IDA: What’s new in 7.0sp1

Welcome to IDA 7.0 SP1!

IDA 7.0 SP1 fixes numerous minor issues discovered since the release of IDA 7.0.

Complete changelist

  • Processor Modules
    • h8: added support for Renesas H8/3687 Group microcomputers
  • BUGFIXES
    • BUGFIX: ARM: ida could interr (code 230) while trying to decode malformed arm64 instructions
    • BUGFIX: ARM: some standard ARMv8 instructions were incorrectly decoded as ARMv8.1 atomic instructions
    • BUGFIX: BOCHS: x64 memory mapping for IDB debugging was wrong in some cases
    • BUGFIX: C166: fixed output of the offsets for operands with the indirect memory reference
    • BUGFIX: Debugger > Run could fail either starting the process, or loading the binary file for auto-analysis in case the target file didn’t exist on the remote computer and IDA was asked to push it there and it was requested to be pushed into a non-existing directory
    • BUGFIX: debugger: exceptions whose reporting was set to “Silent” or “Log”, could still cause a warning to be shown
    • BUGFIX: debugger: bochs: improved PE+ (Win64) emulation support
    • BUGFIX: debugger: debug names could disappear after analyzing a module
    • BUGFIX: debugger: IDA could try to load PDB info for unsupported file formats if source debugging was enabled, leading to confusing error messages
    • BUGFIX: debugger: ios: ‘ios_deploy proclist’ would not display an error message if the device returned an empty process list
    • BUGFIX: debugger: ios: Attaching to a process and ‘ios_deploy proclist’ could crash with iOS 11
    • BUGFIX: debugger: ios: stack traces on iOS could have an incorrect address in the 0th frame
    • BUGFIX: debugger: linux: the process may not have stopped at entry point in some cases with ASLR active
    • BUGFIX: debugger: MEMORY segment could be missing when attaching to a debuggung session a second time
    • BUGFIX: debugger: PIN: IDA could freeze on ‘reading trace…’ waitbox
    • BUGFIX: debugger: When performing instant remote debugging of ELF files, DWARF info would not be loaded
    • BUGFIX: debugger: win32: fixed a handle leak
    • BUGFIX: debugger: win32: IDA could fail to correctly detect a loaded DLL’s filename in case it had a bogus name in the Export Directory
    • BUGFIX: debugger: win32: if the exception table was lacking info about essential exception codes, the debugger would not recognize its own breakpoints
    • BUGFIX: debugger: win32: XMM register value was broken in WOW64 mode,
    • BUGFIX: decompiler: a recently renamed variable could show its old name in some cases
    • BUGFIX: decompiler: decompiler could mishandle a dereference of a pointer to an array
    • BUGFIX: decompiler: fixed many interrs
    • BUGFIX: decompiler: in rare cases the decompiler could lose essential instructions
    • BUGFIX: decompiler: in some cases 64bit comparison combining could produce wrong pseudocode
    • BUGFIX: decompiler: in some rare cases the decompiler produced incorrect function calls when recognized inlined ‘strlen’
    • BUGFIX: decompiler: lvar allocation would wrongly replace some source operands during chain allocation
    • BUGFIX: decompiler: optimizer could incorrectly misidentify 64bit multiplication by a power of 2
    • BUGFIX: decompiler: was not honoring ‘volatile’ modifier in variable types
    • BUGFIX: DWARF: could erroneously decide that two different types are the same
    • BUGFIX: DWARF: IDA could interr (30331) on some files
    • BUGFIX: DWARF: could fail telling two types apart, in case they were only differing by one of their function pointer member’s calling convention or prototype
    • BUGFIX: DWARF: could INTERR on anonymous types that are declared as part of a structure/class’s destructor
    • BUGFIX: DWARF: could stop early on bad DWARF information for a DW_AT_encoding-missing “void” DW_TAG_base_type
    • BUGFIX: DWARF: when we spot compressed DWARF data (unsupported at the moment), let the user know about it, and prevent loading of erroneous data
    • BUGFIX: ELF: IDA could fail to load symbols from ELF files with .tbss sections
    • BUGFIX: ELF: IDA would attempt to apply relocations while debugging elf files
    • BUGFIX: ELF: IDA would no longer detect .init/.fini sections as init_proc/fini_proc
    • BUGFIX: ELF: image base address of ELF files was not aligned down to the memory page size
    • BUGFIX: fixed definition of FF_VAR so old scripts at least do not die (this bit is not used anymore)
    • BUGFIX: fixed interr 1199 that would be triggered if the byte at 0xFFFFFFFD had a name, value 0xFF and belonged to a code segment and the final pass of analysis was requested
    • BUGFIX: fixed potential buffer overflows when reading config files
    • BUGFIX: functions could be incorrectly truncated when autoanalysis deleted instructions at the end
    • BUGFIX: GDB: IDA would not show any registers for GDB stubs reporting unavailable registers
    • BUGFIX: IDA could ask to accept the EULA at every launch if the user name included non-ASCII characters
    • BUGFIX: IDA could display a bogus error message about “missing processor module sn_0_XXXXXX” when launched from a shortcut on OSX
    • BUGFIX: IDA could INTERR(40498) if idaapi.read_selection() was called with no arguments on an empty database
    • BUGFIX: ida.cfg: fix documentation about cultures (we don’t consider Unicode blocks as cultures anymore; we use the ‘Block_’ prefix for those)
    • BUGFIX: IDAPythin: dbg_get_thread_sreg_base() could pretty much always fail
    • BUGFIX: IDAPython’s Appcall.Consts would return 0 if a constant doesn’t exist, which can cause hard-to-figure-out issues later
    • BUGFIX: IDAPython/bc695: get_name(from, ea) was not working anymore
    • BUGFIX: IDAPython/bc695: ida_kernwin.get_highlighted_identifier() was broken
    • BUGFIX: IDAPython/bc695: idc.ASCSTR_LEN2 & ASCSTR_LEN4 contained an incorrect value
    • BUGFIX: IDAPython/bc695: idc.DecodeInstruction was not working anymore
    • BUGFIX: IDAPython/bc695: idc.GetProcessorName() was broken
    • BUGFIX: IDAPython/bc695: idc.isEnabled was not working
    • BUGFIX: IDAPython/bc695: idc.MakeStr() was broken
    • BUGFIX: IDAPython/bc695: idc.SegStart, idc.SegEnd and idc.SetSegmType would raise AssertionError’s in case the EA was not mapped to a segment
    • BUGFIX: IDAPython/bc695: IDP_Hooks.auto_queue_empty() was not called anymore
    • BUGFIX: IDAPython/bc695: op_offset() was not capable of working with an ea_t as a first argument
    • BUGFIX: IDAPython: hex-rays ‘citem_t’ (and subclasses) equality was not properly implemented
    • BUGFIX: IDAPython: place_t::generate was not usable()
    • BUGFIX: IDAPython: source wouldn’t compile with Xcode >= 9, because comparisons between a pointer, and the value 0
    • BUGFIX: IDAPython: the low-level get_numbered_type() was unusable
    • BUGFIX: IDAPython: UI_Hooks.get_chooser_item_attrs() was not available
    • BUGFIX: idc snippets with if/for/while as the last statement but without {} for the body could not be executed
    • BUGFIX: IDC/IDAPython: AF2_DORTTI definition was missing
    • BUGFIX: idc: macro Batch() was unusable
    • BUGFIX: immediate search would fail to find a multi-byte value in an unexplored area for big-endian processors
    • BUGFIX: it was impossible to reopen an i64 file that was created from a crash dump
    • BUGFIX: objc plugin could cause IDA to INTERR(984) when loading iOS 11 dyldcaches with ASLR
    • BUGFIX: opening a binary file would automatically add its .idb file to the recent file list, even w/o the user ever saving it
    • BUGFIX: pc: frame pointer delta in x64 PE files could be wrong in some corner cases
    • BUGFIX: PE: .NET files with assembly references whose hash index was 0xFFFF, would cause IDA to show unexpected warnings
    • BUGFIX: PE: handle more correctly some peculiar PE files (e.g. section headers overlappping optional header)
    • BUGFIX: Renaming a register to the same name but different casing, wouldn’t work (but renaming it to something unrelated and then to the differently cased name mentioned before, would work)
    • BUGFIX: SDK: get_8bit() would fail returning all but the lowest octet for non-8-bit bytes at the end of segments
    • BUGFIX: starting IDA w/o any database, opening “File > Script command…” and selecting ‘Python’ could cause IDA to crash at exit-time
    • BUGFIX: SuperH: IDA could produce interr 544 when analyzing code with turned off “Convert immediate loads” option
    • BUGFIX: Suspending x64 ELF processes at process start (or entry point) could fail due to ASLR
    • BUGFIX: tricore: ignore bits of reserved field in in the instructions LOOP, LDMST, PACK, MOVH.A (some compilers put non-zero bits there)
    • BUGFIX: UI: “Jump to new window” could cause the navigation bar’s cursor to be off
    • BUGFIX: UI: “View > Toolbars” wouldn’t reflect the current (advanced VS basic) state of the toolbars display
    • BUGFIX: UI: custom shortcuts for “UnHideAll” action wouldn’t work anymore
    • BUGFIX: UI: disabling disassembly colors wasn’t working anymore
    • BUGFIX: UI: IDA could crash if quick search was used on the left-hand list of the dialog used to batch-apply structure offsets to a selection in disassembly
    • BUGFIX: UI: if the first enum in the “Enums” window is empty, IDA could keep replicating its 1st line when scrolling up
    • BUGFIX: UI: in user graphs, setting the font would fail recomputing the graph rectangles size, resulting in clipped text
    • BUGFIX: UI: on OSX, loading a desktop that was saved while in a maximized state, while already in a maximized state, would cause the window to become un-maximized
    • BUGFIX: UI: restarting IDA after its UI was set to “Advanced mode”, would show “Basic mode” selected in the menu
    • BUGFIX: UI: the listing views’s status bar entries font became proportional, making it harder to quickly scan for some addresses when navigating around
    • BUGFIX: UI: the result of ‘get_screen_ea()’ could be outdated when navigation was being performed in the graph view
    • BUGFIX: UI: upon moving the dock around, Register views’ foreground color could be lost
    • BUGFIX: UI: using “Function offsets” address representation, would cause the first instruction of each function to be offset by one space to the right
    • BUGFIX: UI: when editing bytes in the hex view, pressing “Escape” would leave the “Apply changes” action available
    • BUGFIX: UI: when setting the default encoding for string literals, if one had to add an encoding to the list of encodings known to IDA, that encoding wouldn’t be automatically selected right after being added
    • BUGFIX: UI: changing the font on a “Registers” view, would cause the background to turn grey
    • BUGFIX: UI: ctrl-o could cause a crash on OS X
    • BUGFIX: UI: during debugging, right-clicking on a “comment” in a registers view, would show a popup menu with a non-default background color
    • BUGFIX: UI: fixed a bug that allowed to set the number of columns in a hexview to zero (such a value caused a very long loop in IDA, seemingly freezing it)
    • BUGFIX: UI: hexview: on non-8-bit bytes architectures, moving on unmapped addresses on a line (e.g., because the segment ends before the end of the line), could cause the line to be shifted
    • BUGFIX: UI: hexview: with exotic architectures (e.g., PIC with 14-bit bytes), IDA could show only partial text contents in the right-hand-side of the view
    • BUGFIX: UI: hexview: with non-8-bit bytes, navigating in the right-hand-side text part of the hexview would yield erroneous addresses
    • BUGFIX: UI: IDA could crash if invalid regular expression patterns were input in filters
    • BUGFIX: UI: IDA could fail to restore attributes of window “Enum” saved by version 6.95
    • BUGFIX: UI: in configuration files, invalid directives (i.e., bad keyword) could be reported with an erroneous line number & text
    • BUGFIX: UI: In the “Binary search” dialog, searching for ‘Unicode strings’ (i.e., data that’s laid out as UTF-16) could fail if the input string contained non-ASCII characters
    • BUGFIX: UI: Launching a process through “Debugger > Run” with the “Stop at entry point” option checked more than once, could cause the process to not stop the 2nd (and subsequent) times
    • BUGFIX: UI: On Linux & OSX, opening the “Xrefs” window (i.e., “x”) shortcut on a function whose name is > 255 characters, could cause the pseudo-registry file to be reported as being corrupted (although it was not)
    • BUGFIX: UI: On Windows & OSX, unfocused tabular views with a search filter & a selected entry, could show that selected entry with a white-ish text, on a white-ish background, making it rather difficult to read
    • BUGFIX: UI: OSX: in the “ARM specific options” window, the “Current architecture” description was only partially visible
    • BUGFIX: UI: pressing Ctrl-Down in the graph view would crash ida if there was no selected node
    • BUGFIX: UI: selecting text via double-click in the Output Window was broken with empty databases
    • BUGFIX: UI: some enum members could be missing in the Enums window output
    • BUGFIX: UI: some numeric input fields in dialogs were too narrow
    • BUGFIX: UI: text version would die with internal error 40172 when clickng on “File” and “Folder” buttons in dialogs
    • BUGFIX: UI: the current snippet was not selected when opening a code snippet window;
    • BUGFIX: UI: the default 1 byte-per-unit encoding wasn’t used when printing characters resulting from evaluation of expressions (i.e., shortcut ‘?’))
    • BUGFIX: UI: the selection was not cleared after deleting several selected segments in “Program segmentation”
    • BUGFIX: UI: When in the “Structures” window, pressing <Enter> on a structure member, wouldn’t add an entry into the location history (and thus ‘Escape’ wouldn’t return no the previous location)
    • BUGFIX: UI: When printing terse structure literals, IDA could duplicate display of some of the first bytes
    • BUGFIX: UI: When starting IDA without an IDB, and running the debugger using “Debugger > Run”, possibly-set debugging options would be lost (e.g., debuggee would be stopped at entry-point, instead of the requested process start)
    • BUGFIX: UI: With exotic architectures (e.g., PIC with 14-bits bytes), IDA could slow down a lot when generating disassembly
    • BUGFIX: UI: XMM registers tooltips during debugging were broken
    • BUGFIX: UI: hexview: all but the last octet of a non-8-bit byte sitting at the end of a segment, wouldn’t show in the text contents in the right-hand-side of the view
    • BUGFIX: UI: when autoanalysis was disabled, the indicator could display wrong info
    • BUGFIX: windbg: ida would die with interr 1491 when debugging 32-bit windows kernel
    • BUGFIX: windbg: recent versions of WinDbg couldn’t be loaded by IDA because some dependencies couldn’t be resolved