugger: the 'Detach from process' command was sometimes not properly resuming threads

BUGFIX: debugger: thread related segments (stack & PAGE_GUARD) were sometimes not properly named - Segments view was not properly updated in some cases

BUGFIX: deleting a record from a non-leave leads to a move of another record from a leave page to the freed place, an underflow occurs in the leave page, some records from the sibling of the underflowed page are moved to it, doing so leads to the modification of another record in the parent page, which leads to the overflow of the parent and the parent gets split. At this moment because of the bug we work with a freed page and the database gets corrupted. A bug with a similar situation had been corrected ten years ago.

BUGFIX: disassembly paint function was leaking GDI resources

BUGFIX: dsp56k ports are attached to the X space, not P space. dsp561xx: better version

BUGFIX: entering a long comment with tabulations could crash ida

BUGFIX: fixed a typo in sparc autocomments

BUGFIX: get_original_long() was wrong

BUGFIX: hardware breakpoint (with a size bigger than 1) background color was not red for additionnal lines (like a multi-line comment)

BUGFIX: in navigation bar, it was impossible to 'Zoom in' if 'Zoom out' was disabled (because maximum range was reached)

BUGFIX: in some really rare cases get_next_fcref() could never return BADADDR

BUGFIX: increased the width of the segment register window columns to fit narrow register values

BUGFIX: it was impossible to rename or double-click on a structure stack variable

BUGFIX: it was impossible to use function local vars/args in breakpoint conditions

BUGFIX: it was not possible to rename bitfield members from the interface

BUGFIX: jump tables were not analyzed correctly after Changelist 979

BUGFIX: jump to near addresses (which were not visible on the screen but already cached) was not working anymore, probably since Changelist 2655

BUGFIX: maximized windows in a saved desktop were sometimes restored as non-maximized

BUGFIX: mc6812 module did not know about the "wavr" pseudo-instruction

BUGFIX: mc6812 module was not disassembling "etbl", "tbl" instructions

BUGFIX: multiline instructions were not displayed correctly in the graphs

BUGFIX: nextaddr(BADADDR) was returning the first address of the program

BUGFIX: number of applied functions of a flirt signature takes into account all functions (before some function types were ignored)

BUGFIX: patching bytes during debugging would make IDA memorizes the database was patched

BUGFIX: register views creation was sometimes leaking GDI resources

BUGFIX: repetitive rebasing of the database might lead to a crash

BUGFIX: scroll buttons in IDA view scrollbars were not working properly

BUGFIX: scrolling the disassembly view using the mouse whlle with the hex view open could lead to an access violation at the beginning and end of the file

BUGFIX: segfault when typing an address into the search toolbar if no disassembly view was open

BUGFIX: set_debug_name() might cause an access violation

BUGFIX: some PE files with bad relocation table could not be loaded

BUGFIX: some Visual Age and GNU C++ names were not demangled correctly

BUGFIX: some strings couldn't be typed in the search toolbar due to auto-completion

BUGFIX: text version was not displaying error messages about the configuration file

BUGFIX: text version: the disassembly window was not refreshed immediately after renaming a stack variable and similar

BUGFIX: the Batch() IDC function does not disable the auto-analysis in TXT version anymore

BUGFIX: the elf loader was complaining about unusual usage of relocations for some incorrectly stripped executables

BUGFIX: the kernel was not saving the current instruction data before calling ph.create_func_frame(); this might lead to worse analysis (mostly for the arm processor)

BUGFIX: tracing: addresses not available in database were not displayed during backtracing

BUGFIX: tracing: if 'Trace over debugger segments' was enabled, tracing in KiUserCallbackDispatcher() function (used for kernel -> userland callbacks) was sometimes stopping with a "Breakpoint instruction reached (not inserted by the debugger)" message

BUGFIX: tracing: if the process is running, tracing is started while EIP is in a debugger segment, and 'Trace over debug segment' option is enabled, IDA will not add anymore trace events for these debugger segment instructions

BUGFIX: tracing: properly log modified register values over debug segments (when 'Trace over' option is active)

BUGFIX: unloading some corrupted databases to idc would lead to a crash, now ida should complain and continue

BUGFIX: unwanted hint of the address zero was displayed in the stack variables window for the processors with ':' after the data labels

BUGFIX: when closing a database, last address in IDA view was sometimes continuously saved on the previous addresses stack

BUGFIX: Z80 was not allowing to modify the out, in, and similar instruction operands

BUGFIX: creating an item crossing a hidden area boundaries would pose display problems in the future

BUGFIX: deleting a structure element at the end of the structure might lead to a wrong display (one superfluous data definition line beyond the end of the structure)

BUGFIX: if the 'Print flow chart labels' option was enabled, labels without valid names were preceded by a '7' character + IDA now uses the prefix line color for these labels

BUGFIX: sometimes the application title was not reflecting the database name correctly

BUGFIX: using the navigation band with all IDAViews closed could lead to crashes

BUGFIX: when creating a flow graph, local labels were redefined as globals

BUGFIX: H8: the '@' character was erroneously highlighted as a valid identifier character

BUGFIX: debugger: the destination arrow (green arrow) was not properly updated for JLE/JNG instructions

BUGFIX: if the database was created in the directory other than the input file directory, the input file name would be replaced by the database name

BUGFIX: it was not possible to search with Ctrl-T after pressing Esc in the Alt-T dialog even if the old search string was existing

BUGFIX: the stack tracing could be spoiled if the function end was moved back and forth

BUGFIX: when creating a new structure, the proposed structure name was incremented if the Cancel button was pressed

BUGFIX: when opcode bytes were displayed with a '+', IDA was not extracting the following name properly (if any) => it was then impossible to change this name

Discontinued

OS/2 and DOS4GW versions are discontinued. Please make a backup copy if you plan to use them in the future.

New Features in the IDA Pro v4.6  SP1 (3/15/04)

Main Improvements

User Interface

New Features in the IDA Pro v4.6  (10/27/03)

Major Features

• True 64-bit support is added. IDA64 now fully supports 64-bit programs for Windows64, Itanium, Alpha, Sparc64, etc.
• The debugger can trace the program and produce a trace log. Individual instructions and function calls can be traced.

Processor Modules

• New processor: AMD64 (Advanced Edition, automatically handled by the meta PC module)
• C166: new & better configuration files
• PIC: better configuration files
• Hitachi h8/500: addressing scheme is improved
• MIPS: better handling of macro instructions; two new options are introduced: MIPS_MACRO_RESPECT_XREFS, MIPS_MACRO_HIDDEN_R1
• MIPS: new macro instructions are added
• MIPS: use 64-bit definition of "move" for 64-bit segments (daddui)
• PC: added options to turn off the VxD and FPU emulation interrupts
• PC: better handling of VC exception blocks
• SPARC: better work with macros (destroy a macro if a reference to its middle is found)
• TMS320C54: added support for delayed instructions
• TMS320C54: separate code and data spaces are supported
• INTEL 80916: register names as the location names are allowed
• Alpha: 64-bit version stores the GP register values simply as a segment register (32-bit stores a delta between .got and current GP which is more difficult to understand)

File Formats

• COFF: full support of Alpha 64-bit files
• COFF: file type check is stricter to avoid false positives with amiga files
• ELF: added support for elf-x64 (for amd64). not all relocations are supported yet.
• ELF: PowerPC R_PPC_REL14 relocation type is supported
• EPOC: SIS files for EPOC 6 are now supported.
• PDB plugin: create functions only in the code and normal segments
• PE: auxiliary names are not included in the name list
• PE: delayed import tables are nicely parsed and commented
• PE: files with corrupted export table can be loaded
• PE: illegal relocation table size could lead to a crash
• PE: small files with the hidden entry point and imports table in the header could not be loaded
• PE: the header section is collapsed if it is used only for delayed imports
• PE: the presence of the delayed import table loads the header section to make the disassembly nicer

Kernel

• New FLIRT signatures for Visual Studio.Net 7.1
• MFC v7.1 ids files are added
• Better management of user defined xrefs: the user can specify any existing xref type, not only one "user" xref type as before
• FLAIR: improved help about signature files; updated dumpsig to support more processor codes
• IDA uses the type information of the struct function members for the "struct offset" operands
• If a structure definition from til contains a register name, ida will prepend the field name with an underscore rather than failng to add the whole structure
• IDAU: universal ida which works under ms dos and under ms windows

SDK & IDC (please look at the history file in the SDK for the details)

• IDC: type manipulation functions GetType/SetType are added

• SDK: MD5 functions are available
• SDK: added a 'distclean' target to clean & remove compilation directory in plugin makefiles + LIBS can specify external libraries to link to
• SDK: calcexpr_long() accepts a pointer to uval_t as well to sval_t
• SDK: can compile plugins with Visual C++ command line compiler (available either in Visual C++ 6.0/7.0 or as free with .NET framework SDK + Plateform SDK)
• SDK: construct_macro() function is added
• SDK: do_name_anyway() does not complain to the user about bad names anymore
• SDK: fixed a bug in swap64() and swap128()
• SDK: foreach_strmem() and get_struct_member() function prototypes are changed to handle the member field names
• SDK: gcc can be used to compile IDA plugins, loaders, and modules
• SDK: graphing functions are available in IDA API
• SDK: import_node is available in IDA API
• SDK: int128 type is added
• SDK: is_call_insn() function and callback is introduced. The callback should be implemented by the processor modules with unusual call instructions (like PowerPC)
• SDK: more floating point functions are exported
• SDK: new function: reftype_t get_default_reftype(ea_t ea);
• SDK: all out.../Out... functions check the output buffer boundaries
• SDK: prototypes of some processor module functions are changed: outop, is_sp_based, create_func_frame, gen_specseg. The returns values are bool, not int as before
• SDK: tag_skipcodes() function is added
• SDK: use GNU make to compile plugins with GCC (Borland make was previously required)
• SDK: zip compression handling functions are added to the API

User Interface

• The debugger is available in the text version of ida (less fancy but faster and takes less room on the screen)
• Added some new extensions to the open dialog box
• Can change the address of an existing breakpoint - insert new breakpoints from the breakpoints window
• Can jump to operands (from the popup menu) while debugging
• Debugger: added the "Run until return" command
• Debugger: can use 'Run to cursor' command to start the debugging
• Debugger: detect and renames thread related segments: TIB (Thread Information Block), thread stack & thread stack PAGE_GUARD segment
• Exit dialog does not display "don't save" option if the database was not packed
• In arrows panel: can toggle breakpoint (double-click on a dot) and run to cursor (CTRL + double click on a dot)
• Threads window added
• Many minor modifications and improvements

Bugfixes

BUGFIX: "load ids" command might add comments instead of renaming imported functions if the database was closed and opened at least once
BUGFIX: "make alignment" command would fail for some addresses
BUGFIX: ELF: dynamic relocations to the whole program were not applied
BUGFIX: ESP register view arrows panel width wasn't saved properly in desktops
BUGFIX: FR module incorrectly disassembled some instructions
BUGFIX: IA64: the opcode bytes were not displayed for predicated instructions
BUGFIX: IBM PC: movq instruction was disassembled incorrectly (F3 0F 7E); some data types for SSE2 instructions were wrong
BUGFIX: IDA could crash if a list with a reverse sorting on a column was refreshed
BUGFIX: IDA could crash if trying to debug a program spawning subprocesses
BUGFIX: IDA could crash on corrupted databases with the hidden area descriptions missing
BUGFIX: IDA could crash when loading a desktop with open disassembly views
BUGFIX: IDA could die with some national keyboard layouts
BUGFIX: IDA does not destroy code even if there is a data reference to it from the type system
BUGFIX: IDA doesn't freeze anymore when drawing the hint for stack variables in huge stack frames
BUGFIX: IDA was erroneously reporting 'the input file has been changed' after the reloading of a new input file into the database
BUGFIX: IDA would abort trying to execute some buggy idc scripts
BUGFIX: IDA would complain about bad TMS id for some PE files which look like COFF files
BUGFIX: MIPS module was using 32-bit definition of the "move" instruction for all processors
BUGFIX: PC: 4k segment alignment should be represented as "mempage"
BUGFIX: PowerPC function flow charts are displayed correctly
BUGFIX: TMS320C54 module properly handles absolute addressing and doesn't use anymore I/O definitions for immediates
BUGFIX: TMS320C54 module properly prints variable names and creates xrefs for absolute "indirect" adressing
BUGFIX: calling qexit() from a plugin was not terminating plugins, closing windows, etc in the gui version
BUGFIX: disassembly views weren't properly refreshed when creating a string
BUGFIX: dr_I was not defined in idc.idc
BUGFIX: dumping a database with references to unexisting structures or enums could crash IDA
BUGFIX: ida could add numerous type comments on the register arguments
BUGFIX: ida could leave some imported functions without types at the loading time
BUGFIX: ida would complain about incorrect numbers in the "rom size" dialog box during editing them
BUGFIX: idag in the batch mode quits if there were errors in the command line. before it was silently hanging.
BUGFIX: if the number of the functions was greater than 65535, then some commands would fail (like "find next byte not belonging to a function")
BUGFIX: it was impossible to jump to a name with colons (:) using Ctrl-G
BUGFIX: it was not possible to select the little endian MIPS & RSP processor from the initial dialog box
BUGFIX: manually suspending a multithreaded process and steping over function calls could lead to erroneously suspend some threads
BUGFIX: mc6808 module could not disassemble inc oprx8, sp
BUGFIX: opening a modal window during debugging then stopping the debugged application could freeze IDA
BUGFIX: operator new would be demangled incorrectly (truncated as "operator ne")
BUGFIX: register views weren't properly refreshed at the start of the debugging
BUGFIX: resetting the debugger desktop wouldn't properly reset the height of the main window in some particular cases
BUGFIX: some mach-o files could not be loaded
BUGFIX: the analysis could loop endlessly in some functions due to the stack pointer tracing
BUGFIX: the description of Word(), Dword() IDC functions is corrected
BUGFIX: the first imported function would not have a type if it were at the beginning of the program
BUGFIX: trying to pause an application with many sleeping threads could lead to subsequent application crash when the sleeping threads wake up
BUGFIX: vc6rtf.sig: strcpy/strcat functions were not recognized

New Features is the IDA Pro v4.51 Disassembler (6/8/2003)

PROCESSOR MODULES

• new processor: Mitsubishi M7900 (advanced)
• new processor: ST10 (advanced)
• new processor: Motorola MC6816 (advanced)
• ARM: MOVL macro instruction is supported; now it is possible to convert operands like [R3] to offsets, etc
• AVR: ATMega128 memory configuration information is added to the configuration file
• AVR: the device name is displayed at the disassembly start
• PPC: DCR names can be specified by the user in ppcdcr.cfg
• C166: XC161CJ, XC164CS, XC167CI and many other microprocessors are added to the configuration file
• C166: added a dialog so the user can select what information from the configuration file should be loaded. Three kinds of information are available: I/O port names, memory layout, interrupts.
• C166: added a help message explaining how the memory mapping works
• C166: new architecture c166v2 is supported; separate config files for different processor subtypes
• I960: "strict instruction format" option is introduced
• IBM PC: local stack variables are recreated when __alloca_probe function has been found
• M32R: new configuration file, now with the interrupt vector definitions

FILE FORMATS

• new file format: Structure Binary Format for C166. Since the format is not documented, there is room for improvement
• COFF: PPC R_REF relocation type is ignored
• COFF: don't die on improperly unpacked DJGPP MZ COFF files
• COFF: i386 relocation type 0x13 is handled
• DBG: handle invalid debug information more efficiently
• HEX: HEX loader behaves as close to the binary loader as possible
• Palm Pilot: file detection is improved
• Palm Pilot: now the user can specify the processor type different from 68000
• PE: display a warning if some imported functions are not visible in the disassembly
• PE: improved handling of special cases
• PE: files with invalid debug information can be loaded into the database

USER INTERFACE

• Windows XP Look
• Added support for desktop configurations. The user can save the desktops and switch between them whenever he wants. IDA remembers the desktop configurations in the database and in the registry. It is possible to have named configurations and reuse them for several databases.
• New window type is added: list of all exported functions (publics)
• New window type is added: list of all imported functions (externs)
• The graphical interface supports the batch mode (the command line switch is -B)
• It is possible to configure the arrow and messages window colors
• Structures/Enumerations toolbars can now be docked to their respective windows (Structures/Enumerations)
• An option in the Browser panel to set the delay for the identifier hints
• Added a configuration variable for the name of the graph visualization program. By default it is wingraph32.
• Double clicking on an URL opens a web browser window (with Shift - open a new window)
• new command: 'Create HTML file'. The produced code is not the most efficient yet.
• The current identifier is selected if a double click fails
• The structure offset command doesn't ask for the offset delta if there is no selection. Please select an area to be able to specify the offset delta.
• The graphical version associates the "IDB" file extension with IDA. (can be turned off in Options, General, Misc)

KERNEL IMPROVEMENTS

• Visual C++ __thiscall calling convention is supported
• FLIRT: static function names are used in the disassembly as names, not as comments
• MS DOS comments on the INT 21h, AH 33h are improved
• debugger: 'Set IP' command added in context menu
• improved name demanging for the borland compiler
• new problem type: flair collision. now IDA saves information about all flair collisions (when the same function is encountered twice) in the problems list
• the processor type specified in the command line is more important that the processor type specified by some loaders.
• generate idc: split big enum/structure/function definitions so we don't hit the 64k limit; dump the function local variable information to idc
• IDC: MakeStructEx function is added (to support variable sized structures)
• SDK: replaced snprintf() with qsnprintf() and vsnprintf() with qvsnprintf(). The old functions should not be used anymore.

BUGFIXES

BUGFIX: "Rebase program" command was not correcting the image base correctly
BUGFIX: 'F' key was not working in the name, function, etc non-modal windows
BUGFIX: AIX COFF executables with the stripped symbol table were not loaded properly
BUGFIX: C166: bfldl instruction had 2 last operands swapped
BUGFIX: C166: rets instruction would have loc_xxx label instead of locret_xxx
BUGFIX: EPOC: ROM images were loaded incorrectly
BUGFIX: EPOC: some SIS files were not recognized
BUGFIX: Esc key closes the enumerations and structures windows even if they are on the desktop
BUGFIX: FR module had several disassembly problems (byte order, ascii string display, special register handling, indirect calls)
BUGFIX: FR: delayed instructions were not taken into account when following the execution flow
BUGFIX: HEX loader creates the correct segments even if the input file contains the data records in the wrong order
BUGFIX: IBM PC: all o_phrase operands were marked as having an immediate number
BUGFIX: IBM PC: the size of the second operand of "lea" instruction was always dt_byte
BUGFIX: IDA could crash if the user double clicked in the messages window and no database was open
BUGFIX: IDA could crash trying to close some windows
BUGFIX: IDA could crash trying to move a function in a corrupted database
BUGFIX: IDA could hang trying to delete a function from a corrupted database
BUGFIX: IDA could not open an old database after opening a new file from a ZIP or any other container file
BUGFIX: IDA would crash if a processor with word grouping of the instruction opcodes was used and the display of the instruction opcodes was turned on
BUGFIX: If Shift,Ctrl, or Alt keys are down, don't display help for F1
BUGFIX: If ida.cfg was missing, IDA would complain about IDC errors
BUGFIX: JAVA: fixed an access violation in the gui version of ida if the hints were turned on and the cursor was at the beginning of a line starting with a dot.
BUGFIX: M740 #imm values were represented as "port_name" without the '#' is am i/o port was corresponding to the immediate value. improved handling of the configuration file.
BUGFIX: MSDOS: some external pascal overlays were not detected and not loaded
BUGFIX: PIC: IDA was using only 1 bit of the STATUS register to calculate the target addresses (page addressing)
BUGFIX: PPC dcr field was decoded incorrectly
BUGFIX: TXT: if ida had been launched with "idaw not-existing-file", then switching to the silent mode immediately after the error message would crash ida
BUGFIX: VC mangled names like ?GetRowInfo@ui_textmatrix@@QAEXHPAH0@Z were demangled incorrectly
BUGFIX: XlatAsciiOutput for IBM PC was not working for the new bases and required the reloading an existing database
BUGFIX: XlatAsciiOutput was ignored in the strings window
BUGFIX: a memory leak is fixed. If a list is sorted by a column, stable_sort() would leak memory. Now we use sort() instead of stable_sort().
BUGFIX: access violation if a corrupted database had a bad function without a name
BUGFIX: annoying access violation in the gui when the user tries to rename a stack variable. the access violation would not hinder the normal execution.
BUGFIX: bin_search() could endlessly loop
BUGFIX: breakpoints window state is now saved
BUGFIX: changing the alignment type in an alignment directive could undefine everything in the database
BUGFIX: creating a user-defined offset for an indirect call using a vtable would consistently fail the first time
BUGFIX: debugger: 'Step over' command now works over LOOP/LOOPE/LOOPNE instructions
BUGFIX: debugger: if the path to the executable or the executable name contains spaces, everything after the first space gets split and passed as arguments to the process
BUGFIX: debugger: segments creation doesn't stop anymore if a breakpoint can't be restored.
BUGFIX: debugger: target arrow wasn't properly updated for LOOP/LOOPE/LOOPNE instructions
BUGFIX: deleting a segment could hang ida if trivial segment translations were used
BUGFIX: double clicking on IDA window system menus now properly close the window
BUGFIX: fixed the entry point problem of DJGPP COFF executables
BUGFIX: hex loader would not load the following line: S319FFC00000000000000000000000000000000000000000000027
BUGFIX: IA64 module had some disassembly problems
BUGFIX: idaw in the batch mode would loop forever trying to ask the user if a dependent dll was not found
BUGFIX: if a function stack variables window was open, IDA would crash when the function was deleted
BUGFIX: if a hidden area, function, or segment start at the same address, hidden functions would have priority over areas; the correct logic should take the longest hidden element rather than making one thing be more prioritary that another.
BUGFIX: if no selection is active, text search brings up the old search string by default
BUGFIX: in the case of a program/DLL rebase, some breakpoints were improperly restored/moved
BUGFIX: information in the debug segments could stay in the database even after the debugging session has been closed. the current fix fixes it somewhat but not completely
BUGFIX: input files from ZIP archives and other containers do not appear in the most recently used file list anymore
BUGFIX: instruction operands 4..6 were displayed in red
BUGFIX: it was not possible to declare variables of a structure type if this structure type had a union member in the past
BUGFIX: it was not possible to delete a dummy name without references in a function (normally these names doesn't appear unless the user creates them)
BUGFIX: it wasn't possible to create structure variables if an area was selected and there were defined bytes
BUGFIX: local labels and stack change point information might be lost during the program rebase
BUGFIX: long symbol names from COFF DBG information were not loaded
BUGFIX: properly refresh strings window when segments are moved
BUGFIX: properly update actions as soon as the debugged process is suspended
BUGFIX: rebase_program() would leave the xrefs unmoved if called when the debugger was active
BUGFIX: rebasing a corrupted database could lead to a crash (area_t::move)
BUGFIX: removed erroneous "rebasing program" message from the debugger
BUGFIX: removed misleading & from the Debugger menu name (Alt-D is used to setup the data types)
BUGFIX: scr2idb() would not do anything is !is_gui
BUGFIX: "search for immediate" would not find negated values
BUGFIX: the debugger would sometimes miss the dll relocations on XP (for some reason the system does not provide the dll name at the loading time)
BUGFIX: the main menu would stay in the incorrect state when switching between a desktop window and an MDI window
BUGFIX: the process parameters in the debugger could not be cleared once set

New features in version 4.50 (2/12/03)

• Windows PE Integrated debugger
• Processors
  • new processor: Intel xScale
  • new processor: Mitsubishi M32R (advanced)
  • new processor: Mitsubishi MELPS740
  • new processor: Mitsubishi M7700 family (advanced)
  • new processor: NEC 78K0 (advanced)
  • new processor: NEC 78K0S (advanced)
  • new processor: Fujitsu FR family
  • new processor: STMicroelectronics ST9+ (advanced)
  • IBM PC: borland RTTI-templates with GUID are supported
  • IBM PC: rep prefix is used when the Intel manual says it should be
  • IBM PC: the current compiler is taken into account when using the __fastcall calling convention (before only Borland was supported)
  • IBM PC: better handling of indirect calls (mov offset func-add-call is detected)
  • ARM: call sequences like "mov lr, pc; ldr pc, something" are recognized by ida and don't interrupt the execution flow
  • ARM: SUB Rx, PC, #imm is replaced by ADR Rx, label; ARM module is commented
  • ARM: stack variables are supported
  • ARM: option to disable pointer dereferencing is added
  • AVR: better configuration file; config file management is improved
  • AVR: interrupt vectors are supported
  • AVR: EEPROM file extension by default is BIN
  • MIPS: memory mapping is supported
  • PowerPC little-endian mode can be specified by the user
  • MC68K: respect the user-defined offsets for o_mem and o_near addressing modes
  • ST7: new config file
• FILE FORMATS
  • COFF loader sets up the default data segment (better analysis)
  • better recognition of VxD driver files
  • HEX: added support of extended segment information record type
  • PE: better support of invalid files
  • PE: FS and GS register values are set to unknown at the loading time
  • PE: If the debug information is corrupted (in packed files, for example), IDA doesn't die but gracefully skips it
  • PE: section permissions are loaded into the database
  • LX: IDA always uses "metapc" processor and ignores the processor type specified in the file header
  • PSX object files: additional fixup record types are supported (26 and 30)
  • PSX object files: ida knows how to skip record type 60. We still don't know what this record type means, but at least we can load files with this record present.
  • Memory dump loader: now it accepts dumps with one digit per byte
  • Mitsubishi HEX file extended address records are supported
  • palmpilot loader: better check of time stamp
  • New XBE file format is supported
  • stricter check of PalmPilot files
  • the pdb plugin has been rewritten (requires VC++ to be compiled)
• USER INTERFACE
  • flow chart: option to print block labels
  • 'jump in a new window' command added in context and main menus
  • 'jump to file offset' command
  • new command: move a segment which allows to move an existing segment to another address
  • it is possible to hide/unhide arbitrary regions
  • command to toggle leading zeroes on a number
  • value of an enum member can now be changed
  • graphs: now supports recursion depth
  • new dialog box to easily assign structure offsets/union paths to a selection "en masse"
  • previous & next drop-down menus for navigation stack (as in the Internet Explorer)
  • options in 'Browser' to set maximum lines & auto clean of upper items
  • cursor for search/auto-analysis in the navigation toolbar + associated color option
  • customizable background color for memo hints (Options -> Colors 1)
  • hexview: better handling of highlight-background combinations
  • hide/unhide all now works on functions, structs & enums for GUI & TXT
  • highlight the problematic line in a 'problem hint' on the navigation toolbar
  • hints on "Address" & "Called function" columns in callees
  • hints on hidden functions, structures & enumerations
  • hints on navigation toolbar (on stars, after a search)
  • hints on structures in a struct window
  • hints on xrefs in a struct window
  • hints on xrefs now print preceding lines and highlight the destination name
  • input text fields are in Courier font
  • jump commands (using the lists in the search toolbar) now open a new disassembly window if needed
  • xrefs in structure and enumeration windows are not displayed because they confuse the users
  • notepad now automatically popups at start if it was saved as opened in the database
  • register hints now print the associated comment
  • the function prototype is linked to the function stack argument definitions
  • the input database name is displayed in the title bar
  • the welcome dialog box can be resized
  • ida displays the welcome form is the input file is not specified in the command line
  • user defined graphs: option to print function comments (use the same color as regular comments)
  • desktop/top commands added to tabs popup menu
  • the 'show flags' command displays all information about the structure members
  • faster arrows management
  • ida runs faster
• KERNEL IMPROVEMENTS
  • new switch -o to specify the output database from the command line
  • WinCE: several IDS files were updated/added
  • FLAIR: plb supports wildcards in the file names
  • c parser: multiple byte character constants are supported
  • c parser: better handling of pointer modifiers; several bugs are fixed
  • ida looks for the referenced DLLs in the input file directory
  • it is possible to autoload a til file when a dll is referenced (see ids\idsnames)
  • vc6win.til is not loaded for pe files with subsystem==native (usually they are system drivers and they don't need vc6win.til)
  • the annoying "can't add structure member cx" message removed
  • the default loading address for all file types is 0 (this can be overridden by the file format)
  • ids files with '-' is idsnames do not prevent the kernel from using the corresponding dll from the system directory
• IDC and SDK
  • IDC: GetFloat(), GetDouble() functions are added
  • IDC: GetOriginalByte() function is added
  • IDC: GetStringType() function
  • IDC: descriptions of NextHead, PrevHead, AskFile IDC functions are updated+ IDA environment variable is not required to build modules anymore
  • added comments about filling the op_t structure; fixed some typos in netnode.hpp
  • COLOR_INV is added
  • hidden plugins are supported: PLUGIN_HIDE flag is introduced
  • idaw choose() function respects the batch mode
  • negative buffer sizes are handled properly (str2user, user2str, pack_ds)
  • new function flag FUNC_BOTTOMBP. It means that the frame pointer is equal to the stack pointer in the function and it points to the bottom of the stack frame.
  • ph.flag PR_CHK_XREF: don't allow near xrefs between segments with different bases. This flag is used for IBM PC only.
  • read_ioport_device() function reports about configuration files with no devices
  • renamed FIXUP_PTR32->FIXUP_PTR16, FIXUP_PTR48->FIXUP_PTR32
  • the user-defined data supplied to linearray_t is documented in kernwin.hpp
  • up to 16 source files for plugins
  • setBreak() function is added
  • the processor extension callbacks are called for all instructions, not only when cmd.itype >= CUSTOM_CMD_ITYPE
  • find_ioport_bit() returns NULL is the bit name is NULL
  • rebase_program() is added. This function allows to shift the whole program in the memory. Since rebasing the program involves correcting the relocated bytes, the file loader takes part of the job. File loaders may have "move_segm" callback functions now.
  • now a good behaving procesor module handles the ph.move_segm event
  • numop2str(): output instruction operand with optional leading zeroes; is_lzero(),toggle_lzero() to modify the display of leading zeroes; inf.s_genflags introduced; atoa, b2a32, b2a64, b2_width function parameters has been changed
  • move_segm_start(), set_segm_start(), set_segm_end() may destroy the adjacent segment if necessary; ADDSEG_QUIET flas has been added
  • new type of segments: SEGM_DEBUG. Used in the debugger.
  • get_sourcefile() function prototype has been changed. Now it returns the range information.
  • hidden_area_t and functions to work with it are introduced
  • byteValue() function is renamed to _byteValue(); this function should not be used anymore if possible. The reason is that it works only with 8-bit processors and doesn't take into account possible debugger side-effects.

   

• BUGFIXES
  • BUGFIX: MIPS R5900 madd/msub instructions were not disassembled
  • BUGFIX: C166: ida would create strange references if the first segment of the program was not loaded at the address 0; .end start would display garbage if there was no start address
  • BUGFIX: ARM switch jumps were recognizied only for R0BUGFIX: Intel HEX files could be loaded incorrectly
  • BUGFIX: MS DOS executables with the entry point at FFF0:0100 are loaded correctly
  • BUGFIX: Amiga: zero sized hunks caused problems
  • BUGFIX: COFF: skip .stab* debug information sections
  • BUGFIX: IDA would fail to load some invalid PE filesBUGFIX: "Create"/"Edit" (purged bytes)/"End of" function actions are now updated properly
  • BUGFIX: can now rename a register for one instruction
  • BUGFIX: can now rename everywhere (externs, ...)
  • BUGFIX: copy to clipboard from the list views could hang
  • BUGFIX: correct work on multiple monitor desktops
  • BUGFIX: cursor disappearing if using CTRL-TAB
  • BUGFIX: hints on local labels weren't always highlighted
  • BUGFIX: ida could crash if several standard enums were added without uncollapsing them
  • BUGFIX: ida would go to the top of the screen during analysis even if it was put to the bottom (z-order)
  • BUGFIX: if the messages window was minimized to invisibility, then the next start of ida would not display messages on the status bar.
  • BUGFIX: infinite scrolling enum window
  • BUGFIX: it is impossible to rename a register to another register name
  • BUGFIX: it is possible to open xrefs window even the current item has no xrefs
  • BUGFIX: it was impossible to use the function name at the function header to double click, jump to xrefs, etc. if the name contained undisplayable characters (ibm pc, mips, mc68k)
  • BUGFIX: navigation toolbar not updated once displaying after undock+hide
  • BUGFIX: opening a database without closing the current one could leave the names, functions, or strings window unopened even if they should have been opened for the new databases; this could also lead to a crash
  • BUGFIX: pressing the down arrow of the scrollbar now stops once no more lines
  • BUGFIX: the collect garbage flag would stay once set until ida exits
  • BUGFIX: the width of the ordinals field in the "jump to entry point" was 3 positions which was not enough to display big ordinals. made it 8.
  • BUGFIX: window98 resources were depleted fast
  • BUGFIX: "jump to the beginning" with home-home-home key was not working if used twice with "jump to address" in between
  • BUGFIX: after repeatedly closing/opening the structs/enums window the renaming of a struct/enum member could lead to an access violation
  • BUGFIX: no more "list index out of bounds" message if the number of columns in a chooser changedBUGFIX: type specification was printed incorrectly: int (*fnc1(void))[5];
  • BUGFIX: some borland thunk mangled names were not demangled
  • BUGFIX: truncated names from gnu compiler would cause problems during demangling
  • BUGFIX: verification of the new manual operand would fail for 32-bit operands if the old operand didn't have a segment register and the new one has
  • BUGFIX: unions were not displayed in the list of standard structures
  • BUGFIX: IDA was marking the return instructions of some functions as "unknown_libname"
  • BUGFIX: it was not possible to disable the plugin hotkey
  • BUGFIX: pcf was not detecting coff files properly
  • BUGFIX: autoload vc6win.til only for IBM PC PE filesBUGFIX: IDC function GetSegmentAttr() was broken
  • BUGFIX: refresh the screen after IDC scripts
  • BUGFIX: manual execution of VXD.IDC could hang ida
  • BUGFIX: qmakepath() could generate file names with several backslashes in them
    

 New features in version 4.30 (8/5/2002)

• User Interface
  • Major improvement too many changes to list, MDI, context sensitive toolbars, more standard looks.

• Processors
  • ARM Architecture Version 5E (Enhanced DSP) instructions are supported, FLIRT signatures and type information files have been added.
  • Motorola 6812: many new chip types are supported, memory configurations can be specified

• File Formats
  • Improved support of PSX object files.
  • Improved support of EPOC files.
  • Borland extensions for DMPI to PE executables are supported
  • ELF machine type 6 is supported

• Kernel
  • The stack tracing algorithm is improved
  • Type libraries are regenerated: they are smaller
  • Improved FLAIR utilities (added ELF support for IBM PC)
     
• Bugfixes
  • Fixed a bug in PIT: all stack parameters were shifted by 4 for indirect calls
  • IA64: brl.cond.dptk.few instruction caused an internal error
  • the list of xrefs to a stack variable could contain wrong data items (only instructions can be in this list)
  • fixed bug in set_de (some standard enumeration declarations were wrong)
  • TMS320C6: several bugs are fixed (ACR/ADR, B reg src2)
  • Better handling of stack references to the saved registers area: bp-based frames are not modified because of this
  • PowerPC: wrteei instruction was disassembled incorrectly
  • Some enumeration constants in the type libraries could have incorrect values
  • IDA would lose some variable names if more than 1000 very long variable names were defined (1KB long names)
  • If the last symbolic constant of the last enumeration was not the only symbolic constant in the enumeration and its value was equal to -1, then it would not be displayed in the enumeration definition

New features in version 4.21 (4/19/2002)

• Processors
  • Trimedia (upon special request only)
  • TMS320C55 (advanced). All documented instructions are supported
  • the PIC processor module offers better analysis of bank switches
  • 8-bit Motorola : many new chip types are supported, memory configurations can be specified
  • C166 (advanced): many more chip types are supported, memory configurations can be specified
  • F2MC : many more chip variants are supported, memory configurations can be specified
  • Z180 configuration files have been added
  • IBM PC: memory references with the sib byte can be converted to offsets.
  • ARM: pseudo-instructions can be turned off (ret)

• File Formats
  • Intel OMF386 is added
  • EPOC6 import ordinals are supported

• User Interface
   
  • New graphing commands:
    • xrefs from/to code,data,externals
    • user-defined graph (various options)
    • highlight current addresses in graph (blue by default)
  • The Search Toolbar now allows to search incrementally for text, names, functions, addresses, etc.
  • Hovering the mouse over a label displays a hint with the instructions/data at that label
  • The Rename command is available only if the cursor is either on a valid identifier or address or at the beginning of the list (to the left of the instruction mnemonics)
  • Direct conversion to code/data without intermediate step of undefining the existing item. Use the options dialog box if you want to customize this behaviour.
  • Improved highlighting of identifiers. The highlight color can be changed
  • The listbox and messages window contents can now be copied to the clipboard
  • Unhide all functions
  • Names: ask confirmation to delete a name from the list
  • In the structures window it is possible to jump to the desired structure using the "Jump by name" command. The hotkey is Ctrl-L. The same command is available in the enumerations window.
  • Welcome box:
    • delete removes previous projects from the list
    • hovering over the project now displays the full name of the file
  • It is possible to specify the number of bytes purged for the imported functions (through Edit->Function)
  • A command line window can now be used to enter IDC commands: (IDAGUI.CFG, DISPLAY_COMMAND_LINE should be YES to activate this).
  • Immediate help on an IDC function
  • Text version: a local clipboard is added to the dialog forms. (Ctrl-Ins - copy, Shift-Del - cut, Shift-Ins - paste, Ctrl-Del - delete).

• Kernel Improvements
  • Better demangling of Borland C++ names, including the templates. Since there is no way to distinguish the new and the old naming
    schemes, now IDA tries both methods. This can sometimes lead to wrongly demangled names.
  • Borland CBuilder v6 FLIRT signatures are added

• Bug Fixes
   
  • For some PE files, the exported function names were missing.
  • Negative 16-bit structure offsets with non-zero delta would be displayed wrongly.
  • Structures with embedded unions aligned to 8 bytes could have wrong member offsets.
  • IBM PC: if "Allow references with different segment bases" was set, then the complex offset expressions would have wrong values.
  • OS/2 version was broken.
  • OMF COMDEF far records were processed incorrectly.
  • Negative 8/16-bit values were badly represented as enumeration constants. The logic has been changed to make it easier to handle
  • Binary files for wide byte processors (line PIC16) were not loaded completely.
  • H8/500: 16-bit jumps in the page different from page0 would still refer to the page0
  • H8/500: the values segment registers BR and DP are used and stored
  • COFF 386: IMAGE_REL_I386_SECREL relocation type is supported
  • It was possible to scroll past the end of the disassembly listing using the mouse wheel
  • Some kinds of corrupted PE files are loaded better than before
  • Some segment:offset address expressions were parsed incorrectly
  • It was impossible to create local labels with data references
  • get_screen_ea() was broken.

IDA Pro PIC Limited Edition

• a reduced price version that offers all the power of IDA Pro for the PIC family of microcontrollers only. (3/14/2002)

New features in version 4.20 (12/19/2001)

• Processsors
  • TMS 320C54xx
  • The Motorola 8/16-bit processor modules (except 6812) now support configuration files with the memory, interrupt vector, and I/O port definitions.
    See files named 68xx.cfg. Currently only 6805.cfg and 6811.cfg are available and other files will be made available later.
  • The C166 module displays an information box explaining about the memory mapping feature present in the Options, General, Analysis, Processor specific options.
     
• File Formats
  • Microsoft.Net Beta2 files are supported.
  • Stricter check for RT-11 SAV file format. The file extension should be "SAV". There were too many false recognitions.
  • PE files: IDA Pro now recognizes TLS callback entries and properly comments them.
  • ELF files with destroyed SHT are supported.
• Interface
  • Arrows: The graphics version displays the execution flow in the form of small arrows to the left of the disassembly text.
  • Highlight: IDA highlights the current identifier on the screen. Alt-Up, Alt-Down arrows search for the highlighted identifier in the text. The highlight can be turned off in the Options, General, Misc dialog box.
     
  • IDA starts to scroll the window without waiting the cursor to reach the window top/bottom. Also it is possible to scroll the window by using Ctrl-Up, Ctrl-Down arrows.
  • Shift-Enter or Shift-DoubleClick selects the current identifier.
  • Edit, Function, Rename register: Register renaming definitions start at the cursor position and last up to the next definition. The address range of the existing definition is automatically truncated at the cursor position.
     
• Kernel Improvements
  • The function boundaries are automatically changed if an item overlapping it is created.
  • the LoadSym.Idc has been improved to work with dbg2map and mapsym
• Bugfixes
  • ARM BX instruction was not disassembled.
  • TXT version: Ctrl-Up, Ctrl-Down and other keys were not recognized as valid keycodes.
  • PPC ELF R_PPC_EMB_SDA21 relocation type is handled differently. Since there is not enough documentation, this could still be wrong.
  • Motorola movec instruction wouldn't be disassembled if an unknown control register is present in the instruction
  • delphi.sig doesn't load bcb5win.til anymore
  • TXT version: Ctrl-N was not working in the Enumerations window
  • H8 in the advanced mode would use 32-bits for the @aa:8, @aa:16, @aa:24 addressing modes
  • IDA Pro under Windows could crash if "comment ascii references" was on
  • Motorola 6805 brclr/brset/bclr/bset syntax now conforms regular conventions
  • IBM PC: redundant rep/repne prefixes were in the wrong order
  • Enumerations window: the text search could fail if there was only one defined enumeration
  • netnode::getblob could return nonexistent blob
  • TMS320C6 module could crash is a specific illegal opcode is encountered (ldb.d2 *+b14[35], b1 with 'dst' field bit 0x10 set)
  • It was not possible to expand a variable sized structure just before its last member
     

New features in version 4.18 (10/19/2001)

• Processsors
  • Fujitsu F2MC-16L and F2MC-16LX (advanced version).
  • PIC12xx, PIC14xx, PIC18xx processors in addition to the already supported 16xx family. (standard version)
  • Intel 960 module enhanced: FLIRT and types are supported I/O port names are added to i960.cfg
  • W65C02S support has been added to the 6502 module.
    
• File Formats
  • the PDB plugin recognizes the Windows XP SymDia symbols. Thanks to Mark Russinovich for the contribution.
  • OpenBSD aout files are supported
  • COFF files for Intel 960 are supported
  • ELF AR libraries are supported
• Interface
  • a new window listing callers and callees is available.
  • Wingraph 32 can now print.
  • Zooming in and out on graphs can be controlled by the mouse.
  • a small notepad has been added. The notes are saved and opened each time the database is reloaded.
  • IDA Pro is now able to check for the availability of updates and warns when the free update period is about to expire.
  • Patching has been removed from the default installation but can be activated by the DISPLAY_PATCH_SUBMENU option.
  • 'Undefine' now warns before proceeding. this option can be turned off by the CONFIRM_UNDEFINE_COMMAND parameter in the IDAGUI.CFG or IDATUI.CFG files.
• Kernel Improvements
  • Enhanced recognition of the function calling conventions.
  • Floating point numbers in the instruction operands are supported
  • Slightly improved vc6.til file.
  • Automatically resize the saved registers area in the function frame if there is a reference into the area from the function body.
  • New linux system calls are recognized by IDA Pro
• Bugfixes
  • ARM BX instruction was not disassembled.
  • The last character of unicode strings would be missing sometimes for the big endian processors.
  • MC6811 LDA instructions would create 16-bit data item.
  • IDA would miscalculate the program end after loading binary files
  • "rename stack variable" at place would rename a wrong variable
  • Uninitialized array elements with the specified width would not be displayed
  • A plugin that opened a non-modal window would be unloaded at the exit before having chance to clean up the window, which would lead to a crash
  • A bitfield with one member equal to -1 mask -1 could not be converted into a normal enumeration.

New features in version 4.17 (6/22/2001)

• Processsors
  • Intel 960 support
  • ST20/C2-C4 support
  • .Net module improved
  • DEC Alpha processor improved and supports the type system. Thanks to Ahmon Dancy for help.
  • PowerPC module improved
• File Formats
  • IDA Pro can now load hexadecimal and octal memory dumps in free format. (A set of heuristics is used to recognize and load such files).
  • Mach-O executable files are supported. (The relocation information is ignored for the moment.)
  • Microsoft X-box XBE files are supported. (However, the module may not cover all possible file format particularities).
  • Compaq Tru64 dynamic loader information is supported.
• Interface
  • External graphing module displays functions flow charts..
  • Array element indexes can be displayed as comments
  • The MakeAnyName (Ctrl-N) command is removed. The MakeName command is enhanced to handle all cases.
  • The Welcome dialog box is improved and keeps track of several previous disassemblies.
  • The GUI version has a Strings Window which contains all string constants present in the program.
  • GUI version: Alt-Enter = go to address in a new disassembly window.
  • GUI version: a special hotkey to create unicode strings can be assigned. See the IDAGUI.CFG file, the parameter name MakeUnicode.
  • GUI: the RAM/ROM sizes and addresses can be specified for binary files if the processor module doesn't handle it automatically.
• Kernel Improvements
  • New configuration parameter: ASCII_SAVECASE. If set, then IDA will preserve the case of the string contents when generating the string name.
  • Public global variables with anonymous structure or enumeration types are supported by the type system.
• Bugfixes
  • IDA would crash if the database was saved when the IDAView-A window was closed.
  • Microsoft.Net: the closing curly brace was missing for the classes with some fields but no methods.
  • the text version would crash if the analysis options were accessed from the "load file" dialog box.
  • Sparc V8 fmovs/fnegs/fabss instruction couldn't be disassembled.
  • C166 bmov/bmovn/bxor/band/bcmp instructions had the operands swapped.
  • It was not possible to declare a structure member as an enumeration type.
  • ST-20 module disassembled nfix prefix incorrectly.
  • In some rare circumstances the sizes of the standard structures would be calculated incorrectly. This would render the structure definition useless and would make impossible to import it into the database.
  • IDA wouldn't work on very old Win95 boxes due to GetFreeDiskSpace problem.
  • Some processor-module specific dialog boxes could crash IDA.
  • Java module was badly broken.
  • An empty "if(1) {}" statement would cause a stack overflow in IDC runtime.
  • An error message in IDC parse is fixed. Before it would say: Compilation error: longname.idc,1: Too long identifier '(null)' without displaying the variable name.
  • Java module wouldn't show the instruction opcodes.
  • Hitachi H8S @aa:16 addressing mode was not sign extending the 16-bit address
  • It was not possible to add a standard structure which consisted of one anonymous field (an example: the Visual C++ VARIANT structure).
  • IDA would exit with the "empty type name" message if a global variable with an anonymous type is encountered in the program 

New features in version 4.16 (3/22/2001)

• Intel Itanium IA64 support (advanced).
• Microsoft.Net CLI (Common Language Infrastructure) support (standard).
• Motorola 68HC12 support (standard).
  
• Register argument type propagation is implemented. It can be turned off in the kernel analysis options 2.
• Plugins can hook to the processor and kernel events.
• Plugins can be written in either Visual C/C++ or Borland C/C++.
• Processor extension plugins can be used to add instructions to processor modules.
• IDA's interfaces with the external world have been redefined.
• Unicode strings are recognized even if the default string type is "zero-terminated C string". This behaviour can be turned off using the analysis options. The terminating zero is included in the unicode strings.
• Enumerations can have several symbolic constants with the same value.
• 128bit operands and data items can be displayed (only binary and hexadecimal formats are supported for the moment).
• MFC IDS files are improved: number of purged bytes are added into the function descriptions.
• Linux system call numbers (int 80h) are commented properly.
• Backups of the databases can be created.
• User-defined line prefixes can be defined. See a sample in the SDK to learn how to use it.
• ELF Playstation 2 loader is improved.
• ELF H8 files are supported.
• PE files: TLS directory information is taken into account; new delayed import tables are supported (Characteristics & 1)
• PE files: it is possible to load files to arbitrary addresses using the manual load feature.
• IBM PC: Pentium 4 instructions are supported.
• IBM PC: redundant instruction prefixes are supported.
• IBM PC: AMD syscall/sysret instructions are supported.
• SPARC: the type system is supported. The type propagation is not implemented yet.
• SPARC: the SPARC assembler is now supported. (special thanks to Ahmon Dancy)
• SPARC: some minor bugs are fixed, Sparc assembler is supported.
• SPARC: architecture V8 in addition to V9 is supported.
• PowerPC module is improved: jump tables are recognized, lis/addi pairs are more aggresively converted to offsets
• H8 module is improved: jump tables are recognized
• C166 module is improved and several bugs are fixed. Thanks (again) to Ahmon Dancy for the information
• UNC file names are supported
• Many small interface enhancements
• Instruction opcodes are not displayed on xref/public lines.
• GUI: a fully synchronized scrollable hex viewer has been added.
• GUI: column widths in the list boxes are remembered
• The "Mark variable" command is removed.
• BUGFIX: IBM PC: movhps/movlps instructions were disassembled as movhlps/movlhps for opcodes 0F, 13 and 0F,17.
• BUGFIX: IDC.IDC: some macro definitions would cause syntax errors.
• BUGFIX: Text version: an attempt to exit with some "find all" windows open would crash IDA.
• BUGFIX: GUI version: in some rare circumstances the first item of the sorted lists would refresh incorrectly.
• BUGFIX: some bugs in the type system are fixed.
• BUGFIX: It was not possible to declare some standard structures.
• BUGFIX: MAP files for PE files sometimes had incorrect segmentation information.
• BUGFIX: Intel 8051: 24-bit addressing was good only for ecall/ejmp instructions.
• BUGFIX: The stack argument type propagation could hang on functions which access their stack without allocating it.
  

Update to 4.15 (1/10/2001)

• we've added support for the Pentium 4 new instructions.

New features in version 4.15 (12/2/2000)

• Feature : CodeView NB11 debug information support
• Feature : Struct offset deltas are supported. They allow to convert, for example,
  mov ax, 3 to mov ax, mystruct.field5-2
• Feature : stack argument information propagation. (Since this feature is somewhat experimental,it can be turned
  off in Analysis options, Kernel options 2).
• Feature : MakeArray command will now attempt to create an array even when some array elements are already defined as data items.
• Feature : some find dialog boxes allow to find and display all occurences of the desired instructions.
• Feature : MC86xx: enhanced operand type support (offsets, enums, stack vars, struct offsets can be applied to any complex operand)
• New processor ADVANCED : Siemens C166 and family ( C161 C161V-L16M, C161K-L16M, C161O-L16M, C161RI-L16M, C161RI-L16F C163 C163-LF, C163-L25F, C163-16F25F, C164, C164CI-8EM, C164CI-8RM, C165, C165-LM, C165-L25M, C165-RM, C165-LF, C165-L25F, C166, SAB80C166-M, SAB80C166-M25, SAB83C166-5M, SAB83C166-5M25, SAB88C166-5M, SAB80C166W-M, SAB83C166W-5M, SAB88C166W-5M, C167, C167-LM, C167S-4RM, C167SR-LM, C167CR-LM, C167CR-L25M, C167CR-4RM, C167CR-16RM, C167CR-16FM )
• New processor: STANDARD : SGS-Thomson ST7, SGS-Thomson ST20
• Improved processor : MIPS : MIPS16 encoding is supported
• Improved processor : PIC : port mapping like STATUS as at addresses 3, 83, 103, 183 are supported, PCLATH register is traced (see the segment registers), all modifications of PCL register are taken into account.
• Improved Processor : AVR: MegaAVR new instructions are supported. Thanks to Chris Dalla for information.
• Improved Processor : MIPS r5900: parallel shift and SA register instructions are added
• FLIRT: ELF preprocessor is added. Currently it supports only MIPS processor
• GEOS loader takes into account the uninitialized data segment, knows about
  the process class and the structure of the exported entries
• GEOS standard types are supported
• BUGFIX: Motorola 68K module would crash in response to Alt-R, Ctrl-S, etc.
• BUGFIX: The script toolbar would contain references to bad IDC script names
• BUGFIX: MIPS R5900 processor was not available from the load dialog box
• BUGFIX: IDA would use metapc as the default processor for all except the first file opened in the gui environment regardless of the DEFAULT_PROCESSOR parameter in IDA.CFG
• BUGFIX: some flavors of PIC HEX files were incorrectly loaded
• BUGFIX: it was not possible to delete items from the problem list using the Del key.
• BUGFIX: some MIPS R5900 instructions were not disassembled
• TXT version: the search direction indicator was not refreshed immediately
  after a direction change.
• TXT version: the text version confused the "manual operand" and "text search" commands.

New features in version 4.14 (7/27/2000)

• New Processor : Motorola 56K DSP
• New Processor : Motorola ColdFire
• PowerPC Embedded Controller Instructions have been added to the PPC module
• New Processor : H8/500
• New Processor : Z80 derived Gameboy Processor
• Preliminary version of R5900 processor support (Sony PlayStation(tm) 2)
• ARM architecture version 5 support
• GEOS executables are supported
• PIC: now pic.cfg can be modified for different devices
• EPOC SIS files are now directly supported.
• PPC: Loading of LinuxPPC executables is enhanced
• A "program navigator" band is available in the GUI version
• All list viewers have been enhanced to support sorting.
• Structs/enums can be hidden/unhidden with +/- hotkeys
• The state of the script toolbar is saved between sessions.
• New TIL files have been added to the type system.
• Zero constants with one bit masks are allowed in the bitfields.
  For example:
  #define PARITY_EVEN 0x01
  #define PARITY_ODD 0x00
  defines 2 states of a one bit mask.
• The user name is saved in the database.
• Parameter names derived using the type information are automatically changed when the function declaration is changed.
• IDA can mark the boundaries of the basic blocks by inserting an empty line after them. A basic block is a sequence of instructions with no jumps to/from the middle of the block.
• PE: Forwarder exports are supported.
• IDC: The recursion depth can be changed using IDC_CALLDEPTH and IDC_STACKSIZE parameters in IDA.CFG
• IDC: New function SetStatus(). This function allows the user to change the IDA status indicator (green, yellow, red)
• BUGFIX: COFF PC: 32-bit offsets to 16-bit segments are handled properly
• BUGFIX: Disassembling a WDM driver with unknown VxD/VMM calls could crash IDA
• BUGFIX: It was not possible to use predefined structures with anonymous fields, e.g. the SYSTEM_INFO structure was not available in the disassembly
• BUGFIX: movem instruction with pc-relative addressing mode from memory to register would not disassemble (Motorola 68k)
• BUGFIX: IDA would crash trying to load some Watcom executables.
• BUGFIX: Sometimes it was not possible to create the .align directive at the very end of a segment.
• BUGFIX: The return size of the function stack frame was unchangeable even when the function return type (far/near) was changed.
• BUGFIX: In some unusual cases the first two characters of local variable names would be missing.
• BUGFIX: 6809 leax instruction pc-relative mode used the wrong target address.
• BUGFIX: The enumerated dummy name count could be wrong is some circumstances (e.g., there could be 2 labels "loc_55").
• BUGFIX: Some virus-tainted PE files would not load.
• BUGFIX: "produce diff file" would hang IDA in some circumstances.
• BUGFIX: GUI version could crash trying to reload the same database.

New features in version 4.10 (6/19/2000)

• Introduction of the Type System : standard function types are recognized and the information about their parameters is used in the disassembly. The type System is initially available for Windows binaries.
• USER added types : the type system allows the user to define his own types and to load external header files. This means that IDA Pro now includes significant parts of a compiler, namely: the C preprocessor, lexer, parser, and semantic analyser of type declarations. We expect some problems in this new part of software.
• Standard structures, enumerations and union definitions can be applied to the disassembly directly from the type database.
• MS Windows WDM calls are now supported and commented.
• HP PA RISC Processor : all v2 architecture instructions are supported, the HP SOM file format is supported but relocations are not supported (advanced).
• The free compiler BCC 5.5 can now be used to compiled processor modules and plugins.
• All operands, including registers, can now be modified through the manual operand command.
• NB10 Plugin now integrated.
• Borland RTTI plugins
• 80196 : support has been added for the windows selection registers WSR and WSR1
• IDC : the function GetIdbPath() returns the full path name to the current IDB file.
• TEXT_SEARCH_CASE_SENSITIVE cfg parameter added.
• BIN_SEARCH_CASE_SENSITIVE cfg parameter added.
• BUGFIX : some comments in vxd.cmt were wrong.
• BUGFIX : the external help (CTRL-F1- would not work when the cursor was past the end of the line.
• BUGFIX : it is now possible to define the default value of the last segment register.
• BUGFIX : the GNU H8 assembler now uses ';' as a comment symbol.
• BUGFIX : MS COFF 16 bits segments are now loaded correctly.

New plugin

• We have released a plug-in that helps you deal with Microsoft's NB10 debugging
  information and its external PDB files.

New features in version 4.04 (4/4/2000)

• First release of the Alpha disassembler (ELF and COFF file formats are supported)
• Sony Playstation 2 ELF Disassembler
• ARM thumb mode is now disassembled
• Commenting of Windows NT Int 2E calls
• Variable bytes in search strings
• Local names are not demangled anymore
• The delayed import tables of PE Files are supported.
• the information found in the AIX COFF optional header is now used to improve the disassembly.
• BUGFIX : some Windows CE IDS files should have been platform-specific.
• BUGFIX : dummy names in the tail bytes were not deleted.
• BUGFIX: .align 2 was inaccessible from the user interface in some cases.
• BUGFIX: cvttps2pi, cvtps2pi (IBMPC) instructions were incorrectly disassembled.
• BUGFIX: sections with wrong size in the file header (PE) were not loading at all.
• BUGFIX: IDA Pro could crash apparently randomly.
• BUGFIX: search was not possible in the enumerations and structures window.
• BUGFIX: the import section of some PE files was loaded incorrectly.
• BUGFIX: it was not possible to stop analysis from the "load file" dialog box

New features in version 4.03 (3/9/2000)

• Register Variables (allows you to rename processor registers - improves the usability of the RISC disassembler) .
• Local Labels in functions.
• GUI : String Manipulation Toolbar.
• GUI : toolbars can now be hidden.
• The ARM disassembler module has been improved.
• IDC : new function GetInputFilePath()
• MISC : if the IDA_NOWIN environment variable is defined, the console version of IDA will run under WINE.
• BUGFIX : arrays can now be defined as element of structures.
• BUGFIX : some XCOFF files could not be loaded and disassembled, IDAW disk space routine could crash.

New features in version 4.02 (2/11/2000)

• We now disassemble SPARC V9 and UltraSparc II (advanced version).
• We now disassemble EPOC executable and EPOC ROM image files.
• Disassembler module for the 80196NU & NP processor.
• Improved PalmOS 3.0 support.
• Improved the Atmel AVR disassembler. Thanks to Chris Dalla.
• Microsoft AR import libraries are supported.
• Amiga Hunk File Loader (preliminary support).
• IDC : SetManualInsn/GetManualInsn IDC functions have been added.
• IDC : OpNot() bitwise NOT on the operand.
• New ascii string types: unicode-pascal (2 byte length) and wide-unicode-pascal (4 byte length).
• IBMPC: the SFENCE instruction is now disassembled, even with an illegal ModRM byte.
• if the database is closed while Shift is depressed, IDA will save it without any question.
• Ctrl-Shift will close the database without saving it into the disk.
• GUI: the structure and the enum windows now have a menubar and a popup menu.
• GUI : IDC programs can now be loaded, executed and edited from a toolbar.
• GUI : double clicking an address in the message area moves in the disassembly.
• GUI: "secondary windows always on top" feature is added.
• GUI: "hide all functions" is added.
• GUI: lazy jumps and autohide/unhide features(see options/navigation page).
• GUI: file offsets are now constantly displayed on the status bar.
• GUI: the syntax highlighting color setup dialog has been improved.
• GUI : navigation between open windows using Alt- hotkeys.
• The number of lines per item is now configurable. See MAX_ITEM_LINES parameter in IDA.CFG file. The default is 5000.

New features in version 4.01 (11/5/99)

• Disassembler module for the Zilog Z180 and Z380 (standard version)
• Disassembler module for Pic 16xxx (standard version)
• Disassembler module for MC6303 ASxxxx: bitwise OR and NOT operators.
• text search and other potentially lengthy operations can now be aborted
• several bugs have been fixed.

New features in version 4.0 (9/21/99)

• Windows GUI Version
• Disassembler module for AMD Athlon (std)
• MacOS A-TRAPS
• PE Files : the imports segment is created even if it was absent from the original file.
• COFF debug information in PE files is now loaded.
• 80x86 undocumented instructions
• 8085 undocumented instructions
• PC_ANALYSE_DIFBASE : new analysis configuration option.
• Help is available in HTML

New features in version 3.8 (09/11/98)

1. The Hitachi SH-3 processor is now supported (extended version).
2. The Intel 80196 processor is now supported (included in the base package).
3. The Zilog Z-8 processor is now supported.
4. Complex references are now supported.
5. NetBSD a.out files are now supported.
6. ARM ELF executable are now supported.
7. PowerPC ELF executables are now supported.
8. MakeAlign and GenerateFile have been added to the build-in IDC language.
9. Floating Point emulation instructions are now disassembled.
10. The load file dialog now supports processor type choice and analysis options definition.
11. The video mode can now be changed on the fly
12. The PE loader has been improved to support some virus infected files.
13. Bugs have been fixed in the PE loader, in the 68K module, in the structure view, in the Borland name demangler, in    the handling of wide ASCII pascal strings and in various other areas.

New features and bug fixes in version 3.6

MAJOR FEATURES ADDED

(3.6) Standard Run-time Library Recognition

The following compilers are supported in this release. Support for other compilers will be added in the future.
Turbo C v2.0
Turbo C v2.01b
Turbo C++ v1.01
Borland C++ v3.1
Borland C++ v4.0
Borland C++ v4.5
Borland C++ v5.0
Borland C++ for OS/2 v1.5
EMX (GCC) for OS/2 v0.9b
Microsoft Quick C
Microsoft C v7.0
Microsoft Visual C++ v1.0
Microsoft Visual C++ v1.5
Microsoft Visual C++ v2.0
Microsoft Visual C++ v4.0
Microsoft Visual C++ v4.1
Symantec C++ v6.0
Symantec C++ v6.1
Visual Age C++ v3.0
Watcom C++ v9.5
Watcom C++ v10.0b
Zortech C v1.0
Zortech C v3.1

(3.6) 32-bit Windows native disassembly environment (console)

(3.6) Java support (and ZIP support)

(3.6) Motorola 8bit processors are now supported.

Motorola MC6800
Motorola MC6801
Motorola MC6803
Motorola MC6805
Motorola MC6808
Motorola MC6809
Motorola MC6811

IMPROVEMENTS

(3.6) 64MB programs can now be disassembled.

(3.6) OMF libraries are now recognized and modules can be extracted and disassembled.

(3.6) CEXTDEF records in OBJ files are now handled properly.

(3.6) improved recognition of data segment for DOS executables.

(3.6) COFF : the C_NT_WEAK storage class is now handled.

(3.6) OS/2 Merlin chained relocation records are now handled properly.

(3.6) the following sequence has changed: dd -> float -> dq -> dt

(3.6) jump tables are now analyzed faster.

(3.6) the generation of map files has been improved.

(3.6) It is now possible to define the following environment. variables.

IDASGN points to the signature directory.
IDAIDS points to the IDS files directory.

(3.6) the environment variable IDA_PAGESIZE now defines the page size for newly created databases. The default page size is 4096. Pagesize should be power of 2. You may want to increase the page size if you hit limit on the number of chunks when loading an .OBJ or NE file.
Judicious use of this variable now allows the disassembly of files of virtually any size.

(3.6) the -b (program base address) switch now understands 32bit addresses.

(3.6) binary search is now faster.

(3.6) interface enhancements : CTRL-ENTER and BACKSAPACE allow fast lookups in the viewer. Data Items can now be defined massively. ALT-T and CTRL-T allow fast searches in the list viewers.

(3.6) dozens of minor enhancements.

BUG FIXES & CORRECTIONS

(3.6) data xrefs can now be deleted manually.

(3.6) a bug with jcxz instruction in huge 32bit segments has been fixed.

(3.6) a bug has been fixed in the IDC interpreter: 16bit numbers at page boundaries would be read incorrectly.

(3.6) a laoding problem with some NE files has been corrected.

(3.6) version 3.53 would exit with a "heap corrupt" message when loading a 3.04 database.

(3.6) the loopw instruction was incorrectly disassembled in huge 32-bit segment. This has been corrected.

(3.6) The Borland v5.01 ctime() function has a bug that sometimes caused IDA to crash. This has been fixed.

(3.6) dozens of minor fixes.

New features and bug fixes in version 3.53

Enhancements

• IDA tries the file extensions specified in IDA.CFG in order to open the file to disassemble.
• Ctrl-KB/Ctrl-KH may now be used for block marking/unmarking.
• The name of the file being disassembled is displayed in the title bar of the message window.
• The COFF format handling has been slightly improved.
• The name of the disassembled file is displayed in the "produce output file" dialogs.

Corrections

• The 32-bit IDA versions crashed trying to generate a .MAP file.
• IDA crashed if more than 50 segments were defined in a group (object files)
• The tails of very long names (>32 chars) are displayed in the names list (Ctrl-L) after the addresses column.
• IDA crashed attempting to display xrefs to a very long name (more than 79 characters)
• Object files: a loading error is fixed: in 32-bit object files the self-referenced relocations were resolved incorrectly if a symbol was declared as external and public at the same time.
• IBM PC: the "large" keyword was used when it was not necessary (new versions of TASM issued warning)
• The indicator displayed READY during the creation