标签：

IDA: What‘s new in 6.8 Highlights

This is mainly a maintenance release, so our focus was on fixing bugs. However, there are some improvements too:

Complete changelist

Processor Modules

ARM: Better tracking of registers, improved analysis

ARM: added support for scattered arguments (that are partially passed on the stack and partially in registers)

PC: improved prolog analysis

PPC: added support for a switch variation produced by the Green Hills compiler

PPC: support for Power ISA 2.07

File Formats

COFF: added support for irix mips files (no support for relocations yet)

Dalvik: added support for OAT files

DWARF: basic support for clang-generated DWARF variable location

DWARF: very basic support for ‘rustc‘-produced DWARF information

Debugger

PIN: add support for reading of FPU/XMM registers from internal exception tracing: can display addresses as raw, instead of using seg/func/offset representation

Kernel/Misc

kernel: introduced the notion of ASM and C level types; IDA tries to preserve member offsets only for ASM types; C types may change their sizes because of the changes to other types they depend on

kernel: added support for long names: type, function, label, etc names can be up to 32767 bytes long

demangler: improved to recognize new mangled names

til: added type library for Windows 8.1 (user mode)

til: updated windows til files improved automatic recognition of ascii string by the autoanalyzer

User Interface

UI: idaq dock menu on mac now features a list of recent files

UI/qt: It is now possible to navigate back & forward in location history with the mouse side navigation buttons (for mice that feature those) in graph & proximity view as well (it was already possible in listing view)

UI: display a warning if the user rebases program around 0xFF000000 (it may cause problems because these addresses are used for internal housekeeping)

UI: graph: Ctrl-Keypad-+ and Ctrl-Keypad-- can now be used to quickly collapse/reveal a node‘s contents

UI: GraphOverview: can optionally use a blank background (just like before 6.7)

UI: Proximity: added ability to have multiple paths, set their color, turn them on/off and delete them

Scripts & SDK

IDC: added ExpandStruc()

IDC: improved SetLocalType: it accepts typeinfo object as the second argument in addition to declaration strings; added PT_REPLACE so that local types can be replaced

IDAPython: allow accessing a til_t‘s "base" til_t objects

IDAPython: in addition to AskUsingForm (that opens a dialog), it is now possible to call OpenForm (e.g., to open a form as a tab.)

IDAPython: added ExpandStruc()

IDAPython: USE_LOCAL_PYTHON config parameter is deprecated, IDA autodetects local Python installation now

SDK: added "segm_attrs_changed" event so that plugins can take appropriate actions if necessary

SDK: added print_decls(), allowing to print types from a type library (possibly including dependencies) in a format suitable for C(++) compilation

SDK: added support for default register bits of 64-bit debugger registers

SDK: added tinfo_t::clr_const,clr_volatile,clr_const_volatile functions

SDK: made the return codes of ph.notify() callbacks more plugin-friendly

SDK: netnode names can be of arbitrary length. for practical reason we limit them by 32KB

SDK: qstrncpy and similar functions will raise interr if the size argument is 0 or negative

SDK: replaced get_true_name() and similar functions by get_ea_name(), which accepts qstring as the output buffer; this allows for names of unlimited length, if necessary

SDK: segment names and classes use a separate namespace now and do not hinder functions or data labels with the same name

SDK: tinfo_t::get_unpadded_size() now works not only for c++ objects but for all structs

SDK: ui: forms: Added askqstr() - the kind of askstr() but with qstring argument

SDK: ui: new chooser_item_attrs_t::flags flag CHITEM_GRAY is added to show chooser item grayed out (like disabled). It is now used for the Local types choser to distinct guest types (syncronized from structure/enum views)

BUGFIXES

BUGFIX: ‘-‘ was forbidden in type names but it can be encountered in template arguments

BUGFIX: ARM: A reference to SP (R13) in the register list of the LDMDB instruction (and similar ones) was not allowed by IDA, while some ARM devices can apparently execute it

BUGFIX: COFF: specially crafted COFF files could trigger invalid memory writes on OS X

BUGFIX: Calling refresh_chooser() on a chooser that‘s embedded in an AskUsingForm might fail calling the possible form callback with a possibly-updated rows selection

BUGFIX: Cmd+C was broken on OSX, and copying was only possible through Ctrl+C

BUGFIX: Creating 2 GraphRenderer with the same title could crash IDA

BUGFIX: Deprecated function add_menu_item() would place the item at the end of the menu if the path was of the form "Edit/Other/" (i.e., ending with an empty string), while it used to place the action on top before

BUGFIX: Deprecated function add_menu_item() wouldn‘t accept ‘-‘ as a separator anymore; only expecting ‘‘ (i.e., empty string) was allowed for separators

BUGFIX: Double-clicking on a thread in the list would jump to the wrong thread, if the list was sorted by a column

BUGFIX: During debugging, clicking on some strings containing format specifiers could cause IDA to display the wrong data

BUGFIX: Exporting structures to IDC could lose type information for their members

BUGFIX: File save dialog could have an empty/undefined file name on OSX (Issue 1232)

BUGFIX: Force switching to graph view on functions with huge number of nodes, might cause IDA to crash

BUGFIX: Global variable database_idb was not reset to the empty string after a database was closed

BUGFIX: Hex-View widgets had lost the ability to allow direct editing of the text in their rightmost area (since IDA 6.4)

BUGFIX: IDA could hang after not adequately handling a segment register change

BUGFIX: IDA could hang trying to coagulate unknown bytes within a code segment

BUGFIX: IDA could sometimes print garbage after cross references between structs

BUGFIX: IDA had no way to reset the background color of proximity view nodes that were highlighted by the ‘Find path‘ action

BUGFIX: IDA was displaying split Unicode strings for big-endian processors incorrectly

BUGFIX: IDA would incorrectly report a circular dependency when trying to export a type containing a deleted type

BUGFIX: IDA would try to generate disassembly text for nodes that are unreasonably large