IDA 8.1 Highlights
Private Lumina server
Our public Lumina database has been available for several years now and is full of useful information. However, not all organizations can use it due to confidentiality requirements, so now we offer an option of a private server which can be used to share functions metadata inside the organization.
IDA Teams will include a free Lumina license while IDA Pro users can purchase it separately.
We have designed a brand new icon set for IDA. The icon used will be specific to the IDA edition:
Sunsetting IDA for 32-bit binaries (IDA32)
The world is moving to 64 bits (in fact, IDA itself is a 64-bit executable since 7.0), so the 32-bit IDA gets used less and less. Due to implementation details, it was still necessary to use it for decompiling 32-bit executables, but now we are gradually lifting this limitation, so that in the future 32-bit files will be analyzed and decompiled in IDA64. Eventually we plan to completely deprecate 32-bit IDA and only keep it around for working with legacy .idb files.
Golang regabi support
Recent Go versions have enabled register-based calling convention (ABIInternal) instead of the original stack-based
for several architectures. While it was possible to describe it manually using
__usercall in IDA, now
allocates registers for the standard
__golang convention based on the detected Go version and
architecture of the binary.
For example, a function taking a slice and two integers had to be described manually in 8.0 as follows:
__int16 __usercall main_crc16@<ax>(_slice_uint8 buffer@<0:rax, 8:rbx, 16:rcx>, __int64 start@<rdi>, __int64 length@<rsi>)
While in 8.1 the following works fine:
__int16 __golang main_crc16(_slice_uint8 buffer, __int64 start, __int64 length);
Full list of changes and new features:
IDA Teams and Lumina
- Lumina: private Lumina server is now available
- Lumina: got rid of LUMINA_HOST and LUMINA_PORT configuration parameters (those values are saved/retrieved in the registry instead)
- Teams: switched to PBKDF2 hash for the password storage in the vault server
- ARM: improved recognition of A32 switch patterns produced by Android NDK 19 toolchain
- XTENSA: added decoding of the nop.n instruction
- XTENSA: print a1 register as 'sp'
- ELF: ARM: added support for the R_AARCH64_IRELATIVE relocation
FLIRT / TILS / IDS
- FLIRT: added signatures for icl 221 (Intel C++ 2022.1)
- FLIRT: added signatures for ucrt 22621
- FLIRT: VC: added signatures for vc1431 (Visual Studio 16.11.10) 64bit
- FLIRT: VC: added signatures for vc1432 (Visual Studio 16.11)
- golang: added support for the regabi calling convention
- noret.cfg: added more __noreturn function names
Scripting & SDK
- SDK: changing the application bitness (e.g.
inf_set_64bit()) now also adjusts the basic type sizes
- SDK: now the processor modules that support 64-bit mode must have PR_USE64 set; previously this was not enforced
- UI: IDA now uses new icons specific to the edition (Pro/Home/Free/Teams)
- decompiler: x86: improved detection of __fascall functions with stack arguments
- BUGFIX: ARM: fixed decoding of T32 UMAAL instruction (wrong operands)
- BUGFIX: debugger: pressing F8 on jXcx might resume the application and let it run freely
- BUGFIX: decompiler: during debugging, hovering over stack variables could show wrong data
- BUGFIX: decompiler: tail calls in outlined functions could lead to truncated pseudocode
- BUGFIX: idapyswitch could fail to create the libpython symlink on arm64 macOS.
- BUGFIX: interr 1784 could be produced when loading databases which were rebased multiple times
- BUGFIX: PC: improved the analysis speed in presence of thunk functions
- BUGFIX: SDK: get_db_byte() would return bytes from process memory instead of IDB
- BUGFIX: some debugger plugins would fail with an error message about the 'dbg' variable
- BUGFIX: teams: merging was not implemented for manual memory regions
- BUGFIX: tilib could not open files with double extension (file.ext.til)
- BUGFIX: UI: IDA could crash when using the "New instance" action on macOS
- BUGFIX: UI: IDA could incorrectly highlight non-ascii characters during filtering in list views
- BUGFIX: UI: it was impossible to set COMMENTS_INDENTION or INDENTION to more than 132 in the config file (the UI allows up to 255)
- BUGFIX: UI: some menu actions could be erroneously disabled during auto-analysis
- BUGFIX: UI: current item focus in the Functions window kept jumping during autoanalysis
- BUGFIX: vault: multiple IDA instances run by the same user on the same host would consume multiple licenses