Главные новости в версии 4.6 SP1

• remote debugging module for MS Windows
• debugger: attach/detach from process (detach only available on XP/2K3)
• debugger: faster up to 10 times in certain operations
• conditional breakpoints in the debugger (specified as IDC expressions)
• new processors: DSP563xx, DSP566xx

Процессоры

• MC68K: "link" instructions are recognized as function starters
• ARM: analysis is improved in many cases; ARM_ARCHITECTURE_5 configuration option is introduced. If this option is on, the low bits of values loaded to PC are treated as the thumb bit. This option is off for old databases and on for new databases.
• TMS320C54: it is possible to specify the data segment address in the processor specific options dialog box
• DSP56K: pc relative addressing is displayed as such; dsp566xx data segments are 16-bit

Форматы входных файлов

• COFF: slightly better handling of SCO UNIX files; SCO relocations are still far from perfect
• ELF: invalid sections at the address zero in the executable files do not stop the loading process
• ELF: IDA asks about each section of the file in the manual load - to load or not to load
• ELF: load exception handlers in the PPC relocatable ELF files despite incorrect flags (no SHF_ALLOC)
• PDB: IDA tries to download PDB symbol files from the Microsoft Symbol Server
• ELF: H8/300 files can be loaded
• ELF: ida loads only sections marked with SHF_ALLOC
• Alpha: the disassembly of object files is improved
• Palm: IDA automatically converts A5 based references to nice offsets

Пользовательский интерфейс

• 'Highlight background color' option moved from 'General' options dialog box to 'Colors' options dialog box
• a name is displayed for valid addresses on the stack
• breakpoints are displayed as only one red line
• commands to change colors of instructions and hidden areas are added
• command to convert debugger segments to normal segments and vice versa is added
• double clicking on a struct/enum name in a struct/enum view collapses or uncollapses it
• enum member/bitfield values are added/edited using their default radix (hexadecimal, decimal, octal, binary & character)
• graphs use background colors of functions or instructions if defined
• gui: the chooser does not ignore characters before '/' and '\' anymore
• it is possble to modify the mask of enum bitfields
• it is possible to use IDC expressions in the "jump to address" command
• max alignment available from the user interface is 4096
• the user can specify background colors of functions and segments
• valid addresses on the stack are displayed in a different color
• debugger: display a warning the first time the user starts the debugger
• debugger: 'EIP inside previously defined instruction or data' messages can be disabled on a per database basis
• 'Reset hidden messages...' command added to Windows menu

Ядро

• IDA recognizes and uses register names in the IDC expressions
• MS _fastcall decorated function names are properly demangled
• demangler: new encoding of virtual tables for GNU ARM is supported
• do not append a dummy name as a comment when creating entry points
• ida creates 2..32 byte alignment directives automatically
• HTML supports background colors and conforms to 4.01 standard

Отладчик

• new commands: switch/select debugger
• debugger: added a tracing option to specify a trace stop condition
• debugger: modules window added

SDK & IDC

• IDC: GetDisasm() function returns the disassembly line of the specified address
• IDC: GuessType() function tries to guess the function/variable type.
• IDC: functions to manipulate colors are added
• SDK: floating point conversion functions have additional parameter: the output buffer size
• SDK: generate_disasm_line() has an additional parameter. Currently it can be used to force instruction decoding even if there is no instruction at the specified address
• SDK: open_url() function is added
• SDK: qfscanf() is added
• SDK: debugger: functions to list, attach and detach processes are available for plugins
• SDK: get_tilpath() accepts the output buffer as a parameter
• SDK: added various keywords to display more complex message boxes (warning(), info(), askyn(), etc)

Исправления ошибок

• BUGFIX: 'Change stack pointer' command is always available in context menu if the cursor is in a function and the stack pointer is displayed
• BUGFIX: 'Copy address to command line' command was broken
• BUGFIX: ARM BLX instruction in the thumb mode could not be disassembled
• BUGFIX: IDC command line properly evaluates multi-lines statements (for example from a cut & paste)
• BUGFIX: Palm Pilot loader was not considering the BSS segment while loading
• BUGFIX: TMS320C54 module properly handles some invalid instructions, delayed jumps, and loading of additional binary files
• BUGFIX: VC name ?Query@CCodeKey@@QAEHGPAX0@Z was incorrectly demangled
• BUGFIX: amd64 elf relocation R_X86_64_PC8 wasn't properly processed
• BUGFIX: bitfields with mask -1 could not be used
• BUGFIX: brazilian keyboard was causing an error message: Actions Calculate and WatchList have the same hotkey Ctrl-Alt-W.
• BUGFIX: corrected help on the GetOperandValue() function
• BUGFIX: debugger: if an IDA breakpoint was created over an INT3 instruction, it was not possible to continue the execution
• BUGFIX: debugger: when debugging a DLL (using a host application), host application segments were not properly named
• BUGFIX: floating point data operands for big endian processors were not displayed correctly
• BUGFIX: hint was not properly displayed over enum consts with a 0xFFFFFFFF value
• BUGFIX: ida.cfg sections for the processor module names with more than 4 letters would be skipped
• BUGFIX: ida64 could hang loading some OMF files
• BUGFIX: if the user double-clicked in a struct/enum/hex view while the cursor was on a valid address in the last active disassembly view, IDA jumped to this valid address in this disassembly view
• BUGFIX: in graphs, the color used for functions defined in an external segment wasn't good
• BUGFIX: in some cases, settings of closed windows saved in desktops were not properly restored
• BUGFIX: in some particular cases, IDA was crashing when trying to display the hint window
• BUGFIX: in some particular cases, a hint window to an invalid address appeared when the mouse was over instructions or operands
• BUGFIX: in user-defined graphs, functions defined in an external segment were drawn even if 'Ignore Externals' was selected
• BUGFIX: it was impossible to rename local vars, struct members or enum members from disassembly view once the name contains a char from the IDA.CFG MangleChars list
• BUGFIX: it was not possible to search for a substring appearing on the last line of a structure definition
• BUGFIX: it was not possible to specify the alignment directive in some object files
• BUGFIX: marked positions were not rebased with the program
• BUGFIX: pressing 'Y' in the imports table at an address without a name would cause an access violation
• BUGFIX: rebasing the program would not modify addresses in the problems list; deleting a segment would not delete addresses from the problems list
• BUGFIX: resizing the disassembly view could lead to a crash is some curcumstances (repetitively resize the window vertically + page down, around 100 times)
• BUGFIX: setting the start address of a function with an auto-generated name to a lower address could display a strange warning message
• BUGFIX: the 'Create HTML file' command reflects exactly what is visible on the screen
• BUGFIX: the calculator was not properly evaluating the current name in a struct or enum window
• BUGFIX: tracing: in some cases, the last instruction or call before the process termination was not properly traced
• BUGFIX: fixed a typo in the autocomments for C166
• BUGFIX: it was not possible to load enum definitions from a 32-bit database to a 64-bit database
• BUGFIX: in the dialog boxes the segment register values were displayed in the target processor format while the entered values were expected to be in the hexadecimal notation
• BUGFIX: 'Enter comment' and 'Enter repeatable commant' commands were sometimes wrongly enabled or disabled in structure/enumeration views
• BUGFIX: 'Field type' command in stack frame popup menu was disabled
• BUGFIX: AVR module would use zero page for RAM even if RAM has not been defined in the disassembly
• BUGFIX: MC6816 module properly displays virtual addresses and operands defined as user defined offset
• BUGFIX: the second operand of movntdq instruction was mm# register instead of xmm# register; movq2dq, movq, movdq2q instructions were not disassembled
• BUGFIX: some segment list columns were too narrow
• BUGFIX: ELF32 files without section header were not loaded correctly
• BUGFIX: xrefs.idc was out of date
• BUGFIX: ST9 bset and other bit manipulation instructions were not disassembled correctly
• BUGFIX: some cross references were not created correctly (16-bit values were sign extended to 32-bit while they should not be)
• BUGFIX: "delete xref manually " command was proposing wrong target address by default
• BUGFIX: long string constants were silently truncated in IDC
• BUGFIX: if a breakpoint was edited during debugging it would be displayed in orange (should be in red)
• BUGFIX: lines of the messages window are not draggable anymore
• BUGFIX: the debugger would leak DLL handles if the process has been forcibly terminated
• BUGFIX: some function prologues were not parsed completely (mov ax, #imm at the beginning)
• BUGFIX: dsp56k return instruction codes were incorrect
• BUGFIX: MC6816 module properly handles memory-mapped registers (defined in 6816.cfg)
• BUGFIX: VC6 RTTI-related names were incorrectly demangled
• BUGFIX: C166 SBN loader was accepting zero filled files
• BUGFIX: "unload database to idc" was using IBM PC segment register names for all processors
• BUGFIX: AVR module would crash if the ROM size was not specified in the configuration file.
• BUGFIX: get_loader_name() was returning the name with "64" suffix for the 64-bit version