Site Meter Hex-Rays IDA Pro v6 5 READ NFO-DVT | belajar-cracking.blogspot Hex-Rays IDA Pro v6 5 READ NFO-DVT Hex-Rays IDA Pro v6 5 READ NFO-DVT Hex-Rays IDA Pro v6 5 READ NFO-DVT Hex-Rays IDA Pro v6 5 READ NFO-DVT | belajar-cracking.blogspot

Agustus 31, 2014

0 Hex-Rays IDA Pro v6 5 READ NFO-DVT


Complete changelist
    Processor Modules
        + 6808/HC(S)08: decode skip1 and skip2 pseudoinstructions
        + 68K: decode Mac OS toolbox traps with auto-pop flag set
        + 68K: added a few missing A-trap values (thanks to Doug Brown)
        + 8051: added support for 51MX extensions
        + ARC: disassemble MAC extension instructions
        + ARC: initial typeinfo support
        + ARM: added recognition of __gnu_mcount_nc
        + ARM: added support for Thumb switches that use GCC helpers __gnu_thumb1_case_<...>
        + ARM: added support for ARM64 aka AArch64
        + ARM: handle another variation of Thumb-2 switch table
        + ARM: improve analysis speed for files with extremely long functions
        + ARM: improve handling of unoptimized GCC Thumb-2 epilogs (ADD R7, R7, #delta; MOV SP, R7)
        + ARM: improve stack tracing in the presence of conditional instructions
        + ARM: recognize 'ADD PC,PC,R' as return from subroutine
        + ARM: set default ARM architecture to "metaarm" (disassemble all instructions) in ida.cfg
        + ARM: support BE-8 images (big-endian data but little-endian code)
        + H8: added support for the Renesas H8SX family
        + H8: handle several switch patterns generated by Renesas High-performance Embedded Workshop (HEW).
        + H8: improved analysis, added rudimentary register tracking (thanks to Zak Escano)
        + MIPS: recognize new-ABI/System-V-ABI GCC PLT slots (see
        + PC: assume that "int 3" after calls stops execution (this is used by Visual C++ to guard calls to noret functions)
        + PC: decode LOCK MOV TO/FROM CR0 as MOV TO/FROM CR8D (AMD-specific)
        + PC: handle code sequences which load imagebase value into a temporary register (common in x64 Windows code)
        + PC: handle code which jumps over the lock prefix of instructions (e.g. Linux glibc)
        + PC: handle PIC helpers from Android/x86 binaries (__x86.get_pc_thunk.bx)
        + PC: improve analysis of functions with multiple "push ebp" instructions
        + PC: improved speed of stack analysis for long functions
        + PC: introduced PC_ANALYZE_MAX_SIMPLEX_SIZE: if the size of the simplex problem is greater, IDA will not use the simplex method
        + PPC: Recognize 'addis'/'lwz' pair for 32-bit offsets.
        + PPC: recognize switch constructs that use a GOT register
        + PPC: switch idiom recognition drastically improved.
        + TMS32028: new processor (Texas Instruments TMS320C28x). Includes C27 and C2xLP modes.
        + TMS320C55x: decode instructions that access deprecated registers MDP05 and MDP67
        + Tricore: added instruction auto-comments
        + Tricore: added new assembler for TASKING VX-toolset
        + Tricore: recognize some standard instruction sequences to load addresses and convert them to offsets
    File Formats
        + CLI: implemented renaming of .NET methods
        + COFF: ignore symbols for import fixup pointers generated by GCC ("__fu__") since they point into middle of instructions
        + COFF: ARM: support IMAGE_REL_ARM_MOV32T/IMAGE_REL_ARM_MOV32A relocations (used in WinRT targets)
        + DBG: added a workaround to handle non-compliant .dbg files produced by map2dbg
        + DEX: various dex loader improvements: format dex headers, methods descriptions, prototypes, strings, classes, annotations; parse and use debug info.
        + ELF: added minimal support for Tricore
        + ELF: added option to handle really huge segments (load them chunk by chunk). Thanks to Avi Cohen Stuart.
        + ELF: ARM: support R_ARM_THM_JUMP11 and R_ARM_THM_JUMP8 relocations
        + ELF: create a new, dummy segment for the .tbss section to avoid overwriting unrelated symbols
        + ELF: disable data coagulation by default (don't convert objects to byte arrays). Among other things, this improves display of vtables.
        + ELF: Handle Thumb entrypoints in files.
        + ELF: MIPS: support R_MIPS_TLS_GOTTPREL, MIPS_R_COPY and MIPS_R_JUMP_SLOT relocations
        + ELF: support for STT_GNU_IFUNC symbols
        + ELF: symbol value in RELA relocs against section symbols in dynamic files should be ignored (bug compatibility with binutils/
        + DWARF: accept clang's non-DW_AT_declaration-based declaration (it uses an explicit DW_AT_byte_size of 0), and strip 'class ', 'struct ' and 'union ' from complex types names.
        + DWARF: basic support for Fortran-originating DWARF info.
        + DWARF: Declare function prototype even when params locations cannot be determined.
        + DWARF: Enable loading of DWARF information for shared libraries of a program being debugged.
        + DWARF: fixes and improvements to handle clang idiosyncrasies
        + DWARF: handle C++11 unspecified type: nullptr becomes a 'void*', and the rest becomes 'void'.
        + DWARF: Handle calling conventions that pass arguments in registers (e.g., __fastcall, __usercall, __thiscall)
        + DWARF: handle DW_AT_GNU_vector types, by packing them in a structure
        + DWARF: improved DWARFv4 handling
        + DWARF: support for DWARF info in PE files
        + DWARF: recognize DW_ATE_UTF8 for C++11 char16_t, char32_t, ...
        + DWARF: support for bitfields
        + DWARF: Support for complex float/double/longdouble.
        + DWARF: Support for DWARF V4-style, exprloc-based location lists.
        + DWARF: support for segmented addresses
        + DWARF: support for WATCOM-style, spec-incompatible, typeless global variables with no location descriptor (uses DW_AT_low_pc instead)
        + DWARF: too many other fixes and improvements to list
        + MACHO: rename pointers to ascii strings; this improves the listing
        + MACHO: symbols with names like "__dtrace_probe$..." were being interpreted as ARM symbols, which destroyed valid Thumb code
        + MACHO: when loading a dyld cache, ask about Objective-C parsing only once
        + PDB: improved handling of fragmented functions.
        + PDB: removed artificial limitation on the type names, it was leading to names clashes and interrs. NB: types with really long names can not be imported into the structure view anymore.
        + PDB: use class inheritance instead of inclusion
        + PE: display TimeDateStamp header field using UTC instead of local timezone
        + bTree/varray: raise implementation limits to handle big databases. Removed "max number of chunks" limit.
        + include paths and predefined macros are set for each compiler separately
        + added CC_PARMS in ida.cfg as a tagged collection of the parameters (with compiler abbreviations as tags)
        + added report_gsfailure, com_raise_error and com_issue_error to noret.cfg
        + added tinfo_t, an object to hold the type information
        + C parser: added support for __ptr32 and __ptr64 keywords
        + demangler: support of 'rvalue reference' gcc mangling
        + demangler: various updates for GCC 4.x/C++11
        + parameter tracking: do not propagate 'this' name to callers
        + security: IDA will ask for a confirmation if an unknown IDB (from a third-party) is used to launch a debugger
        + security: disallow IDC snippets in startup signatures; only external IDC scripts may be used
        + removed -C command line switch (the compiler can be set using a script function instead)
        + type parser: c++ names with class/namespace qualifiers can be parsed, like aaa::bbb
        + type system: added support for 64-bit enums (64-bit enums in the enum view are supported only in idaq64)
        + types: added local_types_changed event; it occurs on any change to type definitions or when the user loads/unloads type libraries
        + types: added support for class inheritance; currently the parser support one base class but other parts can handle multiple inheritance too (at least in theory)
        + types: added support for type attributes (introduced with __attribute__ or __declspec keywords).
        + types: added support for zero sized structs
        + types: IDA can parse structure definitions with bitfields and store this info in the type strings
        + types: introduced udt_type_info_t object to represent struct and union types and refactored the code to parse udt type strings (so we do not have the same code in 2 places)
        + types: added new type-related callbacks for processor modules; they are used if PR_TINFO bit is set in the processor module; it PR_TINFO is not set, then the old callback will be used
        + types: deprecated varloc_t and created argloc_t, it can express register relative and static (fixed memory address) locations; also implemented compatibility layer so that older plugins continue to work
        + types: do not propagate "this" and "retstr" variable names, they just clutter the output without adding any useful info
        + types: introduced the notion of 'type level'. Types usually encountered in source files are called 'high level' types.
        + added win8_um.til and wdk8_km.til for Windows8 WDK (user and kernel mode headers)
        + FLAIR: all parsers now support > 0x8000 sections, offsets and fixups.
        + FLAIR: allow sigmake to process .pat files with Objective-C messages as function names (containing []+- and spaces).
    Scripts & SDK
        + IDAPython: don't del() modules that were created by user scripts; provide idaapi.require() to import/reload modules (see
        + IDAPython: Enable multi-threading
        + IDAPython: python.cfg: set REMOVE_CWD_SYS_PATH=1 by default (remove current directory from the import search path).
        + IDC: added Breakpoint.AddToGroup(bpt, group_name) method
        + IDC: added function ApplyType()
        + IDC: added GetDisasmEx() which allows generating disassembly for non-existing instructions or locations in the middle of other instructions
        + IDC: added GetLocalTinfo(): return a local type by ordinal
        + IDC: added IsInt64() and similar functions
        + IDC: added typeinfo.size(): return type size
        + SCRIPT: implemented additional processor notification callbacks for scripted processor modules
        + SDK: added custom popup menu callback support for all choosers. Implemented submenus for choosers popup menus
        + SDK: added a new assembler format for octal numbers (q'123, flag ASO_OCTF7)
        + SDK: added DOUNK_NOTRUNC flag for do_unknown[_range]()
        + SDK: added expand_argv()
        + SDK: added guess_func_cc(): a function to determine the calling convention from the types and locations of arguments
        + SDK: added notifications and new control APIs for the Output Window
        + SDK: added str2ea_ex()
        + SDK: added SWI2_STDTBL flag for switch_info_ex_t - to mark switch tables which use standard layout but non-standard target calculation
        + SDK: forms: support for user-defined menu items for choosers in forms
        + SDK: generate_disasm_line() with GENDSM_FORCE_CODE can be used to generate instruction text for any address; regardless of the existing instructions in the database
        + SDK: getting/setting/deleting node properties (grcode_[set|get|del]_node_info).
        + SDK: ht_output: a sample plugin to demonstrate receiving output window notification and using of new output window functions
        + SDK: IDA graphs can be controlled by plugins, including Python bindings (see graph.hpp).
        + SDK: navcolor: sample plugin to illustrate how to customize navigation band colors
        + SDK: plugins can add popup menu items using add_custom_viewer_popup in two ways:
        1) On ct_popup or view_popup notifications. Such items will be automatically removed after popup execution;
        2) In any other place - the added items will remain until set_custom_viewer_popup_menu(viewer, NULL) is called (previous behavior)
        + SDK: qctime_utc() uses Coordinated Universal Time (UTC), is equivalent to asctime(gmtime(t))
        + SDK: removed requirement for mkidp branding for processor modules. Instead, lnames/pnames arrays are used.
        + SDK: rename segment registers areas interface functions.
        + SDK: sample plugin ht_view to demonstrate usage of HT_VIEW notifications (view callbacks), different ways of adding user popup menu items get_viewer_name() APIs
        + SDK: support for UTF-8 strings in choosers (CH_UTF8)
        + SDK: tracing: added set_trace_platform(), get_trace_platform functions(), set_highlight_trace_options()
        + SDK: Change idp_desc_t struct to combine processor names. Set IDP 'family' name for UI purposes.
        + SDK: qflow_chart_t: added FC_CHKBREAK flag (so build_qflow_chart() may be aborted by user)
    User Interface
        + UI: add "synchronize" option to the Function list which keeps it synchronized with IDAviews.
        + UI: added "Create structure from data" functionality to the stack frame view and Structures window
        + UI: added breakpoint groups. They can be enabled/disabled at once.
        + UI: added experimental "Address details" info panel (see View ? Toolbars).
        + UI: added exporting of breakpoints (to an IDC script)
        + UI: allow specifying directories to ignore (both for source mappings and binaries mappings)
        + UI: Alt+T "search all" command result is now displayed in the output window (pattern not found, bad regular expression, search aborted)
        + UI: color buttons now allow resetting the color back to default
        + UI: debugger: added an explanatory dialog box for debuggers with manual memory regions
        + UI: display long processor descriptions in the "Load file" dialog
        + UI: improve rendering quality and speed of zoomed graphs
        + UI: improved scroll bar behavior if there are big gaps in addressing
        + UI: make the commandline Python/IDC switch button non-flat to make it more obvious
        + UI: marked location descriptions can be edited from the marked location chooser (Ctrl-M)
        + UI: mouse wheel can be used in the navigation bar for scrolling (and Ctrl+wheel for zooming)
        + UI: navbar: when current location is changed the navigation bar is shifted so that the whole pointing arrow is displayed.
        + UI: new command: Export Data (default hotkey Shift-E)
        + UI: properly display Unicode/custom codepage strings in the "Strings" window
        + UI: redesigned "Name representation" dialog
        + UI: rendering speed improvements, especially in graph view mode
        + UI: structure offset dialog (selection-T): added quick filter (Ctrl-F)
        + UI: structure offset dialog: "Add missing members" function; Show hints for list view
        + UI: Support for fine-grained scrolling (e.g. two-finger scrolling on Macs)
        + UI: support for HiDPI (Retina) displays on OS X
        + UI: when adding on-access breakpoint from the Segments list, deduce its type from the segment permissions (for example, for the code segment we set eXec bpt)
        + UI: when deleting multiple segments, ask for confirmation only once
        + UI: removed "Output window" from the View menu. (it still remains in "Windows" menu)
        + UI: TXT: added Tracing submenu
        + UI: TXT: Added "Switch debugger" to the "Debug" menu
        + debugger: Allow specifying which IP (v4) interface to bind to for remote debugger server
        + debugger: Allow the user to specify binary paths mappings, to be used by the debugger.
        + debugger: Android: support for debugging under Android 4.2.2
        + debugger: ARM: linux: added a workaround for syscalls made by jumping to the last page so we can single step them
        + debugger: win32: clarify the error message if getting debug privilege fails. Also, don't reset it if we didn't get it.
        + GDB: try to detect target architecture and bitness (qXfer:features:read)
        + GDB: use register layout from the feature info XML on ARM, if available
        + PIN: 'logging mode', 'only add new instructions', 'trace over debugger segments' flags may be changed when the application is running
        + PIN: allow 64-bit IDA to attach to a 32-bit process
        + PIN: check process bitness compatibility before attaching
        + PIN: function tracing mode: record call & return instructions
        + PIN: implemented attaching to a process
        + PIN: multiple fixes, improvements and speed-ups.
        + PIN: pass both 32- and 64-bit pintool DLLs when launching pin. So pin can choose appropriate tool itself
        + PIN: remove "Only add new instructions" option from tracer submenu as it is already present in the 'Tracing options' dialog.
        + PIN: support 'log return instructions' option
        + windbg: check if dbgsrv.exe is present in usual locations and offer it by default if so
        + Windbg: check the "WindowsDebuggersRoot" registry key to locate the debugging tools (WDK8)
        + windbg: complain if the user tries to debug 64-bit code with 32-bit IDA
        + Windbg: implemented jump by double-clicking on 64-bit addresses printed into the output window (delimited by the ` symbol).
        + WINDBG: when debugging or loading dumps for WoW64 processes, try to detect 32-bit vs 64-bit modules and mark segment bitness accordingly (IDA64 only)
        + WINDMP: when loading WoW64 dumps with 32-bit IDA, skip 64-bit segments instead of failing completely
        BUGFIX: 'convert to dword' (hotkey D) was failing to delete a hindering name in some cases
        BUGFIX: "create function" command could wrongly fail in some rare cases
        BUGFIX: "Dump database to IDC" could create too long strings that could not be parsed back by IDA
        BUGFIX: 16-bits offsets from the current segment were not displayed properly if the segment did not start at its base address
        BUGFIX: accessible memory limits (inf.minEA/maxEA) could be wrong after starting instant debugging
        BUGFIX: alpha: load osf.til only for non-PE files because it is for Unix
        BUGFIX: ARC: jump instruction with long immediate operand were incorrectly marked as indirect
        BUGFIX: ARC: some cross-references for ld instructions were missing
        BUGFIX: argument propagation could fail inside function chunks
        BUGFIX: ARM debuggers could not correctly single step IT,TBH,TBB instructions
        BUGFIX: ARM: handling of some Thumb-2 switches resulted in wrong cross-references, hindering disassembly and decompilation (Thumb bit was not ignored)
        BUGFIX: ARM: some comments in the listing were using ';' character even in GAS mode (which uses '@' instead)
        BUGFIX: ARM: some NEON instructions with an immediate operand (e.g. VMOV , #imm) were decoded incorrectly in Thumb mode.
        BUGFIX: autoanalysis could enter an endless loop creating and destroying a macro instruction
        BUGFIX: AVR module was not displaying xrefs to i/o ports
        BUGFIX: avr: even if the user did not select a device, IDA would use the default device settings (AT90S8515) until the database was reopened
        BUGFIX: binary search dialog interpreted control characters as their literal values (e.g. newline would be interpreted as 0A)
        BUGFIX: CLI: a specially crafted IDB file could lead to a buffer overflow and potential code execution
        BUGFIX: CLI: IDA could crash on some corrupted .NET files because of bogus values returned by the metadata APIs on Windows
        BUGFIX: dalvik: fixed DALVIK_MOVE_RESULT_OBJECT instruction handling
        BUGFIX: DALVIK: names of overloaded functions could be wrong
        BUGFIX: DbgDword() was failing if pin debugger backend was used
        BUGFIX: DbgDword() was returning garbage for wrong addresses on WinXP instead of failing
        BUGFIX: debugger: 'manual regions' menu item was never displayed to the user
        BUGFIX: debugger: 64-bit appcall was failing for bochs debugger
        BUGFIX: debugger: fixed some data race conditions in the windbg debugger module
        BUGFIX: debugger: IDA could crash while trying to resolve a "reg:delta" expression if "reg" was a virtual register (e.g. a flag name)
        BUGFIX: debugger: IDA could lose control while tracing ARM programs
        BUGFIX: debugger: if breakpoint with condition 0 was used in the short loop, "Suspend execution" button was kept disabled
        BUGFIX: debugger: it was impossible to correclty resume the application once we suspended inside a page read-write bpt
        BUGFIX: debugger: linux: bpt-related signals were sometimes passed to the application even if the user masked them
        BUGFIX: debugger: mac debugger could report wrong memory layout info
        BUGFIX: debugger: pin (64bit architecture) did not trace instructions having addresses 0xffffffff and higher
        BUGFIX: debugger: selecting "Suspend" from the "Unable to single step" dialog box would lead to resuming the application
        BUGFIX: debugging an x64 application could crash IDA when stepping over a pushfq.
        BUGFIX: DWARF in fat Mach-O files with 2+ architectures could not be read, because of an additional offset to the DWARF information stream.
        BUGFIX: dwarf: avoid type duplication.
        BUGFIX: dwarf: don't apply DWARF-provided-name when a mangled name is already present.
        BUGFIX: DWARF: Don't fail on anonymous types that embed similarly-named types with different sizes.
        BUGFIX: dwarf: DW_TAG_label DIEs produced by Apple's fork of GCC would be placed at wrong addresses.
        BUGFIX: dwarf: empty types (1-byte wide) were erroneously saved as dummy. Therefore, any type depending on them would collapse into a dummy as well.
        BUGFIX: dwarf: GCC-produced DWARF files can have negative bit offsets.
        BUGFIX: dwarf: handle bogus bitfield length generated by RVCT
        BUGFIX: dwarf: If the x86 processor was set to something other than "metapc", the plugin wouldn't load DWARF info.
        BUGFIX: dwarf: In some cases, loading of additional modules could cause IDA to quit.
        BUGFIX: dwarf: it was not possible to load a separate file with debug info manually
        BUGFIX: dwarf: mangled names could be ignored, in case the didn't appear in the declaration of a function, but in its specification.
        BUGFIX: dwarf: RVCT-produced files could have references cross-compile_units, which would lead to having duplicate types
        BUGFIX: dwarf: RVCT 3.1 outputs erroneous 'DW_AT_sibling' information, that caused the plugin to loop endlessly.
        BUGFIX: dwarf: some frame offsets were wrong.
        BUGFIX: dwarf: some global variables could not be properly recognized when they are of a static member of a complex type
        BUGFIX: dwarf: some structure names could conflict with defined functions ('stat64', 'sigaction', ...); rename them in that case.
        BUGFIX: dwarf: support DW_TAG_unspecified_type when retrieving function prototype.
        BUGFIX: dwarf: support RVCT-generated existing-but-empty names.
        BUGFIX: dwarf: types with very members that are large arrays of declared-only types could fail being imported.
        BUGFIX: dwarf: when DW_TAG_unspecified_parameters was specified as part of the function declaration (as opposed to its potential specification), it was ignored.
        BUGFIX: dwarf: when multiple variables with the same name but different offsets are present in the stack frame, '_NN'-suffix them and declare them all.
        BUGFIX: dwarf: with optimized code, source-level debugging could fail retrieving a valid size for the current block of code
        BUGFIX: EBC: MOVI instruction with 64-bit immediate value was incorrectly disassembled.
        BUGFIX: ELF: 'NOTE' sections/program headers would corrupt the program's end address, and prevent some items to be properly named/used.
        BUGFIX: ELF: ARM loader would erroneously set the name of the symbol at the place of the relocation, for R_ARM_TLS_LE32.
        BUGFIX: ELF: loader could sometimes mis-calculate the location of TLS variables
        BUGFIX: ELF: relocations wouldn't be applied if no section headers were present, and no DT_REL[A] were present in the dynamic info but only a DT_PLTREL
        BUGFIX: ELF: some PPC RELA relocations were applied incorrectly
        BUGFIX: ELF: Wouldn't systematically consider symbols that point to SHN_UNDEF as externs.
        BUGFIX: Enable PDB loading for modules of the program being debugged remotely.
        BUGFIX: fixed a deadlock: if a script was modifying breakpoints while the debugged application was running, IDA could hang
        BUGFIX: fixed interr 30141 that could occur when using the windbg backend
        BUGFIX: Functions imported by ordinal could be erroneously labeled in 64-bit IDA (on Windows only).
        BUGFIX: GDB: AddBpt() with size=0 did not work properly for PPC targets (while doing it from UI worked)
        BUGFIX: IDA could crash when opening an old ST9 database
        BUGFIX: IDA could crash when starting a remote debugging session without a database
        BUGFIX: IDA could wrongly complain about failing to acquire debug priveledges
        BUGFIX: IDA would use Borland type libraries for Windows even for OS/2 programs
        BUGFIX: IDAPython could be leaking memory on some operations.
        BUGFIX: IDAPython: asklong/askaddr/asksel (and corresponding functions) were returning results truncated to 32 bits in IDA64
        BUGFIX: IDAPython: fix wrong documentation for idc.SizeOf
        BUGFIX: IDAPython: GetFloat/GetDouble functions did not take into account endianness of the processor
        BUGFIX: idapython: idaapi.NO_PROCESS was not defined, and was causing GetProcessPid() to fail
        BUGFIX: IDAPython: insert escape characters to string parameter when call Eval()
        BUGFIX: IDAPython: idc.SaveFile/savefile were always overwriting an existing file instead of writing only the new data
        BUGFIX: IDAPython: PluginForm.Close() wasn't passing its arguments to the delegate function, resulting in an error.
        BUGFIX: IDC: FUNCATTR_OWNER and FUNCATTR_REFQTY were not usable with GetFunctionAttr
        BUGFIX: IDC: setting condition using Breakpoint class didn't work
        BUGFIX: In case a different process has an exclusive lock on a file (and thus IDA cannot open it for reading), "File > Load file > Additional binary file" would silently fail.
        BUGFIX: it was impossible to edit very long type definitions because the buffer was limited to 10KBytes
        BUGFIX: it was impossible to use Windbg for instant kernel debugging (without an existing idb file)
        BUGFIX: MACHO: Objective-C metadata parser could not handle some incompletely specified types
        BUGFIX: MIPS: cross-references from 'jalx' instructions were marked as jumps instead of calls
        BUGFIX: network-related settings that were used for instant debugging were not handled correctly; (- the default settings were used instead of the ones specified for the current session - the default settings were not displayed in the instant debugging related dialogs but the settings used the last time)
        BUGFIX: on Windows it was impossible to import some Python modules (for example, 'import zmq' would fail)
        BUGFIX: opening idb file created from a windows dump file would automatically launch windbg; this could lead to unauthorized code execution
        BUGFIX: pc module would mark 'lea reg, [esp+N]' in the gcc stack alignment code as a prolog instruction; in fact the value of 'reg' may be used in the function body so it should not be marked
        BUGFIX: PC: code cross references from indirect jump instructions to external symbols were sometimes missing
        BUGFIX: PC: Could INTERR in case some type names were unreasonably long.
        BUGFIX: PC: could interr on invalid floating-point instructions
        BUGFIX: PC: epilog analysis could erroneously mark too many instructions as epilog instructions, leading to bad decompilation results
        BUGFIX: PC: epilog analysis could mark wrong instructions as belonging to the epilog
        BUGFIX: PC: IDA could interr when applying a function prototype with an array argument
        BUGFIX: PC: recognition of GCC-generated stack aligment prolog was broken and could interfere with the stack pointer analysis
        BUGFIX: PC: some SSE instructions were decoded incorrectly if extra prefixes were present (e.g. both F2 and 66)
        BUGFIX: PDB: msdia90.dll can crash on bogus data in the debug directory; added a workaround
        BUGFIX: pdb: on rare occasions a wrong type could be created that would cause an internal error
        BUGFIX: PDB: Use *.pdb file name instead of input file name in error and warning messages and dialogs during pdb loading
        BUGFIX: PDB: variadic functions (printf, ...) wouldn't have their function type set properly.
        BUGFIX: PDB: when using "browse for pdb" option, names from the PDB were not applied
        BUGFIX: PE: relocation IMAGE_REL_BASED_ARM_MOV32T was not handled correctly
        BUGFIX: PIN: auto-launching PIN on Windows could fail with "CreateProcess failed: The directory name is invalid."
        BUGFIX: PIN: IDA could fail to connect to PIN running under XP
        BUGFIX: PIN: IDA crash when trying to set "Autolaunch PIN" field in PIN debugger specific options on OS X
        BUGFIX: PIN: PIN options dialog could not be opened in the text mode IDA
        BUGFIX: PIN: the error message about the connection failure was wrong
        BUGFIX: remote appcall for void functions would fail
        BUGFIX: SDK: append_name() could create a wrong type string (with too long name)
        BUGFIX: SDK: calling del_struct(some_func_frame) would cause IDA to exit and with an error message; now it simply returns failure
        BUGFIX: SDK: execute_sync() could skip some requests and process them only when called again later
        BUGFIX: SDK: fixed description of the idb_event::struc_cmt_changed notification ('repeatable_cmt' argument was not documented)
        BUGFIX: SDK: get_enum_type_base() was broken
        BUGFIX: SDK: get_min_spd_ea() could erroneously return BADADDR
        BUGFIX: SDK: next_unknown() would work incorrectly if called with the address inside of the last element when sparse storage was used
        BUGFIX: SDK: qexit() could deadlock if called from non-main thread
        BUGFIX: SDK: register_timer() did not work when called from non-main thread in GUI version.
        BUGFIX: SDK: removal of an IDC function could cause incorrect behaviour of other functions
        BUGFIX: SDK: set_purged() was not reanalyzing all involved call instructions in some cases
        BUGFIX: SDK: ui_set_nav_colorizer was broken
        BUGFIX: SDK: when using choose3() function, the getl() callback was being called before initializer() under Qt UI.
        BUGFIX: some bookmarks could become inaccessible after deleting other bookmarks
        BUGFIX: srcdbg: IDA could crash trying to display a source view after suspending the debugged application because of a source code debugging event
        BUGFIX: srcdbg: IDA could crash with a stack overflow when trying to display nested recursing structures in the Locals view
        BUGFIX: srcdbg: watchview could fail to display some types if a member failed printing because of excessive size.
        BUGFIX: strings from database could be interpreted as IDC expressions when showing hints, leading to possible malicious script execution
        BUGFIX: Support for R_386_TLS_DTPOFF32 relocation.
        BUGFIX: The ELF loader would fail loading an ET_REL file with no sections, even though those are sometimes used as containers for actual programs.
        BUGFIX: UI: "List cross-references from..." was not always shown in the context menu even if the current address had xrefs
        BUGFIX: UI: ask before overwriting exported script file
        BUGFIX: UI: both lowercase and uppercase variants of the same letter could be used as hotkeys in the debugger menu
        BUGFIX: UI: Canceling of "IDA is going to copy data from the debugged process to the database...." dialog (Take memory snapshot command) did not work.
        BUGFIX: UI: chooser headers height could be too small for some letters
        BUGFIX: UI: clicking to the right of disassembly line in IDA View could produce a small invisible selection. If using search after that, no hits would be found.
        BUGFIX: UI: disassembly view could scroll to the right when opening other views
        BUGFIX: UI: Enable renaming of any structure (even if its name contains bad characters)
        BUGFIX: UI: Fix HexView text rendering issues with selection
        BUGFIX: UI: Fix incorrect "Tracing" ending of window title during debugging
        BUGFIX: UI: fix selection of several items in choosers using Shift + arrow keys
        BUGFIX: UI: IDA could crash after deactivating the struct/enum view
        BUGFIX: UI: IDA could crash if two dock widgets were packed together in 1 tab, and that tab was closed by clicking the 'x' button.
        BUGFIX: UI: IDA could hang trying to delete multiple structures/enums if the very first struct/enum was being deleted too
        BUGFIX: UI: IDA could hang trying to display a hint
        BUGFIX: UI: IDA would crash if trying to "Add breakpoint" from the context menu of an empty stack backtrace
        BUGFIX: UI: imported script was not saved in Script snippets dialog if it was not edited
        BUGFIX: UI: it was not possible to convert a structure field to float.
        BUGFIX: UI: it was not possible to go back using Esc in Hex View
        BUGFIX: UI: it was not possible to output strings that start with '@' into the Output window (using msg(), Message() and similar functions)
        BUGFIX: UI: main IDA window title was not updated when tracing is toggled
        BUGFIX: UI: non-English text in hints could be corrupted
        BUGFIX: UI: pop-up menus with items longer than screen size would expand the menu to the whole screen; now they're truncated
        BUGFIX: UI: Under certain circumstances, when the debugger's registers window was being shown, it could be empty.
        BUGFIX: UI: when converting a selection to code, IDA would try to undefine existing instructions even if the user chose "Analyze".
        BUGFIX: UI: when editing segment boundaries, check that the new range intersects the old
        BUGFIX: UI: When in multi-monitor mode on Linux and a monitor is placed above another, hints that should be displayed in the same monitor as IDA's window could end up showing on another monitor.
        BUGFIX: UI: when quick filters are used together with common filters, always filter out results which do not match the quick filter
        BUGFIX: UI: wrong actions could be triggered when using keyboard shortcuts in the "Execute script" window
        BUGFIX: V850: autoanalysis could enter an endless loop if a function was immediately preceded by a JR instruction
        BUGFIX: when adding a segment at the start of an existing one, all information from the existing segment was being deleted
        BUGFIX: When creating a custom viewer from IDAPython, and then quitting IDA, IDA could hang.
        BUGFIX: When debugging 64-bit applications (through, e.g., windbg), the "Function callers:" window wouldn't properly let users jump to call sites by double-clicking.
        BUGFIX: when importing union types from the 'local types' to the 'structure view', the union field types were set incorrectly
        BUGFIX: When saving & then restoring a desktop with more than 1 disassembly view, all views except the first will have a weird margin size.
        BUGFIX: win32 debugger: page breakpoints with UPX-compressed programs could work incorrectly
        BUGFIX: win32 debugger: with DEP disabled, execute-only page breakpoints could incorrectly trigger on reads or writes
        BUGFIX: windbg: fixed interr 30143 that could occur when page breakpoints were used while debugging a multithread application
        BUGFIX: windbg: if the process exited during an appcall, IDA would crash
        BUGFIX: windbg: the main thread could be listed twice in the thread list for windbg in kernel mode
        BUGFIX: xrefs to forced zero offset struct members were not created

Fixes published on 2014-01-16
    BUGFIX: Added support for bitfields within unions (in real world there are applications using them)
    BUGFIX: ARM: some functions (e.g. some implementations of __gnu_mcount_nc) could be misdetected as no-returning
    BUGFIX: Better handling of boundaries in flat renderer view: pressing pageUp/pageDown when window is at beginning/end of disassembly but cursor isn't, will properly move cursor at the right place.
    BUGFIX: COFF: section addresses could be over-aligned when loading some PowerPC COFF/XCOFF files (e.g. for AIX), leading to incorrect addresses in some cases
    BUGFIX: Do not print "Error" for forward declarations of types (it confuses some users)
    BUGFIX: DWARF could fail on some ICCARM-generated files, because of multiple definitions of the same typedef, ending up in the graph at the same time.
    BUGFIX: DWARF plugin didn't properly handle ICC-style, based-at-start-of-file DW_AT_FORM_ref_addr references.
    BUGFIX: DWARF plugin was computing bitfield members offsets wrong for MSB architectures.
    BUGFIX: Enable dragging of nodes in proximity view.
    BUGFIX: Fixed crashes on some versions of OSX, when creating decompiler view.
    BUGFIX: fixed a buffer overflow in mach-o loader
    BUGFIX: Fixed crash in breakpoint list if "Move to group" is called when no breakpoints are selected.
    BUGFIX: Fixed exporting of breakpoints with complex conditions
    BUGFIX: Fixed IDA crash on calling "Run to cursor" from popup menu from non-debug desktop
    BUGFIX: generating DIF file in IDA64 produced bad output
    BUGFIX: IDA could crash computing the highlight length
    BUGFIX: IDA could crash when deleting a huge amount of database entries (e.g. executing 'Extract function')
    BUGFIX: IDA would never show "collapse parents" in proximity view.
    BUGFIX: IDA wouldn't display, in the 'Use standard symbolic constant', enum values that have bit 31 set to 1.
    BUGFIX: idaapi.add_hotkey() was broken.
    BUGFIX: IDAPython, when used as primary expressions evaluator, would be in a bad state after any failed evaluation.
    BUGFIX: IDAPython: idaapi.get_next_serial_enum_member was broken
    BUGFIX: IDAPython: strpath_t was not properly exposing its IDs.
    BUGFIX: it was impossible to attach to 64-bit processes on mac (process list was wrong because sizeof(kinfo_proc) was wrong)
    BUGFIX: It was impossible to click, or select past the last character in graph view.
    BUGFIX: MACHO: garbage in Objective-C metadata could crash IDA
    BUGFIX: MACHO: some local relocations in x64 files were processed incorrectly, and the offsets were displayed as expressions instead of just the destination address
    BUGFIX: mfc42* related ids files were wrong in ids/
    BUGFIX: navigation band could be empty after loading a file in some cases
    BUGFIX: repeating 'sync type to database' multiple times could spoil the struct definition
    BUGFIX: Structure offsets in IMUL instruction were not displayed correctly
    BUGFIX: SuperH: the selected device setting was not used on reopening the database
    BUGFIX: There was wrong "typedef" keyword in the declaration of forward declarations for undefined types
    BUGFIX: tinfo_t::get_size() was returning 0 for forward declarations of (yet) undefined types (the correct answer is BADSIZE)
    BUGFIX: ui/qt: Escape strings in 'Strings window', so they don't span on multiple lines.
    BUGFIX: ui/qt: In "Local Types" window, "Map to another type..." would always propose an empty chooser.
    BUGFIX: ui/qt: Navigation through scrollbar was completely broken.
    BUGFIX: ui/qt: Some actions were becoming unavailable after visiting the "Stack frame" window.
    BUGFIX: UI: IDA was crashing while trying to show a hint in Structures view if the number of hint lines was set to 0
    BUGFIX: UI: some actions selected from the context menu's submenus (such as "Use standard symbolic constant") were performed twice
    BUGFIX: UI: when attaching to a debugger directly after starting IDA (without creating a database first), the navigation bar was not displayed
    BUGFIX: XA: operands of 'fjmp' and 'fcall' instructions were printed without the segment part, if the destination address was not present in database
    BUGFIX: XA51: fixed disassembling of JZ/JNZ and some MOV instructions


Artikel Lainnya

[Fans Page]

PageRank Checking Icon Protected by Copyscape Web Plagiarism Detection Direktori WeBlog Indonesia
eXTReMe Tracker

My Follower

Black Khonel. Diberdayakan oleh Blogger.

[ Most Recent Posting ]