Highlights

The biggest news is the ARM64 decompiler, a long awaited tool.

We are proud that it works well and can handle floating point and even some NEON instructions. Input: Output:

We are proud that it works well and can handle floating point and even some NEON instructions. We reworked the way we handle the navigation in the user interface and many related things. Now it is possible to synchronize between views, use the navigation history in structure and enum views, etc. Overall the user interface is more responsive.

Our oldest processor module for x86 got improved to decode many new fancy instructions

We switched from PySide to PyQt; from Qt4 to Qt5; from VS2010 to VS2015.

All these changes are mostly internal but using newer libraries and development tools should improve your experience with IDA.

Complete changelist

Processor Modules 65816: many improvements ARM: implemented reading of vfp registers for arm remote servers ARM: implemented calculation of function argument locations for aarch64 ARM: improved register tracking ARM: added support for security_push/pop_cookie functions (thumb mode) ARM64: added support for varargs in non-framed function PC: improved detection of function boundaries in PE+ files with unwinding metadata (.pdata section) PC: added AVX comparison pseudo-ops PC: added decoding of AVX-512 extensions PC: added decoding of MPX extensions PC: added decoding of SGX extensions PC: added decoding of SHA extensions PC: added decoding of XOP extensions PC: added decoding of CLFLUSHOPT, CLWB, and PCOMMIT instructions PC: added decoding of PREFETCHWT1 instruction PC: added decoding of RDPKRU and WRPKRU instructions PC: added decoding of XRSTORS, XSAVEC, and XSAVES instructions PC: added support for switch patterns from more recent versions of clang PC: added support for switch patterns from llvm-gcc PC: improved prolog analysis PIC18: added support for PIC18F2682/2685/4682/4685 devices PPC: added support for PPC SystemV EABI and PPC64 AIX and SystemV ABIs PPC: improved handling of function arguments PPC: improved naming of stack variables PPC: improved tracking of SP register PPC: added support for memory mapping MIPS64: convert standard sequences (lui, ori, li, etc) to dli macros SH4: improved switch recognition (thanks to Zak Escano!) SNES: improved loader, and included snes’s spc loader. Thanks, Gocha SPC700: new processor module for super nintendo spc700. Thanks, Gocha avr.cfg: added description of ATmega644p (thanks to Aliaksandr Chailytko)

File Formats DWARF: Environment variable IDA_NORELOC will be honored by the plugin, and no relocations will be performed in the DWARF sections (can be useful for VxWorks-produced binaries.) ELF: added AArch64 relocations ELF: improved detection of truncated files ELF: tweaked a bit analysis options (added AF_PURDAT) MACHO: small improvement for parsing Swift metadata MACHO: support for OSX apple-protected binaries (at least for versions 10.6 – 10.11) PE: improved parsing of CFGuard function tables (additional flag bytes are now recognized and skipped) PE: unnamed export entries are no longer given a dummy name in the Exports window PE: when using manual loading, it is now possible to use the “don’t show again” checkbox to load (or skip) all subsequent sections at once PE: print the PE timestamp in the file’s info comment .net: we use our own file parser on all platforms, including windows too uimage: add support for images that use gzip compression

Debugger added support for ARM64 Android binaries (android_server64) mac_server now supports codesigning to avoid having to run it as root. it can be codesigned just like gdb GDB: allow for additional features in the XML sent by the remote stub GDB: allow the user to specify additional/custom register layouts using the config file and XML target descriptions GDB: added support for x64 targets

Kernel/Misc IDS: MS Windows IDS files have been updated to Windows XP SP3 IDS: added Windows 7 sp1 x64 IDS files IDS: update wince/arm/coredll.idt with some missing ordinals TIL: support for type definitions that have long names (> 512 characters) added DEMNAME_FIRST config paramter (if both type and demangled name are present, it selects one of them) added STORE_USER_INFO config parameter; if turned off, info about the database creator will not be stored in the database added a config option XREF_CACHE_LIMIT to limit memory usage of the cross-references cache. This allows analyzing huge files in IDA at the cost of some slowdown added signatures for ICL15 added signatures for VC12 (VS2013) and VC14 (VS2015) added signatures for Embarcadero RAD Studio xe5 to xe10 Update 1 improved sigmake collision detection improved sigmake speed added support for Linux syscall-based system calls any directives of any configuration files can overridden by user-specified files placed in %IDAUSR%/cfg/ IDA doesn’t recognize the IDAPLG environment variable anymore: the more versatile IDAUSR should be used instead IDAUSR environment variable can hold more than 1 path, which will be searched in order when looking for files databases can be uploaded to Hex-Rays’ web server in background demangler: added support for __vectorcall, __clrcall improved analysis speed of some obfuscated files pelf: Added support for AARCH64 (ARM64) added more noreturning function names

User Interface ui: added functionality to synchronize between user-specified viewers ui: added syntax highlighting for IDC and Python ui: added support for multiple keyboard shortcuts per action ui: “search all” can now be used in “Structures”, “Enums”, and any user-created viewer ui: proximity view: double-clicking on an edge will take you to the node at the other end of the edge ui: proximity view: it is now possible to see details about paths, and copy their information ui: traced instructions are now highlighted in debug mode ui: Ctrl+DblClick on name in idaview opens target in the new view ui: Add syntax highlighting to Import/Export of colors + reset it when “Reset” button is pressed ui: Listing views (IDA View-A, Structures, Enumerations, …) can now be scrolled horizontally with 2-finger scrolling (e.g., on trackpads), or by using Alt+<mouse wheel> on Windows.

Scripts & SDK IDC: added PrintLocalTypes() SDK: added PR_OUTER that must be specified for processor modules that support outer operands SDK: event hooks: changed the way new event listeners are registered. now new listeners are appeneded to the end of the list and therefore will receive events last. hopefully it will lead to better logic because usually it is the ui and the processor module who will get first hooked; and only then plugins. it means that the processor modules and ui will be first to react to the events SDK: functions to retrieve the input file size SDK: functions to calculate/retrieve the SHA256 hash of the input file SDK: introduced the notion of ‘ABI name’ in IDA; it can be set using set_compiler2() function; processor modules are in general responsible for recognizing it and setting up various config bits in IDA accordingly SDK: added new flag: SETMENU_FIRST: add item to the beginning of menu (to be used in attach_action_to_popup) IDAPython: IDP_Hooks, IDB_Hooks, UI_Hooks & DBG_Hooks are now automatically generated from the list of notifications in the corresponding .hpp headers switched from PySide to PyQt

BUGFIXES BUGFIX: ‘user-defined offset’ dialog was broken if custom offset types were present (for tricore, for example) BUGFIX: 64-bit ARM branch addresses to missing addresses would be truncated to 32 bits in the output BUGFIX: 64bit mach-o loader: incorrect hangling of PRELINK_INFO BUGFIX: ARM: GCC Thumb1 compressed switches that used the __gnu_thumb1_case_si helper were handled incorrectly BUGFIX: ARM: incorrect calculation of locations for some big function arguments caused interr 50904 in decompiler BUGFIX: ARM: incorrect disassembling of instructions FMAXV, FMAXNMV BUGFIX: Automatic snapshot flag was not stored in snapshots of newly created databases BUGFIX: DOS loader would accept an input file simply because it had a .exe extension BUGFIX: COFF: parsing files with empty string tables was broken BUGFIX: DWARF could fail with some complex ARM ADS 6.x-generated DWARF files BUGFIX: DWARF relocations to ‘.debug_*’ sections were erroneously handled BUGFIX: DWARF: badly-broken files with corrupt .debug_abbrev sections could cause the DWARF plugin to segfault (NULL-pointer dereference.) BUGFIX: DWARF: GCC-produced DWARF type information whose name is “__int128 unsigned” wasn’t properly sanitized BUGFIX: DWARF: Unexpected structuring of complex types in ADS-produced binaries could get the DWARF plugin cause an INTERR BUGFIX: DWARF: some llvm7-generated construct could cause the plugin to INTERR BUGFIX: During auto-analysis, don’t rename stack locations of function F, if those names would conflict with register aliases within function F BUGFIX: During debugging, it was impossible to set flag registers individually BUGFIX: During debugging, when the user is asked for a mapping path, and presses ‘Esc’ to set it as ignored, and ‘Esc’ again to dismiss the ‘Mappings’ dialog, the path that would be ignored was that of the file, not that of the directory containing the file BUGFIX: During debugging, when the user is initially asked for a mapping, he/she couldn’t add another right after that, before dismissing the ‘mappings’ dialog BUGFIX: ELF: IDA would refuse to load files with non-PT_LOAD segments lying outside of the file BUGFIX: Exporting module-relative breakpoints to IDC wouldn’t properly escape ‘\’ path elements separators BUGFIX: FLIRT: parsing of Watcom OMF libraries was broken BUGFIX: Fixed binary search. Now this dialog can be used also for search of any input values up to uint64 size both for big/little endianness for any size of byte (8-, 16-, 24-, 32-bit) BUGFIX: For 64-bit binaries, IDA could display truncated values in special segments (e.g., ‘extern’, ‘abs’, …) BUGFIX: IDA could abort with interr 1226 when repairing a corrupted database BUGFIX: IDA could corrupt old databases when upgrading pages containing long (size>255) keys BUGFIX: IDA could crash during debugging, when asked for a binary path mapping, and if the user choses to add yet another mapping but leaves it empty BUGFIX: IDA could crash on osx when trying to clear the message window while the focus is in the script snippet window BUGFIX: IDA could crash when zooming out of proximity view BUGFIX: IDA could erroneously report ‘database bitness differs from debugged application bitness’ when attaching to a process in batch mode BUGFIX: IDA could interr when passing 0 as the bufsize parameter to tag_remove() BUGFIX: IDA could not create a 32-bit flat offset inside of a 16-bit segment in some cases (by default IDA creates seg:off pairs for 16bit segments) BUGFIX: IDA could not load dwarf debug info for a module when remote debugging BUGFIX: IDA could show in hints wrong value of a FPU/XMM register operand BUGFIX: IDA was not able to jump to a secondary IDA View, Hex View or Pseudocode window from search results, in case the last-visited view was closed BUGFIX: IDA was unnecessarily retrieving the python GIL in a callback called by the kernel, resulting in a significant slowdown on mac BUGFIX: IDA would fail to load PDB symbols for .pdb files selected via the file browser BUGFIX: IDA would reject the names of some types from newer windows executables BUGFIX: IDAPython couldn’t set the language of a breakpoint condition, and thus couldn’t express conditions in other languages than IDC BUGFIX: IDAPython’s get_idasgn_desc() doesn’t return the number of matches. Added get_idasgn_desc_with_matches() BUGFIX: IDAPython’s get_member_by_fullname() was not usable, and only 1 variation of get_member_by_id() was usable BUGFIX: If the IDA View was in graph mode before starting a debugging session, it wouldn’t be restored to graph mode after the debugging session ends BUGFIX: In 64-bit IDA, IDAPython would fail to generate proper wrappers for the objects returned by calc_switch_cases() BUGFIX: In case a “Fat” Mach-O file had 2 versions of the _same_ architecture (e.g., ARMv7 & ARM64), the DWARF plugin could attempt loading the wrong one BUGFIX: In the “Function calls:” window’s “callers” part, the address of the call instruction would be printed twice, instead of having the address only once and then the function name BUGFIX: JumpOpXref was not working on a name with forbidden (non-identifier) characters if pressed on the name at the beginning of the disassembly listing BUGFIX: LX: loader could return garbage data for packed pages BUGFIX: Leaving a mark, and then right-clicking on the address of an instruction could cause IDA to INTERR with the code 520 BUGFIX: Loading an additional non-IDS/IDT file could cause IDA to INTERR BUGFIX: PC: fixed VSIB index registers BUGFIX: PC: fixed operand size for scalar FMA instructions BUGFIX: PDB: Remote PDB could return garbage data on unix BUGFIX: PIN, instant debugging mode: module could report incorrect process bitness after attaching BUGFIX: PIN: in some cases IDA could not suspend running process BUGFIX: PIN: pintool could hang on a multithreaded windows application (race condition) BUGFIX: PIN: pintool did not suspend application before reporting PROCESS_ATTACH event to IDA BUGFIX: PIN: pintool reported broken module name with PROCESS_ATTACH event BUGFIX: PPC ddedpd, ddedpdq, denbcd, denbcdq opcodes were not properly supported BUGFIX: PPC: IDA did not display the function stack frame correctly BUGFIX: Pressing Home,End when in the “quick filter” of a chooser will move the cursor to the beginning or to the end of the filter line, instead of scrolling the list of items to the beginning or the end BUGFIX: RVCT-produced DWARF info with duplicate typedefs could cause the DWARF plugins some issues BUGFIX: Selecting an area, pressing ‘t’ to choose between matching structs (or almost-matching structs), and requesting to “Add missing fields” to a struct that would otherwise match, could crash IDA BUGFIX: Setting NLSPATH to a very large value could cause IDA to crash at startup BUGFIX: Setting a module-relative breakpoint, without specifying the module name, could crash IDA at database-save time BUGFIX: Shift+Up/Down/PageUp/PageDown when modifying the quick filter of a chooser wouldn’t add rows to the selection but rather clear the selection, and select only 1 item BUGFIX: Some ARM ELF relocations (R_ARM_CALL, R_ARM_JUMP24, …) could be incorrect BUGFIX: Some PPC opcodes were causing IDA to exit with interr 10185 BUGFIX: The DWARF plugin could fail loading GCC 3.3.3-produced UDTs with declared-only inherited types BUGFIX: The DWARF plugin could fail spotting colliding typedefs in clang-produced DWARF information BUGFIX: When exporting types, IDA could crash after trying to forward declare a non-local type BUGFIX: When failing to updating a breakpoint’s size/type through update_bpt(), IDA could leave the breakpoint in a state preventing it from being usable anymore BUGFIX: When making code, if segments had to be adjusted, IDA could crash because of recursive calls to generate_disassembly() BUGFIX: When selecting negative “standard constant” enumerators, IDA could display the operand as a faulty number, instead of as that symbolic constant BUGFIX: When the start address of function with chunks was changed, the “owner” and “referers” field of function tails were not updated and could hold the address of non-function area. In this case any modification of function using screanEA from tails range fails. The problem is solved by fixing “owner” and “referers” of tails using new start ea of the function BUGFIX: Win32 debugging: could leave EIP in the middle of an instruction, in some cases a step over/into an x86/x86_64 callgate was requested (i.e., system call), and if that callgate called us back, hitting a breakpoint in user code BUGFIX: __declspec(align(x)) was parsed incorrectly in some cases BUGFIX: alignment for complex situations like “void (***func[])() was not parsed/printed correctly BUGFIX: aloc_visitor_t could not be fully utilized from idapython BUGFIX: area_visitor2_t could not be fully utilized from idapython BUGFIX: c166: Fixed ida crash if bad cc code for jmpr, jmpa, calla, jmpi, calli instructions is stored in the database BUGFIX: calling QTime::elapsed() from idleEvent() would significantly slow down analysis time on mac BUGFIX: checking for the new versions the second time could fail BUGFIX: coldfire: ida was decoding illegal addressing modes for the move instruction BUGFIX: copying from customer views to clipboard was broken BUGFIX: dbg: dalvik: the unregistered request for deferred breakpoint prevented the debugger detach BUGFIX: dbg: fixed wrong 64-bit address truncation to 32-bit BUGFIX: dbg: win32: dirty memory block was returned in memory info BUGFIX: debugger: fixed interr 1203 which could happen in presence of DLLs with very long (>1024 bytes) export names BUGFIX: defining a new structure oe enum in the presence of a forward declaration would change the ordinal number of the forward declaration BUGFIX: ebc: fixed some wrong references and exceptions BUGFIX: error color was printed as blue when generating html files BUGFIX: exception code was displayed incorrectly in the ‘edit exception’ dialog BUGFIX: fixed handling of empty structs: ida was considering them to be 1-byte size while gcc treats them as 0-byte size BUGFIX: fixed interr 1060 which could occur if the target compiler was not set BUGFIX: fixed interr 40178 BUGFIX: fixed interr 50295 BUGFIX: fixed interr 984 which could occur during importing pdb files BUGFIX: fixed memory corruption (seemingly without any consequences) made by askstr() BUGFIX: floating point operands of data items would be printed incorrectly for big endian processors BUGFIX: gdb: 64-bit debuggers were using 32-bit register layouts BUGFIX: hcs12x: Fixed instruction opcodes for xgate instruction set (sub and sbc instructions and their aliases were swapped) BUGFIX: highlighting and scrolling could be sluggish in the disassembly views, especially on osx BUGFIX: ida could crash if the user closed the database and terminated the debugger session at once (only in some rare circumstances) BUGFIX: ida could crash on some corrupted 64-bit PE files BUGFIX: ida could crash when deleting a segment BUGFIX: ida could fail with “rpc timeout” if the debugger server was trying to print while ida was waiting for debug events BUGFIX: ida could hang trying to display nested varsize structs in the middle of a struct (where they do not make sense) BUGFIX: ida could interr with code 1006 when deleting local types BUGFIX: ida could not parse some nested types (like type1::type2 inside a struct) BUGFIX: ida was not using the default calling convention for validating function types; if it was set to something wrong, interrs could occur in the decompiler BUGFIX: ida would fail to launch debugger after copying the dll to debug to the remote computer (only if debugging dll, not exe) BUGFIX: idal/idaw couldn’t generating valid GDL graphs when run in batch mode BUGFIX: idapython: ui/qt: docking: ida could crash if the dock wich is active is moved using set_dock_pos BUGFIX: idaw could sometimes reset the window size to 80×24 even if not asked to do so BUGFIX: idc: ParseTypes could not parse a enum if some of its members were already used in other types BUGFIX: idc: sizeof() function was broken BUGFIX: in linux text version of IDA, it was impossible to cancel a long-running operation BUGFIX: in some cases IDA could abort with mesage “page allocation error” BUGFIX: in the ‘Structures’ view, removing fields from aggregated structure (leading to gaps appearing in aggregating structure), and then re-defining those fields wouldn’t reclaim those bytes BUGFIX: interr 50913 could occur if a previously valid type was rendered invalid BUGFIX: interr 543 was occurring at the exit time BUGFIX: interr 814 could occur when deleting local types BUGFIX: interr 973 could be displayed by mistake in some rare cases BUGFIX: it was impossible to create a usable instance of enum_member_visitor_t from idapython BUGFIX: it was impossible using ui to add sp change point to express changes between function chunks BUGFIX: ldr: elf: preserved patch_mode noform bits during “Local options” dialog; option “Create base for debugging” setting cannot be changed, fixed BUGFIX: ldr: elf_x64: callback x64_patch() used patch_mode from the wrong place BUGFIX: linux_server: fallback to accept() if accept4() is not implemented BUGFIX: mc68k module was not generating xrefs to struct members BUGFIX: mc68k: address bus width for mc68000, mc68010, cpu32 reduced to 24 bits BUGFIX: name color for references into the middle of a struct/array was wrong BUGFIX: offset expressions for wide-byte processors were truncated BUGFIX: osx: once idaq was launched, double clicking on idaq64 would not launch idaq64 but simply switch to idaq BUGFIX: pc: when deleting segments basereg info was still retained BUGFIX: replacing a enum with another enum that had fewer member could lead to interr 1263 BUGFIX: sdk: tinfo_t::get_final_type_name() would return wrong names for typedefs to forward declarations BUGFIX: searching for binary patterns would fail in some cases for processors with non-standard byte size BUGFIX: sh3: “bad optype” message could be displayed if the user changed an operand type when staying after comma inside an operand like this: (h’XX, rY) BUGFIX: sh3: ida would not detect that after indirect calls to non-returning functions the execution flow stops BUGFIX: sigmake could interr with code 577 BUGFIX: sigmake would output corrupt data with pattern lengths greater than 255 BUGFIX: some data cross references would not be deleted when deleting the corresponding data item BUGFIX: srec output was broken (markers in format strings were not replaced properly.) BUGFIX: stack analysis could cause an internal error in some very rare cases BUGFIX: struct_field_visitor_t and related functions could not be fully utilized from idapython BUGFIX: the string window was missing some strings when the debugger was active BUGFIX: tinfo_visitor_t could crash on yet unresolved tinfo objects BUGFIX: tinfo_visitor_t could not be fully utilized from idapython BUGFIX: tricore would print empty @HIS() if the target address of the HIGHA16 offset was wrong (it should print the operand as a number in this case) BUGFIX: ui/qt: display_tform() could still place the widget back into the main window, in case that widget had a title with ‘,’ in it (amends 59726, really.) BUGFIX: ui: Fixed broken layout of “Enter reference information” dialog if custom reference info is used BUGFIX: ui: forms: “Change segment attributes” dialog set wrong attribute alignments BUGFIX: ui: local variable type cast in “Watch View” was broken, added test cases BUGFIX: ui: qt: Fixed the behavior of display_tform ( or ui_show_form or form.Show() in python). If the form already exists then its position is not changed BUGFIX: ui: qt: Removed displaying of empty popup menus for IdaCustomMemos BUGFIX: ui: qt: set AutoFillBackground property to true for TMyDialog. Overwise in some cases background is not painted BUGFIX: user graph nodes could be rendered too small on osx BUGFIX: v850: Fixed decoding of ld.hu instruction BUGFIX: watches could not be deleted from the watch list via the Debugger menu BUGFIX: windbg debugger could fail with interr 520 BUGFIX: windbg, kernel mode: in some cases ida failed to resume execution after a breakpoint BUGFIX: windbg: in some cases DETACH request could return incorrect code (FAIL instead of SUCCESS) BUGFIX: windmp: dump loader would incorrrectly try to continue if the debugging engine initialization failed, leading to a crash BUGFIX: PE: some sections with valid data were skipped by default because the discardable flag was set BUGFIX: PE: intentionally corrupted .NET PE files could corrupt heap or could trigger a static buffer overwrite BUGFIX: PE: it was not possible to manually load a section which is skipped by default BUGFIX: ntapi.til: definition of ULONGLONG was wrong (it was defined as “double”) BUGFIX: sdk: function addresss iterator might return a wrong address for some special cases; BUGFIX: the ‘xrefs to’ view would duplicate the list for every refresh BUGFIX: ui: Fixed graph printing. Added the menu item “print graph” to the popup menu BUGFIX: ui: IDA would crash when clicking “Compile” in breakpoint’s condition editor and the condition was empty.

BUGFIXES in the SERVICE PACK BUGFIX: After performing a search with “Find all occurrences” checked, jumping by double-clicking on a result in the list wouldn’t reset the cursor’s Y position to the 5th line from the top of the screen BUGFIX: Badly-damaged unpacked databases could cause IDA to crash at startup (while repairing.) BUGFIX: CLI: stack buffer overrun could happen when disassembling .net files with very long method prototypes BUGFIX: Color options dialog could be too tall for the screen, making it impossible to click ‘Ok’ BUGFIX: DWARF plugin could be very slow to process DWARF debug information with huge type graphs BUGFIX: Deleting a structure could cause the view to jump to an unexpected position BUGFIX: Don’t activate/raise IDA View-? when selecting a thread BUGFIX: Double-clicking an edge in the graph view, would correctly move to the target node, but wouldn’t create a new location history entry BUGFIX: Double-clicking on a ‘Caller’ or ‘Callee’ in the “Function calls” window could crash IDA BUGFIX: EA-capable views would store their bookmarks in a per-view-type-specialized storage space, which wouldn’t allow sharing them between “IDA View-?”, “Hex View-?” & “Pseudocode-?” views BUGFIX: ELF ‘extern’ segment could be misaligned for 64-bit files BUGFIX: GDB: software breakpoint bytes were swapped for big-endiand and little-endian MIPS, leading to bogus exceptions during debuggging BUGFIX: IDA could crash at exit-time if some events happened in a very short amount of time BUGFIX: IDA could crash when moved from screen to screen, if a widget had an empty area (https://bugreports.qt.io/browse/QTBUG-43489) BUGFIX: IDA could fail loading configuration from files included by “#softinclude” (e.g., ‘idausert.cfg’) BUGFIX: IDA on OS X could lose the ability to click to move the cursor in the listing after performing some navigation BUGFIX: IDA would always load symbols when loading a PDB file, even if the ‘Types only’ option was specified BUGFIX: IDA would freeze after opening a file via drag-and-drop while a file dialog was open BUGFIX: IDA would often implicitly create a QString from a char *, leading to a number of encoding issues BUGFIX: IDAPython on Linux would not honor $PYTHONHOME when using the system’s python BUGFIX: IDAPython’s IDC emulation of idc.GetTevRegMem() was not working BUGFIX: IDAPython’s choose.choose() was broken BUGFIX: IDAPython/IDC: del_hotkey() failed to unregister the corresponding action BUGFIX: IDAPython: execute_ui_requests() could crash IDA BUGFIX: IDAPython: on linux, some form-related controls could fail to show, because of pointer conversion issues BUGFIX: IDAPython: retrieve_exceptions()/store_exceptions() was not usable because of unknown vector type BUGFIX: It was impossible to override a core action’s shortcut(s) to “no shortcuts” BUGFIX: It was impossible to place breakpoints in source-level debugging with actual source files (i.e., not pseudocode provided by Hex-Rays) BUGFIX: Jumping to ‘linked node’ (by pressing Ctrl+Up/Down) in the graph view, would correctly move to the target node, but wouldn’t create a new location history entry BUGFIX: Jumping to end of “Structures” view could fail to display the members of the last structure (if it is expanded.) BUGFIX: Menus & toolbars were created after the PLUGIN_FIX plugins were initialized, and thus it was impossible to, e.g., attach_action_to_menu() from idapythonrc.py BUGFIX: Moving left/right on a line where a search result was found, could lead IDA to fail subsequent “search again” operations (i.e., Ctrl+T) BUGFIX: Navigating back & forth in a view that has a corrupt history could cause INTERR 40464 or 40465 BUGFIX: Opening an IDA 6.8 IDB with empty bookmarks in IDA 6.9, could cause INTERR 1312 BUGFIX: PE: intentionally corrupted .NET files could trigger invalid memory reads BUGFIX: Pressing <Enter> in the “Select file to disassemble” could, in some cases, crash IDA BUGFIX: Pressing Alt+L wouldn’t provide visual feedback as it did before BUGFIX: Separators in menus could, on some platforms, be prepended by ‘(…)’ BUGFIX: THREAD_EXIT event during appcall would cause problems BUGFIX: The title of the Xrefs dialog that shows when pressing ‘x’, could be erroneous BUGFIX: When loading an IDB and/or starting/stopping a debugging session, the main window could be maximized, but the widgets would remain in the top-left corner BUGFIX: When pressing ‘Down’ in the “Structures” window, it might happen that the last line of a non-collapsed union would repeat multiple times BUGFIX: calling idaapi.del_hotkey() twice with the same argument could crash IDA BUGFIX: dwarf: be more resilient when saving a type to the TIL fails because of duplicate names BUGFIX: fixed interr 40208 that could occur when closing the database after a fatal debugger error (disconnection from the remote host, for example) BUGFIX: forms could not display filenames containing chinese characters BUGFIX: non-ascii characters in the input file name would not be displayed correctly BUGFIX: setting memory based variable values from the watch and locals view was broken BUGFIX: spc700 processor data references could be missing BUGFIX: structs with embedded arrays could be erroneously displayed in terse form even when it was not possible BUGFIX: text IDA: pressing Ctrl+F4 to toggle to hex dump wouldn’t refresh the screen right away BUGFIX: text version of IDA could display the cursor in the wrong place if there was horizontal scrolling on the view BUGFIX: text version of IDA could fail to draw the cursor after pressing ‘End’ to get to the end of a line of disassembly BUGFIX: text version of IDA could fail to update the horizontal scrollbar upon cursor moves BUGFIX: the wrong font might be selected when re-opening the font selection dialog BUGFIX: win32 debugging: a hardware breakpoint located at an instruction right after another instruction that also has a breakpoint, could fail being triggered BUGFIX: windbg could fail to load dbgeng.dll under Windows 7 BUGFIX: decompiler: arm64: in some cases condition flags could be calculated incorrectly BUGFIX: decompiler: arm64: v8 was erroneously used to pass function arguments BUGFIX: decompiler: arm: some conditional instructions could be translated without conditions BUGFIX: decompiler: moving the mouse around could interfere with the “current location”, and some actions could act in the wrong place (e.g., placing comments.) BUGFIX: decompiler: stack arguments could not be recognized…, improved calculation of stack bytes used in a function call.. BUGFIX: decompiler: fixed numerous interrs (most of them very rarely occurring)



Welcome to IDA 6.9!Below are the highlights: