new processor:
Mitsubishi M7700 family (Professional)
new processor: NEC
78K0 (Professional)
new processor: NEC
78K0S (Professional)
new processor: Fujitsu
FR family
new processor: STMicroelectronics
ST9+ (Professional)
IBM PC: borland
RTTI-templates with GUID are supported
IBM PC: rep prefix
is used when the Intel manual says it should be
IBM PC: the current
compiler is taken into account when using the __fastcall calling
convention (before only Borland was supported)
IBM PC: better handling
of indirect calls (mov offset func-add-call is detected)
ARM: call sequences
like "mov lr, pc; ldr pc, something" are recognized by
ida and don't interrupt the execution flow
ARM: SUB Rx, PC,
#imm is replaced by ADR Rx, label; ARM module is commented
ARM: stack variables
are supported
ARM: option to disable
pointer dereferencing is added
AVR: better configuration
file; config file management is improved
AVR: interrupt vectors
are supported
AVR: EEPROM file
extension by default is BIN
MIPS: memory mapping
is supported
PowerPC little-endian
mode can be specified by the user
MC68K: respect the
user-defined offsets for o_mem and o_near addressing modes
ST7:
new config file
File Formats
COFF loader sets
up the default data segment (better analysis)
better recognition
of VxD driver files
HEX: added support
of extended segment information record type
PE: better support
of invalid files
PE: FS and GS register
values are set to unknown at the loading time
PE: If the debug
information is corrupted (in packed files, for example), IDA
doesn't die but gracefully skips it
PE: section permissions
are loaded into the database
LX: IDA always uses "metapc" processor
and ignores the processor type specified in the file header
PSX object files:
additional fixup record types are supported (26 and 30)
PSX object files:
ida knows how to skip record type 60. We still don't know what
this record type means, but at least we can load files with this record
present.
Memory dump loader:
now it accepts dumps with one digit per byte
Mitsubishi HEX file
extended address records are supported
palmpilot loader:
better check of time stamp
New XBE file format
is supported
stricter check of
PalmPilot files
the pdb plugin has
been rewritten (requires VC++ to be compiled)
User Interface
flow chart: option
to print block labels
'jump in a new window'
command added in context and main menus
'jump to file offset'
command
new command: move
a segment which allows to move an existing segment to another address
it is possible to
hide/unhide arbitrary regions
command to toggle
leading zeroes on a number
value of an enum
member can now be changed
graphs: now supports
recursion depth
new dialog box to
easily assign structure offsets/union paths to a selection "en
masse"
previous & next
drop-down menus for navigation stack (as in the Internet Explorer)
options in 'Browser'
to set maximum lines & auto clean of upper items
cursor for search/auto-analysis
in the navigation toolbar + associated color option
customizable background
color for memo hints (Options -> Colors 1)
hexview: better
handling of highlight-background combinations
hide/unhide all
now works on functions, structs & enums for GUI & TXT
highlight the problematic
line in a 'problem hint' on the navigation toolbar
hints on "Address" & "Called
function" columns in callees
hints on hidden
functions, structures & enumerations
hints on navigation
toolbar (on stars, after a search)
hints on structures
in a struct window
hints on xrefs in
a struct window
hints on xrefs now
print preceding lines and highlight the destination name
input text fields
are in Courier font
jump commands (using
the lists in the search toolbar) now open a new disassembly window
if needed
xrefs in structure
and enumeration windows are not displayed because they confuse the
users
notepad now automatically
popups at start if it was saved as opened in the database
register hints now
print the associated comment
the function prototype
is linked to the function stack argument definitions
the input database
name is displayed in the title bar
the welcome dialog
box can be resized
ida displays the
welcome form is the input file is not specified in the command line
user defined graphs:
option to print function comments (use the same color as regular comments)
desktop/top commands
added to tabs popup menu
the 'show flags'
command displays all information about the structure members
faster arrows management
ida runs faster
Kernel Improvements
new switch -o to
specify the output database from the command line
WinCE: several IDS
files were updated/added
FLAIR: plb supports
wildcards in the file names
c parser: multiple
byte character constants are supported
c parser: better
handling of pointer modifiers; several bugs are fixed
ida looks for the
referenced DLLs in the input file directory
it is possible to
autoload a til file when a dll is referenced (see ids\idsnames)
vc6win.til is not
loaded for pe files with subsystem==native (usually they are system
drivers and they don't need vc6win.til)
the annoying "can't
add structure member cx" message removed
the default loading
address for all file types is 0 (this can be overridden by the file
format)
ids files with '-'
is idsnames do not prevent the kernel from using the corresponding
dll from the system directory
IDC and SDK
IDC: GetFloat(),
GetDouble() functions are added
IDC: GetOriginalByte()
function is added
IDC: GetStringType()
function
IDC: descriptions
of NextHead, PrevHead, AskFile IDC functions are updated+ IDA environment
variable is not required to build modules anymore
added comments about
filling the op_t structure; fixed some typos in netnode.hpp
COLOR_INV is added
hidden plugins are
supported: PLUGIN_HIDE flag is introduced
idaw choose() function
respects the batch mode
negative buffer
sizes are handled properly (str2user, user2str, pack_ds)
new function flag
FUNC_BOTTOMBP. It means that the frame pointer is equal to the stack
pointer in the function and it points to the bottom of the stack frame.
ph.flag PR_CHK_XREF:
don't allow near xrefs between segments with different bases. This
flag is used for IBM PC only.
read_ioport_device()
function reports about configuration files with no devices
the user-defined
data supplied to linearray_t is documented in kernwin.hpp
up to 16 source
files for plugins
setBreak() function
is added
the processor extension
callbacks are called for all instructions, not only when cmd.itype >=
CUSTOM_CMD_ITYPE
find_ioport_bit()
returns NULL is the bit name is NULL
rebase_program()
is added. This function allows to shift the whole program in the memory.
Since rebasing the program involves correcting the relocated bytes,
the file loader takes part of the job. File loaders may have "move_segm" callback
functions now.
now a good behaving
procesor module handles the ph.move_segm event
numop2str(): output
instruction operand with optional leading zeroes; is_lzero(),toggle_lzero()
to modify the display of leading zeroes; inf.s_genflags introduced;
atoa, b2a32, b2a64, b2_width function parameters has been changed
move_segm_start(),
set_segm_start(), set_segm_end() may destroy the adjacent segment if
necessary; ADDSEG_QUIET flas has been added
new type of segments:
SEGM_DEBUG. Used in the debugger.
get_sourcefile()
function prototype has been changed. Now it returns the range information.
hidden_area_t and
functions to work with it are introduced
byteValue() function
is renamed to _byteValue(); this function should not be used anymore
if possible. The reason is that it works only with 8-bit processors
and doesn't take into account possible debugger side-effects.
Bugfixes
BUGFIX: MIPS R5900
madd/msub instructions were not disassembled
BUGFIX: C166: ida
would create strange references if the first segment of the program
was not loaded at the address 0; .end start would display garbage if
there was no start address
BUGFIX: ARM switch
jumps were recognizied only for R0BUGFIX: Intel HEX files could be
loaded incorrectly
BUGFIX: MS DOS executables
with the entry point at FFF0:0100 are loaded correctly
BUGFIX: Amiga: zero
sized hunks caused problems
BUGFIX: COFF: skip
.stab* debug information sections
BUGFIX: IDA would
fail to load some invalid PE filesBUGFIX: "Create"/"Edit" (purged
bytes)/"End of" function actions are now updated properly
BUGFIX: can now
rename a register for one instruction
BUGFIX: can now
rename everywhere (externs, ...)
BUGFIX: copy to
clipboard from the list views could hang
BUGFIX: correct
work on multiple monitor desktops
BUGFIX: cursor disappearing
if using CTRL-TAB
BUGFIX: hints on
local labels weren't always highlighted
BUGFIX: ida could
crash if several standard enums were added without uncollapsing them
BUGFIX: ida would
go to the top of the screen during analysis even if it was put to the
bottom (z-order)
BUGFIX: if the messages
window was minimized to invisibility, then the next start of ida would
not display messages on the status bar.
BUGFIX: infinite
scrolling enum window
BUGFIX: it is impossible
to rename a register to another register name
BUGFIX: it is possible
to open xrefs window even the current item has no xrefs
BUGFIX: it was impossible
to use the function name at the function header to double click, jump
to xrefs, etc. if the name contained undisplayable characters (ibm
pc, mips, mc68k)
BUGFIX: navigation
toolbar not updated once displaying after undock+hide
BUGFIX: opening
a database without closing the current one could leave the names, functions,
or strings window unopened even if they should have been opened for
the new databases; this could also lead to a crash
BUGFIX: pressing
the down arrow of the scrollbar now stops once no more lines
BUGFIX: the collect
garbage flag would stay once set until ida exits
BUGFIX: the width
of the ordinals field in the "jump to entry point" was 3
positions which was not enough to display big ordinals. made it 8.
BUGFIX: window98
resources were depleted fast
BUGFIX: "jump
to the beginning" with home-home-home key was not working if used
twice with "jump to address" in between
BUGFIX: after repeatedly
closing/opening the structs/enums window the renaming of a struct/enum
member could lead to an access violation
BUGFIX: no more "list
index out of bounds" message if the number of columns in a chooser
changedBUGFIX: type specification was printed incorrectly: int (*fnc1(void))[5];
BUGFIX: some borland
thunk mangled names were not demangled
BUGFIX: truncated
names from gnu compiler would cause problems during demangling
BUGFIX: verification
of the new manual operand would fail for 32-bit operands if the old
operand didn't have a segment register and the new one has
BUGFIX: unions were
not displayed in the list of standard structures
BUGFIX: IDA was
marking the return instructions of some functions as "unknown_libname"
BUGFIX: it was not
possible to disable the plugin hotkey
BUGFIX: pcf was
not detecting coff files properly
BUGFIX: autoload
vc6win.til only for IBM PC PE filesBUGFIX: IDC function GetSegmentAttr()
was broken
BUGFIX: refresh
the screen after IDC scripts
BUGFIX: manual execution
of VXD.IDC could hang ida
BUGFIX: qmakepath()
could generate file names with several backslashes in them
New features in version 4.30 (05/08/2002)
User Interface
major improvements,
too many changes to list, MDI, context sensitive toolbars, more standard
looks.
Processors
ARM Architecture
Version 5E (Enhanced DSP) instructions are supported, FLIRT signatures
and type information files have been added.
Motorola 6812: many
new chip types are supported, memory configurations can be specified
File Formats
Improved support
of PSX object files.
Improved support
of EPOC files.
Borland extensions
for DMPI to PE executables are supported
ELF machine type
6 is supported
Kernel
The stack tracing
algorithm is improved
Type libraries are
regenerated: they are smaller
Improved FLAIR utilities
(added ELF support for IBM PC)
Bugfixes
Fixed a bug in PIT:
all stack parameters were shifted by 4 for indirect calls
IA64: brl.cond.dptk.few
instruction caused an internal error
the list of xrefs
to a stack variable could contain wrong data items (only instructions
can be in this list)
fixed bug in set_de
(some standard enumeration declarations were wrong)
TMS320C6: several
bugs are fixed (ACR/ADR, B reg src2)
Better handling
of stack references to the saved registers area: bp-based frames are
not modified because of this
PowerPC: wrteei
instruction was disassembled incorrectly
Some enumeration
constants in the type libraries could have incorrect values
IDA would lose
some variable names if more than 1000 very long variable names were
defined (1KB long names)
If the last symbolic
constant of the last enumeration was not the only symbolic constant
in the enumeration and its value was equal to -1, then it would not
be displayed in the enumeration definition
highlight current
addresses in graph (blue by default)
The Search
Toolbar now allows to search incrementally for text, names,
functions, addresses, etc.
Hovering the mouse
over a label displays a hint with
the instructions/data at that label
The Rename command
is available only if the cursor is either on a valid identifier or
address or at the beginning of the list (to the left of the instruction
mnemonics)
Direct conversion
to code/data without intermediate step of undefining the existing item.
Use the options dialog box if you want to customize this behaviour.
Improved highlighting
of identifiers. The highlight color can be changed
The listbox and
messages window contents can now be copied to the clipboard
Unhide all functions
Names: ask confirmation
to delete a name from the list
In the structures
window it is possible to jump to the desired structure using the "Jump
by name" command. The hotkey is Ctrl-L. The same command is available
in the enumerations window.
Welcome box:
delete removes
previous projects from the list
hovering over
the project now displays the full name of the file
It is possible to
specify the number of bytes purged for the imported functions (through
Edit->Function)
A command line
window can now be used to enter IDC commands: (IDAGUI.CFG, DISPLAY_COMMAND_LINE
should be YES to activate this).
Immediate help on
an IDC function
Text version: a
local clipboard is added to the dialog forms. (Ctrl-Ins - copy, Shift-Del
- cut, Shift-Ins - paste, Ctrl-Del - delete).
Kernel Improvements
Better demangling
of Borland C++ names, including the templates. Since there is no way
to distinguish the new and the old naming
schemes, now IDA tries both methods. This can sometimes lead to wrongly
demangled names.
Borland CBuilder
v6 FLIRT signatures are added
Bug Fixes
For some PE files,
the exported function names were missing.
Negative 16-bit
structure offsets with non-zero delta would be displayed wrongly.
Structures with
embedded unions aligned to 8 bytes could have wrong member offsets.
IBM PC: if "Allow
references with different segment bases" was set, then the complex
offset expressions would have wrong values.
OS/2 version was
broken.
OMF COMDEF far
records were processed incorrectly.
Negative 8/16-bit
values were badly represented as enumeration constants. The logic has
been changed to make it easier to handle
Binary files for
wide byte processors (line PIC16) were not loaded completely.
H8/500: 16-bit
jumps in the page different from page0 would still refer to the page0
H8/500: the values
segment registers BR and DP are used and stored
COFF 386: IMAGE_REL_I386_SECREL
relocation type is supported
It was possible
to scroll past the end of the disassembly listing using the mouse wheel
Some kinds of corrupted
PE files are loaded better than before
Some segment:offset
address expressions were parsed incorrectly
It was impossible
to create local labels with data references
get_screen_ea()
was broken.
IDA PIC Limited Edition
A reduced price version
that offers all the power of IDA for the PIC family of microcontrollers
only. (14/03/2002)
New features in version 4.20 (19/12/2001)
Processsors
TMS 320C54xx
The Motorola 8/16-bit
processor modules (except 6812) now support configuration files with
the memory, interrupt vector, and I/O port definitions.
See files named 68xx.cfg. Currently only 6805.cfg and 6811.cfg are available
and other files will be made available later.
The C166 module
displays an information box explaining about the memory mapping feature
present in the Options, General, Analysis,cessor specific options.
File Formats
Microsoft.Net Beta2
files are supported.
Stricter check
for RT-11 SAV file format. The file extension should be "SAV".
There were too many false recognitions.
PE files: IDA
now recognizes TLS callback entries and properly comments them.
ELF files with destroyed
SHT are supported.
Interface
Arrows:
The graphics version displays the execution flow in the form of small
arrows to the left of the disassembly text.
Highlight: IDA highlights
the current identifier on the screen : see here and here.
Alt-Up, Alt-Down arrows search for the highlighted identifier in the
text. The highlight can be turned off in the Options, General, Misc
dialog box.
IDA starts to scroll
the window without waiting the cursor to reach the window top/bottom.
Also it is possible to scroll the window by using Ctrl-Up, Ctrl-Down
arrows.
Shift-Enter or Shift-DoubleClick
selects the current identifier.
Edit, Function,
Rename register: Register renaming definitions start at the cursor
position and last up to the next definition. The address range of the
existing definition is automatically truncated at the cursor position.
Kernel Improvements
The function boundaries
are automatically changed if an item overlapping it is created.
the LoadSym.Idc
has been improved to work with dbg2map and mapsym
Bugfixes
ARM BX instruction
was not disassembled.
TXT version: Ctrl-Up,
Ctrl-Down and other keys were not recognized as valid keycodes.
PPC ELF R_PPC_EMB_SDA21
relocation type is handled differently. Since there is not enough documentation,
this could still be wrong.
Motorola movec
instruction wouldn't be disassembled if an unknown control register
is present in the instruction
delphi.sig doesn't
load bcb5win.til anymore
TXT version: Ctrl-N
was not working in the Enumerations window
H8 in the advanced
mode would use 32-bits for the @aa:8, @aa:16, @aa:24 addressing modes
IDA under Windows
could crash if "comment ascii references" was on
Motorola 6805 brclr/brset/bclr/bset
syntax now conforms regular conventions
IBM PC: redundant
rep/repne prefixes were in the wrong order
Enumerations window:
the text search could fail if there was only one defined enumeration
netnode::getblob
could return nonexistent blob
TMS320C6 module
could crash is a specific illegal opcode is encountered (ldb.d2 *+b14[35],
b1 with 'dst' field bit 0x10 set)
It was not possible
to expand a variable sized structure just before its last member
New features in version 4.18 (19/10/2001)
Processsors
Fujitsu F2MC-16L and
F2MC-16LX (Professional version).
PIC12xx ,
PIC14xx, PIC18xx processors in addition to the already supported 16xx
family. (Starter version)
Intel 960 module
enhanced: FLIRT and types are supported I/O port names are added to
i960.cfg
W65C02S support
has been added to the 6502 module.
File Formats
the PDB plugin recognizes
the Windows XP SymDia symbols. Thanks to Mark Russinovich for the contribution.
OpenBSD aout files
are supported
COFF files for Intel
960 are supported
ELF AR libraries
are supported
Interface
a new window listing
callers and callees is available.
Wingraph 32 can
now print.
Zooming in and
out on graphs can be controlled by the mouse.
a small notepad
has been added. The notes are saved and opened each time the database
is reloaded.
IDA is now able
to check for the availability of updates and warns when the free update
period is about to expire.
Patching has been
removed from the default installation but can be activated by the DISPLAY_PATCH_SUBMENU
option.
'Undefine' now warns
before proceeding. this option can be turned off by the CONFIRM_UNDEFINE_COMMAND
parameter in the IDAGUI.CFG or IDATUI.CFG files.
Kernel Improvements
Enhanced recognition
of the function calling conventions.
Floating point numbers
in the instruction operands are supported
Slightly improved
vc6.til file.
Automatically resize
the saved registers area in the function frame if there is a reference
into the area from the function body.
New linux system
calls are recognized by IDA
Bugfixes
ARM BX instruction
was not disassembled.
The last character
of unicode strings would be missing sometimes for the big endian processors.
MC6811 LDA instructions
would create 16-bit data item.
IDA would miscalculate
the program end after loading binary files
"rename stack
variable" at place would rename a wrong variable
Uninitialized array
elements with the specified width would not be displayed
A plugin that opened
a non-modal window would be unloaded at the exit before having chance
to clean up the window, which would lead to a crash
A bitfield with
one member equal to -1 mask -1 could not be converted into a normal
enumeration.
in some rare cirsumstances
the sizes of the standard structures would be calculated incorrectly.
This would render the structure definition useless and would make impossible
to import it into the database.
IDA wouldn't work
on very old Win95 boxes due to GetFreeDiskSpace problem.
Some processor-module
specific dialog boxes could crash IDA.
Java module was
badly broken.
An empty "if(1)
{}" statement would cause a stack overflow in IDC runtime.
An error message
in IDC parse is fixed. Before it would say: Compilation error: longname.idc,1:
Too long identifier '(null)' without displaying the variable name.
Java module wouldn't
show the instruction opcodes.
Hitachi H8S @aa:16
addressing mode was not sign extending the 16-bit address
It was not possible
to add a standard structure which consisted of one anonymous field
(an example: the Visual C++ VARIANT structure).
IDA would exit with
the "empty type name" message if a global variable with an anonymous
type is encountered in the program .
New features in version 4.16 (22/03/2001)
Intel Itanium IA64
support (Professional).
Microsoft.Net CLI (Common
Language Infrastructure) support (Starter).
Motorola 68HC12 support
(Starter).
Register argument type
propagation is implemented. It can be turned off in the kernel analysis
options 2.
Plugins can hook to
the processor and kernel events.
Plugins can be written
in either Visual C/C++ or Borland C/C++.
Processor extension
plugins can be used to add instructions to processor modules.
IDA's interfaces with
the external world have been redefined.
Unicode strings are
recognized even if the default string type is "zero-terminated C string".
This behaviour can be turned off using the analysis options. The terminating
zero is included in the unicode strings.
Enumerations can have
several symbolic constants with the same value.
128bit operands and
data items can be displayed (only binary and hexadecimal formats are supported
for the moment).
MFC IDS files are improved:
number of purged bytes are added into the function descriptions.
Linux system call numbers
(int 80h) are commented properly.
Backups of the databases
can be created.
User-defined line prefixes
can be defined. See a sample in the SDK to learn how to use it.
ELF Playstation 2 loader
is improved.
ELF H8 files are supported.
PE files: TLS directory
information is taken into account; new delayed import tables are supported
(Characteristics & 1)
PE files: it is possible
to load files to arbitrary addresses using the manual load feature.
IBM PC: Pentium 4 instructions
are supported.
IBM PC: redundant instruction
prefixes are supported.
IBM PC: AMD syscall/sysret
instructions are supported.
SPARC: the type system
is supported. The type propagation is not implemented yet.
SPARC: the SPARC assembler
is now supported. (special thanks to Ahmon Dancy)
SPARC: some minor bugs
are fixed, Sparc assembler is supported.
SPARC: architecture
V8 in addition to V9 is supported.
PowerPC module is improved:
jump tables are recognized, lis/addi pairs are more aggresively converted
to offsets
H8 module is improved:
jump tables are recognized
C166 module is improved
and several bugs are fixed. Thanks (again) to Ahmon Dancy for the information
UNC file names are
supported
Many small interface
enhancements
Instruction opcodes
are not displayed on xref/public lines.
GUI: a fully synchronized
scrollable hex viewer has been added.
GUI: column widths in
the list boxes are remembered
The "Mark variable" command
is removed.
BUGFIX: IBM PC: movhps/movlps
instructions were disassembled as movhlps/movlhps for opcodes 0F, 13 and
0F,17.
BUGFIX: IDC.IDC: some
macro definitions would cause syntax errors.
BUGFIX: Text version:
an attempt to exit with some "find all" windows open would crash
IDA.
BUGFIX: GUI version:
in some rare circumstances the first item of the sorted lists would refresh
incorrectly.
BUGFIX: some bugs in
the type system are fixed.
BUGFIX: It was not possible
to declare some standard structures.
BUGFIX: MAP files for
PE files sometimes had incorrect segmentation information.
BUGFIX: Intel 8051:
24-bit addressing was good only for ecall/ejmp instructions.
BUGFIX: The stack argument
type propagation could hang on functions which access their stack without
allocating it.
Update to 4.15 (10/01/2001)
We have added support
for the Pentium 4 new instructions.
New features in version 4.15 (02/12/2000)
Feature : CodeView
NB11 debug information support
Feature : Struct
offset deltas are supported. They allow to convert, for example,
mov ax, 3 to mov
ax, mystruct.field5-2
Feature :stack
argument information propagation. (Since this
feature is somewhat experimental,it can be turned
off in Analysis options, Kernel options 2).
Feature : MakeArray
command will now attempt to create an array even when some array elements
are already defined as data items.
Feature : some find
dialog boxes allow to find and display all occurences of the desired instructions.
Feature : MC86xx: enhanced
operand type support (offsets, enums, stack vars, struct offsets can be
applied to any complex operand)
New processor: Starter
: SGS-Thomson ST7, SGS-Thomson ST20
Improved processor :
MIPS : MIPS16 encoding is supported
Improved processor :
PIC : port mapping like STATUS as at addresses 3, 83, 103, 183 are supported,
PCLATH register is traced (see the segment registers), all modifications
of PCL register are taken into account.
Improved Processor :
AVR: MegaAVR new instructions are supported. Thanks to Chris Dalla for
information.
Improved Processor :
MIPS r5900: parallel shift and SA register instructions are added
FLIRT: ELF preprocessor
is added. Currently it supports only MIPS processor
GEOS loader takes into
account the uninitialized data segment, knows about
the process class and the structure of the exported entries
GEOS standard types
are supported
BUGFIX: Motorola 68K
module would crash in response to Alt-R, Ctrl-S, etc.
BUGFIX: The script
toolbar would contain references to bad IDC script names
BUGFIX: MIPS R5900
processor was not available from the load dialog box
BUGFIX: IDA would use
metapc as the default processor for all except the first file opened in
the gui environment regardless of the DEFAULT_PROCESSOR parameter in IDA.CFG
BUGFIX: some flavors
of PIC HEX files were incorrectly loaded
BUGFIX: it was not
possible to delete items from the problem list using the Del key.
BUGFIX: some MIPS R5900
instructions were not disassembled
TXT version: the search
direction indicator was not refreshed immediately
after a direction change.
TXT version: the text
version confused the "manual operand" and "text search" commands.
New features in version 4.14 (27/09/2000)
New Processor : Motorola
56K DSP
New Processor : Motorola
ColdFire
PowerPC Embedded
Controller Instructions have been added to the PPC module
New Processor : H8/500
New Processor : Z80
derived Gameboy Processor
Preliminary version
of R5900 processor support (Sony Playstation 2)
ARM architecture version
5 support
GEOS executables are
supported
PIC: now pic.cfg can
be modified for different devices
All list viewers have
been enhanced to support sorting.
Structs/enums can be
hidden/unhidden with +/- hotkeys
The state of the script
toolbar is saved between sessions.
New TIL files have been
added to the type system.
Zero constants with
one bit masks are allowed in the bitfields.
For example:
#define PARITY_EVEN 0x01
#define PARITY_ODD 0x00
defines 2 states of a one bit mask.
The user name is saved
in the database.
Parameters names derived
using the type information are automatically changed when the function
declaration is changed.
IDA can mark the boundaries
of the basic blocks by inserting an empty line after them. A basic block
is a sequence of instructions with no jumps to/from the middle of the block.
PE: Forwarder exports
are supported.
IDC: the recursion depth
can be changed using IDC_CALLDEPTH and IDC_STACKSIZE parameters in IDA.CFG
IDC: new function SetStatus().
This function allows the user to change the IDA status indicator (green,
yellow, red)
BUGFIX: COFF PC: 32bit
offsets to 16bit segments are handled properly
BUGFIX: disassembling
a WDM driver with unknown VxD/VMM calls could crash IDA
BUGFIX: it was not possible
to use predefined structures with anonymous fields, e.g. the SYSTEM_INFO
structure was not available in the disassembly
BUGFIX: movem instruction
with pc-relative addressing mode from memory to register would not disassemble
(Motorola 68k module)
BUGFIX: IDA would crash
trying to load some watcom executables.
BUGFIX: sometimes it
was not possible to create the .align directive at the very end of a segment.
BUGFIX: the return size
of the function stack frame was unchangeable even when the function return
type (far/near) was changed.
BUGFIX: In some special
circumstances local variables would get wrong names from the type libraries
(the first 2 characters would be missing).
BUGFIX: 6809 leax instruction
pc-relative mode used the wrong target address.
BUGFIX: the enumerated
dummy names count could be wrong is some curcumstances (for example, there
could be 2 labels "loc_55").
BUGFIX: some virus-tainted
PE files would not load.
BUGFIX: "produce diff
file" would hang IDA in some circumstances.
BUGFIX: GUI version
could crash trying to reload the same database.
Introduction of the Type
System : standard function types are recognized and the information
about their parameters is used in the disassembly. The type System is
initially available for Windows binaries.
USER added types :
the type system allows the user to define his own types and to load external
header files. This means that IDA now includes significant parts of
a compiler, namely: the C preprocessor, lexer, parser, and semantic analyser
of type declarations. We expect some problems in this new part of software.
Standard structures,
enumerations and union definitions can be applied to the disassembly directly
from the type database.
MS Windows WDM calls
are now supported and commented.
HP PA RISC Processor :
all v2 architecture instructions are supported, the HP SOM file format
is supported but relocations are not supported (Professional).
The free compiler BCC
5.5 can now be used to compiled processor modules and plugins.
All operands, including
registers, can now be modified through the manual operand command.
NB10 Plugin now integrated.
Borland RTTI plugins
80196 : support has
been added for the windows selection registers WSR and WSR1
IDC : the function GetIdbPath()
returns the full path name to the current IDB file.
TEXT_SEARCH_CASE_SENSITIVE
cfg parameter added.
BIN_SEARCH_CASE_SENSITIVE
cfg parameter added.
BUGFIX : some comments
in vxd.cmt were wrong.
BUGFIX : the external
help (CTRL-F1- would not work when the cursor was past the end of the line.
BUGFIX : it is now possible
to define the default value of the last segment register.
BUGFIX : the GNU H8
assembler now uses ';' as a comment symbol.
BUGFIX : MS COFF 16
bits segments are now loaded correctly.
New plugin (13/05/2000)
We have released a
plugin that helps you deal with Microsoft's NB10 debugging
information and its external PDB files.
New Features in version 4.04 (04/04/2000)
First release of the Alpha
Disassembler (ELF and COFF file formats are supported)
Sony Playstation 2 ELF
Disassembler
ARM
thumb mode
is now disassembled
Commenting of Windows
NT Int 2E calls
Variable bytes in search
strings
Local names are not
demangled anymore
The delayed import tables
of PE Files are supported.
the information found
in the AIX COFF optional header is now used to improve the disassembly.
BUGFIX : some Windows
CE IDS files should have been platform-specific.
BUGFIX : dummy names
in the tail bytes were not deleted.
BUGFIX: .align 2 was
inaccessible from the user interface in some cases.
BUGFIX: cvttps2pi, cvtps2pi
(IBMPC) instructions were incorrectly disassembled.
BUGFIX: sections with
wrong size in the file header (PE) were not loading at all.
BUGFIX: IDA could
crash apparently randomly.
BUGFIX: search was not
possible in the enumerations and structures window.
BUGFIX: the import section
of some PE files was loaded incorrectly.
BUGFIX: it was not possible
to stop analysis from the "load file" dialog box
New Features in version 4.03 (09/03/2000)
Register Variables (allows
you to rename processor registers - improves the usability of the RISC
disassembler) .
Local Labels in
functions.
GUI : String Manipulation
Toolbar.
GUI : toolbars can now
be hidden.
The ARM disassembler
module has been improved.
IDC : new function GetInputFilePath()
MISC : if the IDA_NOWIN
environment variable is defined, the console version of IDA will run under
WINE.
BUGFIX : arrays can
now be defined as element of structures.
BUGFIX : some XCOFF
files could not be loaded and disassembled, IDAW disk space routine could
crash.
New Features in version 4.02 (11/02/2000)
We now disassemble SPARC
V9 and UltraSparc II (Professional version).
We now disassemble
EPOC executable and EPOC
ROM image files.
Disassembler module
for the 80196NU & NP processor.
Improved PalmOS 3.0
support.
Improved the Atmel AVR
disassembler. Thanks to Chris Dalla.
Microsoft AR import
libraries are supported.
Amiga Hunk File Loader
(preliminary support).
IDC : SetManualInsn/GetManualInsn
IDC functions have been added.
IDC : OpNot() bitwise
NOT on the operand.
New ascii string types:
unicode-pascal (2 byte length) and wide-unicode-pascal (4 byte length).
IBMPC: the SFENCE instruction
is now disassembled, even with an illegal ModRM byte.
if the database is
closed while Shift is depressed, IDA will save it without any question.
Ctrl-Shift will close
the database without saving it into the disk.
GUI: the structure and
the enum windows now have a menubar and a popup menu.
GUI : IDC programs can
now be loaded, executed and edited from a toolbar.
GUI : double clicking
an address in the message area moves in the disassembly.
GUI: "secondary windows
always on top" feature is added.
GUI: "hide all functions" is
added.
GUI: lazy jumps and
autohide/unhide features(see options/navigation page).
GUI: file offsets are
now constantly displayed on the status bar.
GUI: the syntax highlighting
color setup dialog has been improved.
GUI : navigation between
open windows using Alt- hotkeys.
The number of lines
per item is now configurable. See MAX_ITEM_LINES parameter in IDA.CFG file.
The default is 5000.
Bugs were
fixed.
New Features in version 4.01 (05/11/99)
Disassembler module
for the Zilog Z180 and Z380 (Starter version)
Disassembler module
for Pic 16xxx (Starter version)
Disassembler module
for MC6303 ASxxxx: bitwise OR and NOT operators.
text search and other
potentially lengthy operations can now be aborted
several bugs have been
fixed.
New Features in version 4.0 (21/09/99)
Windows GUI Version
Disassembler module
for AMD Athlon (std)
MacOS A-TRAPS
PE Files : the imports
segment is created even if it was absent from the original file.
COFF debug information
in PE files is now loaded.
80x86 undocumented instructions
8085 undocumented instructions
PC_ANALYSE_DIFBASE :
new analysis configuration option.
