You are on page 1of 6

IDA Pro 5.

0 (March 2006)
Major features
Introduction of a graph based used interface. The text interface remains instantly available.
IDA Pro 5.0 news file 1
Processor Specific Enhancements
ARM: improved distinction of code and data: conditional instructions do not start a new
function.
ARM: IDA nows that a function call destroys R!.
ARM: IDA nows that only "#$ A% reverts halves of double data items& for other
assemblers the double number format conforms the standard 'I((().
ARM: IDA tries to find out the base register of the stac variables by looing for *mov r#+
%,* instructions.
ARM: M-. R/0+ %, is recogni1ed as the beginning of a code se2uence.
ARM: new target assembler: ARM3Thumb Macro Assembler.
ARM: slightly better 4ump table recognition.
JAVA: complete rewrite of the Java module to support the new JDK 1.5 (or Java5.0)
,5: added support for the newly documented *cmpxchg/6b* instruction.
,5: improved function analysis.
,5: better test of instruction sanity.
,5: ins instruction was always displayed in the long form.
,5: more careful approach to 4ump table xref construction.
,5: previously undocumented form of the *test* instruction is recogni1ed 'group 7modrm 3/)
,5: newer versions of %(89 prolog3epilog functions are recogni1ed
6:/0: the 85%/0 config file has been updated
;:!: has been replaced by a rewritten module
;:!s: has been replaced by a rewritten module
File Formats
(<=: added support for %,AR5 unaligned relocation types.
(<=: relocations in .gnu.conflict section are ignored since this section is not loaded by
default.
5-==: M56:>: support for R9,5R0? relocation type has been added 'used in ,alm-%).
D@": ida does not create functions for data names.
more ,alm,ilot system trap codes are added.
if the input file is corrupted+ IDA displays an error message without exiting to the -%.
Kernel Enhancements
DD>0!!7 type library files have been updated& wnet3windows.h types have been added.
=low charts of processors with delayed 4ump slots are generated correctly 'this feature
re2uires support from the processor module).
a regular function is created instead of a function tail if it maes sense.
IDA Pro 5.0 news file 2
analysis: the rule which creates functions because of a dref has been improved.
better use of fixup information during the final pass of the analysis.
=<AIR: 5odeAarrior library files for 6:/0 are supported 'since the file format is
undocumented+ there might be problems).
IDA does not automatically assign a type to local names because it rarely maes sense
recognition of function pointer tables has been improved.
turning off the solid border lines turns off %$@R-$TI#( lines too.
a full path is accepted in ida.cfg:"RA,89.I%$A<IB(R.
minor improvement of switch table construction 'if a 4ump table crossed through segment
boundaries+ IDA would fail to create it)
sinature files have !een updated or added: "orland Developer #tudio $% &icrosoft
Visual ' runtime version ( (.net) )*+!it and $,+!it li!raries% &icrosoft &-' $,+!it%
&icrosoft Active .emplate /i!rar0 $,+!it.
the MDC of the input file is saved in the database.
IDC & SDK
ID5: renimp.idc: is a new script that renames import table entries.
ID5: the %etType') function can be used to delete the existing type assigned to an address.
ID5: %et%egmentAttr') accepts %("ATTR9@IT#(%% attribute and changes the segment
bitness without reanaly1ing it.
%D>: calc9bare9name') has been improved to handle 99imp9 and cDD mangled names.
%D>: guess9func9type') taes into account the number of purged bytes from the stac: if
the tail parameters were not used by the function and therefore were not created by IDA+ we
still create dummy arguments for the in the function type.
%D>+ ID5: del9segm') accepts a combination of bits as the second parameter.
%D>: added a flag to flow9chart9t to avoid computing external blocs.
%D>: added processor9t::gen9asm9or9lst to customi1e asm or lst file generation.
%D>: added processor9t::is9insn9table94ump to determine if an instruction is really a table
4ump or call.
%D>: added %D<98ID(TE,( bit for segments F it is used to hide the segment type from
the disassembly listing.
%D>: added ui9create9tform and other callbacs to manipulate MDI child windows from
plugin.
%D>: analy1e9area') function can be applied to debugger segments as well& before it was
sipping them.
#DK: an A12 to wor3 with raph viewer is added. #ee the sample pluin uraph
%D>: areacb9t::for9all9areas') function to enumerate all areas in the specified range.
%D>: autoIs-') would return false for old database when called from ph.oldfile
%D>: callbac out9src9file9lnnum to generate source file name and line number directives.
IDA Pro 5.0 news file 3
%D>: if inf.lowoff GG @ADADDR+ no operand will be considered as *void* operand.
%D>: if #amecharsHI is empty+ all characters are enabled in names.
%D>: if public or wea eywords are defined as empty strings+ then IDA does not display
the corresponding directives.
%D>: introduced new event processor9t::auto9empty9finally to handle the end of
autoanalysis for efficiently.
%D>: new function entab') to replace spaces by tabulations.
%D>: new function 2mae9full9path')
%D>: ph.get9autocmt notification to generate dynamic predefined comments for instruction.
%D>: new function get9compiler9name')
%D>: added 589M$<TI9(DIT bit for the list choosers.
%D>: added read9user9config9file') function.
%D>: loader9finished event has been added.
%D>: , new processor modules and their source code have !een donated !0 a 3ind 2DA
user: .oshi!a ./'#+400% 5oc3well ')4% 6#' '51$% 1anasonic &610*00
User Interface
"$I: the analysis indicator is refreshed at most /! times per second.
"$I: the eypad C scrolls the window to center the eyboard cursor.
"$I: the 5trlJ=3=7 hoteys search in the database notepad.
the input fields of most dialog boxes are remembered in the registry and database& database
settings have priority over registry settings& T(KT9%(AR5895A%(9%(#%ITI.( and
@I#9%(AR5895A%(9%(#%ITI.( are removed from the configuration files& added
R(%T-R(9$I9.AR% and $%(9I#I=I<( user interface config parameters.
it is possible to delete mared positions from the *4ump to mared position* dialog box.
$I: *search for all occurrences* flag wors in the selected area if there is any.
$I: *set type* command wors with a location in the middle of a function if the location
already has a type& otherwise it is applied to the whole function.
$I: the text version ass the permission to destroy the existing items if they prevent the
creation of another item specified by the user& the config file parameter is
A$T-9$#D(=I#(
wingraph70 related commands are now available for all platforms '<inux+ Aindows)
Debugger
debugger colors do not override item colors anymore.
debugger: start the application in its own directory by default if not instant debugging.
de!uer: de!uin is supported in raph mode.
IDA Pro 5.0 news file 4
Bug Fies
the Lfunction callsL window was not saved3restored in the destop configuration& its name in
the tab control was wrong 'had function names)
the Lincompatible main destop configL message has been removed& such destops are now
silently ignored.
the 6?Jbit debugger did not understand register names in idc expressions
a corrupted database with J/ as the assembler type could crash IDA
if turned off the analysis indicator in the options dialog box would read *idle* instead of
being empty.
analysis could loop infinitely on some files.
clicing 5lose in the tasbar at the the startup screen or welcome dialog could crash IDA
closing the *function calls* window would not delete the corresponding menu item in
Aindows men.
corrupted D@" files could crash IDA.
debugger: terminating multithreaded applications re2uired several attempts.
8TM< files generated from an automated ID5 script always had a blac bacground.
IDA could display a message asing the permission to delete debug segments and later fail
because the answer came too late.
if IDA had been installed in a 5:M,rogram =iles subdirectory+ launching wingraph70 could
lead to the execution of c:Mprogram.exe 'if present)
in 6?Jbit mode IDA could display an instruction with a floating point register fp':) or higher
in M% D-% 5-M files it was impossible to use offsets based on the beginning of the first
segment
it was impossible to run an ID5 script using the script toolbar if there was no open database
NA.A: it was impossible to use ID5 in the graphical version.
memory hex dump files without the address column were loaded incorrectly.
pfn pointer could become stale during function chun enumeration leading to wrong flow
charts.
R(K prefix should not modify A< register in most AMD6? instructions.
the *print flags* command was not correctly displaying national characters in the comments.
the analysis could infinitely loop on garbage bytes looing as legitimate code.
the analysis pointer in the navigation band stayed visible even after end of the analysis 'until
the first refresh).
IDA could crash if the input file could not be opened 'bloced by an antivirus+ for example)
the *rename register* command would an cause *internal error* if the old register name was
empty.
the help page about maximal address space was missing from the help file.
A problem in the database naming logic after an unclosed debugging session was fixed.
IDA Pro 5.0 news file 5
the 6?Jbit text version was displaying 1eroes in the autoanalysis indicator 'in fact+ the upper
part of the address). %witched to the low part since it gives more information
Contact Information
O 0!!6 DataRescue %A3#.
?! @lvd ,iercot
?!!! <iPge
@elgium
t J D70J?J7??6C/!
f J D70J?J7??6C/?
infoQdatarescue.com
IDA Pro 5.0 news file 6