聚合Vip网络社区 集合 HK共享吧 合购VIP等精品教程

 找回密码
 立即注册

QQ登录

只需一步,快速开始

关闭
聚合Vip社区
欢迎QQ或来电咨询
工作时间:周一至周五
AM9:00-PM22:00
淘宝店铺 淘宝皇冠店铺
论坛邀请码
查看: 52704|回复: 1305

最强反编译工具 ida pro 6.7 6.8 x86 arm x64 f5全插件原始安装文件泄露版 + sdk

  [复制链接]

10

主题

2

听众

126

积分

管理员

Rank: 9Rank: 9Rank: 9

  • TA的每日心情
    开心
    2014-12-31 12:55
  • 签到天数: 2 天

    [LV.1]初来乍到

    发表于 2015-1-18 19:01:01 |显示全部楼层

    马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

    立即注册 已有账号?点击登录 或者 用QQ帐号登录

    x
    最强反编译工具 ida pro 6.7 6.8 x86 arm x64 f5全插件原始安装文件泄露版 + sdk_utils
    完整安装包+6.6最新sdk工具包
    国内某团购群泄露的的版本
    x86 arm x64 f5插件为2.0的版本 正版价值人民币3-5万
    IDA: What's new in 6.8

    Highlights
    This is mainly a maintenance release, so our focus was on fixing bugs. However, there are some improvements too: • Support for long names. In previous versions of IDA names were limited to 511 bytes. This was causing problems, especially with long mangled C++ names (e.g. boost names). We removed this limitation in many places of IDA. The work is not complete, there are still some areas where the limitation exists but overall the listings are more readable now.
    • Dalvik: added support for OAT files
    • PPC: support for Power ISA 2.07
    • Better analysis of prolog code; better register tracking, especially for ARM
    •Lots of vulnerabilities fixed thanks to the submissions to our bug bounty program

    Complete changelist

    Processor Modules
    ARM: Better tracking of registers, improved analysis
    ARM: added support for scattered arguments (that are partially passed on the stack and partially in registers)
    PC: improved prolog analysis
    PPC: added support for a switch variation produced by the Green Hills compiler
    PPC: support for Power ISA 2.07


    File Formats
    COFF: added support for irix mips files (no support for relocations yet)
    Dalvik: added support for OAT files
    DWARF: basic support for clang-generated DWARF variable location
    DWARF: very basic support for 'rustc'-produced DWARF information


    Debugger
    PIN: add support for reading of FPU/XMM registers from internal exception tracing: can display addresses as raw, instead of using seg/func/offset representation


    Kernel/Misc
    kernel: introduced the notion of ASM and C level types; IDA tries to preserve member offsets only for ASM types; C types may change their sizes because of the changes to other types they depend on
    kernel: added support for long names: type, function, label, etc names can be up to 32767 bytes long
    demangler: improved to recognize new mangled names
    til: added type library for Windows 8.1 (user mode)
    til: updated windows til files improved automatic recognition of ascii string by the autoanalyzer


    User Interface
    UI: idaq dock menu on mac now features a list of recent files
    UI/qt: It is now possible to navigate back & forward in location history with the mouse side navigation buttons (for mice that feature those) in graph & proximity view as well (it was already possible in listing view)
    UI: display a warning if the user rebases program around 0xFF000000 (it may cause problems because these addresses are used for internal housekeeping)
    UI: graph: Ctrl-Keypad-+ and Ctrl-Keypad-- can now be used to quickly collapse/reveal a node's contents
    UI: GraphOverview: can optionally use a blank background (just like before 6.7)
    UI: Proximity: added ability to have multiple paths, set their color, turn them on/off and delete them


    Scripts & SDK
    IDC: added ExpandStruc()
    IDC: improved SetLocalType: it accepts typeinfo object as the second argument in addition to declaration strings; added PT_REPLACE so that local types can be replaced
    IDAPython: allow accessing a til_t's "base" til_t objects
    IDAPython: in addition to AskUsingForm (that opens a dialog), it is now possible to call OpenForm (e.g., to open a form as a tab.)
    IDAPython: added ExpandStruc()
    IDAPython: USE_LOCAL_PYTHON config parameter is deprecated, IDA autodetects local Python installation now
    SDK: added "segm_attrs_changed" event so that plugins can take appropriate actions if necessary
    SDK: added print_decls(), allowing to print types from a type library (possibly including dependencies) in a format suitable for C(++) compilation
    SDK: added support for default register bits of 64-bit debugger registers
    SDK: added tinfo_t::clr_const,clr_volatile,clr_const_volatile functions
    SDK: made the return codes of ph.notify() callbacks more plugin-friendly
    SDK: netnode names can be of arbitrary length. for practical reason we limit them by 32KB
    SDK: qstrncpy and similar functions will raise interr if the size argument is 0 or negative
    SDK: replaced get_true_name() and similar functions by get_ea_name(), which accepts qstring as the output buffer; this allows for names of unlimited length, if necessary
    SDK: segment names and classes use a separate namespace now and do not hinder functions or data labels with the same name
    SDK: tinfo_t::get_unpadded_size() now works not only for c++ objects but for all structs
    SDK: ui: forms: Added askqstr() - the kind of askstr() but with qstring argument
    SDK: ui: new chooser_item_attrs_t::flags flag CHITEM_GRAY is added to show chooser item grayed out (like disabled). It is now used for the Local types choser to distinct guest types (syncronized from structure/enum views)


    BUGFIXES
    BUGFIX: '-' was forbidden in type names but it can be encountered in template arguments
    BUGFIX: ARM: A reference to SP (R13) in the register list of the LDMDB instruction (and similar ones) was not allowed by IDA, while some ARM devices can apparently execute it
    BUGFIX: COFF: specially crafted COFF files could trigger invalid memory writes on OS X
    BUGFIX: Calling refresh_chooser() on a chooser that's embedded in an AskUsingForm might fail calling the possible form callback with a possibly-updated rows selection
    BUGFIX: Cmd+C was broken on OSX, and copying was only possible through Ctrl+C
    BUGFIX: Creating 2 GraphRenderer with the same title could crash IDA
    BUGFIX: Deprecated function add_menu_item() would place the item at the end of the menu if the path was of the form "Edit/Other/" (i.e., ending with an empty string), while it used to place the action on top before
    BUGFIX: Deprecated function add_menu_item() wouldn't accept '-' as a separator anymore; only expecting '' (i.e., empty string) was allowed for separators
    BUGFIX: Double-clicking on a thread in the list would jump to the wrong thread, if the list was sorted by a column
    BUGFIX: During debugging, clicking on some strings containing format specifiers could cause IDA to display the wrong data
    BUGFIX: Exporting structures to IDC could lose type information for their members
    BUGFIX: File save dialog could have an empty/undefined file name on OSX (Issue 1232)
    BUGFIX: Force switching to graph view on functions with huge number of nodes, might cause IDA to crash
    BUGFIX: Global variable database_idb was not reset to the empty string after a database was closed
    BUGFIX: Hex-View widgets had lost the ability to allow direct editing of the text in their rightmost area (since IDA 6.4)
    BUGFIX: IDA could hang after not adequately handling a segment register change
    BUGFIX: IDA could hang trying to coagulate unknown bytes within a code segment
    BUGFIX: IDA could sometimes print garbage after cross references between structs
    BUGFIX: IDA had no way to reset the background color of proximity view nodes that were highlighted by the 'Find path' action
    BUGFIX: IDA was displaying split Unicode strings for big-endian processors incorrectly
    BUGFIX: IDA would incorrectly report a circular dependency when trying to export a type containing a deleted type
    BUGFIX: IDA would try to generate disassembly text for nodes that are unreasonably large
    BUGFIX: IDAPython Hex-Rays bindings: could crash IDA because access to members of unions, while they didn't make sense, were allowed (and thus SWiG created buggy proxies around invalid pointers.)
    BUGFIX: IDAPython was not exposing tinfo_t::get_named_type(), because SWiG rules in typeinf.i were too broad
    BUGFIX: IDAPython's IDC-style ApplyType() wasn't working for structure members
    BUGFIX: IDAPython: GetSegmentAttr/SetSegmentAttr would fail with segment registers
    BUGFIX: IDAPython: Only the first 'long name' of python-based processor modules was considered
    BUGFIX: IDAPython: build.py didn't trigger the patching of some directors methods calling convention, resulting in compilation failure with flag "--with-hexrays"
    BUGFIX: IDAPython: expose ::get_named_type()
    BUGFIX: IDAPython: idautils.DecodePreviousInstruction() was not checking for the right value returned from idaapi.decode_prev_insn()
    BUGFIX: In IDAPython, re-using the same action description twice when registering dynamic context menu items could lead to a crash
    BUGFIX: In some rare cases, IDA could crash when closing down & force-exiting a debugging session
    BUGFIX: Installers couldn't be run in unattended mode, because the 'setEncryptionPassword' directive was specified in a '<validationActionList>', which is not executed in unattended mode
    BUGFIX: It was impossible to comment function stack variables in "Stack of <function name>" windows
    BUGFIX: It was impossible to rename structure fields from IDA View-A anymore
    BUGFIX: It was possible, through process_ui_action(), to invoke the code for an action that was disabled
    BUGFIX: Mach-O DWARF source-level debugging could fail to find the source file
    BUGFIX: Mach-O source-level debugging DWARF could fail finding shared libraries source files because it would miss some items (it wasn't taking ASLR into account)
    BUGFIX: Manually loading a PE overlay could cause previous segments to be stretched, which would then conflict with later segments being loaded
    BUGFIX: Not Free()ing a Compile()d idaapi.Form could cause IDA to crash at exit-time
    BUGFIX: On OSX, opening the "About" dialog, then the "Addons" dialog, then closing the "Addons" and performing Ctrl+C could crash IDA
    BUGFIX: PDB could fail on meaningless array descriptions, when those are packed into structures
    BUGFIX: PDB was not properly parsing unnamed types of the form "SOME_NAMED_THING::__unnamed"
    BUGFIX: PDB: improved responsivity of IDA while it's loading PDB information
    BUGFIX: PIN: IDA could report incorrect address in an exception description
    BUGFIX: PIN: pintool could crash when running with disabled ST_OVER... trace options
    BUGFIX: PIN: pintool could report incorrect register values in case of internal exception
    BUGFIX: Program rebasing could produce incorrect name records in the database
    BUGFIX: Rebasing the program would lead to erroneous addresses in the "Imports" window, until that window is closed & re-opened
    BUGFIX: Reloading some PE files could lead to an internal error
    BUGFIX: Retina: When zooming in/out of the graph view, nodes contents could appear smaller
    BUGFIX: Right-clicking on an identifier in a node wouldn't set the cursor position to that identifier before opening the context menu, resulting on context menu items irrelevant for the wanted identifier
    BUGFIX: Saving the IDB would cause the history to be modified
    BUGFIX: Selecting a node that is overlapping another node, and Ctrl+dragging (for selecting) from another node was sometimes producing an interr
    BUGFIX: Selecting by rectangle in graph view was displaying the rectangle at its position * 2 on OSX retina displays
    BUGFIX: Setting a widget's icon wouldn't be reflected in the UI
    BUGFIX: Setting function prototypes to similar-looking prototypes, but whose arguments come from other type info libraries, could cause IDA to interr 1064
    BUGFIX: Specifying an erroneous binary path mapping & then correcting it, could cause IDA to keep requesting for mappings
    BUGFIX: When calling 'attach_action_to_menu' with a menu path starting with "Edit" from the "Recent scripts" window, the action could end up in the 'Recent scripts's own Edit menu, instead of in the global one
    BUGFIX: When changing a variable/argument type in a function frame, 'Structures' xrefs might not be updated
    BUGFIX: When debugging with WinDbg, stepping over some instructions that cause debugging events (e.g., a "call CreateProcess", causing library load events) might fail & let the program run freely
    BUGFIX: When debugging, performing unaligned read_dbg_memory() on linux targets could return wrong data (and so could DbgRead() and idaapi.dbg_read_memory())
    BUGFIX: When debugging, synchronizing a Hex View with a register, then later syncing with another register would lead the view to be synced with both registers
    BUGFIX: When importing structures from an IDC strict, some dependencies were missing (if those dependencies were defined later in the file.)
    BUGFIX: When in graph view, IDA had lost the ability to create groups with only one node (as some users sometimes desire.)
    BUGFIX: When in graph view, pressing <Enter> to follow an identifier that will cause the view to switch to listing view, then opening a dialog (e.g., renaming that identifier), and finally going back to graph view, could cause some actions to be unavailable (e.g., 'Hide group'.)
    BUGFIX: When the DWARF information for "well-known types" (e.g., __m128d) was erroneous, the DWARF plugin was creating erroneously-sized structures, causing the decompiler to fail
    BUGFIX: When the graph layout is locked, clicking within nodes of user-provided graphs wouldn't change the cursor & update the highlight
    BUGFIX: add_menu_item() backward compatibility was broken when the path didn't contain any slash. E.g., "Options"
    BUGFIX: an expression like sizeof(struct) was creating an xref to the first struct member; changed it to create an xref to the entire structure
    BUGFIX: autoanalysis could hang on some wrong code sequences or corrupted files
    BUGFIX: better distinction between the code/data conversions done automatically by ida and by the user
    BUGFIX: btree: IDA could abort in rare cases when removing a subtree from a database
    BUGFIX: cli: IDA could crash trying to print strings coming from very corrupted (i.e., fuzzed) input files with corrupted signatures
    BUGFIX: compacting a type library in the presence of aliased types could lead to interr
    BUGFIX: corrupted codeview info could crash ida
    BUGFIX: corrupted epoc files could crash ida
    BUGFIX: corrupted xcoff files could crash ida
    BUGFIX: corrupted database (idb/i64) could lead to memory corruption
    BUGFIX: dalvik: added "green arrow", which points to the next executed instruction in the debugger
    BUGFIX: dbg: dalvik: slot coinciding with "retval" was erroneously ignored when the locals are collected
    BUGFIX: dbg: gdbserver: reinitialize the registers information when the target architecture is detected
    BUGFIX: dbg: linux_server: signals from the different threads may arise simultaneously without special order, so in the interr 30057 we must weaken the condition
    BUGFIX: dbg_read_memory()/DbgRead() could return garbage data for unmapped regions
    BUGFIX: debugger: request_step_into() could cause interr 40396
    BUGFIX: debugging with gdbserver was impossible for mips executables starting at 0x80000000
    BUGFIX: defining the same standard structure twice could lead to a crash
    BUGFIX: deleting structures could break navigation in the structures window
    BUGFIX: dump typeinfo to idc: in some cases EndTypeUpdating(UTP_ENUM) was missing in the generated file
    BUGFIX: dumy typeinfo to idc: structures alignments were missing
    BUGFIX: editing a enum type from the local types view to a wrong definition (for example, reusing a symbol that was used elsewhere) would lead to desynchronization with the enum view; fixed other similar problems
    BUGFIX: editing a local type would desynchronize it from idb types
    BUGFIX: export types: anoonymous nested struct/union types were referred by a generated name; this was leading to an incorrect c declaration
    BUGFIX: fixed internal error in the instruction decoder for mips (opcode 78787878 was causing it)
    BUGFIX: fixed interr 40208 that could occur when terminating the debugger
    BUGFIX: fixed interr 518
    BUGFIX: fixed interr 599 (the value of a 6-byte pointer could not be printed as a c declaration)
    BUGFIX: fixed interr 608
    BUGFIX: fixed multiple vulnerabilities in the rpc protocol between ida and debuggser servers
    BUGFIX: fixed some idc nuisances reported on the forum
    BUGFIX: gdbserver: disabling single-step support could render the debugger module unusable, ida would complain about wrong RESMOD bits
    BUGFIX: ida could crash after calling StartProcess("","","") from the python command line while using a remote GDB debugger
    BUGFIX: ida could crash during analysis
    BUGFIX: ida could crash or hang on corrupted cli files
    BUGFIX: ida could crash when stopping the debugger
    BUGFIX: ida could crash while analyzing a file (if a function tail was deleted during enumerating function tails)
    BUGFIX: ida could crash with stack overflow while analyzing borland template data
    BUGFIX: ida could hang trying to load a corrupted pe file
    BUGFIX: ida could hang trying to load corrupted aout file
    BUGFIX: ida could hang when analyzing some files
    BUGFIX: ida could interr when compacting a type library
    BUGFIX: ida would hang trying to display huge (>2GB) arrays
    BUGFIX: ida64 would interr trying to calculate arglocs for some functions
    BUGFIX: idapython: fixed idx.savefile. Previous implementation has failed to open new file
    BUGFIX: idaw would not accept non-ascii file names from the command line
    BUGFIX: if an address was marked as 'notcode', it would lead to odd situation when the user would define an instruction but ida would immediately delete it
    BUGFIX: if idb was saved before any planned signatures had been applied, autoIsOk would never return true
    BUGFIX: if sending a bug report failed, ida would simply tell the user about it; now we show the dialog box once more so that the user can copy the bug report out of ida
    BUGFIX: if the last thing we do before saving the idb to the disk is to define a big item that uses both STT_VA and STT_MM storage methods, the sparse flags would not be saved correctly to the disk (they would not be marked as dirty)
    BUGFIX: if the struct indexes got corrupted, some of struct types were permanently missing from the list
    BUGFIX: importing a struct type from the local types window to the struct view could crash ida
    BUGFIX: instant debugging: gdb module was not configuring its registers correctly if the target processor was changed at the last moment
    BUGFIX: mac_server would make one processor core 100% busy after debugging an application
    BUGFIX: mc16c: ida could crash trying to display an bad instruction
    BUGFIX: parsing of argument locations in a register with an offset was broken (e.g. rdx^4.2)
    BUGFIX: pe: ida could complain about truncated input file in some rare cases
    BUGFIX: pe: ida could hang trying to load a corrupted file
    BUGFIX: pe: replaced interr 20064 with a silent failure because it may occur on corrupted input files
    BUGFIX: pe: validation of the number of exported addresses was wrong
    BUGFIX: ppc: dquai and dquaiq instructions could not be decoded
    BUGFIX: read-access hardware breakpoints on win64 were broken
    BUGFIX: setting a new target compiler must lead to recalculation of argument locations (especially for x64 where gcc and ms behave differently)
    BUGFIX: some type names were displayed as #N (where N is the type number)
    BUGFIX: symbol addresses in 32-bit map files were relative to the segment start, not to the segment base (pe files were not affected by this bug)
    BUGFIX: the struct/enum views were not automatically refreshed after idc/python scripts that modify them
    BUGFIX: tilib was not accepting enum redefinitions if a constant with the high bit set was present (for example, 0x80000000)
    BUGFIX: tinfo validation could erroneously fail for aliased types
    BUGFIX: tls callbacks in pe+ files were handled incorrectly
    BUGFIX: tms320c6: some insns were disassembled incorrectly or not at all
    BUGFIX: type validation was too strict: an internal type alias may differ from its target in the type modifiers (const/volatile). they are one of the reasons why we have internal aliases after all
    BUGFIX: types entered by the user were not lowered; it is safer to try to lower them in order to get rid of arrays as function arguments, for example
    BUGFIX: ui: docks: Prevented creation of empty areas
    BUGFIX: ui: qt: Fixed disappearing of persistent dock if "Float" button in the dock header is clicked
    BUGFIX: when debugging, double-clicking on an address in the stack view wouldn't jump anymore
    BUGFIX: when exporting types, ida could fail to define a structure that was previously used in a typedef
    BUGFIX: xrefs to the structure members would disappear after renaming a structure/enum or other manipulations with it
    BUGFIX: IDA would fail to delete the last history item from the QuickStart dialog.
    BUGFIX: IDAPython Choose2 instances that were self.Close()ing as a part of an OnCommand() callback could crash IDA.
    BUGFIX: IDAPython Choose2-based choosers could not be notified of selection changes (through their 'OnSelectionChange' callback.)
    BUGFIX: IDAPython calling 'term_database' could leave some windows opened that still need a database, leading to a crash.
    BUGFIX: Painting widgets from PySide in IDAPython could cause IDA to crash.
    BUGFIX: When toggling (with <Tab>) between Hex-Rays & IDA View-A, hex-rays could cause IDA View-A to move the cursor.
    BUGFIX: clicking on opcode bytes AF, CF and DF would result in no highlighting whatsoever.
    BUGFIX: fixed interr 40208 which could occur if the network connection to the remote debugger was broken
    BUGFIX: interr 820 could occur when loading dwarf debug info
    BUGFIX: pc: register tracking was leading to wrong results in omf files
    BUGFIX: pc: some instructions were erroneously marked as belonging to the function epilog; this would lead to wrong decompilation
    BUGFIX: read-only page breakpoints would be missed if added into an executable page

    6.6更新的内容
    IDA: What's new in 6.6

    x64 Decompiler

    It was tough and it required even more research than was planned but finally it arrived. The 64-bit decompiler for x64 code is as simple to use as our other decompilers, and fast as well. Below is very short disassembly listing and the decompiler's output for it:

    Naturally, it is the very first version and some edges are still rough, but overall it can handle real world code very well.

    Dalvik Debugger

    Since Android devices become more and more popular, we implemented a debugger for them. It can debug both on the Dalvik bytecode level and on the source code level. Below is a picture showing the bytecode debugging:



    And this is the same application on the source code level:



    Naturally, the user can switch between the two views any time.

    IDA knows about the Dalvik objects and show them in a structured way (if the debug info was not stripped):



    Please see our Dalvik debugging tutorial for more info!
    PySide is shipped with IDA

    The title says it all. Since it is easy to create nice interactive plugins with PySide, we decided to include it with IDA. Now all IDA copies will have it properly installed and configured, so as a plugin writer you can rely on its existence!

    UI improvements

    Many small but useful features have been added or improved. Here's just a few:

    Multiline breakpoint conditions
    Python users will love this: now it is possible to write a multiline condition right in the 'edit breakpoint' dialog box. IDA even accepts function definitions there!


    Functions can be used in IDC snippets
    Now you can use the same scripts as in separate .idc files: IDA will compile all functions present in the script and run the main() function, if it's present.


    Complete changelist

    Processor Modules

    ARM: decode ARMv7 optional Virtualization Extension instructions (HVC, ERET, banked register MRS/MSR)
    ARM: decode optional ARMv7-A instructions SDIV and UDIV
    ARM: decode the stand-alone "second half of Thumb BL instruction" as "BL LR, #imm", if currently selected processor does not support Thumb-2
    CLI/.NET: put user strings into a pseudo-segment (e.g. so that they can be deobfuscated)
    CLI/.NET: use full names when naming methods; this reduces naming conflicts and makes the Function List more useful for .NET binaries
    MIPS: added support for n32/n64 ABI
    MIPS: when tracking registers, assume that $t9 is initialized with the function's address
    PC: Added a GCC switch idiom.
    PC: handle morte non-optimized GCC switch patterns
    PC: handle non-PIC form of GCC x64 switch (jmp ds:table[reg*8])
    PC: improve analysis of functions that use __EH_prolog3 helpers
    PC: improved prolog analysis
    PPC: support for additional instructions available in some Freescale e200z cores (Volatile Context Save/Restore APU and EFPU2)
    Tricore: support for architecture V1.6
    File Formats

    COFF: added support for EBC object files
    COFF: recognize and load Visual C++ /GL files (link-time code generation). Note: since such files contain custom Microsoft bytecode, the code can't be disassembled.
    DWARF: (basic) support for runtime GCC 4.8.2-produced DWARF4 information.
    DWARF: Allow the plugin to mark function prototypes as being definitive (so e.g. the decompiler can rely on them).
    DWARF: At load-time, it is now possible to fine-tune the DWARF plugin regarding calling conventions.
    DWARF: Can now configure whether DWARF data should be loaded when in batch mode.
    DWARF: Initial support for Golang-produced DWARF debugging information.
    ELF: added support for some ARCompact relocations
    ELF: MIPS: use DT_MIPS_GP_VALUE to determing the executable's gp register value
    PE: better handling of files where .idata is merged into .rdata
    PE: IA64: handle IMAGE_REL_BASED_IA64_IMM64 relocations
    PE: improve debug directory formatting
    PE: parse new fields in the Load Configuration Directory added in Windows 8.1 (control flow guard metadata)
    PE: X64: parse .pdata section at load time and create function boundaries accordingly.
    PDB: added support for annotations (e.g. NT_ASSERT macro in checked builds)
    Kernel

    improved printing of unicode strings in the watch view, locals, and in the 'export data' command
    argument locations in function prototypes are specified with @<reg>; the old syntax <reg> is accepted too for the moment; we will suppress it in the next release
    Decompilers

    introduced is_mul_ok() helper function to represent multiplication overflows checks
    introduced qmemcpy() which always copies byte by byte, from low to high addresses
    added recognition of inlined bswap() function
    double clicking on a label jumps to it
    the decompiler may use __spoils keyword to specify registers that are not spoiled by the function
    improved recognition of register save/restore patterns
    'volatile' keyword can be used to override constness of an individual item
    if an int 2Ch instruction has NT_ASSERT() comment (e.g. extracted by the PDB plugin from PDB annotations), show it as NT_ASSERT() macro call instead of just __int2c()
    FLIRT, TIL & IDS

    FLIRT: added EBC startup signature for PE (EFI) files
    PCF: handle EBC object files
    Scripts & SDK

    IDAPython: Don't intercept SIGPIPE, SIGXFZ, SIGXFSZ & SIGINT signals on Unix platforms; leave them for IDA to handle.
    IDAPython: added the decompiler bindings
    IDAPython: Expose simpleline_t type to IDAPython. That lets the user to set the bgcolor & text for each line in the decompilation.
    IDC: added "elang" attribute to the Breakpoint class (scripting language for the breakpoint condition)
    installer/Windows: check if Python actually works after installing; offer user to retry the installation
    SDK: added askfile2() for extended open/save file dialog with support for file masks
    SDK: added 'extlang_changed' IDP event
    SDK: added qstring methods ltrim(), rtrim(), trim2()
    SDK: added support for custom arglocs
    SDK: check_process_exit() now has a 'timeout' argument
    SDK: form_actions_t is extended with set/get methods for fields of different types to enable compile-time argument type checking
    SDK: replaced addblanks() by a safer function add_spaces(), which accepts the buffer size
    User Interface

    UI: scripting language for the condition field can be specified for every breakpoint separately
    UI: breakpoint conditions can now be multi-line (use "..." button to open a multi-line editbox)
    UI: Ctrl-C/Ctrl-Ins copies the currently highlighted text to clipboard (if there is no selection)
    UI: export_data plugin will now offer to export the item under cursor if there is no selection
    UI: OSX: IDA's main window will now appear as the top level window on OSX when idaq is started with an IDB file on the command line
    Debugger

    debugger: IDA reacts faster to the cancel button while searching for binary patterns
    debugger: now it is possible to stop a long memory snapshot retreival
    GDB: added an option to enable/disable the use of stub's single-stepping support for some broken systems (e.g. MIPS or ARM Linux)
    Bugfixes

    BUGFIX: 78K0S: instruction "MOV [HL+byte], A" was decoded incorrectly (displacement was always zero)
    BUGFIX: a reference to a wrongly defined type was considered to be equal to a valid reference (fortunately this occurs rarely)
    BUGFIX: ARC: some instructions setting flags were decoded without the .f suffix
    BUGFIX: arglocs for vc32 fastcall CC: only UDT pointers are passed on the stack, hidden arguments (e.g. 'this') distribute according to 'fastcall' policy
    BUGFIX: ARM: arm64 instruction aliases BFI and BFXIL were decoded incorrectly
    BUGFIX: ARM: autoanalysis could loop indefinitely in some rare situations when there was a bogus xref into the middle of a macro instruction
    BUGFIX: bfltldr.py was not working anymore.
    BUGFIX: btree compress could produce a corrupted base
    BUGFIX: creating an array type with wrong array attributes could crash IDA or create wrong type
    BUGFIX: debugger: when attaching to x64 process without an existing database, "IP" and "SP" special registers were detected incorrectly
    BUGFIX: Debugging an ASLR-enabled binary (which will rebase the IDB) was not rebasing the navigation history.
    BUGFIX: During breakpoints export operation always export hardware breakpoint sizes
    BUGFIX: DWARF loading could crash IDA in certain circumstances involving complex graphs of objects with variations (i.e., whose padding bytes are re-used when inherited.)
    BUGFIX: ELF: dynamic info could be parsed incorrectly for some uClibc files
    BUGFIX: Fixed exporting of breakpoints with complex conditions, which contains quoted strings
    BUGFIX: fixed internal error that could occur when loading a pdb file with unaligned bitfields
    BUGFIX: fixed interr 603
    BUGFIX: Fixed representation of the chooser filters in "Modify filter" dialog. The collumn was always shown as '*'
    BUGFIX: fixed wrong direction of the floating point conversion
    BUGFIX: function argument location could be calculated incorrectly for arguments containing unaligned union fields (gcc64)
    BUGFIX: function argument location was calculated incorrectly for some structures containing arrays as members
    BUGFIX: GDB: duplicate threads could appear in the thread list in some situations
    BUGFIX: GDB: maximum packet size was not respected when doing memory writes
    BUGFIX: GDB: SendDbgCommand() with PIN's GDB backend would take at least one second (value or of the GDB timeout setting)
    BUGFIX: GDB: when single-stepping in some thread, IDA could issue a "continue" packet for another thread instead
    BUGFIX: hexrays: "add pseudocode comments" was broken
    BUGFIX: hexrays: an indirect call to a noret function in the middle of a function was not supported
    BUGFIX: hexrays: ARM decompiler could generate references to wrong (unexisting) global variables in some cases
    BUGFIX: hexrays: ARM decompiler could miss some return instructions and represent them as JUMPOUTs
    BUGFIX: hexrays: (ARM) if the user turned off macros after analyzing the database, the decompiler could interr or generate wrong output
    BUGFIX: hexrays: (ARM) big endian decompilation had constant halves swapped
    BUGFIX: hexrays: decompiler could create overalpping input arguments and later interr
    BUGFIX: hexrays: decompiler could erroneously optimize away some expressions like 'x*N & M' and replace them with zero
    BUGFIX: hexrays: decompiler could interr if 32-byte enum type was defined (too wide)
    BUGFIX: hexrays: decompiler could interr on a comma operator whose type is a bitfield
    BUGFIX: hexrays: decompiler could interr on some variadic functions
    BUGFIX: hexrays: decompiler was always moving register arguments to the beginning of the argument list in the pseudocode window
    BUGFIX: hexrays: def-list for strcat() was sometimes calculated incorrectly
    BUGFIX: hexrays: enabled negation of 128-bit values, apparently they can occur even in 32-bit programs
    BUGFIX: hexrays: expression like "(x * N) < 0" could be optimized wrongly in some rare cases
    BUGFIX: hexrays: fixed a couple of minor memory leaks
    BUGFIX: hexrays: fixed interr 50375
    BUGFIX: hexrays: fixed interr 50396
    BUGFIX: hexrays: fixed interr 50513
    BUGFIX: hexrays: fixed interr 50708
    BUGFIX: hexrays: fixed interr 50715
    BUGFIX: hexrays: fixed interr 50860
    BUGFIX: hexrays: fixed interr 51049
    BUGFIX: hexrays: ftst instruction was not decompiled
    BUGFIX: hexrays: hints for union members were wrong (off=N; where N is the member number, not the offset)
    BUGFIX: hexrays: if the return value of a function call was used but could not influence the logic of the program, the call could be optimized out, which is wrong
    BUGFIX: hexrays: movd/movq insructions with a register destination were decompiled incorrectly
    BUGFIX: hexrays: recursive patterns could be applied wrongly and lead to an interr
    BUGFIX: hexrays: ScreenEA() would sometimes return BADADDR in the decompiler view because some pseudocode locations cannot be mapped to an address. Now it tries to return the closest EA, or the function's EA in the worst case.
    BUGFIX: hexrays: the rule to recognize signed modulo by power2 could interr
    BUGFIX: HT_VIEW example plugin could crash on non-graph views.
    BUGFIX: IDA could crash trying to print a function declaration (a function returning a pointer to an array of pointers to arrays)
    BUGFIX: IDA could interr when parsing "int func(int,void)"
    BUGFIX: IDA could not attach to a remote PIN debugger - tried to launch a local pintool instance instead
    BUGFIX: IDA could stop with internal error 498 when loading some pdb files
    BUGFIX: IDA graphs could become corrupted, or even crash IDA, on some versions of linux.
    BUGFIX: IDA now starts up in the foreground when run from the command line on mac (instead of hiding behind the terminal window)
    BUGFIX: IDA would crash if the __FILE__ macro was used in a function prototype
    BUGFIX: IDA would fail to import huge (>0x1FFFFFFF bytes) structures from pdb files
    BUGFIX: IDA wouldn't display, in the 'Use standard symbolic constant', enum values that have bit 31 set to 1.
    BUGFIX: IDA could behave incorrectly under Wine due to a bug exposed by the differences in Wine's MSVCRT implementation
    BUGFIX: IDA could crash when loading big PE files with zero-filled areas
    BUGFIX: idaw.exe could crash upon closing the database
    BUGFIX: IDAPython: for non-code locations, idc.GetOpnd() would create instructions instead of returning empty result
    BUGFIX: IDAPython: idb_event::area_cmt_changed was never received in IDB_Hooks (and descendants)
    BUGFIX: IDAPython: idb_event::ti_changed, and idb_event:p_ti_changed notifications were not accessible in IDAPython
    BUGFIX: IDAPython: op_t.value was truncated to 32 bits under IDA64.
    BUGFIX: IDAPython: print_tinfo() wouldn't return a valid string.
    BUGFIX: IDAPython: readsel2() was not usable.
    BUGFIX: IDAPython: read_selection() was buggy for 64-bit programs.
    BUGFIX: IDAPython: StructMembers() considered holes in structures, and didn't properly iterate through the whole structure definition.
    BUGFIX: IDAPython: There was no way to call calc_switch_cases() from IDAPython.
    BUGFIX: IDAPython: when using multi-select/multi-edit choosers, erroneous event codes could be sent at beginning & end of batch deletion of lines.
    BUGFIX: IDAPython: When, in a PluginForm#OnCreate, the layout of IDA was requested to change (for example by starting a debugging session), that PluginForm could be deleted and create an access violation.
    BUGFIX: IDC/Python: GetTinfo("") was causing an interr
    BUGFIX: IDC/Python: SetType would work incorrectly if an invalid string was passed
    BUGFIX: If closing of one of DockWidget causing the closing of other DockWidgets then changing (reset/load) of desktop layout crashed Ida.
    BUGFIX: if the user renamed the segments to use dummy segment names like segXXX, IDA would be unable to find such segments by name
    BUGFIX: In flat rendering mode, standing on a border line of an instruction (i.e., "-------") that is located right before data, and pressing 'C' to make code (in order to turn that data into code), could scroll the view by 1 line if the MakeCode command failed.
    BUGFIX: In graph view, leaving the mouse on an edge wouldn't show "To:/From:" hints anymore.
    BUGFIX: in graph view, we can now highlight text by dragging the mouse outside the boundary of a node.
    BUGFIX: In some cases, switching from flat view to graph view could have the side-effect of moving the cursor down by one or more lines, which changes the EA.
    BUGFIX: incorrect handling of argument location (gcc64) for some nested unions and unions containing big structures as members
    BUGFIX: Instances of type tinfo_t couldn't be properly used when they were aggregated by other types.
    BUGFIX: it was impossible to check out the IDA Pro floating license if both Starter and Pro licenses were present
    BUGFIX: kernel: reloading a binary file would work incorrectly if extra segments were added before the file data
    BUGFIX: kernel: user-defined offsets with "subtract" flag set were not working properly for processors that implement ph.translate callback (e.g. MIPS)
    BUGFIX: M68K: ColdFire instructions REMU.L/REMS.L were decoded as DIVU.L/DIVS.L
    BUGFIX: Mach-O loader's check for valid section index was not correct.
    BUGFIX: MACHO: zeroed out symbols were incorrectly considered as imports with unknown names
    BUGFIX: Middle-button clicking anywhere to the right of a rightmost tab would crash IDA.
    BUGFIX: MIPS module was not marking switch instructions with a special mark (as it is done for x86 code, for example)
    BUGFIX: MIPS: arguments in fpu registers were not properly commented in __usercall prototypes
    BUGFIX: Moving the structures in the structures window didn't work as expected.
    BUGFIX: Once pulled out from the main window, a PluginForm (or derivative) might not receive events properly anymore.
    BUGFIX: opening a file with the name starting with @ would lead to a fatal error (instead of a nice error message)
    BUGFIX: PC: register tracker could incorrectly use previous register values after a popad instruction, leading to wrong comments
    BUGFIX: pdb with a union of bitfields would cause an internal error
    BUGFIX: PE: IDA on Linux/OS X would crash when trying to load .NET filles without a User Strings stream
    BUGFIX: PPC: "branch always" instruction had a hidden condition field operand, even though condition is ignored for it
    BUGFIX: PPC: use/change operand flags were set incorrectly for some instructions
    BUGFIX: PPC: IDA could crash due to stack overflow when analyzing some long functions
    BUGFIX: Pulling the miniview out could cause a crash.
    BUGFIX: Regex-based filters could be un-applied once the "Modify filters..." window was closed.
    BUGFIX: reloading the input file with wrong PE file could lead to interr
    BUGFIX: Renaming a group node by clicking on the 'rename' icon didn't repaint.
    BUGFIX: Rewritten the wrong algorithm for the areas moving
    BUGFIX: SDK: call_system() with NULL or empy string argument did not create an interactive shell as expected
    BUGFIX: SDK: func_item_iterator_t() could stop enumeration prematurely if the starting address was in a tail chunk
    BUGFIX: SDK: get_output_curline()/get_output_cursor() were returning wrong results if wrapped lines were present in output
    BUGFIX: SDK: it was impossible to override default behavior of some output window events (msg_click, msg_dblclick, msg_keydown)
    BUGFIX: SDK: next_unknown() could return wrong result for sparse storage
    BUGFIX: size of an empty base class can be reported as 1 byte in some (rare) circumstances
    BUGFIX: Some jmp instructions could create "function chunks" in some inappropriate places (e.g., .plt stubs.)
    BUGFIX: Some proximity browser graphs could cause IDA to crash.
    BUGFIX: the application bitness (32 or 64 bit) was not set in some cases
    BUGFIX: The DWARF plugin could interr on some erroneous DWARF data for complex types.
    BUGFIX: the type of a struct member would not be displayed when pressing 'F'
    BUGFIX: tinfo_t objects created from IDAPython could cause an assertion failure at exit time.
    BUGFIX: type comparison was not taking into account the pointer attributes
    BUGFIX: Tricore: some xrefs were created with incorrect type
    BUGFIX: TXT: the "OS Shell" command did not work
    BUGFIX: UI: creating an array of structs in the struct window could fail
    BUGFIX: UI: double-clicking on addresses when using WinDbg debugger did not always work as expected
    BUGFIX: UI: exclude filters on '(any)' column could fail filtering the list of data.
    BUGFIX: UI: in the message about insufficient disk space, "available" space could be displayed as zero.
    BUGFIX: UI: it was impossible to stop the process of taking a memory snapshot while big segments were being processed
    BUGFIX: UI: on OS X, IDA would report "Unknown C++ exception" instead of "Out of memory" error
    BUGFIX: Usage of IDAPython's DropdownListControl was broken.
    BUGFIX: valid-position range information was missing when moving a structure around.
    BUGFIX: When "recent files" history was set to more than 10, the entries past 10 in the "File" menu wouldn't be numbered.
    BUGFIX: When debugging, variables of type '*' that were stored directly in a register were not properly printed in the "Locals" view.
    BUGFIX: when importing PDB info, some bitfields would be imported incorrectly
    BUGFIX: When in graph view, modifying a function so as to change its structure wouldn't always refresh the graph.
    BUGFIX: When the program is rebased, the location history is rebased as well.
    BUGFIX: When the user would pull the miniview out, move out of the graph view to the decompilation view, come back to the disassembly view, the floating window would take focus, and actions could be dispatched to the decompilation view instead of the graph view.
    BUGFIX: When using a non-default color palette, re-setting a node to its default color could lead to glitchy rendering where node margins are white, & the rest of the node is colored.
    BUGFIX: with some IDBs, IDA would start with an oversized arrows window, causing the disassembly view to be squeezed to the right and barely visible.

    这次更新了x86 64位的F5插件 单独收费哦
    付最新正版的价格单
    IDASTANW IDA Starter Base Named License (MS Windows) 589 USD
    IDAPRONW IDA Pro Base Named License (MS Windows) 1129 USD
    HEXX86W x86 Decompiler Base License (MS Windows) 2339 USD
    HEXX64W x64 Decompiler Base License (MS Windows) 2351 USD
    HEXARMW ARM Decompiler Base License (MS Windows) 2350 USD
    Linux
    IDASTANL IDA Starter Base Named License (Linux) 589 USD
    IDAPRONL IDA Pro Base Named License (Linux) 1129 USD
    HEXX86L x86 Decompiler Base License (Linux) 2339 USD
    HEXX64L x64 Decompiler Base License (Linux) 2351 USD
    HEXARML ARM Decompiler Base License (Linux) 2350 USD
    Mac OS X
    IDASTANM IDA Starter Base Named License (Mac OS X) 589 USD
    IDAPRONM IDA Pro Base Named License (Mac OS X) 1129 USD
    HEXX86M x86 Decompiler Base License (Mac OS X) 2339 USD
    HEXX64M x64 Decompiler Base License (Mac OS X) 2351 USD
    HEXARMM ARM Decompiler Base License (Mac OS X) 2350 USD
    ida pro 6.6 6.7 下载地址
    游客,如果您要查看本帖隐藏内容请回复


    ida_2.png
    ida_1.png
    未命名.jpg
    ida67.jpg
    回复

    使用道具 举报

    15

    主题

    0

    听众

    556

    积分

    高级会员

    Rank: 4

    该用户从未签到

    发表于 2015-1-18 19:01:03 |显示全部楼层
    又抢到前排了。哈,不用怀疑,不用惊讶,你也没有看错!
    回复

    使用道具 举报

    14

    主题

    0

    听众

    514

    积分

    高级会员

    Rank: 4

    该用户从未签到

    发表于 2015-1-18 19:37:58 |显示全部楼层
    看起来不错
    回复

    使用道具 举报

    10

    主题

    0

    听众

    482

    积分

    中级会员

    Rank: 3Rank: 3

    该用户从未签到

    发表于 2015-1-18 19:44:40 |显示全部楼层
    这么强,支持楼主,佩服
    回复

    使用道具 举报

    11

    主题

    0

    听众

    564

    积分

    高级会员

    Rank: 4

    该用户从未签到

    发表于 2015-1-18 19:51:02 |显示全部楼层
    纯粹路过,没任何兴趣,仅仅是看在老用户份上回复一下
    回复

    使用道具 举报

    12

    主题

    0

    听众

    502

    积分

    高级会员

    Rank: 4

    该用户从未签到

    发表于 2015-1-18 19:54:23 |显示全部楼层
    发发呆,回回帖,工作结束~
    回复

    使用道具 举报

    13

    主题

    1

    听众

    468

    积分

    中级会员

    Rank: 3Rank: 3

    该用户从未签到

    发表于 2015-1-18 20:00:53 |显示全部楼层
    发发呆,回回帖,工作结束~
    回复

    使用道具 举报

    10

    主题

    0

    听众

    483

    积分

    中级会员

    Rank: 3Rank: 3

    该用户从未签到

    发表于 2015-1-18 20:12:28 |显示全部楼层
    楼猪V5啊
    回复

    使用道具 举报

    13

    主题

    0

    听众

    499

    积分

    中级会员

    Rank: 3Rank: 3

    该用户从未签到

    发表于 2015-1-18 20:55:43 |显示全部楼层
    打酱油的人拉,回复下赚取积分
    回复

    使用道具 举报

    9

    主题

    0

    听众

    482

    积分

    中级会员

    Rank: 3Rank: 3

    该用户从未签到

    发表于 2015-1-18 21:01:39 |显示全部楼层
    这么强,支持楼主,佩服
    回复

    使用道具 举报

    您需要登录后才可以回帖 登录 | 立即注册

    回帖奖励

    [详情]

  • * 每天自己主题被回复3次可获得额外2金钱奖励。
  • * 每天回复他人主题5次可获得额外3贡献的奖励。
  • * 奖励每天都可领取,一定要多参与论坛讨论哦。
  • * 同一主题的重复回复不计。
  • 手机版|Archiver|聚合Vip网络社区 ( 鲁ICP备14030129号-2 )Discuz超级管家   

    GMT+8, 2017-12-15 14:28 , Processed in 0.322602 second(s), 62 queries .

    Powered by Discuz! X2.5

    © 2001-2012 Comsenz Inc. Template by A3cn

    回顶部