Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   [NEWS] IDA Pro 7.2 (https://forum.exetools.com/showthread.php?t=19008)

alexandernst 11-06-2018 07:34

[NEWS] IDA Pro 7.2
 
Hex rays published IDA Pro 7.2. You can read about the changes in this version here: https://www.hex-rays.com/products/ida/7.2/

Daemon 11-06-2018 14:23

Can anyone share IDA SDK for version 7.2?

soyandroid 11-07-2018 19:22

I saw it a couple of days ago.

The most interesting thing is the support of ARM V8.3 instructions, specially the PAC (Pointer Authentication Code).

Looks like when you load an IOS12 kernelcache the function pointers are resolved corretly.

Also includes stack unwinding in code using PAC instructions.

But for me the most interesting adition is really the new processor module for PIC24 and the extended support of some more PIC 16Fx variants.

They just need to add now a PIC C decompiler for make me happy. :)

Daemon 11-07-2018 21:25

Never mind.. Got hold of the SDK finally :D

Shub-Nigurrath 11-08-2018 01:43

also the new decompiler supports C++ objects, inheritance and methods pointers. Amazing

Daemon 11-08-2018 07:28

Let me save everyone the effort of posting the changes piece-meal. Here are all the changes:

Complete changelist
  • Processor Modules
  • + 68k: print pc-relative operands with explicit "(pc)" suffix; it seems gas accepts both forms, and having an explicit suffix is a good thing
  • + ARC: improved switch recognition
  • + ARM : added ARM-v8.3a PAC (Pointer Authentication Code) instructions
  • + ARM: added support for A64 basic crypto instructions (AES, SHA1, SHA2)
  • + ARM: improve detection of ARM64 imported function stubs in Mach-O and PE binaries
  • + ARM: simplify A64 instruction aliases MUL, MNEG, SMULL, SMNEGL, UMULL, UMNEGL
  • + DWARF source-level debugging is now availalble on Android platforms
  • + H8*: improved switch recognition
  • + MC6812: track SP register changes
  • + NEC850: added V80E2M and RH850 floating-point instructions (and many others)
  • + PIC: added decoding of more 16F1x and 12F1x instructions
  • + PIC24: new processor module
  • + PC: added yet one more prolog pattern
  • + PC: improved detection of 'push ecx' as part of the function prolog
  • + PC: reduced number of incorrectly created offset expressions
  • + PC: improved recognition of the gcc vararg prolog
  • + PIC16: added processor module for PIC24,30,33 families
  • + PPC: enhanced switch recognition
  • + PPC: improved switch recognition
  • + SH3: improved sp analysis
  • + SH3: improved switch recognition
  • + SPARC: improved switch recognition
  • + TMS320C28X: improved switch recognition
  • + V850: improved switch recognition
  • File Formats
  • + CLI: corrupted files with bad LUT table can be loaded now
  • + DEX: added support for VDEX file format
  • + ELF: ability to load external symbols from companion file (even when DWARF info is missing.)
  • + ELF: added annotation of NT_PRSTATUS and NT_PRPSINFO notes for core files
  • + ELF: added support for packed android relocations (APS2 format)
  • + ELF: allow independent loading of PHT and SHT in loader options
  • + ELF: detect loading of inconsistent overlapping data from PHT
  • + MACHO: allow the user to load a given module from a dyld_shared_cache on-command
  • + MACHO: always use segment prefixes for kernelcache files, even when not splitting by KEXTs
  • + MACHO: improve XML parsing for __PRELINK_INFO in kernelcache files
  • + MACHO: support ARM64_32. only in ida64 (for now)
  • + MACHO: support loading of iOS 12 prelinked kernelcaches
  • + MACHO: support loading of new dyld cache format for arm64e architecture (e.g. iPhone XS)
  • + MACHO: when loading a single dyldcache module, apply the relevant symbols from the cache's symbol table
  • + MACHO: store segment protections in the database (previously they were ignored)
  • + PE: label guard call check function if present in the load config directory
  • + PE: added annotation for IMAGE_DEBUG_TYPE_REPRO
  • Debugger
  • + support debugging on iOS devices with ARMv8.3-A extensions (iPhone XS, XS Max, XR)
  • + support watchpoints in the Remote iOS Debugger
  • + iOS: improve compatibility with older devices (the oldest we've thoroughly tested is an armv7 iPhone 4 with iOS 6.0.1)
  • + dalvik: use "track-jdwp" service instead of "jdwp", it uses more reliable protocol
  • + ios_deploy: added "afc" phase
  • + ios_deploy: added "battr" phase
  • + ios_deploy: added "dattr" phase
  • + ios_deploy: added "debug" phase. this allows us to easily troubleshoot issues when launching/attaching to a process
  • Kernel/Misc
  • + CFG: removed obsolete config parameter CHECK_MANUAL_ARGS
  • + FLIRT: ICL: Added signatures for icl177 (Intel C++ 17.7)
  • + FLIRT: ICL: Added signatures for icl178 (Intel C++ 17.8)
  • + FLIRT: ICL: Added signatures for icl182 (Intel C++ 18.2)
  • + FLIRT: ICL: Added signatures for icl183 (Intel C++ 18.3)
  • + FLIRT: ICL: Added signatures for icl190 (Intel C++ 19.0)
  • + FLIRT: VC: Added signatures for vc1413 (Visual Studio 2017.6)
  • + FLIRT: VC: Added signatures for vc1414 (Visual Studio 2017.7)
  • + FLIRT: VC: Added signatures for ucrt 17134 (Windows 10 April 2018 Update SDK)
  • + FLIRT: VC: Added signatures for vc1415 (Visual Studio 2017.8)
  • + improved code detection heuristic rules
  • + improved sp analysis
  • + introduced -8align4 abi option for arm/pc
  • + added support for parsing simple c++ classes with virtual functions
  • + strlit comments: try to print them even for references to pointers to strings
  • + types: improved til <-> IDB structure synchronizing
  • Objective-C
  • + OBJC: added OBJC_LAZY_MODE to objc.cfg, which prevents IDA from parsing objc data at load-time
  • + OBJC: allow user to pass options to objc plugin via -Oobjc:
  • + OBJC: improve analysis of block functions by detecting Block_layout objects allocated on the stack
  • + OBJC: improve type propagation in the pseudocode; specifically across ARC-related functions (objc_retain, objc_retainAutoreleasedReturnValue, etc.)
  • + OBJC: introduce submenu for objc features. See Edit>Other>Objective-C
  • + OBJC: parse __block_literal_global structures when loading mach-o files
  • + OBJC: parse pre-optimized data structures in __objc_opt_ro
  • + OBJC: support regular expressions in the selector string for the JumpSelector action
  • User Interface
  • + ui/qt: added the ability to restore custom widgets when a desktop layout is loaded (through the 'ui_create_desktop_widget' notification)
  • + ui/qt: added user interface for borrowing and returning floating licenses (available under menu Options-Floating Licenses in floating license IDA versions)
  • + ui/qt: any widget that was last closed when floating (alone) and reopened with WOPN_RESTORE will now be restored as a float, in its previous position
  • + ui/qt: custom data types & formats registered by the user now appear in the context menu
  • + ui/qt: entries in the "Exports" window will now have different icons according to their type (function, data, undefined, ...)
  • + ui/qt: in the proximity view, one can now add nodes by from addresses, instead of having access to (non-dummy-) named items only
  • + ui/qt: introduced 'get_window_id(const char *name=NULL)' to retrieve the underlying OS-specific window ID
  • + ui/qt: some specific floating widgets geometries/positions will now be restored when re-opening (e.g., the "Script snippets")
  • + ui/qt: watch views: it was impossible to specify an idc expression as in expressions with a cast: (type)expr
  • + ui/qt: when implementing 'ui_get_custom_viewer_hint' in a plugin, it is now possible to ask IDA to inject its "regular" hints anywhere in the returned text
  • + ui: "Binary search" now allows tabs instead of spaces, between different items (e.g., 0x89\t0xE5), allowing easier copy-paste from tools such as GDB
  • + ui: API: adding navband ea_t <-> pixel conversions
  • + ui: added shortcuts Ctrl+Shift+Up/Ctrl+Shift+Down to jump to the start of the previous/next function
  • + ui: create segment: if the end address of the segment is not specified, split the segment that is located at the specified start address
  • + ui: pressing <Shift+Enter> in "jump" choosers (i.e., Ctrl+P, Ctrl+X, Ctrl+L, Ctrl+E, ...) will jump without closing the chooser, thereby working as a preview/quick navigation
  • + ui: show demangled names by default in the module debug name list
  • + ui: when a new idb can not be created because of permissions, propose to create it in the home directory
  • + ui: when creating structures from data, the structure will be named "struc_<addr>" (where 'addr' corresponds to the address of the start of the selection), instead of having an unrelated numeric suffix
  • + ui: improved application of bitfield enums to operands
  • Scripts & SDK
  • + IDAPython: added Hexrays_Hooks, providing a better abstraction on top of the hexrays_event_t (methods are typed, and bindings are automatically generated, meaning that it'll follow additions to the C++ SDK)
  • + IDAPython: all functions not marked as THREAD_SAFE in the C++ SDK, will now check that they are being called from the main thread, avoiding possible corruption or crashes
  • + IDAPython: ida_dbg: expose memory_info_t(), meminfo_vec_t(), set_manual_regions()
  • + IDAPython: ability to provide user hints for edges of user graphs
  • + IDC: added __IDAVER__ as a numeric version number
  • + IDC: added debugger registers as variable names
  • + SDK: added GN_NOT_DUMMY bit for get_name()
  • + SDK: added UTF-8 aware qrmdir()
  • + SDK: added calc_func_size()
  • + SDK: added idb_event::bookmark_changed
  • + SDK: added support for shifted pointers
  • + SDK: added the item_color_changed and colee_addr_changed events
  • + SDK: append_cmt() does not append the comment if it is already present at the end of the existing comment
  • + SDK: deleting a segment register now sends a 'sgr_deleted' event
  • + SDK: exported copy_named_type()
  • + SDK: renamed regex functions to not conflict with POSIX symbols (qregcomp/qregerror/qregexec/qregfree)
  • + SDK: introduced the INSN_64BIT bit
  • + SDK: added bitcount()
  • + SDK: make request_refresh(), clear_request_refresh() and is_refresh_requested() accept 64-bit masks
    Decompilers
  • + hexrays: ARM: support RRX addressing mode
  • + hexrays: added support for magic divisions in 64-bit code
  • + hexrays: added "force new variable" command; it can be used to force the decompiler to create a new aliasable stack variable at the specified location
  • + hexrays: added "variable is possibly undefined" warning
  • + hexrays: added MAX_STRLIT_LEN configuration parameter
  • + hexrays: added a new rule to simplify some ternary operators
  • + hexrays: added a new rule: (x ^ y) & 1 => x != y if x,y are booleans
  • + hexrays: added hxe_cmt_changed notification
  • + hexrays: added logic to remove exception handling code (SjLj)
  • + hexrays: exported idaloc2vd and vd2idaloc
  • + hexrays: get rid of limitation on number of internal microregisters
  • + hexrays: get rid of virtual registers in microoperands
  • + hexrays: handle ARMv8.3 Pointer Authentication instructions
  • + hexrays: improved handling of some switch idioms
  • + hexrays: improved handling of union expressions
  • + hexrays: improved propagation of odd parts of constant values
  • + hexrays: improved recognizing of register arguments in called functions
  • + hexrays: improved function prototype parser: take into account the return type is able to contain parentheses
  • + hexrays: improved detection of read-only data in dyldcaches. this can heavily simplify the pseudocode
  • + hexrays: slightly improved recognition of magic divisions
  • + hexrays: x86: added recognition of gnu mcount()
  • + hexrays: calls of virtual functions are decompiled in a nice way
  • + hexrays: added support for 64bit character constants
  • + hexrays: it was impossible to decompile a call that returns an udt of an odd size (!is_valid_size)
  • + hexrays: sdk: added macro HEXRAYS_MEMORY_ALLOCATION_FUNCS() and functions hexrays_alloc/hexrays_free
  • + hexrays: sdk: added new flags CVAR_NOPTR, LVINF_NOPTR, use them to indicate that a variable should have a non-pointer type
  • + hexrays: sdk: added external blocks (BLT_XTRN). they greatly improve snippet decompilation
  • + hexrays: sdk: lvars are taken into account when calculating use/def lists; exported 2 more mlist related functions
  • + hexrays: sdk: cleaned up the API; we will try to maintain compatibility from now on
  • BUGFIXES
  • BUGFIX: "Produce file > Dump database to IDC file..." would generate IDC scripts whose 'create_strlit' directives had erroneous 'length' parameter
  • BUGFIX: "Suspend on debugging start" option was broken for GDB-based debuggers
  • BUGFIX: "ida -B" was not performing the final pass over the input file and this could lead to huge ranges of unexplored bytes in the output listing
  • BUGFIX: 68K: some Coldfire-specific instructions were not decoded in the "MC68xxx universal emulator" mode
  • BUGFIX: COFF: some XCOFF64 files could be loaded incorrectly
  • BUGFIX: Copying to the clipboard from the graph view, could result in text being shifted
  • BUGFIX: DWARF: C++ exceptions could be issued by the plugin during source-level debugging, and not be caught, causing IDA to exit
  • BUGFIX: DWARF: Golang types containing readonly or writeonly channels, would be turned into anonymous types
  • BUGFIX: DWARF: Structures with a variable sized last member consisting of an array of arrays, would fail being properly handled
  • BUGFIX: EH: parsing of exception data in arm32 Mach-O binaries could produce bogus " bad try block information" warnings
  • BUGFIX: ELF: ARM: some files with ARM-mode entrypoint could be disassembled incorrectly in Thumb mode
  • BUGFIX: ELF: loading big-endian ARM files would display "ARM Little-endian" in the "Load file dialog". Similarly, loading little-endian PPC files would show "Power-PC big endian" instead of "Power-PC little endian"
  • BUGFIX: ELF: parsing SHT_NOTE could yield invalid contents
  • BUGFIX: GDB: serialized conversation (for troubleshooting purposes) could contain unescaped '\' characters
  • BUGFIX: GDB: IDA could crash when attaching to gdbserver if the bitness was misdetected
  • BUGFIX: GDB: some android aarch64 stubs could be misdetected as 32-bit arm
  • BUGFIX: GDB: when using snippet mode debugging with QEMU, segments starting with undefined bytes could have data zeroed out at runtime
  • BUGFIX: GDB: IDA could crash when attaching to QEMU i386 or x86_64 (starting with version 2.10)
  • BUGFIX: IDA could INTERR 40029 when using the gdb debugger
  • BUGFIX: IDA could hang trying to load some psx images
  • BUGFIX: IDA could crash trying to parse bad objc metadata
  • BUGFIX: IDA could crash when deleting a local type
  • BUGFIX: IDA could die with interr 40193 when trying to recover from a fatal network error during remote debugging
  • BUGFIX: IDA could misdetect the compiler as gcc
  • BUGFIX: IDA would become very slow when the debugger was active and the debugged application was running freely
  • BUGFIX: IDA would crash when parsing tryblk info
  • BUGFIX: IDA would not demangle names from exported from a dll during a debugging session
  • BUGFIX: IDA would print empty character constant if the character could not be converted from the source encoding
  • BUGFIX: IDA would crash with code 1004 if a scattered location with stack components was specified
  • BUGFIX: IDAPython: 'reg' member of action_update_ctx_t & action_activation_ctx_t, was virtually unusable as it corresponds to debugger registers, which have different numbers than processor module-provided ones. It has been replaced with 'regname'
  • BUGFIX: IDAPython: (low-level function) 'set_numbered_type()' wouldn't work with the 'sclass_t' argument returned by 'get_numbered_type()'
  • BUGFIX: IDAPython: 695 compat's 'ida_kernwin.get_highlighted_identifier()' could cause IDA to crash
  • BUGFIX: IDAPython: IDP_Hooks::ev_get_bg_color() was not usable w/o resorting to using ctypes
  • BUGFIX: IDAPython: calc_thunk_func_target() would crash IDA if 'None' was passed to it as first argument
  • BUGFIX: IDAPython: exceptions happening in timer callbacks wouldn't be reported immediately (and could fail being reported altogether)
  • BUGFIX: IDAPython: get_member_by_id() & get_member_by_fullname() were returning garbage instead of a proper 'struc_t *' instance
  • BUGFIX: IDAPython: ida_hexrays.ccase_t.values was not usable
  • BUGFIX: IDAPython: ida_lines.get_extra_cmt() would return None for empty stings, even though more comments lines exist after it
  • BUGFIX: IDAPython: idaapi.py's 'set_func_start' and 'set_func_end' coming from 'ida_funcs' were overriden with constants coming from 'ida_idp'
  • BUGFIX: IDAPython: it was impossible to retrieve the selection from an embedded chooser after its parent form has been accepted
  • BUGFIX: IDAPython: load_plugin() could crash IDA with a segmentation violation
  • BUGFIX: IDAPython: op_t.addr couldn't be used as a value to 'get_stkvar' although the documentation mentions it
  • BUGFIX: IDAPython: setting members of the cinsn_t's union without first setting the 'op' type, would silently fail
  • BUGFIX: IDAPython: some PLFM_* constants were not exported
  • BUGFIX: IDAPython: unexpected (and improperly handled) "wait dialogs" could show while some other modal dialog was activated, in case a timer fired in the background
  • BUGFIX: In the "Structures" view, IDA could display multiple times the header text in case structures were corrupted/deleted
  • BUGFIX: KERNEL: qfindfirst/qfindnext did not work for non-ASCII paths on Windows
  • BUGFIX: MC68K: instuctions referring to addresses with high bit set could be printed incorrectly in IDA64
  • BUGFIX: MC68K: some valid instructions would not be decoded in "MC68xxx universal emulator" mode
  • BUGFIX: MIPS: in mips16 mode, instructions ADDIUPC and LWPC situated in a delay slot could be disassembled using wrong PC value
  • BUGFIX: MinGW/Cygwin-produced PE x64 files could show __fastcall's as __usercall, even though the code does respect Microsoft's x64 ABI convention
  • BUGFIX: NEC850: xrefs to high addresses would not be created for some instructions when using IDA64
  • BUGFIX: On Windows, with the "windows" style and on Hi-DPI monitors, the check marks in checkboxes would look tiny
  • BUGFIX: PC: IDA sometimes was too aggressive in creating functions after multiple nop instructions
  • BUGFIX: PPC: some paired single load/store instructions could not be decoded if they used odd displacement values
  • BUGFIX: Showing enum values of negated values, would show the list of matching enums for the original value
  • BUGFIX: The DWARF plugin could complain on some Rust types (i.e., '()')
  • BUGFIX: The DWARF would stop early if it failed loading some debug information when parsing functions data, while it could keep going and try parsing the following functions
  • BUGFIX: UI: IDA on Windows could not open filenames not representable in current ANSI character set
  • BUGFIX: UI: On Windows, IDA could print network-related error messages in wrong encoding, resulting in unreadable text
  • BUGFIX: When debugging a Linux/ELF application, symbols coming from "debuglink"-provided companion files wouldn't be available in IDA
  • BUGFIX: When requested, the segment name wouldn't appear in the line prefixes in graph mode
  • BUGFIX: Win32: during debugging, it was impossible to open the list of exports for an .exe
  • BUGFIX: Win32: when attaching to a process for debugging, IDA could fail loading PDB information associated with the executable file
  • BUGFIX: arm: ida64 would not truncate addresses to 32bit when decoding 32bit code
  • BUGFIX: debugger action objc:RunUntilMessageReceived could fail for multithreaded Objective-C apps
  • BUGFIX: debugger: calling get_event_module_name() in an IDC condition could crash if debug event was not of correct type (PROCESS_STARTED, PROCESS_ATTACHED or LIB_LOADED). now it's also supported for LIB_UNLOADED, and an IDC exception is thrown in other cases
  • BUGFIX: debugger: win32: "SEH list" functionality did not work for wow64 processes when using local debugging
  • BUGFIX: debugger: win32: IDA could hang when debugging a 32-bit (WOW64) process on Win10
  • BUGFIX: excessively big shift counts were handled incorrectly (e.g. "shl eax, 33" should not produce 0)
  • BUGFIX: file names coming from AR archives could be garbled due to an incorrect assumption about their encoding
  • BUGFIX: fixed a crash when loading corrupted LE files
  • BUGFIX: fixed interr 50863 that could occur in corrupted idbs
  • BUGFIX: gas for arm requires lowercase instruction conditions but ida was not always using lowercase for them
  • BUGFIX: get_strlit_contents() could overflow the range of bytes it was asked to retrieve
  • BUGFIX: get_strlit_contents() shouldn't stop at codepoint zero, but rather keep going until the 'len'gth is reached
  • BUGFIX: in some cases it was impossible to set the "bp-based frame" function attribute, ida would immediately reset it
  • BUGFIX: it was impossible to correctly specify prototype of a thiscall function that returns a big struct
  • BUGFIX: it was possible for the mac debugger to load debug names from a file that didn't match an image in memory
  • BUGFIX: kernel: IDA could hang on exit when using borrowed licenses and license server was not accessible anymore
  • BUGFIX: ldr/coff: don't use a DT_NON symbol to describe a section, if a procedure is planned there and a non-dummy name has been set
  • BUGFIX: m65816: abs,x/abs,y addressing could fail to create xrefs
  • BUGFIX: mac debugger could fail to load for databases that were created from scratch
  • BUGFIX: mac debugger could fail to single step when source-level debugging in multithreaded environments
  • BUGFIX: mac debugger could fail to update the thread list properly, which could then cause IDA to fail to add/delete a hardware breakpoint
  • BUGFIX: mac debugger could produce duplicate debug names in a module's name list
  • BUGFIX: mac debugger could trigger erroneous SIGBUS signals after setting a software breakpoint on OSX 10.14
  • BUGFIX: mac debugger would fail to set user-defined hardware breakpoints in newly-created threads
  • BUGFIX: mach-o loader could erroneously truncate segments in iOS 11 kernel caches
  • BUGFIX: mach-o loader would not properly load files with a __TEXT segment with a nonzero file offset
  • BUGFIX: mips: fixed analyzing of the mips16e 'addiu' insn
  • BUGFIX: no events were generated when the user toggled the operand sign or bitwise negated it
  • BUGFIX: objc plugin could ask to parse Objective-C info when in fact no such info was present in the database
  • BUGFIX: pc: ida could loop endlessly if a finally handler was belonging to 2 different functions
  • BUGFIX: pdp-11: offset expressions were not creating xrefs
  • BUGFIX: pdp-11: removed obsolete PDP_XLAT_ASCII parameter from ida.cfg
  • BUGFIX: range change was wrong for ANALYSIS, ANALYSIS2, and some other bitmask config parameters
  • BUGFIX: rtti comments would be duplicated upon reanalysis
  • BUGFIX: rtti type descriptor names starting with '*' were not recognized
  • BUGFIX: rtti type descriptor names starting with *Z were not recognized
  • BUGFIX: scripted loaders had to seek to the beginning of the file at the beginning of the load_file() function
  • BUGFIX: sdk: tinfo_visitor_t::apply_to() could spoil type modifiers (const/volatile) and attributes when editing the type
  • BUGFIX: segmentation info could be lost when opening very old databases (created before 2001)
  • BUGFIX: set_fixup() has 6 arguments but the docs were claiming there there are 5 arguments
  • BUGFIX: setting the struct member type as "int[]" (without specifying the array size) could lead to an array of arrays (int[][])
  • BUGFIX: simplecustviewer_t::OnPopup wouldn't allow receiving the 'widget' and 'popup_handle' as other widgets would
  • BUGFIX: some corrupted mach-o files could crash ida
  • BUGFIX: some flowchart edges could be missing (could occur in the presence of xrefs into the middle of an instruction)
  • BUGFIX: sometimes 'overflow' bit would be calculated incorrectly after cmp or sub instructions
  • BUGFIX: stack unwinding could break analysis for prefixed call instructions
  • BUGFIX: stopped to modify the function in the 'ev_is_jump_func' event
  • BUGFIX: the linux debugger could cause INTERR 20099 with corrupted ELF files
  • BUGFIX: the mac debugger could create an incorrect memory layout after attaching to a process with ASLR enabled
  • BUGFIX: the win32 debugger server would fail to retrieve pdb files from symbol servers
  • BUGFIX: ui/qt: IDA could easily deadlock if more than 1 thread was using logging.py, or simply attempting to print anything in the console while holding any other lock that both threads might require
  • BUGFIX: ui/qt: IDA could show the wrong bookmarks contents for the "Jump > Clear mark..." action
  • BUGFIX: ui/qt: added "Add watch" to the (old-style) watchlist context menu
  • BUGFIX: ui/qt: background color for lines could fail to be applied in some cases
  • BUGFIX: ui/qt: changing segment register values wouldn't cause the "Segment registers" chooser to refresh
  • BUGFIX: ui/qt: deleting (or modifying) segment register ranges could leave the disassembly view(s) outdated
  • BUGFIX: ui/qt: don't show "(null)" in the collapsed area footer, if the description is missing
  • BUGFIX: ui/qt: during debugging, the "flags" registers column could be made partly invisible (depending on the display DPI)
  • BUGFIX: ui/qt: given a sufficiently long list of functions in "Functions window", deleting ranges of functions could cause IDA to crash
  • BUGFIX: ui/qt: hex views would show bogus characters when bytes were decoded as UTF-8 and yielded surrogate codepoints
  • BUGFIX: ui/qt: moving IDA between monitors with different resolutions, could result in the graph view showing garbage
  • BUGFIX: ui/qt: on HiDPI displays (e.g., 4k), hints could end up being partly truncated
  • BUGFIX: ui/qt: the 'COLOR_DEFAULT' for prefixes of simpleline_t would result in portions of that line marked as COLOR_PREFIX, to be invisible
  • BUGFIX: ui/qt: when 2 widgets were placed next to one another within the same tab, closing the leftmost one, could cause the rightmost one to disappear as well (without being destroyed.)
  • BUGFIX: ui/qt: when jumping between nodes in graph view, the animation could end up in the wrong place
  • BUGFIX: ui/qt: when stopping a debugging session, it might happen that some line rendering options (number of opcode bytes, indent, ...) would not be properly restored to what it should be
  • BUGFIX: ui/qt: when using line top/bottom paddings, the graph view could show artifacts for e.g., highlighting
  • BUGFIX: ui: "Strict ASCII" option in the "Strings window" was not working
  • BUGFIX: ui: calling set_view_renderer_type() on the TWidget returned from open_disasm_window(), would crash IDA
  • BUGFIX: ui: in the "Structures" view, the "Shrink structure" action would be available on alignment bytes, yet incapable of actually removing those
  • BUGFIX: ui: some string literals part of structure instances in the address space, could fail to show in the "Strings window"
  • BUGFIX: ui: when attaching to a process, it could be impossible to load PDB or DWARF debug information right away (but would work after detaching & re-attaching)
  • BUGFIX: user info would be stored in the idb even when STORE_USER_INFO was turned off
  • BUGFIX: user-specified 'manual instruction' for data items was ignored
  • BUGFIX: using -DTRICORE_DEVICE in the command line would lead to warnings
  • BUGFIX: hexrays: "(x>>8)&1" would be represented as "x>>8" in some cases
  • BUGFIX: hexrays: 'jl (N-x), x' would be decompiled incorrectly
  • BUGFIX: hexrays: 1-byte functions could not be decompiled
  • BUGFIX: hexrays: 64bit multiplication was not correctly recognized in some cases
  • BUGFIX: hexrays: In some cases the decompiler could not represent zero constant as a enum member
  • BUGFIX: hexrays: an assignment to a global variable could be incorrectly optimized away in some cases
  • BUGFIX: hexrays: append_use_list() could give wrong result in case of Big Endian platform
  • BUGFIX: hexrays: arm: some multiple registers/memory transfer instructions were not marked in the microcode as multimove sequences
  • BUGFIX: hexrays: decompiler could generate wrong offset for accessing a part of variable having user-defined type
  • BUGFIX: hexrays: decompiler would consider .text segments as readonly even if their permissions would say otherwise
  • BUGFIX: hexrays: find_def/find_use were working correctly only for register operands; other operand types were handled poorly
  • BUGFIX: hexrays: fixed a bug in set_to_le_ge()
  • BUGFIX: hexrays: fixed an endless loop (fortunately, a rare thing)
  • BUGFIX: hexrays: fixed bug in combine_hinsn_mov()
  • BUGFIX: hexrays: fixed many interrs
  • BUGFIX: hexrays: in some cases "smod power2" rule could produce wrong operands in the generated microinstruction
  • BUGFIX: hexrays: in some cases the decompiler could lose 'default:' branch of a switch statement
  • BUGFIX: hexrays: in some rare cases some comparisons would be decompiled incorrectly
  • BUGFIX: hexrays: incorrect partial operand propagation in some rare cases on Big Endian platforms
  • BUGFIX: hexrays: offsetof(type,field) may have empty field name in some rare cases
  • BUGFIX: hexrays: pc: incorrect handling of loope/loopne instructions
  • BUGFIX: hexrays: signed modulo 2 was sometimes recognized with wrong size
  • BUGFIX: hexrays: some 64bit comparisons would be decompiled wrongly
  • BUGFIX: hexrays: stack pointer could be miscalculated when decompiling a mixed range that contained code both inside and outside functions
  • BUGFIX: hexrays: the "lxe_lvar_type_changed" could provide outdated lvar_t information
  • BUGFIX: hexrays: the BACKPROP_CC rule could invert an 'if' condition
  • BUGFIX: hexrays: the rule "~x > 0" => "x <= 0" was too aggressive
  • BUGFIX: hexrays: the type of guard_dispatch_icall() coud interfere when guessing the protype of the called function
  • BUGFIX: when calling 'set_member_tinfo()', the struc_member_changed event would be sent before the tinfo_t object is actually applied
  • BUGFIX: when parsing omf files ida was storing wrong extdef name length in the idb
  • BUGFIX: when using the "Suspend on debugging start" option with the mac debugger, /usr/lib/dyld would be missing from the module list
  • BUGFIX: win32: ida was mistakenly setting a borland debug hook in some cases; this would change the program execution
  • BUGFIX: win32: if the debugged application erased a software breakpoint, appcall would stop working
  • BUGFIX: windbg: IDA could crash with interr 1491 when loading a 32-bit minidump of a process with DLLs loaded above the 2GB mark (0x80000000)
  • BUGFIX: wrong function prototypes could cause an interr
  • BUGFIX: 68000: ida would not truncate function and instruction addresses to 24-bit
  • BUGFIX: IDA could crash for choosers with empty title
  • BUGFIX: IDAPython: GraphViewer.AddEdge() could crash IDA if the source or destination nodes were out-of-bounds
  • BUGFIX: hints could not show up for user graphs
  • BUGFIX: debugger: win32: IDA could crash on win10 preview with interr 1419 when debugging a 32-bit process
  • BUGFIX: fixed interr 40372 (ida would die if a conditional bpt was present in the idb and idapython was disabled or not present)
  • BUGFIX: hexrays: if multple windows with the same function were present, an inactive one could be used for jump targets
  • BUGFIX: mips: fixed delay slot processing
  • BUGFIX: print_operand() would print data operands incorrectly for big endian processors (this function is not used to generate the disassembly listing)
  • BUGFIX: IDA could crash when trying to open a registers view in the GDB debugger
  • BUGFIX: enumplace_t::adjust() was not working properly with bitfields + serials
  • BUGFIX: ios debugger was broken for old iOS versions (< 9.0)
  • BUGFIX: the "Currently:" button text in the String Literals dialog was difficult to read on OSX

Jasi2169 11-20-2018 01:55

changelog is amazing 7.2 worth trying ,but leak will take almost a year :D

Hypnz 11-21-2018 04:04

Next major leak: v7.5 :p

atom0s 11-22-2018 04:02

Quote:

Originally Posted by Jasi2169 (Post 115321)
changelog is amazing 7.2 worth trying ,but leak will take almost a year :D

The continued fixes and updates to HexRays is really nice. It's great to see them continue to develop it vs. just abandon it now that it is in a state that works pretty well already.

Some major bugs still in it that I have hopes will be fixed eventually someday such as some of the JUMPOUTs that get assumed and nuke the rest of a function making a giant function look like its just 1 line of pseudo code. Manually fixing things when that happens is annoying so would be nice to see that kind of stuff fixed eventually.

Apuromafo 06-24-2019 15:20

Quote:

Originally Posted by Jasi2169 (Post 115321)
changelog is amazing 7.2 worth trying ,but leak will take almost a year :D

;) ida 7.3 is new
https://www.hex-rays.com/products/ida/7.3/index.shtml


All times are GMT +8. The time now is 16:42.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX