



查看: 13982|回复: 31

[Disassemblers] IDA and Decompilers v7.2 have been released(5 Nov 2018)



发表于 2018-11-6 09:48:30 | 显示全部楼层 |阅读模式


Complete changelist
Processor Modules
+ 68k: print pc-relative operands with explicit "(pc)" suffix; it seems gas accepts both forms, and having an explicit suffix is a good thing
+ ARC: improved switch recognition
+ ARM : added ARM-v8.3a PAC (Pointer Authentication Code) instructions
+ ARM: added support for A64 basic crypto instructions (AES, SHA1, SHA2)
+ ARM: improve detection of ARM64 imported function stubs in Mach-O and PE binaries
+ ARM: simplify A64 instruction aliases MUL, MNEG, SMULL, SMNEGL, UMULL, UMNEGL
+ DWARF source-level debugging is now availalble on Android platforms
+ H8*: improved switch recognition
+ MC6812: track SP register changes
+ NEC850: added V80E2M and RH850 floating-point instructions (and many others)
+ PIC: added decoding of more 16F1x and 12F1x instructions
+ PIC24: new processor module
+ PC: added yet one more prolog pattern
+ PC: improved detection of 'push ecx' as part of the function prolog
+ PC: reduced number of incorrectly created offset expressions
+ PC: improved recognition of the gcc vararg prolog
+ PIC16: added processor module for PIC24,30,33 families
+ PPC: enhanced switch recognition
+ PPC: improved switch recognition
+ SH3: improved sp analysis
+ SH3: improved switch recognition
+ SPARC: improved switch recognition
+ TMS320C28X: improved switch recognition
+ V850: improved switch recognition
File Formats
+ CLI: corrupted files with bad LUT table can be loaded now
+ DEX: added support for VDEX file format
+ ELF: ability to load external symbols from companion file (even when DWARF info is missing.)
+ ELF: added annotation of NT_PRSTATUS and NT_PRPSINFO notes for core files
+ ELF: added support for packed android relocations (APS2 format)
+ ELF: allow independent loading of PHT and SHT in loader options
+ ELF: detect loading of inconsistent overlapping data from PHT
+ MACHO: allow the user to load a given module from a dyld_shared_cache on-command
+ MACHO: always use segment prefixes for kernelcache files, even when not splitting by KEXTs
+ MACHO: improve XML parsing for __PRELINK_INFO in kernelcache files
+ MACHO: support ARM64_32. only in ida64 (for now)
+ MACHO: support loading of iOS 12 prelinked kernelcaches
+ MACHO: support loading of new dyld cache format for arm64e architecture (e.g. iPhone XS)
+ MACHO: when loading a single dyldcache module, apply the relevant symbols from the cache's symbol table
+ MACHO: store segment protections in the database (previously they were ignored)
+ PE: label guard call check function if present in the load config directory
+ PE: added annotation for IMAGE_DEBUG_TYPE_REPRO
+ support debugging on iOS devices with ARMv8.3-A extensions (iPhone XS, XS Max, XR)
+ support watchpoints in the Remote iOS Debugger
+ iOS: improve compatibility with older devices (the oldest we've thoroughly tested is an armv7 iPhone 4 with iOS 6.0.1)
+ dalvik: use "track-jdwp" service instead of "jdwp", it uses more reliable protocol
+ ios_deploy: added "afc" phase
+ ios_deploy: added "battr" phase
+ ios_deploy: added "dattr" phase
+ ios_deploy: added "debug" phase. this allows us to easily troubleshoot issues when launching/attaching to a process
+ CFG: removed obsolete config parameter CHECK_MANUAL_ARGS
+ FLIRT: ICL: Added signatures for icl177 (Intel C++ 17.7)
+ FLIRT: ICL: Added signatures for icl178 (Intel C++ 17.8)
+ FLIRT: ICL: Added signatures for icl182 (Intel C++ 18.2)
+ FLIRT: ICL: Added signatures for icl183 (Intel C++ 18.3)
+ FLIRT: ICL: Added signatures for icl190 (Intel C++ 19.0)
+ FLIRT: VC: Added signatures for vc1413 (Visual Studio 2017.6)
+ FLIRT: VC: Added signatures for vc1414 (Visual Studio 2017.7)
+ FLIRT: VC: Added signatures for ucrt 17134 (Windows 10 April 2018 Update SDK)
+ FLIRT: VC: Added signatures for vc1415 (Visual Studio 2017.8)
+ improved code detection heuristic rules
+ improved sp analysis
+ introduced -8align4 abi option for arm/pc
+ added support for parsing simple c++ classes with virtual functions
+ strlit comments: try to print them even for references to pointers to strings
+ types: improved til <-> IDB structure synchronizing
+ OBJC: added OBJC_LAZY_MODE to objc.cfg, which prevents IDA from parsing objc data at load-time
+ OBJC: allow user to pass options to objc plugin via -Oobjc:
+ OBJC: improve analysis of block functions by detecting Block_layout objects allocated on the stack
+ OBJC: improve type propagation in the pseudocode; specifically across ARC-related functions (objc_retain, objc_retainAutoreleasedReturnValue, etc.)
+ OBJC: introduce submenu for objc features. See Edit>Other>Objective-C
+ OBJC: parse __block_literal_global structures when loading mach-o files
+ OBJC: parse pre-optimized data structures in __objc_opt_ro
+ OBJC: support regular expressions in the selector string for the JumpSelector action
User Interface
+ ui/qt: added the ability to restore custom widgets when a desktop layout is loaded (through the 'ui_create_desktop_widget' notification)
+ ui/qt: added user interface for borrowing and returning floating licenses (available under menu Options-Floating Licenses in floating license IDA versions)
+ ui/qt: any widget that was last closed when floating (alone) and reopened with WOPN_RESTORE will now be restored as a float, in its previous position
+ ui/qt: custom data types & formats registered by the user now appear in the context menu
+ ui/qt: entries in the "Exports" window will now have different icons according to their type (function, data, undefined, ...)
+ ui/qt: in the proximity view, one can now add nodes by from addresses, instead of having access to (non-dummy-) named items only
+ ui/qt: introduced 'get_window_id(const char *name=NULL)' to retrieve the underlying OS-specific window ID
+ ui/qt: some specific floating widgets geometries/positions will now be restored when re-opening (e.g., the "Script snippets")
+ ui/qt: watch views: it was impossible to specify an idc expression as in expressions with a cast: (type)expr
+ ui/qt: when implementing 'ui_get_custom_viewer_hint' in a plugin, it is now possible to ask IDA to inject its "regular" hints anywhere in the returned text
+ ui: "Binary search" now allows tabs instead of spaces, between different items (e.g., 0x89\t0xE5), allowing easier copy-paste from tools such as GDB
+ ui: API: adding navband ea_t <-> pixel conversions
+ ui: added shortcuts Ctrl+Shift+Up/Ctrl+Shift+Down to jump to the start of the previous/next function
+ ui: create segment: if the end address of the segment is not specified, split the segment that is located at the specified start address
+ ui: pressing <Shift+Enter> in "jump" choosers (i.e., Ctrl+P, Ctrl+X, Ctrl+L, Ctrl+E, ...) will jump without closing the chooser, thereby working as a preview/quick navigation
+ ui: show demangled names by default in the module debug name list
+ ui: when a new idb can not be created because of permissions, propose to create it in the home directory
+ ui: when creating structures from data, the structure will be named "struc_<addr>" (where 'addr' corresponds to the address of the start of the selection), instead of having an unrelated numeric suffix
+ ui: improved application of bitfield enums to operands
Scripts & SDK
+ IDAPython: added Hexrays_Hooks, providing a better abstraction on top of the hexrays_event_t (methods are typed, and bindings are automatically generated, meaning that it'll follow additions to the C++ SDK)
+ IDAPython: all functions not marked as THREAD_SAFE in the C++ SDK, will now check that they are being called from the main thread, avoiding possible corruption or crashes
+ IDAPython: ida_dbg: expose memory_info_t(), meminfo_vec_t(), set_manual_regions()
+ IDAPython: ability to provide user hints for edges of user graphs
+ IDC: added __IDAVER__ as a numeric version number
+ IDC: added debugger registers as variable names
+ SDK: added GN_NOT_DUMMY bit for get_name()
+ SDK: added UTF-8 aware qrmdir()
+ SDK: added calc_func_size()
+ SDK: added idb_event::bookmark_changed
+ SDK: added support for shifted pointers
+ SDK: added the item_color_changed and colee_addr_changed events
+ SDK: append_cmt() does not append the comment if it is already present at the end of the existing comment
+ SDK: deleting a segment register now sends a 'sgr_deleted' event
+ SDK: exported copy_named_type()
+ SDK: renamed regex functions to not conflict with POSIX symbols (qregcomp/qregerror/qregexec/qregfree)
+ SDK: introduced the INSN_64BIT bit
+ SDK: added bitcount()
+ SDK: make request_refresh(), clear_request_refresh() and is_refresh_requested() accept 64-bit masks
+ hexrays: ARM: support RRX addressing mode
+ hexrays: added support for magic divisions in 64-bit code
+ hexrays: added "force new variable" command; it can be used to force the decompiler to create a new aliasable stack variable at the specified location
+ hexrays: added "variable is possibly undefined" warning
+ hexrays: added MAX_STRLIT_LEN configuration parameter
+ hexrays: added a new rule to simplify some ternary operators
+ hexrays: added a new rule: (x ^ y) & 1 => x != y if x,y are booleans
+ hexrays: added hxe_cmt_changed notification
+ hexrays: added logic to remove exception handling code (SjLj)
+ hexrays: exported idaloc2vd and vd2idaloc
+ hexrays: get rid of limitation on number of internal microregisters
+ hexrays: get rid of virtual registers in microoperands
+ hexrays: handle ARMv8.3 Pointer Authentication instructions
+ hexrays: improved handling of some switch idioms
+ hexrays: improved handling of union expressions
+ hexrays: improved propagation of odd parts of constant values
+ hexrays: improved recognizing of register arguments in called functions
+ hexrays: improved function prototype parser: take into account the return type is able to contain parentheses
+ hexrays: improved detection of read-only data in dyldcaches. this can heavily simplify the pseudocode
+ hexrays: slightly improved recognition of magic divisions
+ hexrays: x86: added recognition of gnu mcount()
+ hexrays: calls of virtual functions are decompiled in a nice way
+ hexrays: added support for 64bit character constants
+ hexrays: it was impossible to decompile a call that returns an udt of an odd size (!is_valid_size)
+ hexrays: sdk: added macro HEXRAYS_MEMORY_ALLOCATION_FUNCS() and functions hexrays_alloc/hexrays_free
+ hexrays: sdk: added new flags CVAR_NOPTR, LVINF_NOPTR, use them to indicate that a variable should have a non-pointer type
+ hexrays: sdk: added external blocks (BLT_XTRN). they greatly improve snippet decompilation
+ hexrays: sdk: lvars are taken into account when calculating use/def lists; exported 2 more mlist related functions
+ hexrays: sdk: cleaned up the API; we will try to maintain compatibility from now on
BUGFIX: "Produce file > Dump database to IDC file..." would generate IDC scripts whose 'create_strlit' directives had erroneous 'length' parameter
BUGFIX: "Suspend on debugging start" option was broken for GDB-based debuggers
BUGFIX: "ida -B" was not performing the final pass over the input file and this could lead to huge ranges of unexplored bytes in the output listing
BUGFIX: 68K: some Coldfire-specific instructions were not decoded in the "MC68xxx universal emulator" mode
BUGFIX: COFF: some XCOFF64 files could be loaded incorrectly
BUGFIX: Copying to the clipboard from the graph view, could result in text being shifted
BUGFIX: DWARF: C++ exceptions could be issued by the plugin during source-level debugging, and not be caught, causing IDA to exit
BUGFIX: DWARF: Golang types containing readonly or writeonly channels, would be turned into anonymous types
BUGFIX: DWARF: Structures with a variable sized last member consisting of an array of arrays, would fail being properly handled
BUGFIX: EH: parsing of exception data in arm32 Mach-O binaries could produce bogus " bad try block information" warnings
BUGFIX: ELF: ARM: some files with ARM-mode entrypoint could be disassembled incorrectly in Thumb mode
BUGFIX: ELF: loading big-endian ARM files would display "ARM Little-endian" in the "Load file dialog". Similarly, loading little-endian PPC files would show "Power-PC big endian" instead of "Power-PC little endian"
BUGFIX: ELF: parsing SHT_NOTE could yield invalid contents
BUGFIX: GDB: serialized conversation (for troubleshooting purposes) could contain unescaped '\' characters
BUGFIX: GDB: IDA could crash when attaching to gdbserver if the bitness was misdetected
BUGFIX: GDB: some android aarch64 stubs could be misdetected as 32-bit arm
BUGFIX: GDB: when using snippet mode debugging with QEMU, segments starting with undefined bytes could have data zeroed out at runtime
BUGFIX: GDB: IDA could crash when attaching to QEMU i386 or x86_64 (starting with version 2.10)
BUGFIX: IDA could INTERR 40029 when using the gdb debugger
BUGFIX: IDA could hang trying to load some psx images
BUGFIX: IDA could crash trying to parse bad objc metadata
BUGFIX: IDA could crash when deleting a local type
BUGFIX: IDA could die with interr 40193 when trying to recover from a fatal network error during remote debugging
BUGFIX: IDA could misdetect the compiler as gcc
BUGFIX: IDA would become very slow when the debugger was active and the debugged application was running freely
BUGFIX: IDA would crash when parsing tryblk info
BUGFIX: IDA would not demangle names from exported from a dll during a debugging session
BUGFIX: IDA would print empty character constant if the character could not be converted from the source encoding
BUGFIX: IDA would crash with code 1004 if a scattered location with stack components was specified
BUGFIX: IDAPython: 'reg' member of action_update_ctx_t & action_activation_ctx_t, was virtually unusable as it corresponds to debugger registers, which have different numbers than processor module-provided ones. It has been replaced with 'regname'
BUGFIX: IDAPython: (low-level function) 'set_numbered_type()' wouldn't work with the 'sclass_t' argument returned by 'get_numbered_type()'
BUGFIX: IDAPython: 695 compat's 'ida_kernwin.get_highlighted_identifier()' could cause IDA to crash
BUGFIX: IDAPython: IDP_Hooks::ev_get_bg_color() was not usable w/o resorting to using ctypes
BUGFIX: IDAPython: calc_thunk_func_target() would crash IDA if 'None' was passed to it as first argument
BUGFIX: IDAPython: exceptions happening in timer callbacks wouldn't be reported immediately (and could fail being reported altogether)
BUGFIX: IDAPython: get_member_by_id() & get_member_by_fullname() were returning garbage instead of a proper 'struc_t *' instance
BUGFIX: IDAPython: ida_hexrays.ccase_t.values was not usable
BUGFIX: IDAPython: ida_lines.get_extra_cmt() would return None for empty stings, even though more comments lines exist after it
BUGFIX: IDAPython: idaapi.py's 'set_func_start' and 'set_func_end' coming from 'ida_funcs' were overriden with constants coming from 'ida_idp'
BUGFIX: IDAPython: it was impossible to retrieve the selection from an embedded chooser after its parent form has been accepted
BUGFIX: IDAPython: load_plugin() could crash IDA with a segmentation violation
BUGFIX: IDAPython: op_t.addr couldn't be used as a value to 'get_stkvar' although the documentation mentions it
BUGFIX: IDAPython: setting members of the cinsn_t's union without first setting the 'op' type, would silently fail
BUGFIX: IDAPython: some PLFM_* constants were not exported
BUGFIX: IDAPython: unexpected (and improperly handled) "wait dialogs" could show while some other modal dialog was activated, in case a timer fired in the background
BUGFIX: In the "Structures" view, IDA could display multiple times the header text in case structures were corrupted/deleted
BUGFIX: KERNEL: qfindfirst/qfindnext did not work for non-ASCII paths on Windows
BUGFIX: MC68K: instuctions referring to addresses with high bit set could be printed incorrectly in IDA64
BUGFIX: MC68K: some valid instructions would not be decoded in "MC68xxx universal emulator" mode
BUGFIX: MIPS: in mips16 mode, instructions ADDIUPC and LWPC situated in a delay slot could be disassembled using wrong PC value
BUGFIX: MinGW/Cygwin-produced PE x64 files could show __fastcall's as __usercall, even though the code does respect Microsoft's x64 ABI convention
BUGFIX: NEC850: xrefs to high addresses would not be created for some instructions when using IDA64
BUGFIX: On Windows, with the "windows" style and on Hi-DPI monitors, the check marks in checkboxes would look tiny
BUGFIX: PC: IDA sometimes was too aggressive in creating functions after multiple nop instructions
BUGFIX: PPC: some paired single load/store instructions could not be decoded if they used odd displacement values
BUGFIX: Showing enum values of negated values, would show the list of matching enums for the original value
BUGFIX: The DWARF plugin could complain on some Rust types (i.e., '()')
BUGFIX: The DWARF would stop early if it failed loading some debug information when parsing functions data, while it could keep going and try parsing the following functions
BUGFIX: UI: IDA on Windows could not open filenames not representable in current ANSI character set
BUGFIX: UI: On Windows, IDA could print network-related error messages in wrong encoding, resulting in unreadable text
BUGFIX: When debugging a Linux/ELF application, symbols coming from "debuglink"-provided companion files wouldn't be available in IDA
BUGFIX: When requested, the segment name wouldn't appear in the line prefixes in graph mode
BUGFIX: Win32: during debugging, it was impossible to open the list of exports for an .exe
BUGFIX: Win32: when attaching to a process for debugging, IDA could fail loading PDB information associated with the executable file
BUGFIX: arm: ida64 would not truncate addresses to 32bit when decoding 32bit code
BUGFIX: debugger action objc:RunUntilMessageReceived could fail for multithreaded Objective-C apps
BUGFIX: debugger: calling get_event_module_name() in an IDC condition could crash if debug event was not of correct type (PROCESS_STARTED, PROCESS_ATTACHED or LIB_LOADED). now it's also supported for LIB_UNLOADED, and an IDC exception is thrown in other cases
BUGFIX: debugger: win32: "SEH list" functionality did not work for wow64 processes when using local debugging
BUGFIX: debugger: win32: IDA could hang when debugging a 32-bit (WOW64) process on Win10
BUGFIX: excessively big shift counts were handled incorrectly (e.g. "shl eax, 33" should not produce 0)
BUGFIX: file names coming from AR archives could be garbled due to an incorrect assumption about their encoding
BUGFIX: fixed a crash when loading corrupted LE files
BUGFIX: fixed interr 50863 that could occur in corrupted idbs
BUGFIX: gas for arm requires lowercase instruction conditions but ida was not always using lowercase for them
BUGFIX: get_strlit_contents() could overflow the range of bytes it was asked to retrieve
BUGFIX: get_strlit_contents() shouldn't stop at codepoint zero, but rather keep going until the 'len'gth is reached
BUGFIX: in some cases it was impossible to set the "bp-based frame" function attribute, ida would immediately reset it
BUGFIX: it was impossible to correctly specify prototype of a thiscall function that returns a big struct
BUGFIX: it was possible for the mac debugger to load debug names from a file that didn't match an image in memory
BUGFIX: kernel: IDA could hang on exit when using borrowed licenses and license server was not accessible anymore
BUGFIX: ldr/coff: don't use a DT_NON symbol to describe a section, if a procedure is planned there and a non-dummy name has been set
BUGFIX: m65816: abs,x/abs,y addressing could fail to create xrefs
BUGFIX: mac debugger could fail to load for databases that were created from scratch
BUGFIX: mac debugger could fail to single step when source-level debugging in multithreaded environments
BUGFIX: mac debugger could fail to update the thread list properly, which could then cause IDA to fail to add/delete a hardware breakpoint
BUGFIX: mac debugger could produce duplicate debug names in a module's name list
BUGFIX: mac debugger could trigger erroneous SIGBUS signals after setting a software breakpoint on OSX 10.14
BUGFIX: mac debugger would fail to set user-defined hardware breakpoints in newly-created threads
BUGFIX: mach-o loader could erroneously truncate segments in iOS 11 kernel caches
BUGFIX: mach-o loader would not properly load files with a __TEXT segment with a nonzero file offset
BUGFIX: mips: fixed analyzing of the mips16e 'addiu' insn
BUGFIX: no events were generated when the user toggled the operand sign or bitwise negated it
BUGFIX: objc plugin could ask to parse Objective-C info when in fact no such info was present in the database
BUGFIX: pc: ida could loop endlessly if a finally handler was belonging to 2 different functions
BUGFIX: pdp-11: offset expressions were not creating xrefs
BUGFIX: pdp-11: removed obsolete PDP_XLAT_ASCII parameter from ida.cfg
BUGFIX: range change was wrong for ANALYSIS, ANALYSIS2, and some other bitmask config parameters
BUGFIX: rtti comments would be duplicated upon reanalysis
BUGFIX: rtti type descriptor names starting with '*' were not recognized
BUGFIX: rtti type descriptor names starting with *Z were not recognized
BUGFIX: scripted loaders had to seek to the beginning of the file at the beginning of the load_file() function
BUGFIX: sdk: tinfo_visitor_t::apply_to() could spoil type modifiers (const/volatile) and attributes when editing the type
BUGFIX: segmentation info could be lost when opening very old databases (created before 2001)
BUGFIX: set_fixup() has 6 arguments but the docs were claiming there there are 5 arguments
BUGFIX: setting the struct member type as "int[]" (without specifying the array size) could lead to an array of arrays (int[][])
BUGFIX: simplecustviewer_t::OnPopup wouldn't allow receiving the 'widget' and 'popup_handle' as other widgets would
BUGFIX: some corrupted mach-o files could crash ida
BUGFIX: some flowchart edges could be missing (could occur in the presence of xrefs into the middle of an instruction)
BUGFIX: sometimes 'overflow' bit would be calculated incorrectly after cmp or sub instructions
BUGFIX: stack unwinding could break analysis for prefixed call instructions
BUGFIX: stopped to modify the function in the 'ev_is_jump_func' event
BUGFIX: the linux debugger could cause INTERR 20099 with corrupted ELF files
BUGFIX: the mac debugger could create an incorrect memory layout after attaching to a process with ASLR enabled
BUGFIX: the win32 debugger server would fail to retrieve pdb files from symbol servers
BUGFIX: ui/qt: IDA could easily deadlock if more than 1 thread was using logging.py, or simply attempting to print anything in the console while holding any other lock that both threads might require
BUGFIX: ui/qt: IDA could show the wrong bookmarks contents for the "Jump > Clear mark..." action
BUGFIX: ui/qt: added "Add watch" to the (old-style) watchlist context menu
BUGFIX: ui/qt: background color for lines could fail to be applied in some cases
BUGFIX: ui/qt: changing segment register values wouldn't cause the "Segment registers" chooser to refresh
BUGFIX: ui/qt: deleting (or modifying) segment register ranges could leave the disassembly view(s) outdated
BUGFIX: ui/qt: don't show "(null)" in the collapsed area footer, if the description is missing
BUGFIX: ui/qt: during debugging, the "flags" registers column could be made partly invisible (depending on the display DPI)
BUGFIX: ui/qt: given a sufficiently long list of functions in "Functions window", deleting ranges of functions could cause IDA to crash
BUGFIX: ui/qt: hex views would show bogus characters when bytes were decoded as UTF-8 and yielded surrogate codepoints
BUGFIX: ui/qt: moving IDA between monitors with different resolutions, could result in the graph view showing garbage
BUGFIX: ui/qt: on HiDPI displays (e.g., 4k), hints could end up being partly truncated
BUGFIX: ui/qt: the 'COLOR_DEFAULT' for prefixes of simpleline_t would result in portions of that line marked as COLOR_PREFIX, to be invisible
BUGFIX: ui/qt: when 2 widgets were placed next to one another within the same tab, closing the leftmost one, could cause the rightmost one to disappear as well (without being destroyed.)
BUGFIX: ui/qt: when jumping between nodes in graph view, the animation could end up in the wrong place
BUGFIX: ui/qt: when stopping a debugging session, it might happen that some line rendering options (number of opcode bytes, indent, ...) would not be properly restored to what it should be
BUGFIX: ui/qt: when using line top/bottom paddings, the graph view could show artifacts for e.g., highlighting
BUGFIX: ui: "Strict ASCII" option in the "Strings window" was not working
BUGFIX: ui: calling set_view_renderer_type() on the TWidget returned from open_disasm_window(), would crash IDA
BUGFIX: ui: in the "Structures" view, the "Shrink structure" action would be available on alignment bytes, yet incapable of actually removing those
BUGFIX: ui: some string literals part of structure instances in the address space, could fail to show in the "Strings window"
BUGFIX: ui: when attaching to a process, it could be impossible to load PDB or DWARF debug information right away (but would work after detaching & re-attaching)
BUGFIX: user info would be stored in the idb even when STORE_USER_INFO was turned off
BUGFIX: user-specified 'manual instruction' for data items was ignored
BUGFIX: using -DTRICORE_DEVICE in the command line would lead to warnings
BUGFIX: hexrays: "(x>>8)&1" would be represented as "x>>8" in some cases
BUGFIX: hexrays: 'jl (N-x), x' would be decompiled incorrectly
BUGFIX: hexrays: 1-byte functions could not be decompiled
BUGFIX: hexrays: 64bit multiplication was not correctly recognized in some cases
BUGFIX: hexrays: In some cases the decompiler could not represent zero constant as a enum member
BUGFIX: hexrays: an assignment to a global variable could be incorrectly optimized away in some cases
BUGFIX: hexrays: append_use_list() could give wrong result in case of Big Endian platform
BUGFIX: hexrays: arm: some multiple registers/memory transfer instructions were not marked in the microcode as multimove sequences
BUGFIX: hexrays: decompiler could generate wrong offset for accessing a part of variable having user-defined type
BUGFIX: hexrays: decompiler would consider .text segments as readonly even if their permissions would say otherwise
BUGFIX: hexrays: find_def/find_use were working correctly only for register operands; other operand types were handled poorly
BUGFIX: hexrays: fixed a bug in set_to_le_ge()
BUGFIX: hexrays: fixed an endless loop (fortunately, a rare thing)
BUGFIX: hexrays: fixed bug in combine_hinsn_mov()
BUGFIX: hexrays: fixed many interrs
BUGFIX: hexrays: in some cases "smod power2" rule could produce wrong operands in the generated microinstruction
BUGFIX: hexrays: in some cases the decompiler could lose 'default:' branch of a switch statement
BUGFIX: hexrays: in some rare cases some comparisons would be decompiled incorrectly
BUGFIX: hexrays: incorrect partial operand propagation in some rare cases on Big Endian platforms
BUGFIX: hexrays: offsetof(type,field) may have empty field name in some rare cases
BUGFIX: hexrays: pc: incorrect handling of loope/loopne instructions
BUGFIX: hexrays: signed modulo 2 was sometimes recognized with wrong size
BUGFIX: hexrays: some 64bit comparisons would be decompiled wrongly
BUGFIX: hexrays: stack pointer could be miscalculated when decompiling a mixed range that contained code both inside and outside functions
BUGFIX: hexrays: the "lxe_lvar_type_changed" could provide outdated lvar_t information
BUGFIX: hexrays: the BACKPROP_CC rule could invert an 'if' condition
BUGFIX: hexrays: the rule "~x > 0" => "x <= 0" was too aggressive
BUGFIX: hexrays: the type of guard_dispatch_icall() coud interfere when guessing the protype of the called function
BUGFIX: when calling 'set_member_tinfo()', the struc_member_changed event would be sent before the tinfo_t object is actually applied
BUGFIX: when parsing omf files ida was storing wrong extdef name length in the idb
BUGFIX: when using the "Suspend on debugging start" option with the mac debugger, /usr/lib/dyld would be missing from the module list
BUGFIX: win32: ida was mistakenly setting a borland debug hook in some cases; this would change the program execution
BUGFIX: win32: if the debugged application erased a software breakpoint, appcall would stop working
BUGFIX: windbg: IDA could crash with interr 1491 when loading a 32-bit minidump of a process with DLLs loaded above the 2GB mark (0x80000000)
BUGFIX: wrong function prototypes could cause an interr
BUGFIX: 68000: ida would not truncate function and instruction addresses to 24-bit
BUGFIX: IDA could crash for choosers with empty title
BUGFIX: IDAPython: GraphViewer.AddEdge() could crash IDA if the source or destination nodes were out-of-bounds
BUGFIX: hints could not show up for user graphs
BUGFIX: debugger: win32: IDA could crash on win10 preview with interr 1419 when debugging a 32-bit process
BUGFIX: fixed interr 40372 (ida would die if a conditional bpt was present in the idb and idapython was disabled or not present)
BUGFIX: hexrays: if multple windows with the same function were present, an inactive one could be used for jump targets
BUGFIX: mips: fixed delay slot processing
BUGFIX: print_operand() would print data operands incorrectly for big endian processors (this function is not used to generate the disassembly listing)
BUGFIX: IDA could crash when trying to open a registers view in the GDB debugger
BUGFIX: enumplace_t::adjust() was not working properly with bitfields + serials
BUGFIX: ios debugger was broken for old iOS versions (< 9.0)
BUGFIX: the "Currently:" button text in the String Literals dialog was difficult to read on OSX


您需要 登录 才可以下载或查看,没有账号?加入我们



参与人数 1威望 +2 飘云币 +2 收起 理由
wei0227 + 2 + 2 赞一个,这个帖子很给力!


  • TA的每日心情
    2019-3-25 15:21
  • 签到天数: 487 天


    发表于 2018-11-6 10:02:22 | 显示全部楼层
    回复 支持 反对

    使用道具 举报


    发表于 2018-11-6 13:25:50 | 显示全部楼层
    回复 支持 反对

    使用道具 举报


    发表于 2018-11-6 13:26:56 | 显示全部楼层
    学习下windows破解,以前只对gas elf有了解过
    回复 支持 反对

    使用道具 举报

  • TA的每日心情
    2025-1-13 13:43
  • 签到天数: 1992 天


    发表于 2018-11-6 13:57:41 | 显示全部楼层

    回复 支持 反对

    使用道具 举报

  • TA的每日心情

    2024-11-23 02:04
  • 签到天数: 185 天


    发表于 2018-11-7 00:32:07 | 显示全部楼层
    回复 支持 反对

    使用道具 举报

  • TA的每日心情

    2024-10-28 17:42
  • 签到天数: 250 天


    发表于 2018-11-7 01:04:05 | 显示全部楼层
    回复 支持 反对

    使用道具 举报

  • TA的每日心情

    2024-11-7 19:04
  • 签到天数: 1320 天


    发表于 2018-11-7 06:41:42 | 显示全部楼层
    回复 支持 反对

    使用道具 举报

    您需要登录后才可以回帖 登录 | 加入我们


    快速回复 返回顶部 返回列表