签到天数: 2 天
发表于 2015-1-18 19:01:01
立即注册 已有账号？点击登录 或者
最强反编译工具 ida pro 6.7 6.8 x86 arm x64 f5全插件原始安装文件泄露版 + sdk_utils|
x86 arm x64 f5插件为2.0的版本 正版价值人民币3-5万
IDA: What's new in 6.8
This is mainly a maintenance release, so our focus was on fixing bugs. However, there are some improvements too: • Support for long names. In previous versions of IDA names were limited to 511 bytes. This was causing problems, especially with long mangled C++ names (e.g. boost names). We removed this limitation in many places of IDA. The work is not complete, there are still some areas where the limitation exists but overall the listings are more readable now.
• Dalvik: added support for OAT files
• PPC: support for Power ISA 2.07
• Better analysis of prolog code; better register tracking, especially for ARM
•Lots of vulnerabilities fixed thanks to the submissions to our bug bounty program
ARM: Better tracking of registers, improved analysis
ARM: added support for scattered arguments (that are partially passed on the stack and partially in registers)
PC: improved prolog analysis
PPC: added support for a switch variation produced by the Green Hills compiler
PPC: support for Power ISA 2.07
COFF: added support for irix mips files (no support for relocations yet)
Dalvik: added support for OAT files
DWARF: basic support for clang-generated DWARF variable location
DWARF: very basic support for 'rustc'-produced DWARF information
PIN: add support for reading of FPU/XMM registers from internal exception tracing: can display addresses as raw, instead of using seg/func/offset representation
kernel: introduced the notion of ASM and C level types; IDA tries to preserve member offsets only for ASM types; C types may change their sizes because of the changes to other types they depend on
kernel: added support for long names: type, function, label, etc names can be up to 32767 bytes long
demangler: improved to recognize new mangled names
til: added type library for Windows 8.1 (user mode)
til: updated windows til files improved automatic recognition of ascii string by the autoanalyzer
UI: idaq dock menu on mac now features a list of recent files
UI/qt: It is now possible to navigate back & forward in location history with the mouse side navigation buttons (for mice that feature those) in graph & proximity view as well (it was already possible in listing view)
UI: display a warning if the user rebases program around 0xFF000000 (it may cause problems because these addresses are used for internal housekeeping)
UI: graph: Ctrl-Keypad-+ and Ctrl-Keypad-- can now be used to quickly collapse/reveal a node's contents
UI: GraphOverview: can optionally use a blank background (just like before 6.7)
UI: Proximity: added ability to have multiple paths, set their color, turn them on/off and delete them
Scripts & SDK
IDC: added ExpandStruc()
IDC: improved SetLocalType: it accepts typeinfo object as the second argument in addition to declaration strings; added PT_REPLACE so that local types can be replaced
IDAPython: allow accessing a til_t's "base" til_t objects
IDAPython: in addition to AskUsingForm (that opens a dialog), it is now possible to call OpenForm (e.g., to open a form as a tab.)
IDAPython: added ExpandStruc()
IDAPython: USE_LOCAL_PYTHON config parameter is deprecated, IDA autodetects local Python installation now
SDK: added "segm_attrs_changed" event so that plugins can take appropriate actions if necessary
SDK: added print_decls(), allowing to print types from a type library (possibly including dependencies) in a format suitable for C(++) compilation
SDK: added support for default register bits of 64-bit debugger registers
SDK: added tinfo_t::clr_const,clr_volatile,clr_const_volatile functions
SDK: made the return codes of ph.notify() callbacks more plugin-friendly
SDK: netnode names can be of arbitrary length. for practical reason we limit them by 32KB
SDK: qstrncpy and similar functions will raise interr if the size argument is 0 or negative
SDK: replaced get_true_name() and similar functions by get_ea_name(), which accepts qstring as the output buffer; this allows for names of unlimited length, if necessary
SDK: segment names and classes use a separate namespace now and do not hinder functions or data labels with the same name
SDK: tinfo_t::get_unpadded_size() now works not only for c++ objects but for all structs
SDK: ui: forms: Added askqstr() - the kind of askstr() but with qstring argument
SDK: ui: new chooser_item_attrs_t::flags flag CHITEM_GRAY is added to show chooser item grayed out (like disabled). It is now used for the Local types choser to distinct guest types (syncronized from structure/enum views)
BUGFIX: '-' was forbidden in type names but it can be encountered in template arguments
BUGFIX: ARM: A reference to SP (R13) in the register list of the LDMDB instruction (and similar ones) was not allowed by IDA, while some ARM devices can apparently execute it
BUGFIX: COFF: specially crafted COFF files could trigger invalid memory writes on OS X
BUGFIX: Calling refresh_chooser() on a chooser that's embedded in an AskUsingForm might fail calling the possible form callback with a possibly-updated rows selection
BUGFIX: Cmd+C was broken on OSX, and copying was only possible through Ctrl+C
BUGFIX: Creating 2 GraphRenderer with the same title could crash IDA
BUGFIX: Deprecated function add_menu_item() would place the item at the end of the menu if the path was of the form "Edit/Other/" (i.e., ending with an empty string), while it used to place the action on top before
BUGFIX: Deprecated function add_menu_item() wouldn't accept '-' as a separator anymore; only expecting '' (i.e., empty string) was allowed for separators
BUGFIX: Double-clicking on a thread in the list would jump to the wrong thread, if the list was sorted by a column
BUGFIX: During debugging, clicking on some strings containing format specifiers could cause IDA to display the wrong data
BUGFIX: Exporting structures to IDC could lose type information for their members
BUGFIX: File save dialog could have an empty/undefined file name on OSX (Issue 1232)
BUGFIX: Force switching to graph view on functions with huge number of nodes, might cause IDA to crash
BUGFIX: Global variable database_idb was not reset to the empty string after a database was closed
BUGFIX: Hex-View widgets had lost the ability to allow direct editing of the text in their rightmost area (since IDA 6.4)
BUGFIX: IDA could hang after not adequately handling a segment register change
BUGFIX: IDA could hang trying to coagulate unknown bytes within a code segment
BUGFIX: IDA could sometimes print garbage after cross references between structs
BUGFIX: IDA had no way to reset the background color of proximity view nodes that were highlighted by the 'Find path' action
BUGFIX: IDA was displaying split Unicode strings for big-endian processors incorrectly
BUGFIX: IDA would incorrectly report a circular dependency when trying to export a type containing a deleted type
BUGFIX: IDA would try to generate disassembly text for nodes that are unreasonably large
BUGFIX: IDAPython Hex-Rays bindings: could crash IDA because access to members of unions, while they didn't make sense, were allowed (and thus SWiG created buggy proxies around invalid pointers.)
BUGFIX: IDAPython was not exposing tinfo_t::get_named_type(), because SWiG rules in typeinf.i were too broad
BUGFIX: IDAPython's IDC-style ApplyType() wasn't working for structure members
BUGFIX: IDAPython: GetSegmentAttr/SetSegmentAttr would fail with segment registers
BUGFIX: IDAPython: Only the first 'long name' of python-based processor modules was considered
BUGFIX: IDAPython: build.py didn't trigger the patching of some directors methods calling convention, resulting in compilation failure with flag "--with-hexrays"
BUGFIX: IDAPython: expose ::get_named_type()
BUGFIX: IDAPython: idautils.DecodePreviousInstruction() was not checking for the right value returned from idaapi.decode_prev_insn()
BUGFIX: In IDAPython, re-using the same action description twice when registering dynamic context menu items could lead to a crash
BUGFIX: In some rare cases, IDA could crash when closing down & force-exiting a debugging session
BUGFIX: Installers couldn't be run in unattended mode, because the 'setEncryptionPassword' directive was specified in a '<validationActionList>', which is not executed in unattended mode
BUGFIX: It was impossible to comment function stack variables in "Stack of <function name>" windows
BUGFIX: It was impossible to rename structure fields from IDA View-A anymore
BUGFIX: It was possible, through process_ui_action(), to invoke the code for an action that was disabled
BUGFIX: Mach-O DWARF source-level debugging could fail to find the source file
BUGFIX: Mach-O source-level debugging DWARF could fail finding shared libraries source files because it would miss some items (it wasn't taking ASLR into account)
BUGFIX: Manually loading a PE overlay could cause previous segments to be stretched, which would then conflict with later segments being loaded
BUGFIX: Not Free()ing a Compile()d idaapi.Form could cause IDA to crash at exit-time
BUGFIX: On OSX, opening the "About" dialog, then the "Addons" dialog, then closing the "Addons" and performing Ctrl+C could crash IDA
BUGFIX: PDB could fail on meaningless array descriptions, when those are packed into structures
BUGFIX: PDB was not properly parsing unnamed types of the form "SOME_NAMED_THING::__unnamed"
BUGFIX: PDB: improved responsivity of IDA while it's loading PDB information
BUGFIX: PIN: IDA could report incorrect address in an exception description
BUGFIX: PIN: pintool could crash when running with disabled ST_OVER... trace options
BUGFIX: PIN: pintool could report incorrect register values in case of internal exception
BUGFIX: Program rebasing could produce incorrect name records in the database
BUGFIX: Rebasing the program would lead to erroneous addresses in the "Imports" window, until that window is closed & re-opened
BUGFIX: Reloading some PE files could lead to an internal error
BUGFIX: Retina: When zooming in/out of the graph view, nodes contents could appear smaller
BUGFIX: Right-clicking on an identifier in a node wouldn't set the cursor position to that identifier before opening the context menu, resulting on context menu items irrelevant for the wanted identifier
BUGFIX: Saving the IDB would cause the history to be modified
BUGFIX: Selecting a node that is overlapping another node, and Ctrl+dragging (for selecting) from another node was sometimes producing an interr
BUGFIX: Selecting by rectangle in graph view was displaying the rectangle at its position * 2 on OSX retina displays
BUGFIX: Setting a widget's icon wouldn't be reflected in the UI
BUGFIX: Setting function prototypes to similar-looking prototypes, but whose arguments come from other type info libraries, could cause IDA to interr 1064
BUGFIX: Specifying an erroneous binary path mapping & then correcting it, could cause IDA to keep requesting for mappings
BUGFIX: When calling 'attach_action_to_menu' with a menu path starting with "Edit" from the "Recent scripts" window, the action could end up in the 'Recent scripts's own Edit menu, instead of in the global one
BUGFIX: When changing a variable/argument type in a function frame, 'Structures' xrefs might not be updated
BUGFIX: When debugging with WinDbg, stepping over some instructions that cause debugging events (e.g., a "call CreateProcess", causing library load events) might fail & let the program run freely
BUGFIX: When debugging, performing unaligned read_dbg_memory() on linux targets could return wrong data (and so could DbgRead() and idaapi.dbg_read_memory())
BUGFIX: When debugging, synchronizing a Hex View with a register, then later syncing with another register would lead the view to be synced with both registers
BUGFIX: When importing structures from an IDC strict, some dependencies were missing (if those dependencies were defined later in the file.)
BUGFIX: When in graph view, IDA had lost the ability to create groups with only one node (as some users sometimes desire.)
BUGFIX: When in graph view, pressing <Enter> to follow an identifier that will cause the view to switch to listing view, then opening a dialog (e.g., renaming that identifier), and finally going back to graph view, could cause some actions to be unavailable (e.g., 'Hide group'.)
BUGFIX: When the DWARF information for "well-known types" (e.g., __m128d) was erroneous, the DWARF plugin was creating erroneously-sized structures, causing the decompiler to fail
BUGFIX: When the graph layout is locked, clicking within nodes of user-provided graphs wouldn't change the cursor & update the highlight
BUGFIX: add_menu_item() backward compatibility was broken when the path didn't contain any slash. E.g., "Options"
BUGFIX: an expression like sizeof(struct) was creating an xref to the first struct member; changed it to create an xref to the entire structure
BUGFIX: autoanalysis could hang on some wrong code sequences or corrupted files
BUGFIX: better distinction between the code/data conversions done automatically by ida and by the user
BUGFIX: btree: IDA could abort in rare cases when removing a subtree from a database
BUGFIX: cli: IDA could crash trying to print strings coming from very corrupted (i.e., fuzzed) input files with corrupted signatures
BUGFIX: compacting a type library in the presence of aliased types could lead to interr
BUGFIX: corrupted codeview info could crash ida
BUGFIX: corrupted epoc files could crash ida
BUGFIX: corrupted xcoff files could crash ida
BUGFIX: corrupted database (idb/i64) could lead to memory corruption
BUGFIX: dalvik: added "green arrow", which points to the next executed instruction in the debugger
BUGFIX: dbg: dalvik: slot coinciding with "retval" was erroneously ignored when the locals are collected
BUGFIX: dbg: gdbserver: reinitialize the registers information when the target architecture is detected
BUGFIX: dbg: linux_server: signals from the different threads may arise simultaneously without special order, so in the interr 30057 we must weaken the condition
BUGFIX: dbg_read_memory()/DbgRead() could return garbage data for unmapped regions
BUGFIX: debugger: request_step_into() could cause interr 40396
BUGFIX: debugging with gdbserver was impossible for mips executables starting at 0x80000000
BUGFIX: defining the same standard structure twice could lead to a crash
BUGFIX: deleting structures could break navigation in the structures window
BUGFIX: dump typeinfo to idc: in some cases EndTypeUpdating(UTP_ENUM) was missing in the generated file
BUGFIX: dumy typeinfo to idc: structures alignments were missing
BUGFIX: editing a enum type from the local types view to a wrong definition (for example, reusing a symbol that was used elsewhere) would lead to desynchronization with the enum view; fixed other similar problems
BUGFIX: editing a local type would desynchronize it from idb types
BUGFIX: export types: anoonymous nested struct/union types were referred by a generated name; this was leading to an incorrect c declaration
BUGFIX: fixed internal error in the instruction decoder for mips (opcode 78787878 was causing it)
BUGFIX: fixed interr 40208 that could occur when terminating the debugger
BUGFIX: fixed interr 518
BUGFIX: fixed interr 599 (the value of a 6-byte pointer could not be printed as a c declaration)
BUGFIX: fixed interr 608
BUGFIX: fixed multiple vulnerabilities in the rpc protocol between ida and debuggser servers
BUGFIX: fixed some idc nuisances reported on the forum
BUGFIX: gdbserver: disabling single-step support could render the debugger module unusable, ida would complain about wrong RESMOD bits
BUGFIX: ida could crash after calling StartProcess("","","") from the python command line while using a remote GDB debugger
BUGFIX: ida could crash during analysis
BUGFIX: ida could crash or hang on corrupted cli files
BUGFIX: ida could crash when stopping the debugger
BUGFIX: ida could crash while analyzing a file (if a function tail was deleted during enumerating function tails)
BUGFIX: ida could crash with stack overflow while analyzing borland template data
BUGFIX: ida could hang trying to load a corrupted pe file
BUGFIX: ida could hang trying to load corrupted aout file
BUGFIX: ida could hang when analyzing some files
BUGFIX: ida could interr when compacting a type library
BUGFIX: ida would hang trying to display huge (>2GB) arrays
BUGFIX: ida64 would interr trying to calculate arglocs for some functions
BUGFIX: idapython: fixed idx.savefile. Previous implementation has failed to open new file
BUGFIX: idaw would not accept non-ascii file names from the command line
BUGFIX: if an address was marked as 'notcode', it would lead to odd situation when the user would define an instruction but ida would immediately delete it
BUGFIX: if idb was saved before any planned signatures had been applied, autoIsOk would never return true
BUGFIX: if sending a bug report failed, ida would simply tell the user about it; now we show the dialog box once more so that the user can copy the bug report out of ida
BUGFIX: if the last thing we do before saving the idb to the disk is to define a big item that uses both STT_VA and STT_MM storage methods, the sparse flags would not be saved correctly to the disk (they would not be marked as dirty)
BUGFIX: if the struct indexes got corrupted, some of struct types were permanently missing from the list
BUGFIX: importing a struct type from the local types window to the struct view could crash ida
BUGFIX: instant debugging: gdb module was not configuring its registers correctly if the target processor was changed at the last moment
BUGFIX: mac_server would make one processor core 100% busy after debugging an application
BUGFIX: mc16c: ida could crash trying to display an bad instruction
BUGFIX: parsing of argument locations in a register with an offset was broken (e.g. rdx^4.2)
BUGFIX: pe: ida could complain about truncated input file in some rare cases
BUGFIX: pe: ida could hang trying to load a corrupted file
BUGFIX: pe: replaced interr 20064 with a silent failure because it may occur on corrupted input files
BUGFIX: pe: validation of the number of exported addresses was wrong
BUGFIX: ppc: dquai and dquaiq instructions could not be decoded
BUGFIX: read-access hardware breakpoints on win64 were broken
BUGFIX: setting a new target compiler must lead to recalculation of argument locations (especially for x64 where gcc and ms behave differently)
BUGFIX: some type names were displayed as #N (where N is the type number)
BUGFIX: symbol addresses in 32-bit map files were relative to the segment start, not to the segment base (pe files were not affected by this bug)
BUGFIX: the struct/enum views were not automatically refreshed after idc/python scripts that modify them
BUGFIX: tilib was not accepting enum redefinitions if a constant with the high bit set was present (for example, 0x80000000)
BUGFIX: tinfo validation could erroneously fail for aliased types
BUGFIX: tls callbacks in pe+ files were handled incorrectly
BUGFIX: tms320c6: some insns were disassembled incorrectly or not at all
BUGFIX: type validation was too strict: an internal type alias may differ from its target in the type modifiers (const/volatile). they are one of the reasons why we have internal aliases after all
BUGFIX: types entered by the user were not lowered; it is safer to try to lower them in order to get rid of arrays as function arguments, for example
BUGFIX: ui: docks: Prevented creation of empty areas
BUGFIX: ui: qt: Fixed disappearing of persistent dock if "Float" button in the dock header is clicked
BUGFIX: when debugging, double-clicking on an address in the stack view wouldn't jump anymore
BUGFIX: when exporting types, ida could fail to define a structure that was previously used in a typedef
BUGFIX: xrefs to the structure members would disappear after renaming a structure/enum or other manipulations with it
BUGFIX: IDA would fail to delete the last history item from the QuickStart dialog.
BUGFIX: IDAPython Choose2 instances that were self.Close()ing as a part of an OnCommand() callback could crash IDA.
BUGFIX: IDAPython Choose2-based choosers could not be notified of selection changes (through their 'OnSelectionChange' callback.)
BUGFIX: IDAPython calling 'term_database' could leave some windows opened that still need a database, leading to a crash.
BUGFIX: Painting widgets from PySide in IDAPython could cause IDA to crash.
BUGFIX: When toggling (with <Tab>) between Hex-Rays & IDA View-A, hex-rays could cause IDA View-A to move the cursor.
BUGFIX: clicking on opcode bytes AF, CF and DF would result in no highlighting whatsoever.
BUGFIX: fixed interr 40208 which could occur if the network connection to the remote debugger was broken
BUGFIX: interr 820 could occur when loading dwarf debug info
BUGFIX: pc: register tracking was leading to wrong results in omf files
BUGFIX: pc: some instructions were erroneously marked as belonging to the function epilog; this would lead to wrong decompilation
BUGFIX: read-only page breakpoints would be missed if added into an executable page
IDA: What's new in 6.6
It was tough and it required even more research than was planned but finally it arrived. The 64-bit decompiler for x64 code is as simple to use as our other decompilers, and fast as well. Below is very short disassembly listing and the decompiler's output for it:
Naturally, it is the very first version and some edges are still rough, but overall it can handle real world code very well.
Since Android devices become more and more popular, we implemented a debugger for them. It can debug both on the Dalvik bytecode level and on the source code level. Below is a picture showing the bytecode debugging:
And this is the same application on the source code level:
Naturally, the user can switch between the two views any time.
IDA knows about the Dalvik objects and show them in a structured way (if the debug info was not stripped):
Please see our Dalvik debugging tutorial for more info!
PySide is shipped with IDA
The title says it all. Since it is easy to create nice interactive plugins with PySide, we decided to include it with IDA. Now all IDA copies will have it properly installed and configured, so as a plugin writer you can rely on its existence!
Many small but useful features have been added or improved. Here's just a few:
Multiline breakpoint conditions
Python users will love this: now it is possible to write a multiline condition right in the 'edit breakpoint' dialog box. IDA even accepts function definitions there!
Functions can be used in IDC snippets
Now you can use the same scripts as in separate .idc files: IDA will compile all functions present in the script and run the main() function, if it's present.
ARM: decode ARMv7 optional Virtualization Extension instructions (HVC, ERET, banked register MRS/MSR)
ARM: decode optional ARMv7-A instructions SDIV and UDIV
ARM: decode the stand-alone "second half of Thumb BL instruction" as "BL LR, #imm", if currently selected processor does not support Thumb-2
CLI/.NET: put user strings into a pseudo-segment (e.g. so that they can be deobfuscated)
CLI/.NET: use full names when naming methods; this reduces naming conflicts and makes the Function List more useful for .NET binaries
MIPS: added support for n32/n64 ABI
MIPS: when tracking registers, assume that $t9 is initialized with the function's address
PC: Added a GCC switch idiom.
PC: handle morte non-optimized GCC switch patterns
PC: handle non-PIC form of GCC x64 switch (jmp ds:table[reg*8])
PC: improve analysis of functions that use __EH_prolog3 helpers
PC: improved prolog analysis
PPC: support for additional instructions available in some Freescale e200z cores (Volatile Context Save/Restore APU and EFPU2)
Tricore: support for architecture V1.6
COFF: added support for EBC object files
COFF: recognize and load Visual C++ /GL files (link-time code generation). Note: since such files contain custom Microsoft bytecode, the code can't be disassembled.
DWARF: (basic) support for runtime GCC 4.8.2-produced DWARF4 information.
DWARF: Allow the plugin to mark function prototypes as being definitive (so e.g. the decompiler can rely on them).
DWARF: At load-time, it is now possible to fine-tune the DWARF plugin regarding calling conventions.
DWARF: Can now configure whether DWARF data should be loaded when in batch mode.
DWARF: Initial support for Golang-produced DWARF debugging information.
ELF: added support for some ARCompact relocations
ELF: MIPS: use DT_MIPS_GP_VALUE to determing the executable's gp register value
PE: better handling of files where .idata is merged into .rdata
PE: IA64: handle IMAGE_REL_BASED_IA64_IMM64 relocations
PE: improve debug directory formatting
PE: parse new fields in the Load Configuration Directory added in Windows 8.1 (control flow guard metadata)
PE: X64: parse .pdata section at load time and create function boundaries accordingly.
PDB: added support for annotations (e.g. NT_ASSERT macro in checked builds)
improved printing of unicode strings in the watch view, locals, and in the 'export data' command
argument locations in function prototypes are specified with @<reg>; the old syntax <reg> is accepted too for the moment; we will suppress it in the next release
introduced is_mul_ok() helper function to represent multiplication overflows checks
introduced qmemcpy() which always copies byte by byte, from low to high addresses
added recognition of inlined bswap() function
double clicking on a label jumps to it
the decompiler may use __spoils keyword to specify registers that are not spoiled by the function
improved recognition of register save/restore patterns
'volatile' keyword can be used to override constness of an individual item
if an int 2Ch instruction has NT_ASSERT() comment (e.g. extracted by the PDB plugin from PDB annotations), show it as NT_ASSERT() macro call instead of just __int2c()
FLIRT, TIL & IDS
FLIRT: added EBC startup signature for PE (EFI) files
PCF: handle EBC object files
Scripts & SDK
IDAPython: Don't intercept SIGPIPE, SIGXFZ, SIGXFSZ & SIGINT signals on Unix platforms; leave them for IDA to handle.
IDAPython: added the decompiler bindings
IDAPython: Expose simpleline_t type to IDAPython. That lets the user to set the bgcolor & text for each line in the decompilation.
IDC: added "elang" attribute to the Breakpoint class (scripting language for the breakpoint condition)
installer/Windows: check if Python actually works after installing; offer user to retry the installation
SDK: added askfile2() for extended open/save file dialog with support for file masks
SDK: added 'extlang_changed' IDP event
SDK: added qstring methods ltrim(), rtrim(), trim2()
SDK: added support for custom arglocs
SDK: check_process_exit() now has a 'timeout' argument
SDK: form_actions_t is extended with set/get methods for fields of different types to enable compile-time argument type checking
SDK: replaced addblanks() by a safer function add_spaces(), which accepts the buffer size
UI: scripting language for the condition field can be specified for every breakpoint separately
UI: breakpoint conditions can now be multi-line (use "..." button to open a multi-line editbox)
UI: Ctrl-C/Ctrl-Ins copies the currently highlighted text to clipboard (if there is no selection)
UI: export_data plugin will now offer to export the item under cursor if there is no selection
UI: OSX: IDA's main window will now appear as the top level window on OSX when idaq is started with an IDB file on the command line
debugger: IDA reacts faster to the cancel button while searching for binary patterns
debugger: now it is possible to stop a long memory snapshot retreival
GDB: added an option to enable/disable the use of stub's single-stepping support for some broken systems (e.g. MIPS or ARM Linux)
BUGFIX: 78K0S: instruction "MOV [HL+byte], A" was decoded incorrectly (displacement was always zero)
BUGFIX: a reference to a wrongly defined type was considered to be equal to a valid reference (fortunately this occurs rarely)
BUGFIX: ARC: some instructions setting flags were decoded without the .f suffix
BUGFIX: arglocs for vc32 fastcall CC: only UDT pointers are passed on the stack, hidden arguments (e.g. 'this') distribute according to 'fastcall' policy
BUGFIX: ARM: arm64 instruction aliases BFI and BFXIL were decoded incorrectly
BUGFIX: ARM: autoanalysis could loop indefinitely in some rare situations when there was a bogus xref into the middle of a macro instruction
BUGFIX: bfltldr.py was not working anymore.
BUGFIX: btree compress could produce a corrupted base
BUGFIX: creating an array type with wrong array attributes could crash IDA or create wrong type
BUGFIX: debugger: when attaching to x64 process without an existing database, "IP" and "SP" special registers were detected incorrectly
BUGFIX: Debugging an ASLR-enabled binary (which will rebase the IDB) was not rebasing the navigation history.
BUGFIX: During breakpoints export operation always export hardware breakpoint sizes
BUGFIX: DWARF loading could crash IDA in certain circumstances involving complex graphs of objects with variations (i.e., whose padding bytes are re-used when inherited.)
BUGFIX: ELF: dynamic info could be parsed incorrectly for some uClibc files
BUGFIX: Fixed exporting of breakpoints with complex conditions, which contains quoted strings
BUGFIX: fixed internal error that could occur when loading a pdb file with unaligned bitfields
BUGFIX: fixed interr 603
BUGFIX: Fixed representation of the chooser filters in "Modify filter" dialog. The collumn was always shown as '*'
BUGFIX: fixed wrong direction of the floating point conversion
BUGFIX: function argument location could be calculated incorrectly for arguments containing unaligned union fields (gcc64)
BUGFIX: function argument location was calculated incorrectly for some structures containing arrays as members
BUGFIX: GDB: duplicate threads could appear in the thread list in some situations
BUGFIX: GDB: maximum packet size was not respected when doing memory writes
BUGFIX: GDB: SendDbgCommand() with PIN's GDB backend would take at least one second (value or of the GDB timeout setting)
BUGFIX: GDB: when single-stepping in some thread, IDA could issue a "continue" packet for another thread instead
BUGFIX: hexrays: "add pseudocode comments" was broken
BUGFIX: hexrays: an indirect call to a noret function in the middle of a function was not supported
BUGFIX: hexrays: ARM decompiler could generate references to wrong (unexisting) global variables in some cases
BUGFIX: hexrays: ARM decompiler could miss some return instructions and represent them as JUMPOUTs
BUGFIX: hexrays: (ARM) if the user turned off macros after analyzing the database, the decompiler could interr or generate wrong output
BUGFIX: hexrays: (ARM) big endian decompilation had constant halves swapped
BUGFIX: hexrays: decompiler could create overalpping input arguments and later interr
BUGFIX: hexrays: decompiler could erroneously optimize away some expressions like 'x*N & M' and replace them with zero
BUGFIX: hexrays: decompiler could interr if 32-byte enum type was defined (too wide)
BUGFIX: hexrays: decompiler could interr on a comma operator whose type is a bitfield
BUGFIX: hexrays: decompiler could interr on some variadic functions
BUGFIX: hexrays: decompiler was always moving register arguments to the beginning of the argument list in the pseudocode window
BUGFIX: hexrays: def-list for strcat() was sometimes calculated incorrectly
BUGFIX: hexrays: enabled negation of 128-bit values, apparently they can occur even in 32-bit programs
BUGFIX: hexrays: expression like "(x * N) < 0" could be optimized wrongly in some rare cases
BUGFIX: hexrays: fixed a couple of minor memory leaks
BUGFIX: hexrays: fixed interr 50375
BUGFIX: hexrays: fixed interr 50396
BUGFIX: hexrays: fixed interr 50513
BUGFIX: hexrays: fixed interr 50708
BUGFIX: hexrays: fixed interr 50715
BUGFIX: hexrays: fixed interr 50860
BUGFIX: hexrays: fixed interr 51049
BUGFIX: hexrays: ftst instruction was not decompiled
BUGFIX: hexrays: hints for union members were wrong (off=N; where N is the member number, not the offset)
BUGFIX: hexrays: if the return value of a function call was used but could not influence the logic of the program, the call could be optimized out, which is wrong
BUGFIX: hexrays: movd/movq insructions with a register destination were decompiled incorrectly
BUGFIX: hexrays: recursive patterns could be applied wrongly and lead to an interr
BUGFIX: hexrays: ScreenEA() would sometimes return BADADDR in the decompiler view because some pseudocode locations cannot be mapped to an address. Now it tries to return the closest EA, or the function's EA in the worst case.
BUGFIX: hexrays: the rule to recognize signed modulo by power2 could interr
BUGFIX: HT_VIEW example plugin could crash on non-graph views.
BUGFIX: IDA could crash trying to print a function declaration (a function returning a pointer to an array of pointers to arrays)
BUGFIX: IDA could interr when parsing "int func(int,void)"
BUGFIX: IDA could not attach to a remote PIN debugger - tried to launch a local pintool instance instead
BUGFIX: IDA could stop with internal error 498 when loading some pdb files
BUGFIX: IDA graphs could become corrupted, or even crash IDA, on some versions of linux.
BUGFIX: IDA now starts up in the foreground when run from the command line on mac (instead of hiding behind the terminal window)
BUGFIX: IDA would crash if the __FILE__ macro was used in a function prototype
BUGFIX: IDA would fail to import huge (>0x1FFFFFFF bytes) structures from pdb files
BUGFIX: IDA wouldn't display, in the 'Use standard symbolic constant', enum values that have bit 31 set to 1.
BUGFIX: IDA could behave incorrectly under Wine due to a bug exposed by the differences in Wine's MSVCRT implementation
BUGFIX: IDA could crash when loading big PE files with zero-filled areas
BUGFIX: idaw.exe could crash upon closing the database
BUGFIX: IDAPython: for non-code locations, idc.GetOpnd() would create instructions instead of returning empty result
BUGFIX: IDAPython: idb_event::area_cmt_changed was never received in IDB_Hooks (and descendants)
BUGFIX: IDAPython: idb_event::ti_changed, and idb_event:p_ti_changed notifications were not accessible in IDAPython
BUGFIX: IDAPython: op_t.value was truncated to 32 bits under IDA64.
BUGFIX: IDAPython: print_tinfo() wouldn't return a valid string.
BUGFIX: IDAPython: readsel2() was not usable.
BUGFIX: IDAPython: read_selection() was buggy for 64-bit programs.
BUGFIX: IDAPython: StructMembers() considered holes in structures, and didn't properly iterate through the whole structure definition.
BUGFIX: IDAPython: There was no way to call calc_switch_cases() from IDAPython.
BUGFIX: IDAPython: when using multi-select/multi-edit choosers, erroneous event codes could be sent at beginning & end of batch deletion of lines.
BUGFIX: IDAPython: When, in a PluginForm#OnCreate, the layout of IDA was requested to change (for example by starting a debugging session), that PluginForm could be deleted and create an access violation.
BUGFIX: IDC/Python: GetTinfo("") was causing an interr
BUGFIX: IDC/Python: SetType would work incorrectly if an invalid string was passed
BUGFIX: If closing of one of DockWidget causing the closing of other DockWidgets then changing (reset/load) of desktop layout crashed Ida.
BUGFIX: if the user renamed the segments to use dummy segment names like segXXX, IDA would be unable to find such segments by name
BUGFIX: In flat rendering mode, standing on a border line of an instruction (i.e., "-------") that is located right before data, and pressing 'C' to make code (in order to turn that data into code), could scroll the view by 1 line if the MakeCode command failed.
BUGFIX: In graph view, leaving the mouse on an edge wouldn't show "To:/From:" hints anymore.
BUGFIX: in graph view, we can now highlight text by dragging the mouse outside the boundary of a node.
BUGFIX: In some cases, switching from flat view to graph view could have the side-effect of moving the cursor down by one or more lines, which changes the EA.
BUGFIX: incorrect handling of argument location (gcc64) for some nested unions and unions containing big structures as members
BUGFIX: Instances of type tinfo_t couldn't be properly used when they were aggregated by other types.
BUGFIX: it was impossible to check out the IDA Pro floating license if both Starter and Pro licenses were present
BUGFIX: kernel: reloading a binary file would work incorrectly if extra segments were added before the file data
BUGFIX: kernel: user-defined offsets with "subtract" flag set were not working properly for processors that implement ph.translate callback (e.g. MIPS)
BUGFIX: M68K: ColdFire instructions REMU.L/REMS.L were decoded as DIVU.L/DIVS.L
BUGFIX: Mach-O loader's check for valid section index was not correct.
BUGFIX: MACHO: zeroed out symbols were incorrectly considered as imports with unknown names
BUGFIX: Middle-button clicking anywhere to the right of a rightmost tab would crash IDA.
BUGFIX: MIPS module was not marking switch instructions with a special mark (as it is done for x86 code, for example)
BUGFIX: MIPS: arguments in fpu registers were not properly commented in __usercall prototypes
BUGFIX: Moving the structures in the structures window didn't work as expected.
BUGFIX: Once pulled out from the main window, a PluginForm (or derivative) might not receive events properly anymore.
BUGFIX: opening a file with the name starting with @ would lead to a fatal error (instead of a nice error message)
BUGFIX: PC: register tracker could incorrectly use previous register values after a popad instruction, leading to wrong comments
BUGFIX: pdb with a union of bitfields would cause an internal error
BUGFIX: PE: IDA on Linux/OS X would crash when trying to load .NET filles without a User Strings stream
BUGFIX: PPC: "branch always" instruction had a hidden condition field operand, even though condition is ignored for it
BUGFIX: PPC: use/change operand flags were set incorrectly for some instructions
BUGFIX: PPC: IDA could crash due to stack overflow when analyzing some long functions
BUGFIX: Pulling the miniview out could cause a crash.
BUGFIX: Regex-based filters could be un-applied once the "Modify filters..." window was closed.
BUGFIX: reloading the input file with wrong PE file could lead to interr
BUGFIX: Renaming a group node by clicking on the 'rename' icon didn't repaint.
BUGFIX: Rewritten the wrong algorithm for the areas moving
BUGFIX: SDK: call_system() with NULL or empy string argument did not create an interactive shell as expected
BUGFIX: SDK: func_item_iterator_t() could stop enumeration prematurely if the starting address was in a tail chunk
BUGFIX: SDK: get_output_curline()/get_output_cursor() were returning wrong results if wrapped lines were present in output
BUGFIX: SDK: it was impossible to override default behavior of some output window events (msg_click, msg_dblclick, msg_keydown)
BUGFIX: SDK: next_unknown() could return wrong result for sparse storage
BUGFIX: size of an empty base class can be reported as 1 byte in some (rare) circumstances
BUGFIX: Some jmp instructions could create "function chunks" in some inappropriate places (e.g., .plt stubs.)
BUGFIX: Some proximity browser graphs could cause IDA to crash.
BUGFIX: the application bitness (32 or 64 bit) was not set in some cases
BUGFIX: The DWARF plugin could interr on some erroneous DWARF data for complex types.
BUGFIX: the type of a struct member would not be displayed when pressing 'F'
BUGFIX: tinfo_t objects created from IDAPython could cause an assertion failure at exit time.
BUGFIX: type comparison was not taking into account the pointer attributes
BUGFIX: Tricore: some xrefs were created with incorrect type
BUGFIX: TXT: the "OS Shell" command did not work
BUGFIX: UI: creating an array of structs in the struct window could fail
BUGFIX: UI: double-clicking on addresses when using WinDbg debugger did not always work as expected
BUGFIX: UI: exclude filters on '(any)' column could fail filtering the list of data.
BUGFIX: UI: in the message about insufficient disk space, "available" space could be displayed as zero.
BUGFIX: UI: it was impossible to stop the process of taking a memory snapshot while big segments were being processed
BUGFIX: UI: on OS X, IDA would report "Unknown C++ exception" instead of "Out of memory" error
BUGFIX: Usage of IDAPython's DropdownListControl was broken.
BUGFIX: valid-position range information was missing when moving a structure around.
BUGFIX: When "recent files" history was set to more than 10, the entries past 10 in the "File" menu wouldn't be numbered.
BUGFIX: When debugging, variables of type '*' that were stored directly in a register were not properly printed in the "Locals" view.
BUGFIX: when importing PDB info, some bitfields would be imported incorrectly
BUGFIX: When in graph view, modifying a function so as to change its structure wouldn't always refresh the graph.
BUGFIX: When the program is rebased, the location history is rebased as well.
BUGFIX: When the user would pull the miniview out, move out of the graph view to the decompilation view, come back to the disassembly view, the floating window would take focus, and actions could be dispatched to the decompilation view instead of the graph view.
BUGFIX: When using a non-default color palette, re-setting a node to its default color could lead to glitchy rendering where node margins are white, & the rest of the node is colored.
BUGFIX: with some IDBs, IDA would start with an oversized arrows window, causing the disassembly view to be squeezed to the right and barely visible.
这次更新了x86 64位的F5插件 单独收费哦
IDASTANW IDA Starter Base Named License (MS Windows) 589 USD
IDAPRONW IDA Pro Base Named License (MS Windows) 1129 USD
HEXX86W x86 Decompiler Base License (MS Windows) 2339 USD
HEXX64W x64 Decompiler Base License (MS Windows) 2351 USD
HEXARMW ARM Decompiler Base License (MS Windows) 2350 USD
IDASTANL IDA Starter Base Named License (Linux) 589 USD
IDAPRONL IDA Pro Base Named License (Linux) 1129 USD
HEXX86L x86 Decompiler Base License (Linux) 2339 USD
HEXX64L x64 Decompiler Base License (Linux) 2351 USD
HEXARML ARM Decompiler Base License (Linux) 2350 USD
Mac OS X
IDASTANM IDA Starter Base Named License (Mac OS X) 589 USD
IDAPRONM IDA Pro Base Named License (Mac OS X) 1129 USD
HEXX86M x86 Decompiler Base License (Mac OS X) 2339 USD
HEXX64M x64 Decompiler Base License (Mac OS X) 2351 USD
HEXARMM ARM Decompiler Base License (Mac OS X) 2350 USD
ida pro 6.6 6.7 下载地址