Hex-Rays logo State-of-the-art binary code analysis tools
email icon

Highlights

Folder view

A tree-like folder view is available in many IDA standard views. You can create folders and move items between them. To start with, the following views have it:

Functions and Names
Functions and Names
Imports
Imports
Local types
Structures
Enums
Enums
Local types
Local types

For Structures and Enums, the tree panel is shown by default, for other views it can be enabled via the “Show Folders” context menu item.

You can create, rename and delete folders, and move items between them. This will help organizing information when dealing with large binaries.

MIPS decompiler

A new decompiler has been added to our lineup. Any 32-bit MIPS binary supported by IDA can be decompiled, including compact encodings. The infamous delay slots are handled transparently and seamlessly. A MIPS disassembler-decompiler comparison page is available and contains a few interesting examples.

Here are a few screenshots:

Big-endian MIPS32 code
Big-endian MIPS32 code
Little-endian MIPS32 code
Little-endian MIPS32 code
MIPS16e code
MIPS16e code
microMIPS code
microMIPS code
iOS/macOS improvements

We have added type libraries with most major APIs and additional frameworks from macOS and iPhone SDKs. They are especially useful when paired with the decompiler.

List of initially available type libraries
List of initially available type libraries
Sample of x86_64 user-mode code using CoreFoundation APIs
Sample of x86_64 user-mode code using CoreFoundation APIs
Sample of ARM64 kernel code using IOKit classes
Sample of ARM64 kernel code using IOKit classes

In addition, we improved support for the KTRW debugger. Breakpoints and watchpoints works with it out of box using the same Corellium-ARM64 configuration.

On the decompiler side, we added support for atomic ARM64 instructions such as CAS (compare-and-swap), LDADD (atomic add) and many others. They are translated into corresponding C11 functions from stdatomic.h, so you should see fewer _asm{} blocks when dealing with code compiled for arm64e.

ARM Atomic
ARM Atomic
Lumina

Lumina functionality is available for MIPS and PPC binaries.

Other selected items

PC: ELF binaries employing Intel CET (Control-flow Enforcement Technology) are becoming very common due to Debian enabling this compiler option by default, followed by Fedora and other Linux distros. We now support such binaries out of box, including in the decompiler. We have also added support for several new instructions that were added recently to Intel and AMD processors.

Intel CET
Intel CET

ARM: Recent compilers targeting 32-bit ARM code prefer using MOVW and MOVT instruction pairs to load 32-bit constants and addresses instead of constant pool as was common in the past. While IDA already handled such pairs when they were placed together, advanced optimizations can place these pairs apart, preventing IDA from combining them, discovering the full value and adding a cross-reference to the destination. We have improved our heuristics to handle such scattered pairs and added an option so analysis can be tuned to be more or less aggressive depending on your specific binary.

ARM MOVT
ARM MOVT
ARM MOVT
ARM MOVT
ARM MOVT
ARM MOVT

Complete changelist:

Processor modules:

File Formats:

Installer:

Debugger:

Kernel / Misc.:

FLIRT / TILS / IDS:

User Interface:

Plugins:

Decompilers:

Scripts & SDK:

Bugfixes: