IDA: What’s new in 6.0

Highlights

IDA Qt based GUI The long awaited GUI interface for Linux and Mac OS X platforms is ready! We tried to make it as close as possible to the existing MS Windows GUI. Daniel Pistelli, who was responsible for the task, accomplished it brilliantly. The new interface turned out to be so faster and nicer that we plan to drop the old interface after a short transition period. The IDA v6.0 will ship with both old idag and new idaq. Some screenshots are a must, click on them to enlarge:
Linux Mac OS X
Also the decompiler runs natively on other platforms as well. Linux/Mac fans will certainly appreciate the new version 😉

As usual, the new version is free for all users with active support plans.

Changelist

Processor Modules
  • 6812: support an alternative memory layout for paged segments which allows to use short offsets inside the segment
  • ARM: added a switch pattern that uses BX to jump to case labels
  • ARM: display the optional operand of the MRC/MCR instructions, as preferred by the ARM documentation
  • ARM: support another variation of GCC Thumb-2 switches
  • PPC: added SPE (Signal Processing Engine) instructions, including floating-point and vector FP
  • PPC: trace stack pointer for 64-bit code
  • SuperH: added SH-4a instructions
  • SuperH: display immediates loaded from literal pool in the instruction itself
  • SuperH: trace stack pointer and create stack variables
  • TMS320C54x: added register definitions for TI Calypso chipset (thanks to Sylvain Munaut)
  • TMS320C54x: better handling of multi-section files (thanks to Sylvain Munaut)
  • TMS320C54x: better handling of multi-section files (thanks to Sylvain Munaut)
File Formats
  • Added loader for HP-UX core files (non-ELF), provided by Avi Cohen Stuart
  • ELF: added support for more IA64 relocations
  • LE: added support for bound DOS/4G executables
Kernel
  • kernel: improved database loading and saving times (new crc32 algorithm)
  • Configurable plugins can specify which platform they can operate on in plugins.cfg
  • demangler: demangle GCC local names (_ZLxxx)
  • FLIRT: added parser for Mach-O object files (pmacho)
  • ‘volatile’ keyword is automatically removed from function return types
Scripts & SDK
  • IDAPython: added auto completion support
  • IDC: added ItemHead()
  • IDC: added Exec() to execute IDC statement(s)
  • SDK: added idb events for segment name/class modifications
  • SDK: get_many_bytes_ex() to retrieve bytes and information about initialized and unitialized bytes from the database
User Interface
  • it is now possible to jump to a structure cross-reference (default hotkey: Ctrl-X in the structures window)
  • Added “Save to file” to save the trace window contents
  • added a checkbox for sparse segments to the ‘create segment’ dialog box
  • multiple segments can be selected and moved using the segments window
Debugger
  • debugger: added support for virtual modules (user-defined modules can be added from api)
  • debugger: non-integer register values can be displayed as hints
Bugfixes
  • BUGFIX: ‘analyze module’ was failing on modules with unknown size; now it tries to estimate it
  • BUGFIX: -B switch fails to generate ASM files if idb path contains the ‘.’ character
  • BUGFIX: a structure with pointers to functions with non-empty argument names was incorrectly converted to a local type
  • BUGFIX: adding a segment could erroneously delete a selector (if the start address of the new segment was equal to the start address of an existing segment and the selector was used only by that segment and the selector of the new segment was equal to the selector of the existing segment)
  • BUGFIX: after attaching to a linux process the names of the main process module were not available
  • BUGFIX: arm relative-mode elf files were loaded incorrectly (thumb was not used when required)
  • BUGFIX: ARM: LDMFD SP (no writeback) was incorrectly decoded as POP in Thumb-2 mode
  • BUGFIX: binary search could return a result outside of the search region
  • BUGFIX: Bochs could crash in some cases when setting a bp at data locations
  • BUGFIX: bochs direct commands were not working under linux
  • BUGFIX: calc_bare_name() could not handle gcc mangled names with ‘.’ prefix
  • BUGFIX: command line arguments with backslashes were parsed incorrectly under MS Windows: backslashes were escaped even without quotes
  • BUGFIX: dummy_name_ea() was failing for dword_xxx dummy names
  • BUGFIX: GDB debugger: resolved incompatibility with VMWare 7.x GDB stub
  • BUGFIX: global idc variables of object type would crash ida if they were present at the exit time; now we get rid of them when we close the database
  • BUGFIX: GUI: chooser window may be improperly resized if moved from a low resolution screen to a higher resolution screen
  • BUGFIX: IDA could crash if an unsuccessful search backwards was done while the debugger was active
  • BUGFIX: IDA could crash when trying to display custom data items bigger than 16 bytes in size on big-endian processors
  • BUGFIX: IDA could endlessly loop on some x86 files
  • BUGFIX: if a search was performed within a selected text, the screen was not redrawn correctly
  • BUGFIX: if full stack analysis was turned off and a pdb file was loaded at the idb creation time, the decompiler would interr
  • BUGFIX: it was not possible to create 64-bit segments from UI for PowerPC
  • BUGFIX: kernel: user-defined offsets with non-zero bases were not adjusted properly during rebasing
  • BUGFIX: linux debugger was processing ‘detach from process’ command not quite correctly
  • BUGFIX: MIPS: basic block boundaries were determined incorrectly for MIPS16 code (MIPS16 branches do not have a delay slot)
  • BUGFIX: modal recent script box would crash if no script was selected
  • BUGFIX: moving the vertical scrollbar thumb in the disassembly listing was not handled correctly for 64-bit programs
  • BUGFIX: MS DOS: rebasing EXE files was not properly adjusting relocations
  • BUGFIX: PE loader: a bad load config directory can cause an infinite loop
  • BUGFIX: qvector’s insert/erase methods were moving vector elements incorrectly
  • BUGFIX: replacing a type the comes from a til file might lead to a crash (if there were no defined local types yet)
  • BUGFIX: script processor module could crash if ‘codestart’ and ‘retcodes’ fields were used under Linux/MAC
  • BUGFIX: the ‘switch debugger’ command was available only when a disassembly window had focus
  • BUGFIX: the disassembly text that was copied to clipboard could contain odd characters at the begining in some cases
  • BUGFIX: the help subsystem of the text version was using memory allocation functions incorrectly
  • BUGFIX: UI: indexes printed for array of structures were incorrect
  • BUGFIX: UI: it was not possible to set the type of a structure member (‘Y’ key) if the cursor was on an undefined area in the disassembly view.
  • BUGFIX: Windbg plugin now forbids starting a process in non-invasive mode. Only non-invasive attach is supported.