IDA Pro 5.0 (March 2006)
Major features
Introduction of a graph based used interface. The text interface remains instantly available.
Processor Specific Enhancements
ARM: improved distinction of code and data: conditional instructions do not start a new
function.
•ARM: IDA knows that a function call destroys R0.
•ARM: IDA knows that only GNU AS reverts halves of double data items; for other
assemblers the double number format conforms the standard (IEEE).
•ARM: IDA tries to find out the base register of the stack variables by looking for 'mov rN,
SP' instructions.
•ARM: MOV R12, SP is recognized as the beginning of a code sequence.
•ARM: new target assembler: ARM/Thumb Macro Assembler.
•ARM: slightly better jump table recognition.
•JAVA: complete rewrite of the Java module to support the new JDK 1.5 (or Java5.0)
•PC: added support for the newly documented 'cmpxchg16b' instruction.
•PC: improved function analysis.
•PC: better test of instruction sanity.
•PC: ins instruction was always displayed in the long form.
•PC: more careful approach to jump table xref construction.
•PC: previously undocumented form of the 'test' instruction is recognized (group 3modrm /1)
•PC: newer versions of SEH_ prolog/epilog functions are recognized
•6812: the HCS12 config file has been updated
•78k0: has been replaced by a rewritten module
•78k0s: has been replaced by a rewritten module
File Formats
•ELF: added support for SPARC unaligned relocation types.
•ELF: relocations in .gnu.conflict section are ignored since this section is not loaded by
default.
•COFF: MC68K: support for R_PCR24 relocation type has been added (used in PalmOS).
•DBG: ida does not create functions for data names.
•more PalmPilot system trap codes are added.
•if the input file is corrupted, IDA displays an error message without exiting to the OS.
Kernel Enhancements
•DDK2003 type library files have been updated; wnet/windows.h types have been added.
•Flow charts of processors with delayed jump slots are generated correctly (this feature
requires support from the processor module).
•a regular function is created instead of a function tail if it makes sense.
analysis: the rule which creates functions because of a dref has been improved.
•better use of fixup information during the final pass of the analysis.
•FLAIR: CodeWarrior library files for 6812 are supported (since the file format is
undocumented, there might be problems).
•IDA does not automatically assign a type to local names because it rarely makes sense
•recognition of function pointer tables has been improved.
•turning off the solid border lines turns off SUBROUTINE lines too.
•a full path is accepted in ida.cfg:GRAPH_VISUALIZER.
•minor improvement of switch table construction (if a jump table crossed through segment
boundaries, IDA would fail to create it)
•signature files have been updated or added: Borland Developer Studio 6, Microsoft
Visual C runtime version 8 (.net) 32-bit and 64-bit libraries, Microsoft MFC 64-bit,
Microsoft Active Template Library 64-bit.
•the MD5 of the input file is saved in the database.
Application Details:
| Version: | 5.0 |
| License: | Retail |
| URL: | https://www.hex-rays.com/idapr... |
| Votes: | Marked as obsolete |
| Latest Rating: | Platinum |
| Latest Wine Version Tested: | 0.9.49. |
Maintainers: About Maintainership
What works
Under both the 32-bit and the 64-bit version of IDA Pro all the following works:
Default GUI functions like rearrangement of menus and child windows. Also, changing fonts and colors for the editor works without problem.
Disassembly of both 32- and 64-bit Window PE-files.
Disassembly of Linux ELF-executables.
Disassembly of Mac OS-X Mach-O Executables.
Disassembly of other executable formats should probably work as well.
Fully-functional code graph view with squares, lines and text rendering as it should.
Note:
To get this far I had to boot the kernel with noexec32=off and do what I describe here:
http://bugs.winehq.org/show_bug.cgi?id=4969#c11
What does not
Debugging of Windows PE-files works to 50 %. Instantly after running the debugger, and after it has executed the target program, a popup talking about software exceptions shows up. Thereafter I get the choice to forward the exception to the program or not, and if I choose not to the program will continue running as nothing had happened. While the program runs and actually was executed under the debugger, I can not see any sort of disassembly, stack or register information about the process in IDA Pro. The graph view shows about 10 empty code blocks connected to each other. Breakpoints work, but are useless without any output.
While in disassembly or graph view and hovering the mouse over a variable or pointer for a description of it, a white box appears without content. I tested around a little and tried under heavy load (/dev/urandom to /dev/null, to be specific) and noticed that the content of the white box actually appears for a time interval, before it hides under the white box for the rest of the time. I believe this could be som sort of redrawing issue, where Wine accidentally put the white box infront of the text.
Workarounds
What was not tested
Disassembly of other formats than Win32 PE, Linux ELF and Mac OS X Mach-O Executables.
Remote-debugging.
Editing code and then exporting as a new executable or as assembly source code. Although, there is a huge probability for this, as all other file I/O worked like a charm.
Attaching debugger to running processes. The list of running Win32-processes to attach debugger to worked, but I never tried to actually attach the debugger.
Hardware tested
Graphics:
Additional Comments
Tested with 0.9.21 <= WINE <= 0.9.25. Worked as described on all.
| Operating system | Test date | Wine version | Installs? | Runs? | Used Workaround? | Rating | Submitter | ||
| Show | Ubuntu 7.10 "Gutsy" i386 (+ variants like Kubuntu) | Nov 23 2007 | 0.9.49. | Yes | Yes | Platinum | an anonymous user | ||
| Show | Ubuntu 7.04 "Feisty" i386 (+ variants like Kubuntu) | Jul 04 2007 | 0.9.35. | Yes | Yes | Silver | an anonymous user | ||
| Show | Gentoo Linux | Nov 27 2006 | 0.9.25. | Yes | Yes | Bronze | an anonymous user | ||
| Current | Gentoo Linux x86_64 | Nov 17 2006 | 0.9.25. | Yes | Yes | Bronze | an anonymous user | ||
| Show | Debian GNU/Linux 4.x "Etch" | Jul 22 2006 | 0.9.15. | Yes | Yes | Platinum | HAARP |
| Bug # | Description | Status | Resolution | Other apps affected |
Use winetricks work around the font display problem:
Â
If you get a message box on startup, stating:
ÂÂ"Keyboard layout error: Failed to get the scan code of '~' (VkKeyScaÂn failure)"
Either check the box "don't display that message again" or go to the following directory:
Then open the file "idagui.cfg" with a text editor, and locate the line containing the following:
and comment it out:
save and restart.
