out5.hex-rays.com
Open in
urlscan Pro
212.32.227.138
Public Scan
URL:
https://out5.hex-rays.com/beta90_6ba923/
Submission: On August 11 via manual from JP — Scanned from NL
Submission: On August 11 via manual from JP — Scanned from NL
Form analysis 0 forms found in the DOM
Text Content
WELCOME TO IDA 9.0
BETA
DOWNLOADS
IDA PRO 9.0 • BETA
For Windows
For macOS intel
For macOS ARM
For Linux
IDA HOME 9.0 • BETA
IDA Home PC for Windows
IDA Home ARM for Linux
IDA Home ARM for macOS intel
IDA Home ARM for macOS ARM
UTILITIES
FLAIR
idaclang
idslutils
loadint
tilib
FOR IDA PRO USERS
SDK
SDK Docs
Lumina server Activation not available yet
DOCUMENTATION
IDAPython Porting Guide (DRAFT)
SDK Porting Guide (DRAFT)
ISSUES FIXED IN IDA 9.0 BETA 2
* IDA Home: cloud decompilers unusable
* Replaced every reference to ida.key into ida.hexlic
* IDA Linux installer creates a weird directory in the installers's directory
* IDA Home: missing IDA Pyton module "ida_mergemod"
* missing style dylib on macOS
* decompilers: crash on navigation into non-decompilable function
* asmtil: interr 918 + crash on filtering a large list of types
* idapython: idc.get_ordinal_qty() not usable
* added wasm loader and processor module
KNOWN ISSUES FOR IDA 9.0 BETA 1
* IDA Teams server (vault) not yet available
* IDA floating license server (licsrv) not yet available
* Dialogs text in Linux installer not readable on Ubuntu with dark theme active
* Linux installer creates empty directory named `***unknown variable
uninstallerdirectory***`
* iOS18 DSC objc analysis lacking out-of-box (__OBJC_RO has to be loaded
manually for now)
* IDA can crash on x64 macOS at file load time
HEADLESS PROCESSING WITH IDALIB
* With IDAlib, both the C++ and Python APIs can be used from outside IDA to
form standalone applications. The resulting program or script doesn't have to
be loaded inside IDA, but rather IDA engine is invoked from inside your
application.
* This makes developing against the IDA API much easier - if configured
correctly, you get auto-completion and debugging in your favorite C++/Python
IDE
* NO RCP or IPC to an external IDA process means you get native speed of
execution
WASM DISASSEMBLER AND FILE FORMAT LOADER
* With many apps shifting to client-side browser applications we saw the need
of a new disassembler for Web Assembly (WASM).
* WASM code is embedded into its own binary file format. Hence we also ship a
file loader that decodes the WASM file format
NANOMIPS DISASSEMBLER AND DECOMPILER + MD1ROM LOADER
* Both the MIPS disassembler and decompiler got added support for nanoMIPS
instructions. The nanoMIPS support is included in the classic MIPS (HEXMIPS)
decompiler, so there is no need to purchase an extra license.
* Firmware compiled for nanoMIPS often ships in md1rom format, which is why we
added an md1rom file loader to IDA (which includes parsing and applying of
debug symbols, if available)
NEW RISC-V DECOMPILER AND DISASSEMBLER EXTENSIONS
* New decompilers targeting 32- and 64-bit RISC-V code (HEXRV and HEXRV64) are
now available.
* We extended the RISC-V processor module to support T-Head extension
instructions (used in Xuantie and Allwinner processors)
C++ EXCEPTIONS SUPPORT IN THE DECOMPILER
* The decompiler can now emit try / catch blocks. As the first step, we
implemented support for the C++ exception scheme in binaries compiled for x64
using Microsoft VC++
IDAPYTHON IMPROVEMENTS
* Most IDAPython APIs now have type annotations, making the API less
obstructive to use.
* Python virtual environments are now supported - simply point $PATH to the
directory containing the interpreter inside the virtual environment (done
automatically by the activation script).
* Objects returned in the Python API are properly zero-initialized.
* Auto-completion in IDA's CLI now disregards __magic_methods__ and
auto-generated SWIG methods, which reduces noise and helps finding a
particular function easier.
FLIRT UPDATES
* We massively updated, modernized and extended the number of FLIRT signatures
available for use with IDA. As of this release, we provide (and plan to
maintain) signatures for the following operating systems, languages,
architectures, and software packages:
* Golang:
* Versions: stable versions from 1.10.0 to 1.22.5 and unstable version
1.23.0-rc1/1.23.0-rc2
* Windows: x86, x64, arm, arm64
* Linux: i386, amd64, arm, arm64
* Darwin: amd64, arm64
* C/C++
* Windows (MSVC):
* Architectures: arm, arm64, i386, amd64
* Packages: ATL, CTL, MFC, Windows SDK 10, Windows SDK 11
* Linux:
* Distribution: Ubuntu & Debian
* Architectures: i386, amd64, arm64, armhf, armel, arm, s390x, mips64el,
mipsel, mips, ppc64el
* Packages: libc6, libselinux1, libpcre2, libidn2, libssl, zlib1g, lib32z1,
libunistring, libcurl4-gnutls, libcurl4-nss, libcurl4-openssl,
libnghttp2, libidn2, librtmp, libssh, libssh-gcrypt, libpsl, libldap,
libzstd, libbrotli, libgnutls28, nettle, libgmp, comerr, libsasl2,
libbrotli, libtasn1-6, libkeyutils, libffi, uuid, libprotobuf,
heimdal-multidev, musl, libplib, libsdl1.2-bundle (libsdl-console,
libsdl-sge, libsdl1.2, libsdl-ocaml, libsdl-image1.2, libsdl-kitchensink,
libsdl-mixer1.2, libsdl-net1.2, libsdl-sound1.2, libsdl-ttf2.0,
libsdl1.2-compat, libsdl-gfx1.2, libsdl-pango), libsdl2-bundle (libsdl2,
libsdl2-gfx, libsdl2-image, libsdl2-mixer, libsdl2-net, libsdl2-ttf)
* The extra signatures are initially available as separate download
METADATA DESCRIPTORS FOR PLUGINS
* ida-plugin.json now offers a standardized entrypoint for plugins. This
enables plugin authors to follow their own plugin directory structure, all
they need to do is point IDA to the main plugin entry point. To maintain
backward compatibility, IDA will keep loading plugins in the pre-9.0 way for
a couple of releases.
With the following directory structure:
plugins
└── ida_greeter
├── ida-plugin.json
└── main.py
A possible ida-plugin.json could look as follows:
{
"plugin" :
{
"name" : "greeter",
"entryPoint" : "main.py"
}
}
NO MORE IDA32
* We deprecated IDA32 a few versions ago. With IDA 9.0, we’re unifying the IDA
binaries targeting 32 or 64 bit code into just one IDA64 binary. This means:
* Number of installed files is cut in half
* Easier life for native plugin maintainers since only one version (__EA64__)
needs to be maintained.
* Conversion of IDB files to I64 file format is transparently and automatically
performed by IDA64.
UI IMPROVEMENTS
* The legacy Enums and Structures views are removed entirely and replaced by
Local Types. This also means that struct.hpp and enum.hpp and their
counterparts ida_struct and ida_enum disappear from the API. Replacement
functionality for both headers/modules is now located (mostly) in typeinf.hpp
/ ida_typeinf. A porting guide will be available for the release.
* The function prototype editor (aka y shortcut on a function name) now can
toggle between the classic free-text one-line editor and a new multi-line
editor featuring the usual shortcuts and controls. By the same time, we added
basic support for UI-based editing of argument locations, to make prototype
syntax less of a hassle to remember.
* It is now possible to specify fixed size for structures and to enable field
packing easily
* A refreshed set of shortcuts which better matches the modern OS conventions
can now be selected instead of the traditional shortcuts
FULL LIST OF CHANGES AND NEW FEATURES
PROCESSOR MODULES
* ARM: improve detection of targets of indirect jump instructions
* ARM: improved prolog analysis to recognize and mark calls to chkstk_darwin
* AVR: update missing bit definitions for ATmega640
* MIPS: support for NanoMIPS instruction set
* RISCV: added support for legacy instruction sfence.vm
* RISCV: added support for T-Head custom instructions
* wasm: new processor module (Web Assembly)
FILE FORMATS
* ELF: added support for nanoMIPS
* ELF: ARM64: added support for R_AARCH64_P32_TLS_TPREL relocation type, used
by ILP32
* md1img: loader for Mediatek modem firmware images (nanoMIPS and MIPS16e2)
* MACHO: support __chain_starts format 5 (DYLD_CHAINED_PTR_32_FIRMWARE)
FLIRT / TILS / IDS
* FLAIR: PCF: added support for ARM64 COFF files
* pelf: proper handling of ELF32 for AArch64 (ILP32)
STANDARD PLUGINS
* eh_parse: skip leading and trailing zero entries in x64 .pdata for PE files
(real binaries have them); improve recognition of exception dispatcher
functions in debug builds
* eh_parse: x64 exception handlers are standalone functions and not function
chunks
* eh34: new plugin to handle c++ exceptions for the binaries built by msvc x64
* pdb: added an option to only load names (useful with large PDBs when you
don't need types)
KERNEL/MISC
* goodname.cfg: improve simplification of MSVC STL classes
* kernel: support for ida-plugin.json
* kernel: improved strlit detection (short ones were converted to data items)
* noret.cfg: added terminate, std_terminate to the list of non-returning
functions
* installer: macOS: install all contents into a single .app bundle
* licensing: replaced FlexNet licensing server by custom Hex-Rays licensing
server (floating licenses only)
SCRIPTING & SDK
* IDAPython: added find_binary and find_string
* IDAPython: added detection of virtual environments (venv)
* IDAPython: Added more pointer wrappers for integer types defined in pro.h
* IDAPython: idapyswitch can now be used with read-only IDA installations
* IDAPython: Removed __magic_methods__ from CLI auto completion
* IDAPython: zero-initialize C++ objects exposed in the Python API
* IDAPython: loader_input_t.read() should return an empty bytes object upon
read error, not None
* SDK: Add Visual Studio templates for plugins and loaders
* SDK: added FUNC_UNWIND/FUNC_CATCH function flags to mark exception handlers,
they will be ignored in decompilation
* SDK: added pipe_process() to launch a process and establish a 2-way
communication with it
* SDK: added qlist::splice()
* SDK: moved node_ordering_t to gdl.hpp
* SDK: published basic undo interface (create undo point, undo, redo)
* SDK: renamed abstract_graph_t -> drawable_graph_t; mutable_graph_t ->
interactive_graph_t
UI
* UI: added an option to retain structure size (Fixed size structs)
* UI: Added "pack fields" checkbox to control gaps between fields for structs
* UI: command palette: fix wrong reports about "command failed"
* UI: hadle export/import of Local types to IDC is in a more flexible way. User
is able to select the different policies, for example: load the types and
skip the equal.
* UI: if IDA already has a file open, "Open" opens a file in a new IDA instance
* UI: it is now possible to inspect the contents of base type libraries, by
double-clicking on them in the "Type libraries" view
* UI: new shortcut set better aligned with modern OS conventions
* UI: got rid of "Structs" and "Enums" widgets
* UI: new shortcuts: Alt- (and CMD-) to jump to a window
DECOMPILERS
* decompiler: riscv: added RV32 and RV64 decompilers
* decompiler: added try/catch ctree statement
* decompiler: improved detection of variadic arg types
* decompiler: introduced a new event: hxe_inlining_func
* decompiler: published a few graph algorthims (pre/port ordering and dominator
calculation)
* decompiler: published the control_graph_t class; made it possible for
third-party plugins to perform structural analysis
* decompiler: arm: added support for VSEL insn (ARMv8-M)
* decompiler: impoved structure copy recognition
* decompiler: improved cfunc_t cache by introducing "saved_to_idb"; otherwise
we were saving all decompiled functions upon each "save_database", again and
again
* decompiler: improved constant representation in comparisons with binary
operators
* decompiler: improved hexrays history to support c++ exception handlers
* decompiler: improved the error message about the missing license: tell the
user what license is missing
* decompiler: mips: added support for movtz and movtn (MIPS16e2)
BUGFIXES
* BUGFIX: ARM: analysis speed could be slow on large 32-bit firmware binaries
* BUGFIX: ARM: fixed endless loop which could happen when analysing function
chunk before main function entry
* BUGFIX: ARM: stop decoding undefined MOV Wx, #imm variants (imm not fitting
in 32 bits)
* BUGFIX: cvt64: converting an old .idb to .i64 would fail if its path
contained a space
* BUGFIX: debugger: win32_remote.exe was unnecessarily requiring an API
instroduced in Windows Vista and would not run on XP anymore
* BUGFIX: decompiler: expressions with variable sized structures could be
mishandled
* BUGFIX: decompiler: IDA could complain "Could not find a matching license for
product" when multiple decompilers were installed
* BUGFIX: decompiler: internal errors triggered by UI-related code (e.g.
generaing tooltips) could result in "Unknown C++ exception" fatal error
* BUGFIX: decompiler: pressing F5 was not refreshing the pseudocode window in
some cases; we were discarding the decompilation result
* BUGFIX: decompiler: value range optimization could lead to code being wrongly
removed
* BUGFIX: DSCU: a GAP spanning multiple subcache files would fail to load
* BUGFIX: kernel: IDA on Linux had an unnecessary hard dependency on libsecret
and would refuse to run without it.
* BUGFIX: navigating to a global name which matched a known type name would
fail
* BUGFIX: objc: NS*Block reference detection error would end up creating
incoherent block structures over unrelated data
* BUGFIX: PC: alloca_probe / chkstk_ms does not modify rsp or rax in x64 code,
unlike x86
* BUGFIX: PC: REX prefix could be incorrectly applied to 32-bit instructions
* BUGFIX: PC: vmovw instruction was decoded as if using 16-bit registers (it
actually uses 32-bit ones)
* BUGFIX: PDB: inporting types from some large PDBs would fail with "the
maximum recursion level was reached"
* BUGFIX: RISCV: fence.i instruction was not decoded
* BUGFIX: SDK: fixed a debug/opt build incompatibility in reg_finder_t
(std::map member)
* BUGFIX: SDK: set_all_bits() and clear_all_bits() would behave wrong on
bitmaps with size not a multiple of 8
* BUGFIX: sometimes information about newly created range-like entities
(segments/functions/...) could be lost during UNDO
* BUGFIX: tinfo: xrefs to a deleted enum were not removed
* BUGFIX: UI: large amounts of lines in the "Output" window could cause
slowdowns
* BUGFIX: UI: when using COLOR_INV color code (e.g. in a custom viewer), IDA
would use default color for the text instead of the previous background color