IDA: What’s new in 4.x

New Features in version 4.50 (12/02/2003)

  • Windows PE Integrated debugger
  • Processors
    • new processor: Intel xScale
    • new processor: Mitsubishi M32R (Professional)
    • new processor: Mitsubishi MELPS740
    • new processor: Mitsubishi M7700 family (Professional)
    • new processor: NEC 78K0 (Professional)
    • new processor: NEC 78K0S (Professional)
    • new processor: Fujitsu FR family
    • new processor: STMicroelectronics ST9+ (Professional)
    • IBM PC: borland RTTI-templates with GUID are supported
    • IBM PC: rep prefix is used when the Intel manual says it should be
    • IBM PC: the current compiler is taken into account when using the __fastcall calling convention (before only Borland was supported)
    • IBM PC: better handling of indirect calls (mov offset func-add-call is detected)
    • ARM: call sequences like “mov lr, pc; ldr pc, something” are recognized by ida and don’t interrupt the execution flow
    • ARM: SUB Rx, PC, #imm is replaced by ADR Rx, label; ARM module is commented
    • ARM: stack variables are supported
    • ARM: option to disable pointer dereferencing is added
    • AVR: better configuration file; config file management is improved
    • AVR: interrupt vectors are supported
    • AVR: EEPROM file extension by default is BIN
    • MIPS: memory mapping is supported
    • PowerPC little-endian mode can be specified by the user
    • MC68K: respect the user-defined offsets for o_mem and o_near addressing modes
    • ST7: new config file
  • File Formats
    • COFF loader sets up the default data segment (better analysis)
    • better recognition of VxD driver files
    • HEX: added support of extended segment information record type
    • PE: better support of invalid files
    • PE: FS and GS register values are set to unknown at the loading time
    • PE: If the debug information is corrupted (in packed files, for example), IDA doesn’t die but gracefully skips it
    • PE: section permissions are loaded into the database
    • LX: IDA always uses “metapc” processor and ignores the processor type specified in the file header
    • PSX object files: additional fixup record types are supported (26 and 30)
    • PSX object files: ida knows how to skip record type 60. We still don’t know what this record type means, but at least we can load files with this record present.
    • Memory dump loader: now it accepts dumps with one digit per byte
    • Mitsubishi HEX file extended address records are supported
    • palmpilot loader: better check of time stamp
    • New XBE file format is supported
    • stricter check of PalmPilot files
    • the pdb plugin has been rewritten (requires VC++ to be compiled)
  • User Interface
    • flow chart: option to print block labels
    • ‘jump in a new window’ command added in context and main menus
    • ‘jump to file offset’ command
    • new command: move a segment which allows to move an existing segment to another address
    • it is possible to hide/unhide arbitrary regions
    • command to toggle leading zeroes on a number
    • value of an enum member can now be changed
    • graphs: now supports recursion depth
    • new dialog box to easily assign structure offsets/union paths to a selection “en masse”
    • previous & next drop-down menus for navigation stack (as in the Internet Explorer)
    • options in ‘Browser’ to set maximum lines & auto clean of upper items
    • cursor for search/auto-analysis in the navigation toolbar + associated color option
    • customizable background color for memo hints (Options -> Colors 1)
    • hexview: better handling of highlight-background combinations
    • hide/unhide all now works on functions, structs & enums for GUI & TXT
    • highlight the problematic line in a ‘problem hint’ on the navigation toolbar
    • hints on “Address” & “Called function” columns in callees
    • hints on hidden functions, structures & enumerations
    • hints on navigation toolbar (on stars, after a search)
    • hints on structures in a struct window
    • hints on xrefs in a struct window
    • hints on xrefs now print preceding lines and highlight the destination name
    • input text fields are in Courier font
    • jump commands (using the lists in the search toolbar) now open a new disassembly window if needed
    • xrefs in structure and enumeration windows are not displayed because they confuse the users
    • notepad now automatically popups at start if it was saved as opened in the database
    • register hints now print the associated comment
    • the function prototype is linked to the function stack argument definitions
    • the input database name is displayed in the title bar
    • the welcome dialog box can be resized
    • ida displays the welcome form is the input file is not specified in the command line
    • user defined graphs: option to print function comments (use the same color as regular comments)
    • desktop/top commands added to tabs popup menu
    • the ‘show flags’ command displays all information about the structure members
    • faster arrows management
    • ida runs faster
  • Kernel Improvements
    • new switch -o to specify the output database from the command line
    • WinCE: several IDS files were updated/added
    • FLAIR: plb supports wildcards in the file names
    • c parser: multiple byte character constants are supported
    • c parser: better handling of pointer modifiers; several bugs are fixed
    • ida looks for the referenced DLLs in the input file directory
    • it is possible to autoload a til file when a dll is referenced (see ids\idsnames)
    • vc6win.til is not loaded for pe files with subsystem==native (usually they are system drivers and they don’t need vc6win.til)
    • the annoying “can’t add structure member cx” message removed
    • the default loading address for all file types is 0 (this can be overridden by the file format)
    • ids files with ‘-‘ is idsnames do not prevent the kernel from using the corresponding dll from the system directory
  • IDC and SDK
    • IDC: GetFloat(), GetDouble() functions are added
    • IDC: GetOriginalByte() function is added
    • IDC: GetStringType() function
    • IDC: descriptions of NextHead, PrevHead, AskFile IDC functions are updated+ IDA environment variable is not required to build modules anymore
    • added comments about filling the op_t structure; fixed some typos in netnode.hpp
    • COLOR_INV is added
    • hidden plugins are supported: PLUGIN_HIDE flag is introduced
    • idaw choose() function respects the batch mode
    • negative buffer sizes are handled properly (str2user, user2str, pack_ds)
    • new function flag FUNC_BOTTOMBP. It means that the frame pointer is equal to the stack pointer in the function and it points to the bottom of the stack frame.
    • ph.flag PR_CHK_XREF: don’t allow near xrefs between segments with different bases. This flag is used for IBM PC only.
    • read_ioport_device() function reports about configuration files with no devices
    • renamed FIXUP_PTR32->FIXUP_PTR16, FIXUP_PTR48->FIXUP_PTR32
    • the user-defined data supplied to linearray_t is documented in kernwin.hpp
    • up to 16 source files for plugins
    • setBreak() function is added
    • the processor extension callbacks are called for all instructions, not only when cmd.itype >= CUSTOM_CMD_ITYPE
    • find_ioport_bit() returns NULL is the bit name is NULL
    • rebase_program() is added. This function allows to shift the whole program in the memory. Since rebasing the program involves correcting the relocated bytes, the file loader takes part of the job. File loaders may have “move_segm” callback functions now.
    • now a good behaving procesor module handles the ph.move_segm event
    • numop2str(): output instruction operand with optional leading zeroes; is_lzero(),toggle_lzero() to modify the display of leading zeroes; inf.s_genflags introduced; atoa, b2a32, b2a64, b2_width function parameters has been changed
    • move_segm_start(), set_segm_start(), set_segm_end() may destroy the adjacent segment if necessary; ADDSEG_QUIET flas has been added
    • new type of segments: SEGM_DEBUG. Used in the debugger.
    • get_sourcefile() function prototype has been changed. Now it returns the range information.
    • hidden_area_t and functions to work with it are introduced
    • byteValue() function is renamed to _byteValue(); this function should not be used anymore if possible. The reason is that it works only with 8-bit processors and doesn’t take into account possible debugger side-effects.
  • Bugfixes
    • BUGFIX: MIPS R5900 madd/msub instructions were not disassembled
    • BUGFIX: C166: ida would create strange references if the first segment of the program was not loaded at the address 0; .end start would display garbage if there was no start address
    • BUGFIX: ARM switch jumps were recognizied only for R0BUGFIX: Intel HEX files could be loaded incorrectly
    • BUGFIX: MS DOS executables with the entry point at FFF0:0100 are loaded correctly
    • BUGFIX: Amiga: zero sized hunks caused problems
    • BUGFIX: COFF: skip .stab* debug information sections
    • BUGFIX: IDA would fail to load some invalid PE filesBUGFIX: “Create”/”Edit” (purged bytes)/”End of” function actions are now updated properly
    • BUGFIX: can now rename a register for one instruction
    • BUGFIX: can now rename everywhere (externs, …)
    • BUGFIX: copy to clipboard from the list views could hang
    • BUGFIX: correct work on multiple monitor desktops
    • BUGFIX: cursor disappearing if using CTRL-TAB
    • BUGFIX: hints on local labels weren’t always highlighted
    • BUGFIX: ida could crash if several standard enums were added without uncollapsing them
    • BUGFIX: ida would go to the top of the screen during analysis even if it was put to the bottom (z-order)
    • BUGFIX: if the messages window was minimized to invisibility, then the next start of ida would not display messages on the status bar.
    • BUGFIX: infinite scrolling enum window
    • BUGFIX: it is impossible to rename a register to another register name
    • BUGFIX: it is possible to open xrefs window even the current item has no xrefs
    • BUGFIX: it was impossible to use the function name at the function header to double click, jump to xrefs, etc. if the name contained undisplayable characters (ibm pc, mips, mc68k)
    • BUGFIX: navigation toolbar not updated once displaying after undock+hide
    • BUGFIX: opening a database without closing the current one could leave the names, functions, or strings window unopened even if they should have been opened for the new databases; this could also lead to a crash
    • BUGFIX: pressing the down arrow of the scrollbar now stops once no more lines
    • BUGFIX: the collect garbage flag would stay once set until ida exits
    • BUGFIX: the width of the ordinals field in the “jump to entry point” was 3 positions which was not enough to display big ordinals. made it 8.
    • BUGFIX: window98 resources were depleted fast
    • BUGFIX: “jump to the beginning” with home-home-home key was not working if used twice with “jump to address” in between
    • BUGFIX: after repeatedly closing/opening the structs/enums window the renaming of a struct/enum member could lead to an access violation
    • BUGFIX: no more “list index out of bounds” message if the number of columns in a chooser changedBUGFIX: type specification was printed incorrectly: int (*fnc1(void))[5];
    • BUGFIX: some borland thunk mangled names were not demangled
    • BUGFIX: truncated names from gnu compiler would cause problems during demangling
    • BUGFIX: verification of the new manual operand would fail for 32-bit operands if the old operand didn’t have a segment register and the new one has
    • BUGFIX: unions were not displayed in the list of standard structures
    • BUGFIX: IDA was marking the return instructions of some functions as “unknown_libname”
    • BUGFIX: it was not possible to disable the plugin hotkey
    • BUGFIX: pcf was not detecting coff files properly
    • BUGFIX: autoload vc6win.til only for IBM PC PE filesBUGFIX: IDC function GetSegmentAttr() was broken
    • BUGFIX: refresh the screen after IDC scripts
    • BUGFIX: manual execution of VXD.IDC could hang ida
    • BUGFIX: qmakepath() could generate file names with several backslashes in them

New features in version 4.30 (05/08/2002)

  • User Interface
    • major improvements, too many changes to list, MDI, context sensitive toolbars, more standard looks.
  • Processors
    • ARM Architecture Version 5E (Enhanced DSP) instructions are supported, FLIRT signatures and type information files have been added.
    • Motorola 6812: many new chip types are supported, memory configurations can be specified
  • File Formats
    • Improved support of PSX object files.
    • Improved support of EPOC files.
    • Borland extensions for DMPI to PE executables are supported
    • ELF machine type 6 is supported
  • Kernel
    • The stack tracing algorithm is improved
    • Type libraries are regenerated: they are smaller
    • Improved FLAIR utilities (added ELF support for IBM PC)
  • Bugfixes
    • Fixed a bug in PIT: all stack parameters were shifted by 4 for indirect calls
    • IA64: brl.cond.dptk.few instruction caused an internal error
    • the list of xrefs to a stack variable could contain wrong data items (only instructions can be in this list)
    • fixed bug in set_de (some standard enumeration declarations were wrong)
    • TMS320C6: several bugs are fixed (ACR/ADR, B reg src2)
    • Better handling of stack references to the saved registers area: bp-based frames are not modified because of this
    • PowerPC: wrteei instruction was disassembled incorrectly
    • Some enumeration constants in the type libraries could have incorrect values
    • IDA would lose some variable names if more than 1000 very long variable names were defined (1KB long names)
    • If the last symbolic constant of the last enumeration was not the only symbolic constant in the enumeration and its value was equal to -1, then it would not be displayed in the enumeration definition

New features in version 4.21 (19/04/2002)

  • Processors
    • Trimedia (upon special request only)
    • TMS320C55 (Professional). All documented instructions are supported
    • the PIC processor module offers better analysis of bank switches
    • 8-bit Motorola : many new chip types are supported, memory configurations can be specified
    • C166 (Professional): many more chip types are supported, memory configurations can be specified
    • F2MC : many more chip variants are supported, memory configurations can be specified
    • Z180 configuration files have been added
    • IBM PC: memory references with the sib byte can be converted to offsets.
    • ARM: pseudo-instructions can be turned off (ret)
  • File Formats
    • Intel OMF386 is added
    • EPOC6 import ordinals are supported
  • User Interface
    • New graphing commands :
      • xrefs from/to code,data,externals
      • user-defined graph (various options)
      • highlight current addresses in graph (blue by default)
    • The Search Toolbar now allows to search incrementally for text, names, functions, addresses, etc.
    • Hovering the mouse over a label displays a hint with the instructions/data at that label
    • The Rename command is available only if the cursor is either on a valid identifier or address or at the beginning of the list (to the left of the instruction mnemonics)
    • Direct conversion to code/data without intermediate step of undefining the existing item. Use the options dialog box if you want to customize this behaviour.
    • Improved highlighting of identifiers. The highlight color can be changed
    • The listbox and messages window contents can now be copied to the clipboard
    • Unhide all functions
    • Names: ask confirmation to delete a name from the list
    • In the structures window it is possible to jump to the desired structure using the “Jump by name” command. The hotkey is Ctrl-L. The same command is available in the enumerations window.
    • Welcome box:
      • delete removes previous projects from the list
      • hovering over the project now displays the full name of the file
    • It is possible to specify the number of bytes purged for the imported functions (through Edit->Function)
    • A command line window can now be used to enter IDC commands: (IDAGUI.CFG, DISPLAY_COMMAND_LINE should be YES to activate this).
    • Immediate help on an IDC function
    • Text version: a local clipboard is added to the dialog forms. (Ctrl-Ins – copy, Shift-Del – cut, Shift-Ins – paste, Ctrl-Del – delete).
  • Kernel Improvements
    • Better demangling of Borland C++ names, including the templates. Since there is no way to distinguish the new and the old naming schemes, now IDA tries both methods. This can sometimes lead to wrongly demangled names.
    • Borland CBuilder v6 FLIRT signatures are added
  • Bug Fixes
    • For some PE files, the exported function names were missing.
    • Negative 16-bit structure offsets with non-zero delta would be displayed wrongly.
    • Structures with embedded unions aligned to 8 bytes could have wrong member offsets.
    • IBM PC: if “Allow references with different segment bases” was set, then the complex offset expressions would have wrong values.
    • OS/2 version was broken.
    • OMF COMDEF far records were processed incorrectly.
    • Negative 8/16-bit values were badly represented as enumeration constants. The logic has been changed to make it easier to handle
    • Binary files for wide byte processors (line PIC16) were not loaded completely.
    • H8/500: 16-bit jumps in the page different from page0 would still refer to the page0
    • H8/500: the values segment registers BR and DP are used and stored
    • COFF 386: IMAGE_REL_I386_SECREL relocation type is supported
    • It was possible to scroll past the end of the disassembly listing using the mouse wheel
    • Some kinds of corrupted PE files are loaded better than before
    • Some segment:offset address expressions were parsed incorrectly
    • It was impossible to create local labels with data references
    • get_screen_ea() was broken.

IDA PIC Limited Edition

  • A reduced price version that offers all the power of IDA for the PIC family of microcontrollers only. (14/03/2002)

New features in version 4.20 (19/12/2001)

  • Processsors
    • TMS 320C54xx
    • The Motorola 8/16-bit processor modules (except 6812) now support configuration files with the memory, interrupt vector, and I/O port definitions. See files named 68xx.cfg. Currently only 6805.cfg and 6811.cfg are available and other files will be made available later.
    • The C166 module displays an information box explaining about the memory mapping feature present in the Options, General, Analysis,cessor specific options.
  • File Formats
    • Microsoft.Net Beta2 files are supported.
    • Stricter check for RT-11 SAV file format. The file extension should be “SAV”. There were too many false recognitions.
    • PE files: IDA now recognizes TLS callback entries and properly comments them.
    • ELF files with destroyed SHT are supported.
  • Interface
    • Arrows: The graphics version displays the execution flow in the form of small arrows to the left of the disassembly text.
    • Highlight: IDA highlights the current identifier on the screen : see here and here. Alt-Up, Alt-Down arrows search for the highlighted identifier in the text. The highlight can be turned off in the Options, General, Misc dialog box.
    • IDA starts to scroll the window without waiting the cursor to reach the window top/bottom. Also it is possible to scroll the window by using Ctrl-Up, Ctrl-Down arrows.
    • Shift-Enter or Shift-DoubleClick selects the current identifier.
    • Edit, Function, Rename register: Register renaming definitions start at the cursor position and last up to the next definition. The address range of the existing definition is automatically truncated at the cursor position.
  • Kernel Improvements
    • The function boundaries are automatically changed if an item overlapping it is created.
    • the LoadSym.Idc has been improved to work with dbg2map and mapsym
  • Bugfixes
    • ARM BX instruction was not disassembled.
    • TXT version: Ctrl-Up, Ctrl-Down and other keys were not recognized as valid keycodes.
    • PPC ELF R_PPC_EMB_SDA21 relocation type is handled differently. Since there is not enough documentation, this could still be wrong.
    • Motorola movec instruction wouldn’t be disassembled if an unknown control register is present in the instruction
    • delphi.sig doesn’t load bcb5win.til anymore
    • TXT version: Ctrl-N was not working in the Enumerations window
    • H8 in the advanced mode would use 32-bits for the @aa:8, @aa:16, @aa:24 addressing modes
    • IDA under Windows could crash if “comment ascii references” was on
    • Motorola 6805 brclr/brset/bclr/bset syntax now conforms regular conventions
    • IBM PC: redundant rep/repne prefixes were in the wrong order
    • Enumerations window: the text search could fail if there was only one defined enumeration
    • netnode::getblob could return nonexistent blob
    • TMS320C6 module could crash is a specific illegal opcode is encountered (ldb.d2 *+b14[35], b1 with ‘dst’ field bit 0x10 set)
    • It was not possible to expand a variable sized structure just before its last member

New features in version 4.18 (19/10/2001)

  • Processsors
    • Fujitsu F2MC-16L and F2MC-16LX (Professional version).
    • PIC12xx , PIC14xx, PIC18xx processors in addition to the already supported 16xx family. (Starter version)
    • Intel 960 module enhanced: FLIRT and types are supported I/O port names are added to i960.cfg
    • W65C02S support has been added to the 6502 module.
  • File Formats
    • the PDB plugin recognizes the Windows XP SymDia symbols. Thanks to Mark Russinovich for the contribution.
    • OpenBSD aout files are supported
    • COFF files for Intel 960 are supported
    • ELF AR libraries are supported
  • Interface
    • a new window listing callers and callees is available.
    • Wingraph 32 can now print.
    • Zooming in and out on graphs can be controlled by the mouse.
    • a small notepad has been added. The notes are saved and opened each time the database is reloaded.
    • IDA is now able to check for the availability of updates and warns when the free update period is about to expire.
    • Patching has been removed from the default installation but can be activated by the DISPLAY_PATCH_SUBMENU option.
    • ‘Undefine’ now warns before proceeding. this option can be turned off by the CONFIRM_UNDEFINE_COMMAND parameter in the IDAGUI.CFG or IDATUI.CFG files.
  • Kernel Improvements
    • Enhanced recognition of the function calling conventions.
    • Floating point numbers in the instruction operands are supported
    • Slightly improved vc6.til file.
    • Automatically resize the saved registers area in the function frame if there is a reference into the area from the function body.
    • New linux system calls are recognized by IDA
  • Bugfixes
    • ARM BX instruction was not disassembled.
    • The last character of unicode strings would be missing sometimes for the big endian processors.
    • MC6811 LDA instructions would create 16-bit data item.
    • IDA would miscalculate the program end after loading binary files
    • “rename stack variable” at place would rename a wrong variable
    • Uninitialized array elements with the specified width would not be displayed
    • A plugin that opened a non-modal window would be unloaded at the exit before having chance to clean up the window, which would lead to a crash
    • A bitfield with one member equal to -1 mask -1 could not be converted into a normal enumeration.

New features in version 4.17 (22/06/2001)

  • Processsors
    • Intel 960 support
    • ST20/C2-C4 support
    • .Net module improved
    • DEC Alpha processor improved and supports the type system. Thanks to Ahmon Dancy for help.
    • PowerPC module improved
  • File Formats
    • IDA can now load hexadecimal and octal memory dumps in free format. (A set of heuristics is used to recognize and load such files) .
    • Mach-O executable files are supported. (The relocation information is ignored for the moment.)
    • Microsoft X-box XBE files are supported. (However, the module may not cover all possible file format particularities).
    • Compaq Tru64 dynamic loader information is supported.
  • Interface
    • external graphing module displays functions flow charts..
    • Array element indexes can be displayed as comments
    • The MakeAnyName (Ctrl-N) command is removed. The MakeName command is enhanced to handle all cases.
    • The Welcome dialog box is improved and keeps track of several previous disassemblies.
    • The GUI version has a Strings Window which contains all string constants present in the program.
    • GUI version: Alt-Enter = go to address in a new disassembly window.
    • GUI version: a special hotkey to create unicode strings can be assigned. See the IDAGUI.CFG file, the parameter name MakeUnicode.
    • GUI: the RAM/ROM sizes and addresses can be specified for binary files if the processor module doesn’t handle it automatically.
  • Kernel Improvements
    • New configuration parameter: ASCII_SAVECASE. If set, then IDA will preserve the case of the string contents when generating the string name.
    • Public global variables with anonymous structure or enumeration types are supported by the type system.
  • Bugfixes
    • IDA would crash if the database was saved when the IDAView-A window was closed.
    • Microsoft.Net: the closing curly brace was missing for the classes with some fields but no methods.
    • the text version would crash if the analysis options were accessed from the “load file” dialog box.
    • Sparc V8 fmovs/fnegs/fabss instruction couldn’t be disassembled.
    • C166 bmov/bmovn/bxor/band/bcmp instructions had the operands swapped.
    • it was not possible to declare a structure member as an enumeration type.
    • ST-20 module disassembled nfix prefix incorrectly.
    • in some rare cirsumstances the sizes of the standard structures would be calculated incorrectly. This would render the structure definition useless and would make impossible to import it into the database.
    • IDA wouldn’t work on very old Win95 boxes due to GetFreeDiskSpace problem.
    • Some processor-module specific dialog boxes could crash IDA.
    • Java module was badly broken.
    • An empty “if(1) {}” statement would cause a stack overflow in IDC runtime.
    • An error message in IDC parse is fixed. Before it would say: Compilation error: longname.idc,1: Too long identifier ‘(null)’ without displaying the variable name.
    • Java module wouldn’t show the instruction opcodes.
    • Hitachi H8S @aa:16 addressing mode was not sign extending the 16-bit address
    • It was not possible to add a standard structure which consisted of one anonymous field (an example: the Visual C++ VARIANT structure).
    • IDA would exit with the “empty type name” message if a global variable with an anonymous type is encountered in the program .

     

New features in version 4.16 (22/03/2001)

  • Intel Itanium IA64 support (Professional).
  • Microsoft.Net CLI (Common Language Infrastructure) support (Starter).
  • Motorola 68HC12 support (Starter).
  • Register argument type propagation is implemented. It can be turned off in the kernel analysis options 2.
  • Plugins can hook to the processor and kernel events.
  • Plugins can be written in either Visual C/C++ or Borland C/C++.
  • Processor extension plugins can be used to add instructions to processor modules.
  • IDA’s interfaces with the external world have been redefined.
  • Unicode strings are recognized even if the default string type is “zero-terminated C string”. This behaviour can be turned off using the analysis options. The terminating zero is included in the unicode strings.
  • Enumerations can have several symbolic constants with the same value.
  • 128bit operands and data items can be displayed (only binary and hexadecimal formats are supported for the moment).
  • MFC IDS files are improved: number of purged bytes are added into the function descriptions.
  • Linux system call numbers (int 80h) are commented properly.
  • Backups of the databases can be created.
  • User-defined line prefixes can be defined. See a sample in the SDK to learn how to use it.
  • ELF Playstation 2 loader is improved.
  • ELF H8 files are supported.
  • PE files: TLS directory information is taken into account; new delayed import tables are supported (Characteristics & 1)
  • PE files: it is possible to load files to arbitrary addresses using the manual load feature.
  • IBM PC: Pentium 4 instructions are supported.
  • IBM PC: redundant instruction prefixes are supported.
  • IBM PC: AMD syscall/sysret instructions are supported.
  • SPARC: the type system is supported. The type propagation is not implemented yet.
  • SPARC: the SPARC assembler is now supported. (special thanks to Ahmon Dancy)
  • SPARC: some minor bugs are fixed, Sparc assembler is supported.
  • SPARC: architecture V8 in addition to V9 is supported.
  • PowerPC module is improved: jump tables are recognized, lis/addi pairs are more aggresively converted to offsets
  • H8 module is improved: jump tables are recognized
  • C166 module is improved and several bugs are fixed. Thanks (again) to Ahmon Dancy for the information
  • UNC file names are supported
  • Many small interface enhancements
  • Instruction opcodes are not displayed on xref/public lines.
  • GUI: a fully synchronized scrollable hex viewer has been added.
  • GUI: column widths in the list boxes are remembered
  • The “Mark variable” command is removed.
  • BUGFIX: IBM PC: movhps/movlps instructions were disassembled as movhlps/movlhps for opcodes 0F, 13 and 0F,17.
  • BUGFIX: IDC.IDC: some macro definitions would cause syntax errors.
  • BUGFIX: Text version: an attempt to exit with some “find all” windows open would crash IDA.
  • BUGFIX: GUI version: in some rare circumstances the first item of the sorted lists would refresh incorrectly.
  • BUGFIX: some bugs in the type system are fixed.
  • BUGFIX: It was not possible to declare some standard structures.
  • BUGFIX: MAP files for PE files sometimes had incorrect segmentation information.
  • BUGFIX: Intel 8051: 24-bit addressing was good only for ecall/ejmp instructions.
  • BUGFIX: The stack argument type propagation could hang on functions which access their stack without allocating it.

Update to 4.15 (10/01/2001)

  • We have added support for the Pentium 4 new instructions.

New features in version 4.15 (02/12/2000)

  • Feature : CodeView NB11 debug information support
  • Feature : Struct offset deltas are supported. They allow to convert, for example, mov ax, 3 to mov ax, mystruct.field5-2
  • Feature :stack argument information propagation. (Since this feature is somewhat experimental,it can be turned off in Analysis options, Kernel options 2).
  • Feature : MakeArray command will now attempt to create an array even when some array elements are already defined as data items.
  • Feature : some find dialog boxes allow to find and display all occurences of the desired instructions.
  • Feature : MC86xx: enhanced operand type support (offsets, enums, stack vars, struct offsets can be applied to any complex operand)
  • New processor PROFESSIONAL : Siemens C166 and family ( C161 C161V-L16M, C161K-L16M, C161O-L16M, C161RI-L16M, C161RI-L16F C163 C163-LF, C163-L25F, C163-16F25F, C164, C164CI-8EM, C164CI-8RM, C165, C165-LM, C165-L25M, C165-RM, C165-LF, C165-L25F, C166, SAB80C166-M, SAB80C166-M25, SAB83C166-5M, SAB83C166-5M25, SAB88C166-5M, SAB80C166W-M, SAB83C166W-5M, SAB88C166W-5M, C167, C167-LM, C167S-4RM, C167SR-LM, C167CR-LM, C167CR-L25M, C167CR-4RM, C167CR-16RM, C167CR-16FM )
  • New processor: Starter : SGS-Thomson ST7, SGS-Thomson ST20
  • Improved processor : MIPS : MIPS16 encoding is supported
  • Improved processor : PIC : port mapping like STATUS as at addresses 3, 83, 103, 183 are supported, PCLATH register is traced (see the segment registers), all modifications of PCL register are taken into account.
  • Improved Processor : AVR: MegaAVR new instructions are supported. Thanks to Chris Dalla for information.
  • Improved Processor : MIPS r5900: parallel shift and SA register instructions are added
  • FLIRT: ELF preprocessor is added. Currently it supports only MIPS processor
  • GEOS loader takes into account the uninitialized data segment, knows about the process class and the structure of the exported entries
  • GEOS standard types are supported
  • BUGFIX: Motorola 68K module would crash in response to Alt-R, Ctrl-S, etc.
  • BUGFIX: The script toolbar would contain references to bad IDC script names
  • BUGFIX: MIPS R5900 processor was not available from the load dialog box
  • BUGFIX: IDA would use metapc as the default processor for all except the first file opened in the gui environment regardless of the DEFAULT_PROCESSOR parameter in IDA.CFG
  • BUGFIX: some flavors of PIC HEX files were incorrectly loaded
  • BUGFIX: it was not possible to delete items from the problem list using the Del key.
  • BUGFIX: some MIPS R5900 instructions were not disassembled
  • TXT version: the search direction indicator was not refreshed immediately after a direction change.
  • TXT version: the text version confused the “manual operand” and “text search” commands.

New features in version 4.14 (27/09/2000)

  • New Processor : Motorola 56K DSP
  • New Processor : Motorola ColdFire
  • PowerPC Embedded Controller Instructions have been added to the PPC module
  • New Processor : H8/500
  • New Processor : Z80 derived Gameboy Processor
  • Preliminary version of R5900 processor support (Sony Playstation 2)
  • ARM architecture version 5 support
  • GEOS executables are supported
  • PIC: now pic.cfg can be modified for different devices
  • EPOC SIS files are now directly supported.
  • PPC: Loading of LinuxPPC executables is enhanced
  • A “program navigator” band is available in the GUI version
  • All list viewers have been enhanced to support sorting.
  • Structs/enums can be hidden/unhidden with +/- hotkeys
  • The state of the script toolbar is saved between sessions.
  • New TIL files have been added to the type system.
  • Zero constants with one bit masks are allowed in the bitfields. For example:
        #define PARITY_EVEN 0x01
        #define PARITY_ODD 0x00
    
    defines 2 states of a one bit mask.
  • The user name is saved in the database.
  • Parameters names derived using the type information are automatically changed when the function declaration is changed.
  • IDA can mark the boundaries of the basic blocks by inserting an empty line after them. A basic block is a sequence of instructions with no jumps to/from the middle of the block.
  • PE: Forwarder exports are supported.
  • IDC: the recursion depth can be changed using IDC_CALLDEPTH and IDC_STACKSIZE parameters in IDA.CFG
  • IDC: new function SetStatus(). This function allows the user to change the IDA status indicator (green, yellow, red)
  • BUGFIX: COFF PC: 32bit offsets to 16bit segments are handled properly
  • BUGFIX: disassembling a WDM driver with unknown VxD/VMM calls could crash IDA
  • BUGFIX: it was not possible to use predefined structures with anonymous fields, e.g. the SYSTEM_INFO structure was not available in the disassembly
  • BUGFIX: movem instruction with pc-relative addressing mode from memory to register would not disassemble (Motorola 68k module)
  • BUGFIX: IDA would crash trying to load some watcom executables.
  • BUGFIX: sometimes it was not possible to create the .align directive at the very end of a segment.
  • BUGFIX: the return size of the function stack frame was unchangeable even when the function return type (far/near) was changed.
  • BUGFIX: In some special circumstances local variables would get wrong names from the type libraries (the first 2 characters would be missing).
  • BUGFIX: 6809 leax instruction pc-relative mode used the wrong target address.
  • BUGFIX: the enumerated dummy names count could be wrong is some curcumstances (for example, there could be 2 labels “loc_55”).
  • BUGFIX: some virus-tainted PE files would not load.
  • BUGFIX: “produce diff file” would hang IDA in some circumstances.
  • BUGFIX: GUI version could crash trying to reload the same database.

Disassembly Gallery

  • Visit our disassembly gallery

Training in Reverse Engineering (21/08/2000)

  • Reverse Engineering Seminars are now available.

New Features in version 4.10 (19/06/2000)

  • Introduction of the Type System : standard function types are recognized and the information about their parameters is used in the disassembly. The type System is initially available for Windows binaries.
  • USER added types : the type system allows the user to define his own types and to load external header files. This means that IDA now includes significant parts of a compiler, namely: the C preprocessor, lexer, parser, and semantic analyser of type declarations. We expect some problems in this new part of software.
  • Standard structures, enumerations and union definitions can be applied to the disassembly directly from the type database.
  • MS Windows WDM calls are now supported and commented.
  • HP PA RISC Processor : all v2 architecture instructions are supported, the HP SOM file format is supported but relocations are not supported (Professional).
  • The free compiler BCC 5.5 can now be used to compiled processor modules and plugins.
  • All operands, including registers, can now be modified through the manual operand command.
  • NB10 Plugin now integrated.
  • Borland RTTI plugins
  • 80196 : support has been added for the windows selection registers WSR and WSR1
  • IDC : the function GetIdbPath() returns the full path name to the current IDB file.
  • TEXT_SEARCH_CASE_SENSITIVE cfg parameter added.
  • BIN_SEARCH_CASE_SENSITIVE cfg parameter added.
  • BUGFIX : some comments in vxd.cmt were wrong.
  • BUGFIX : the external help (CTRL-F1- would not work when the cursor was past the end of the line.
  • BUGFIX : it is now possible to define the default value of the last segment register.
  • BUGFIX : the GNU H8 assembler now uses ‘;’ as a comment symbol.
  • BUGFIX : MS COFF 16 bits segments are now loaded correctly.

New plugin (13/05/2000)

  • We have released a plugin that helps you deal with Microsoft’s NB10 debugging information and its external PDB files.

New Features in version 4.04 (04/04/2000)

  • First release of the Alpha Disassembler (ELF and COFF file formats are supported)
  • Sony Playstation 2 ELF Disassembler
  • ARM thumb mode is now disassembled
  • Commenting of Windows NT Int 2E calls
  • Variable bytes in search strings
  • Local names are not demangled anymore
  • The delayed import tables of PE Files are supported.
  • the information found in the AIX COFF optional header is now used to improve the disassembly.
  • BUGFIX : some Windows CE IDS files should have been platform-specific.
  • BUGFIX : dummy names in the tail bytes were not deleted.
  • BUGFIX: .align 2 was inaccessible from the user interface in some cases.
  • BUGFIX: cvttps2pi, cvtps2pi (IBMPC) instructions were incorrectly disassembled.
  • BUGFIX: sections with wrong size in the file header (PE) were not loading at all.
  • BUGFIX: IDA could crash apparently randomly.
  • BUGFIX: search was not possible in the enumerations and structures window.
  • BUGFIX: the import section of some PE files was loaded incorrectly.
  • BUGFIX: it was not possible to stop analysis from the “load file” dialog box

New Features in version 4.03 (09/03/2000)

  • Register Variables (allows you to rename processor registers – improves the usability of the RISC disassembler) .
  • Local Labels in functions.
  • GUI : String Manipulation Toolbar.
  • GUI : toolbars can now be hidden.
  • The ARM disassembler module has been improved.
  • IDC : new function GetInputFilePath()
  • MISC : if the IDA_NOWIN environment variable is defined, the console version of IDA will run under WINE.
  • BUGFIX : arrays can now be defined as element of structures.
  • BUGFIX : some XCOFF files could not be loaded and disassembled, IDAW disk space routine could crash.

New Features in version 4.02 (11/02/2000)

  • We now disassemble SPARC V9 and UltraSparc II (Professional version).
  • We now disassemble EPOC executable and EPOC ROM image files.
  • Disassembler module for the 80196NU & NP processor.
  • Improved PalmOS 3.0 support.
  • Improved the Atmel AVR disassembler. Thanks to Chris Dalla.
  • Microsoft AR import libraries are supported.
  • Amiga Hunk File Loader (preliminary support).
  • IDC : SetManualInsn/GetManualInsn IDC functions have been added.
  • IDC : OpNot() bitwise NOT on the operand.
  • New ascii string types: unicode-pascal (2 byte length) and wide-unicode-pascal (4 byte length).
  • IBMPC: the SFENCE instruction is now disassembled, even with an illegal ModRM byte.
  • if the database is closed while Shift is depressed, IDA will save it without any question.
  • Ctrl-Shift will close the database without saving it into the disk.
  • GUI: the structure and the enum windows now have a menubar and a popup menu.
  • GUI : IDC programs can now be loaded, executed and edited from a toolbar.
  • GUI : double clicking an address in the message area moves in the disassembly.
  • GUI: “secondary windows always on top” feature is added.
  • GUI: “hide all functions” is added.
  • GUI: lazy jumps and autohide/unhide features(see options/navigation page).
  • GUI: file offsets are now constantly displayed on the status bar.
  • GUI: the syntax highlighting color setup dialog has been improved.
  • GUI : navigation between open windows using Alt-<n> hotkeys.
  • The number of lines per item is now configurable. See MAX_ITEM_LINES parameter in IDA.CFG file. The default is 5000.
  • Bugs were fixed.

New Features in version 4.01 (05/11/99)

  • Disassembler module for the Zilog Z180 and Z380 (Starter version)
  • Disassembler module for Pic 16xxx (Starter version)
  • Disassembler module for MC6303 ASxxxx: bitwise OR and NOT operators.
  • text search and other potentially lengthy operations can now be aborted
  • several bugs have been fixed.

New Features in version 4.0 (21/09/99)

  • Windows GUI Version
  • Disassembler module for AMD Athlon (std)
  • MacOS A-TRAPS
  • PE Files : the imports segment is created even if it was absent from the original file.
  • COFF debug information in PE files is now loaded.
  • 80×86 undocumented instructions
  • 8085 undocumented instructions
  • PC_ANALYSE_DIFBASE : new analysis configuration option.
  • Help is available in HTML