Latest available version: IDA and decompilers v8.4.240320sp1 see all releases
Hex-Rays logo State-of-the-art binary code analysis tools
email icon
You are here: Hex Rays > IDA updates and releases > Welcome to IDA 7.7!

IDA 7.7 Highlights

iOS15 and macOS 12 support

Apple has made major changes to the internal format of core OS files. In particular, the DYLD Shared Cache (DSC) has been split into multiple parts. Our Mach-O loader and the helper DSCU plugin have been updated to handle this seamlessly. We have also updated our iOS and Mac debuggers to handle peculiarities of debugging in the new OS versions.

Clang-based C++ parser

In addition to the built-in C parser, IDA now supports an additional parser based on libclang. It allows IDA to handle complex, real-life C, C++, and Objective-C syntax found in STL, MFC, Apple's XNU and iOS SDK, and Linux kernel headers. We will also soon provide a command-line version to build your own type libraries - stay tuned!

Thanks to Clang-based parser, now the types from the Boost library can be parsed:

Configuring it is very easy:

Golang improvements

We took our golang analysis to another level. Detection of golang binaries is more robust thanks to the standard startup code detection, and standard library signatures allow you to ignore unimportant functions. We also use more of the rich metadata present in Go binaries:

UI candy

Multiple highlights:

Native macOS Dark Mode:

Breakpoint groups:

New processors

Two new processor modules were added in this release: Cadence Tensilica Xtensa and the Renesas RX series.

RX processor:

XTensa processor:

Type system

Basic type system support has been enabled for all processors, This means that now you can use C syntax declarations for structures and enums via the Local Types editor or by parsing C headers. DWARF types are also imported, when available. FYI, DWARF5, the new version of the debug format, which is the default since GCC 11, is now supported.

RISC-V types imported from DWARF:

Decompilers

We have ported our decompiler to MIPS64. We have also added support for some of the custom instructions of Cavium OCTEON MIPS processors used in advanced network equipment. Currently only n64 ABI is supported for MIPS64. Of course, the existing decompilers also received numerous improvements and fixes. For example, the new extended flow guard (XFG) calls are handled in x64 and ARM64 Windows binaries.

Full list of changes and new features:

Procesor modules:

Debuggers:

File formats:

FLIRT / TILS / IDS:

Standard plugins

Core / Misc

Scripting & SDK

UI:

Decompilers:

Bugfixes:

BUGFIX: 8051: it was not possible to select a different Intel 51 subtype after double-clicking one in the Load a new file dialog
BUGFIX: ARM: fixed high memory consumption in regtracker for some files
BUGFIX: ARM: some ARM files could cause IDA to consume too much memory during analysis
BUGFIX: choosers/dirtrees with big selections could slow down IDA significantly after certain operations.
BUGFIX: databases with more than 5000 selectors (e.g. from a file many small segments) would be restored incorrectly after saving
BUGFIX: debugger: IDA could produce internal error 40201 in case of connection problems during a remote debugging session. Now it terminates the debugging session gracefully
BUGFIX: debugger: Locals view would fail to display variables stored in registers when debugging MIPS programs
BUGFIX: debugger: android: IDA could fail to display some processes on Android 10
BUGFIX: debugger: bochs: it was impossible to suspend execution by clicking on "Cancel"
BUGFIX: debugger: mac debugger would fail to detect loaded dylibs on macOS12
BUGFIX: debugger: windbg: debugger could fail to pause when clicking on "Suspend"
BUGFIX: debugger: windbg: fixed interr 40038, which could happen when modifying breakpoints immediately after continuing execution
BUGFIX: debugger: windbg: reattaching a kernel debbuging session now initialize all kernel event for all cores instead of one core and show all cores in 'Threads' widget
BUGFIX: debugger: windbg: switching a CPU core via windbg command line or Threads window was not always handled correctly
BUGFIX: debugger: windbg: clicking "Suspend" could fail to pause debugging on the first try
BUGFIX: DOS: when rebasing a DOS executable using full rebase (MSF_NETNODES), segment register change points were not properly updated to the new segment bases
BUGFIX: DWARF: The DWARF plugin could fail to apply relocations to certain sections that were, in fact, loaded
BUGFIX: fixed interr 40036 whch could happen while moving breakpoints during rebasing
BUGFIX: flowchart graphing functions (from "View > Graph" menu) would fail to consider tail calls (jumps to functions)
BUGFIX: garbage pixels could be present in the graph view on OSX.
BUGFIX: gdb: it was impossible to use -rgdb+pid for instant debugging
BUGFIX: golang: allow utf8 (non standard ascii) characters in function names retrieved from pclntab
BUGFIX: IDA could crash at the exit time after collecting a trace info in the debugger
BUGFIX: IDA could crash when deleting function tails with multiple parents (e.g. when using Help > Extract function...)
BUGFIX: IDA could INTERR(40408) during editing in hexview
BUGFIX: IDA would die with "out of memory" if the same name (with a numeric suffix) was used in more than 2^15 locations
BUGFIX: IDA would exit with internal error 86 if the __spoils keyword was specified twice in a function prototype.
BUGFIX: IDA would exit with "Fatal error before kernel init" instead of a proper error message if the ida.reg file was corrupted.
BUGFIX: IDA would still try to set the processor even if the loader had no flag LDRF_REQ_PROC
BUGFIX: IDAPython was missing ida_idp.CF_USE7/8 and ida_idp.CF_CHG7/8.
BUGFIX: IDAPython: fix the run_plugin() wrapper (argument should be size_t, not int)
BUGFIX: IDAPython: func_item_iterator_t::next/prev couldn't be used
BUGFIX: IDAPython: IDA could crash if ida_kernwin.twinpos_t.place was called for an invalid selection
BUGFIX: IDAPython: IDA could INTERR(918) when ida_hexrays.udc_filter_t subclasses were used in the same IDA session, but across multiple databases
BUGFIX: IDAPython: ida_kernwin.Form() could crash IDA on arm64 macOS
BUGFIX: IDAPython: some legacy properies from the 6.95 API were still available by mistake. Now accessing them produces a one-time deprecation warning
BUGFIX: installer: fixed black window issue on Apple Silicon macOS Monterey.
BUGFIX: kernel: reject function types with more than 32766 arguments instead of storing wrong information
BUGFIX: macho loader could INTERR(20005) on dyldcahce files.
BUGFIX: MACHO: ARM64 (not ARM64E) binaries that used chained fixups for imports (e.g. on iOS15) were processed incorrectly
BUGFIX: MIPS: don't try to detect GOT address in non-ELF files(it could lead to incorrect disassembly)
BUGFIX: PC: fixed an endless loop during stack analysis
BUGFIX: PC: prolog could be detected incorrectly in functions, which use SSE instructions
BUGFIX: PC: sometimes functions could be incorrectly split at the push rbp; mov rbp, rsp sequence
BUGFIX: PCF: parsing of COFF files without a string table (only short, inline symbol names) would fail
BUGFIX: PDB: unions with sparse bit fields were imported incorrectly
BUGFIX: pelf: pelf could crash in per-function mode (-f).
BUGFIX: PIC: references to memory using bank 4 and above were decoded incorrectly for the PIC16F series
BUGFIX: PIC: registers with addresses above 0x200 were not present in the DATA area
BUGFIX: Python & IDC: get_fchunk_referer() could return garbage or crash IDA if called with an address belonging to an entry function chunk
BUGFIX: Python: calling append_func_tail() from the CLI could cause INTERR 1733
BUGFIX: RISCV: change assembly directives to riscv-asm-manual recommendation
BUGFIX: SDK: qdirname() would return empty path for the root directory
BUGFIX: Some older IDBs could cause IDA to INTERR at upgrade-time
BUGFIX: TXT: idat could crash if started in a directory with > 8000 files
BUGFIX: UI/qt: "Copy" in choosers/trees would respect the internal selection ordering, rather than the ordering as it is visible on the screen
BUGFIX: UI/qt: "Copy/Copy all" in choosers/trees would also retrieve text from hidden columns
BUGFIX: UI/qt: it was possible to create the same bookmark in multiple places within the tree structure
BUGFIX: UI/qt: when the permanent bookmarks chooser is opened, selecting a folder and adding a bookmark from the disassembly, will add it to the end of the tree, not in the expected folder
BUGFIX: UI: "copy struct type" command could fail showing the freshly-created structure
BUGFIX: UI: deleting a 'manual memory region' from within the debugger-specific options's modal widget, could lead to a crash later
BUGFIX: UI: deleting or enabling/disabling a huge number of breakpoints would appear to hang IDA
BUGFIX: UI: double-clicking on a stack frame variable whose frame view is already opened, wouldn't jump to that variable
BUGFIX: UI: IDA could appear to hang trying to display a watch item pointing into a middle of a defined item such as a struct instance
BUGFIX: UI: IDA could be killed silently if it was blocked by a network firewall on macOS; now it displays an error message
BUGFIX: UI: IDA could crash when loading a database with empty saved strings list
BUGFIX: ui: in the "Structures" widget, 'Create before current structure' checkbox was not honored
BUGFIX: UI: it was impossible to delete a bookmark from the modal list that was opened using Ctrl+M
BUGFIX: UI: selecting multiple entries in the "Functions", triggering editing, and canceling editing would still prompt for all remaining functions
BUGFIX: UI: some valid config parameters were not accepted if bit 31 was set
BUGFIX: UI: the "Arguments" column in the Functions list could show wrong value for functions that do not use any stack for passing arguments (e.g. on ARM)
BUGFIX: UI: when debugging, modifying bit registers (e.g., ZF, OF, ...) would modify the aggregating register (e.g., EFL), but not the bit register itself
BUGFIX: UI: when debugging, toggle/edit/increment/decrement of bit registers (e.g., ZF, OF, ...) wouldn't always work
BUGFIX: decompiler: 'remove return value' could spoil the __userpurge calling convention
BUGFIX: decompiler: "Send database..." could crash IDA with fresh binary files, if 'Edit notes' was clicked
BUGFIX: decompiler: clicking on a variable would not offer to create a new forced variable for it if it was already forced somewhere else.
BUGFIX: decompiler: combination of m_and and m_shift could be optimized incorrectly
BUGFIX: decompiler: decompiler rejected function types with explicit stack argument locations
BUGFIX: decompiler: fixed dozens of internal errrors (thanks to our users for bug reports!)
BUGFIX: decompiler: fixed wrong decompilation if the switch input register was overwritten before the indirect jump;
BUGFIX: decompiler: if GENERATE_EMPTY_LINES=YES in hexrays.cfg, xrefs to local items would sometimes show empty lines
BUGFIX: decompiler: jumping to a name in the comment displayed at the function header would not work
BUGFIX: decompiler: PPC: memory accesses with 0 base (e.g. lwz r11, addr(0) ) could be decompiled incorrectly (using r0 value instead of zero)
BUGFIX: decompiler: ppc: wrong intrinsic function was generated for PPC_sc in case of little endian
BUGFIX: decompiler: printing a chain_t object could cause a crash when invoking chain_t::print|dstr
BUGFIX: decompiler: programmatically jumping to an address in pseudocode (e.g., using 'ida_hexrays.open_pseudocode') could fail to save the current position
BUGFIX: decompiler: specifying explicit unaligned stack argument locations was sometimes not accepted by the decompiler
BUGFIX: decompiler: switching to pseudocode window could lead to unexpected refresh (e.g. if a struct was modified via Structures window)
BUGFIX: decompiler: xrefs to __vftable of base classes could be missed in some cases
BUGFIX: decompiler: ARM: zero out the top 32bits of the destination in ARM64 intrinsic function calls that modify a 32bit register
BUGIX: PC: when performing a full rebase (MSF_NETNODES), information about skipped instructions(prolog/epilog/switch) was not moved correctly
BUGIX: SDK: fix idp.hpp comment for PR_DELAYED (has_delay_slot does not exist)
See all releases