Changes for the build 6.4.130306

This is a bugfix release, fixing various minor issues in the original 6.4 release.

Processor Modules + ARM: improve iOS Thumb-2 code analysis (MOVW/MOVT pairs with position-independent code); this improved decompilation of such code.

File Formats + DWARF: numerous improvements to handle DWARF info produced by ARM’s ADS and RVCT.

Bugfixes BUGFIX: BOCHS: BOCHSRC variable in dbg_bochs.cfg was overwriting the value of BOCHSDBG BUGFIX: BOCHS: VirtualProtect was not working if current extlang was set to Python (typo in bochs/startup.py) BUGFIX: DWARF: IDA could fail on complex types with too many members (i.e., 4095+). BUGFIX: DWARF: accept in-file DWARF information for Mach-O binaries as well. BUGFIX: DWARF: arrays of [arrays of] const volatile types were not properly handled. BUGFIX: DWARF: automatic loading of DWARF companion files for Mach-O binaries. BUGFIX: DWARF: handle smaller memory models (e.g., 4-bytes pointers on 64-bit platforms). BUGFIX: DWARF: plugin would force IDA to quit if the input file could not be read. BUGFIX: DWARF: use proper register numbers for x64. BUGFIX: DWARF: wouldn’t properly recognize GCC with GIMPLE frontend BUGFIX: Extracting a function could make IDA run out of memory. BUGFIX: GDB: PPC: IDA could interr when trying to view values of registers r1 or r2 when connecting to target without a database BUGFIX: IDA could interr because of wrong type information in the database instead of silently ignoring it BUGFIX: IDAPython: CommentEx() was always returning None BUGFIX: IDAPython: ph_get_operand_info() was broken BUGFIX: IDAPython: SetBptCndEx() was setting the wrong low-level condition flag. BUGFIX: PC: improper switch detection could destroy valid code in some x64 OS X binaries BUGFIX: PIN: fixed some minor bugs BUGFIX: SDK: askstr_c() with history = HIST_CMD displayed no edit field BUGFIX: SDK: fix building of the PIN module in the SDK tree BUGFIX: srcdbg: IDA could crash when debugging using both the decompiler, and PDB (or DWARF) plugin. BUGFIX: srcdbg: locals/watches would crash IDA on structures with 100+ elements. BUGFIX: srcdbg: when in source-level debugging, union fields were fetched with offsets, as if they were structure offsets. BUGFIX: srcdbg: when multiple source-level debugging providers are in use (e.g., PDB + decompiler), fetch “Locals” items from the last-focused source view. BUGFIX: SuperH: after turning off “Convert Immediate Loads”, PC-relative expressions were not anymore converted to addresses BUGFIX: UI: ‘copy to clipboard’ could prematurely truncate the copied data in some cases BUGFIX: UI: default focus was wrong in some dialogs (e.g. User-defined offset or Rename) BUGFIX: UI: double-clicking a number in the Output window without a database loaded would crash IDA BUGFIX: UI: when dragging windows, show docking anchors in the same instance only BUGFIX: UI: Fix fonts dialog behavior on Linux – in some cases the style selection was not updated when the font target was changed BUGFIX: UI: Fixed crash on Alt+F4 in full screen mode BUGFIX: UI: Horizontally-placed radio buttons did not work in forms BUGFIX: UI: IDA could fail to extend an array even after asking the user to destroy hindering definitions BUGFIX: UI: IDA could hang while saving bytes to a file from a hexview BUGFIX: UI: IDA64 could crash when editing source viewer tab size BUGFIX: UI: In “Script snippets” dialog the current script was always executed as IDC if using Ctrl+Enter to run it BUGFIX: UI: opening Navigation Band color preferences would crash IDA BUGFIX: upon closing a database, regular plugins were unloaded too early, before the ui_saving event was generated BUGFIX: windbg: once set, the “MODE” parameter (user/kernel debugging mode) could not be changed programmatically



Changes for the build 6.4.130110 (original release)

New instructions for the PC module

Intel chips with AVX support has been available for a while, and now we have added support for this x86 extension. We also added support for extensions which are not yet available but have been announced: AVX2, FMA, BMI1, BMI2, F16C, ADX, RDSEED, SMAP, INVPCID and RTM

DWARF debugging info support

DWARF debugging info is used by GCC and many other compilers. We added support for it: now IDA can import not only the symbol names, but also the type information. Source-level debugging is possible too (x86 only). Currently only ELF and Mach-O for x86, x64 and ARM are supported but we plan to extend the list. Because there are quite many DWARF-producing compilers & tools, your favourite platform might not be supported yet, so be sure to let us know if you use it with other formats or processors!

Source-level debugging on x86.

AMD 64 is supported, too.

ARM support (work in progress).

Types imported/re-created from the DWARF information.

PIN tracing and debugging

PIN is a dynamic instrumentation framework from Intel. We have made a debugger module that uses it for tracing and debugging. Since it does not use the regular debugging APIs, it avoids many of their problems. Also it is much faster for tracing the execution.

Configuring the PIN tracer module.

Tracing results.

Other debugging improvements

Added support for SystemV AMD64 ABI: now you can use Appcall with complex structure types when debugging x64 Linux binaries

Added option (enabled by default) to use hardware breakpoints for temporary breakpoints (used, for example for “step over” or “run to” functionality). This helps with debugging of read-only code (e.g. on recent OS X).

Remote debugging servers now can pause the process if connection to IDA breaks and resume debugging on reconnect instead of killing the process. Just add “-k” to the server’s command line to enable this feature.

Multiple UI improvements

We took our time to address many of the minor feature requests and annoyances to improve usability. For example:

The revamped script command dialog (Shift-F2) now allows you to have several script snippets and quickly switch between them. You can also easily export snippet to a file or import a file into the editor. Additionnally, it’s now non-modal (and dockable), so you don’t have to save the work in progress elsewhere just to copy some text from the disassembly.



Changed auto-completion behavior to not replace entered text until confirmed by user. Annoyance factor reduced!



Added separate font configuration for disassembly, hex view and output window.

Added an option to export and import color settings (send us your color schemes!)

The “highlight current word” feature is very convenient but it was limited to simple text matches. Now IDA can highlight matching register parts, e.g. EBX , RBX and BH are considered to be “connected”. This will make reversing of x86 code much more pleasant.

Currently this functionality works only for x86/x64 code but it’s easily enough to add other processors: we just need to implement the get_reg_info notification.

, and are considered to be “connected”. This will make reversing of x86 code much more pleasant. Better alignment of fields in dialog windows.



Support for the latest changes in iOS and Windows 8 (on ARM)

And many more minor improvements…

Changelist