IDA Pro/Teams 9.0 (240807) Beta with SDK and Utilities | 1.9 Gb
The Hex-Rays Team has released IDA Pro/Teams 9.0 (240807) Beta is a renowned software program utilized for reverse engineering binary code. As a disassembler and debugger, it enables users to delve into the intricate details of executable files, including executables, shared libraries, object files, and firmware. With its support for diverse processor architectures and file formats, IDA Pro proves to be a versatile tool for code analysis across various platforms. Issues fixed in IDA 9.0 beta 2 IDA Home: cloud decompilers unusable
Replaced every reference to ida.key into ida.hexlic
IDA Linux installer creates a weird directory in the installers's directory
IDA Home: missing IDA Pyton module "ida_mergemod"
missing style dylib on macOS
decompilers: crash on navigation into non-decompilable function
asmtil: interr 918 + crash on filtering a large list of types
idapython: idc.get_ordinal_qty() not usable
added wasm loader and processor module
Known issues for IDA 9.0 beta 1
IDA Teams server (vault) not yet available
IDA floating license server (licsrv) not yet available
Dialogs text in Linux installer not readable on Ubuntu with dark theme active
Linux installer creates empty directory named `***unknown variable uninstallerdirectory***`
iOS18 DSC objc analysis lacking out-of-box (__OBJC_RO has to be loaded manually for now)
IDA can crash on x64 macOS at file load time
Headless processing with IDAlib
With IDAlib, both the C++ and Python APIs can be used from outside IDA to form standalone applications. The resulting program or script doesn't have to be loaded inside IDA, but rather IDA engine is invoked from inside your application.
This makes developing against the IDA API much easier - if configured correctly, you get auto-completion and debugging in your favorite C++/Python IDE
NO RCP or IPC to an external IDA process means you get native speed of execution
WASM Disassembler and File Format Loader
With many apps shifting to client-side browser applications we saw the need of a new disassembler for Web Assembly (WASM).
WASM code is embedded into its own binary file format. Hence we also ship a file loader that decodes the WASM file format
nanoMIPS Disassembler and Decompiler + md1rom Loader
Both the MIPS disassembler and decompiler got added support for nanoMIPS instructions. The nanoMIPS support is included in the classic MIPS (HEXMIPS) decompiler, so there is no need to purchase an extra license.
Firmware compiled for nanoMIPS often ships in md1rom format, which is why we added an md1rom file loader to IDA (which includes parsing and applying of debug symbols, if available)
New RISC-V Decompiler and Disassembler Extensions
New decompilers targeting 32- and 64-bit RISC-V code (HEXRV and HEXRV64) are now available.
We extended the RISC-V processor module to support T-Head extension instructions (used in Xuantie and Allwinner processors)
C++ Exceptions Support in the Decompiler
The decompiler can now emit try / catch blocks. As the first step, we implemented support for the C++ exception scheme in binaries compiled for x64 using Microsoft VC++
IDAPython Improvements
Most IDAPython APIs now have type annotations, making the API less obstructive to use.
Python virtual environments are now supported - simply point $PATH to the directory containing the interpreter inside the virtual environment (done automatically by the activation script).
Objects returned in the Python API are properly zero-initialized.
Auto-completion in IDA's CLI now disregards __magic_methods__ and auto-generated SWIG methods, which reduces noise and helps finding a particular function easier.
FLIRT Updates
We massively updated, modernized and extended the number of FLIRT signatures available for use with IDA. As of this release, we provide (and plan to maintain) signatures for the following operating systems, languages, architectures, and software packages:
Golang:
Versions: stable versions from 1.10.0 to 1.22.5 and unstable version 1.23.0-rc1/1.23.0-rc2
Windows: x86, x64, arm, arm64
Linux: i386, amd64, arm, arm64
Darwin: amd64, arm64
C/C++
Windows (MSVC):
Architectures: arm, arm64, i386, amd64
Packages: ATL, CTL, MFC, Windows SDK 10, Windows SDK 11
Linux:
Distribution: Ubuntu & Debian
Architectures: i386, amd64, arm64, armhf, armel, arm, s390x, mips64el, mipsel, mips, ppc64el
Packages: libc6, libselinux1, libpcre2, libidn2, libssl, zlib1g, lib32z1, libunistring, libcurl4-gnutls, libcurl4-nss, libcurl4-openssl, libnghttp2, libidn2, librtmp, libssh, libssh-gcrypt, libpsl, libldap, libzstd, libbrotli, libgnutls28, nettle, libgmp, comerr, libsasl2, libbrotli, libtasn1-6, libkeyutils, libffi, uuid, libprotobuf, heimdal-multidev, musl, libplib, libsdl1.2-bundle (libsdl-console, libsdl-sge, libsdl1.2, libsdl-ocaml, libsdl-image1.2, libsdl-kitchensink, libsdl-mixer1.2, libsdl-net1.2, libsdl-sound1.2, libsdl-ttf2.0, libsdl1.2-compat, libsdl-gfx1.2, libsdl-pango), libsdl2-bundle (libsdl2, libsdl2-gfx, libsdl2-image, libsdl2-mixer, libsdl2-net, libsdl2-ttf)
The extra signatures are initially available as separate download
Metadata Descriptors for Plugins
ida-plugin.json now offers a standardized entrypoint for plugins. This enables plugin authors to follow their own plugin directory structure, all they need to do is point IDA to the main plugin entry point. To maintain backward compatibility, IDA will keep loading plugins in the pre-9.0 way for a couple of releases.
With the following directory structure:
plugins
└── ida_greeter
├── ida-plugin.json
└── main.py
A possible ida-plugin.json could look as follows:
{
"plugin" :
{
"name" : "greeter",
"entryPoint" : "main.py"
}
}
No more IDA32
We deprecated IDA32 a few versions ago. With IDA 9.0, we’re unifying the IDA binaries targeting 32 or 64 bit code into just one IDA64 binary. This means:
Number of installed files is cut in half
Easier life for native plugin maintainers since only one version (__EA64__) needs to be maintained.
Conversion of IDB files to I64 file format is transparently and automatically performed by IDA64.
UI Improvements
The legacy Enums and Structures views are removed entirely and replaced by Local Types. This also means that struct.hpp and enum.hpp and their counterparts ida_struct and ida_enum disappear from the API. Replacement functionality for both headers/modules is now located (mostly) in typeinf.hpp / ida_typeinf. A porting guide will be available for the release.
The function prototype editor (aka y shortcut on a function name) now can toggle between the classic free-text one-line editor and a new multi-line editor featuring the usual shortcuts and controls. By the same time, we added basic support for UI-based editing of argument locations, to make prototype syntax less of a hassle to remember.
It is now possible to specify fixed size for structures and to enable field packing easily
A refreshed set of shortcuts which better matches the modern OS conventions can now be selected instead of the traditional shortcuts
Full list of changes and new features
Processor modules
ARM: improve detection of targets of indirect jump instructions
ARM: improved prolog analysis to recognize and mark calls to chkstk_darwin
AVR: update missing bit definitions for ATmega640
MIPS: support for NanoMIPS instruction set
RISCV: added support for legacy instruction sfence.vm
RISCV: added support for T-Head custom instructions
wasm: new processor module (Web Assembly)
File formats
ELF: added support for nanoMIPS
ELF: ARM64: added support for R_AARCH64_P32_TLS_TPREL relocation type, used by ILP32
md1img: loader for Mediatek modem firmware images (nanoMIPS and MIPS16e2)
MACHO: support __chain_starts format 5 (DYLD_CHAINED_PTR_32_FIRMWARE)
FLIRT / TILS / IDS
FLAIR: PCF: added support for ARM64 COFF files
pelf: proper handling of ELF32 for AArch64 (ILP32)
Standard plugins
eh_parse: skip leading and trailing zero entries in x64 .pdata for PE files (real binaries have them); improve recognition of exception dispatcher functions in debug builds
eh_parse: x64 exception handlers are standalone functions and not function chunks
eh34: new plugin to handle c++ exceptions for the binaries built by msvc x64
pdb: added an option to only load names (useful with large PDBs when you don't need types)
Kernel/Misc
goodname.cfg: improve simplification of MSVC STL classes
kernel: support for ida-plugin.json
kernel: improved strlit detection (short ones were converted to data items)
noret.cfg: added terminate, std_terminate to the list of non-returning functions
installer: macOS: install all contents into a single .app bundle
licensing: replaced FlexNet licensing server by custom Hex-Rays licensing server (floating licenses only)
Scripting & SDK
IDAPython: added find_binary and find_string
IDAPython: added detection of virtual environments (venv)
IDAPython: Added more pointer wrappers for integer types defined in pro.h
IDAPython: idapyswitch can now be used with read-only IDA installations
IDAPython: Removed __magic_methods__ from CLI auto completion
IDAPython: zero-initialize C++ objects exposed in the Python API
IDAPython: loader_input_t.read() should return an empty bytes object upon read error, not None
SDK: Add Visual Studio templates for plugins and loaders
SDK: added FUNC_UNWIND/FUNC_CATCH function flags to mark exception handlers, they will be ignored in decompilation
SDK: added pipe_process() to launch a process and establish a 2-way communication with it
SDK: added qlist::splice()
SDK: moved node_ordering_t to gdl.hpp
SDK: published basic undo interface (create undo point, undo, redo)
SDK: renamed abstract_graph_t -> drawable_graph_t; mutable_graph_t -> interactive_graph_t
UI
UI: added an option to retain structure size (Fixed size structs)
UI: Added "pack fields" checkbox to control gaps between fields for structs
UI: command palette: fix wrong reports about "command failed"
UI: hadle export/import of Local types to IDC is in a more flexible way. User is able to select the different policies, for example: load the types and skip the equal.
UI: if IDA already has a file open, "Open" opens a file in a new IDA instance
UI: it is now possible to inspect the contents of base type libraries, by double-clicking on them in the "Type libraries" view
UI: new shortcut set better aligned with modern OS conventions
UI: got rid of "Structs" and "Enums" widgets
UI: new shortcuts: Alt- (and CMD-) to jump to a window
Decompilers
decompiler: riscv: added RV32 and RV64 decompilers
decompiler: added try/catch ctree statement
decompiler: improved detection of variadic arg types
decompiler: introduced a new event: hxe_inlining_func
decompiler: published a few graph algorthims (pre/port ordering and dominator calculation)
decompiler: published the control_graph_t class; made it possible for third-party plugins to perform structural analysis
decompiler: arm: added support for VSEL insn (ARMv8-M)
decompiler: impoved structure copy recognition
decompiler: improved cfunc_t cache by introducing "saved_to_idb"; otherwise we were saving all decompiled functions upon each "save_database", again and again
decompiler: improved constant representation in comparisons with binary operators
decompiler: improved hexrays history to support c++ exception handlers
decompiler: improved the error message about the missing license: tell the user what license is missing
decompiler: mips: added support for movtz and movtn (MIPS16e2)
Bugfixes
BUGFIX: ARM: analysis speed could be slow on large 32-bit firmware binaries
BUGFIX: ARM: fixed endless loop which could happen when analysing function chunk before main function entry
BUGFIX: ARM: stop decoding undefined MOV Wx, #imm variants (imm not fitting in 32 bits)
BUGFIX: cvt64: converting an old .idb to .i64 would fail if its path contained a space
BUGFIX: debugger: win32_remote.exe was unnecessarily requiring an API instroduced in Windows Vista and would not run on XP anymore
BUGFIX: decompiler: expressions with variable sized structures could be mishandled
BUGFIX: decompiler: IDA could complain "Could not find a matching license for product" when multiple decompilers were installed
BUGFIX: decompiler: internal errors triggered by UI-related code (e.g. generaing tooltips) could result in "Unknown C++ exception" fatal error
BUGFIX: decompiler: pressing F5 was not refreshing the pseudocode window in some cases; we were discarding the decompilation result
BUGFIX: decompiler: value range optimization could lead to code being wrongly removed
BUGFIX: DSCU: a GAP spanning multiple subcache files would fail to load
BUGFIX: kernel: IDA on Linux had an unnecessary hard dependency on libsecret and would refuse to run without it.
BUGFIX: navigating to a global name which matched a known type name would fail
BUGFIX: objc: NS*Block reference detection error would end up creating incoherent block structures over unrelated data
BUGFIX: PC: alloca_probe / chkstk_ms does not modify rsp or rax in x64 code, unlike x86
BUGFIX: PC: REX prefix could be incorrectly applied to 32-bit instructions
BUGFIX: PC: vmovw instruction was decoded as if using 16-bit registers (it actually uses 32-bit ones)
BUGFIX: PDB: inporting types from some large PDBs would fail with "the maximum recursion level was reached"
BUGFIX: RISCV: fence.i instruction was not decoded
BUGFIX: SDK: fixed a debug/opt build incompatibility in reg_finder_t (std::map member)
BUGFIX: SDK: set_all_bits() and clear_all_bits() would behave wrong on bitmaps with size not a multiple of 8
BUGFIX: sometimes information about newly created range-like entities (segments/functions/…) could be lost during UNDO
BUGFIX: tinfo: xrefs to a deleted enum were not removed
BUGFIX: UI: large amounts of lines in the "Output" window could cause slowdowns
BUGFIX: UI: when using COLOR_INV color code (e.g. in a custom viewer), IDA would use default color for the text instead of the previous background color
IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). Advanced techniques have been implemented into IDA Pro so that it can generate assembly language source code from machine-executable code and make this complex code more human-readable.The unique Hex-Rays Decompiler, which has been developed in response to the need of hundreds of IDA users, is the fruit of more than ten years of proprietary research. Thanks to the speed and scalability of its core algorithms, Hex-Rays does not merely break new ground in the well known C/C++ decompilation problem: it lays foundations for future developments in the field of binary analysis. Hex-Rays SA also expands the power and flexibility of its decompiler through the addition of several new algorithms and by offering an SDK as part of its package. Reverse Engineering Tutorial with IDA Pro Founded in 2005, privately held, Belgium based, Hex-Rays SA focuses on the development of fast, stable, and robust binary analysis tools for the IT security market. Its world-renowned product IDA Pro is the premier product for software disassembly. Hex-Rays has also released the Hex-Rays Decompiler plugin for IDA Pro, which dramatically increases the productivity of IT security researchers involved in the analysis of real world C/C++ binaries. Owner: Hex-Rays SAProduct Name: IDA Pro/TeamsVersion: 9.0 (240807) Beta with SDK and UtilitiesSupported Architectures: x64Website Home Page : https://hex-rays.com/Languages Supported: englishSystem Requirements: Windows *Size: 1.9 Gb本部分内容设定了隐藏,需要回复后才能看到
微博帐号登录