Ida Pro 7.0 + All Decompilers Full Leak-Pass

Aici puteti posta software nou dezvoltat de dumneavoastra.
Software news and new software launch.

Ida Pro 7.0 + All Decompilers Full Leak-Pass

Post Number:#1  Postby sEby » 07 Oct 2017 23:15

Code: Select all
Welcome to IDA 7.0!

    The biggest news is that IDA is a native 64-bit application! First of all it means that now it can eat all memory of your computer and thrash it :) But jokes aside, switching to 64-bit aligns IDA with other modern software and makes it more compatible with the rest of the world. For example, IDAPython integration will be easier and more streamlined because many operating systems nowadays come with the 64-bit Python preinstalled (32-bit Python won't work anymore).

    Second, we took this change as an opportunity (since old 32-bit plugins won't work with 64-bit IDA anyway) to clean up the IDA API, make it more consistent and less confusing. If we failed or succeeded is to be seen, but we ourselves like the new API much more. The fundamental concepts remain the same and IDA did not lose any bit of its functionality during the cleanup. We minutely tested all changes and ensured that all our tests continue to pass as before or better. We also tried to make our 3 APIs: C++, Python, and IDC, to be closer to each other. Function names and their functionality are the same in most cases, but we tried to stay pythonic in Python and C++-ish in the C++ interface. Since the changes are huge and it is easy to lose your way, we prepared a Porting guide from the IDA 4.9-6.x API to the IDA 7.0 API which explains what has changed and how. We hope that it will greatly help you when porting your plugins to the new 7.0 API.

    For Python and IDC we implemented a compatibility layer that will help you with your scripts. Most of them should run fine on 7.0 with very minor or no changes. We plan to turn off the compatibility layer in the next release, so please dedicate some of your time to port your scripts to run without it. See the IDA 7.0: IDAPython backward-compatibility with 6.95 APIs page for more info.

    To make the transition even smoother, we are also publishing a 32-bit version of IDA. It can (and should) be only used to run old 32-bit plugins while you are porting them to 64-bit. The 32-bit version of IDA can read v7 databases but it lacks some very nice new features. Let us introduce them now.

    Now IDA is a truly international application that can speak all languages of the world because it uses UTF-8 everywhere. All scripts and plugins can use it. You can use UTF-8 in the disassembly listing, including comments or even the function names. This is not what we advise, therefore odd characters in names require some fine tuning. See the IDA 7.0: Automatic discovery of string literals during auto-analysis page for all the gory details.

    By the way, the existing databases will have to be upgraded to benefit from the UTF-8 encoding. We tried to make the upgrade process as simple as before but there is a catch: since old databases could use any encoding, IDA has to guess the old encoding on the fly. To learn how to help IDA with this error prone task, see the IDA 7.0: Internationalization page.

    IDA now parses and annotates exception handling information and RTTI. We plan to improve the decompiler and IDA to take advantage of this information in the future.

    We greatly improved Objective C support both in IDA and the Decompiler. Now the metadata can be parsed on demand, not only at the loading time. The decompiler produces much nicer output:

    We improved the OSX and iOS debuggers to handle OSX 10.13 and iOS 11. There are many changes under the hood but your experience should be the same as before or even better.

Complete changelist

    Processor Modules
        ARM: added one more pattern of thumb->arm transition
        ARM: arm64: use simplified aliases for UBFM/SBFM instructions when applicable
        ARM: handle vfp instructions: VMOV immediate, VCVTB, VCVTT, VCVT with a fixed point operand
        ARM: reduced complexity of the SP-analysis from quadratic to linear;
        ARM: added a fix for Thumb switches with full addresses
        ARM: added support of the new clang's switch pattern for arm64
        ARM: extended LDRB switch pattern
        ARM64: take into account instruction STP can load callee arguments into stack - add corresponding comments to such instructions
        MIPS: recover more cross-references from stripped statically-linked PIC ELF files
        MSP430: added simplification "movx @SP+, dst" -> "popx dst"
        PC: added decoding of Control-flow Enforcement extension
        PC: added decoding of newer AVX-512 extensions (4FMAPS, 4VNNIW, and VPOPCNTDQ)
        PC: added new switch pattern
        PC: decode PTWRITE instruction
        PC: decode VMFUNC instruction
        PC: detect more switch patterns from clang
        PC: improved epilog detection
        PC: improved prolog detection
        PC: improved stack frame analysis in x64 files
        PC: support another variation of x64 table-based switch with switch variable stored on the stack
        PPC: added missed extended mnemonics 'rotld'
        PPC: added new config flag PPC_ABI_EMBEDDED/ISA_EABI;
        PPC: added support of PowerPC64 ELF V2 ABI
        PPC: improved switch patterns;
        PPC: r13-based operands are printed using simplified @sda suffix
        SuperH: improved detection of functions when addresses are calculated with movi20s + add/sub
        SuperH: added register definitions for SH7256
        TMS320C3: improved stack tracing
        tricore: added TRICORE_DEVICE and TRICODE_IORESP config parameters so that they can be set from scripts
    File Formats
        DWARF: Store file/line number information in IDB (only if requested, since it comes with a performance penalty)
        ELF: added processing of many previously unsupported PPC64 relocations
        ELF: annotate headers (ELF, PHT, SHT) and convert more known data to structs (symtab, strtab, relocations, dynamic information)
        ELF: annotate preinit/init/fini function arrays
        ELF: convert all strtab entries to ascii strings (even the ones that are not referenced)
        ELF: describe DT_HASH and DT_GNU_HASH
        ELF: describe symbols using symtab from DYNAMIC section
        ELF: detect overlapping sections in SHT and prevent them from processing data (but still load them in the database)
        ELF: don't obliterate data when patching PLT
        ELF: don't skip processing relocations if symbol index is 0 (happens with IRELATIVE relocs)
        ELF: IDA now uses the PHT by default instead of the SHT to load segments from ELF files
        ELF: improved support for TLS variables in relocatable files
        ELF: load symbols using symtab from DYNAMIC section when .dynamic section yields no symbols
        ELF: PLT relocations for pc are now processed at relocation-application-time, instead of relying on the presence of a .plt section
        ELF: ppc: added new ida.cfg variable PPC_FIX_GNU_VLEADRELOC_BUG to work around binutils bug 20744
        ELF: process .ctors/.dtors sections for all architectures
        ELF: recognize PLT stub functions from R_386_GLOB_DAT relocations
        MACHO: support dyld_shared_cache files from OSX 10.13 and iOS 11
        MACHO: support dyld cache slide info v2. This should improve analysis for dyld_shared_cache files from iOS 10 and OSX 10.12
        MACHO: improved analysis of single modules within dyld_shared_cache files that have slide info
        MACHO: added an option to load for single module plus its dependencies for dyld cache
        MACHO: fixed incorrect resolution of Mach-O import table entries in files using both LC_DYLD_INFO_ONLY and LC_SYMTAB
        MACHO: improved speed of objc metadata parsing
        MACHO: support for apple-protected binaries from OSX versions < 10.6
        MACHO: support x64 macOS kernelcaches with ketxs relocated at runtime
        MACHO: added processing of the ARM64_RELOC_ADDEND relocation;
        MACHO: allow the user to override the ASLR slide for dyld_shared_cache files
        OBJC: added Objective-C Analysis Plugin; the plugin tries to create an xref between calls to objc_msgSend and the function that will ultimately be called by msgSend
        OBJC: perform Objective-C specific analysis on the decompiler output
        OBJC: implemented a "step into" action for Objective-C (Debugger>Run until message received)
        OBJC: allow user to jump to a method definition given a selector string (Jump>Jump by selector)
        OBJC/MACHO: IDA can now extract Objective-C type info via 'Load debug info' in the Modules view during debugging
        OBJC: now objc metadata can be parsed on demand, not just at load time
        OBJC: implement demangling of objective-C methods in Swift classes
        TDS: added support for executable with debug info appended to the end of the file
        PDB: added an explicit check for odd paths (e.g. UNC) of pdb files; if such a path is detected, we display one more warning to the user
        debugger: iOS: support debugging on iOS 11
        debugger: iOS: support source-level debugging in Remote iOS Debugger
        debugger: iOS: support Appcalls in Remote iOS Debugger
        debugger: iOS: added support for ARM(64) FPU/NEON registers
        debugger: iOS: identify regions of process memory in greater detail
        debugger: iOS: always allow the user to specify a pid when attaching to a process
        debugger: OSX: support debugging on OSX 10.13
        debugger: OSX: improved support for debugging system libs from /usr/lib and /System/Library/Frameworks (any libs included in the dyld_shared_cache)
        debugger: OSX: identify regions of process memory in greater detail
        debugger: remote mac debuggers are signed and don't have to be run as root
        debugger: BOCHS: added support for Bochs 2.6.9
        debugger: LINUX: added environment variable IDA_SKIP_SYMS to ignore the exported names from the main module
        debugger: LINUX: try to load separate debug info file for, if environment variable DEBUG_FILE_DIRECTORY is set
        debugger: GDB: added software breakpoint for powerpc
        debugger: GDB: added support for banked ARM register layouts
        debugger: GDB: added support for no-acknowledgment mode (QStartNoAckMode) for reliable connections (set by default; unset by changing the stub options)
        debugger: GDB: added support for uploading files to the server
        debugger: GDB: enable "run a program before starting debugging" option and "Choose a configuration" for all processors including x86/x64
        debugger: GDB: fetch processes list from gdbserver if supported
        debugger: GDB: fetch target description from gdb stub as early as possible (mimic GDB behavior)
        debugger: GDB: show the full path to be run if the user enabled "Run external program before debugging" before actually executing it
        debugger: PIN: added support for appcall
        debugger: debug servers can now be launched with '-kk' to specify that in case the connection between IDA & them is broken, the process should be terminated immediately
        ios_deploy: added "codesign" and "appify" phases
        ios_deploy: added "usbproxy" phase
        ios_deploy: added "launch" phase
        ios_deploy: added "kill" and "proclist" phases
        ios_deploy: added "install_ex" phase

pass: b8r2
User avatar
Progress to next rank:
Status: Offline
Posts: 1
Joined: 07 Oct 2017 22:08
Referred by: giv

Invitations sent: 0
Referrals: 0
Local time: 17 Jan 2018 14:02
Has thanked: 0 time
Been thanked: 0 time

Return to Lansari de software

Who is online

Users browsing this forum: No registered users and 15 guests