IDA v5.4 release is not that far away

I’m happy to inform you that we are entering the beta stage of IDA v5.4!
In addition to numerous small and not that small improvements, the new version will have three debugger modules: bochs, gdb, and windbg, selectable on the fly (the active debugger session will be closed, though ;))

  • With the bochs debugger, we offer three different worlds: run-any-code-snippet facility, windows-like-environment for PE files, and any-bochs-image bare-bone machine emulation mode. You can read more about this module in our blog: http://hexblog.com/2008/11/bochs_plugin_goes_alpha.html
  • With gdb, x86 and arm targets are supported. Among other things, it is possible to connect IDA to QEMU or debug a virtual machine inside VMWare. We tried it iPhone as well. However, while it works in some curcimstances, there were some problems on the gdbserver side.
  • With windbg, user and kernel mode debugging is available. The debugger engine from Microsoft, which is currently the only choice for driver and kernel mode debugging, can be used from IDA. It can automatically load required PDB files and populate the listing with meaningful names, types, etc. Speaking of PDB files, IDA imports more information from them: local function variables and types are retrieved too, c++ base classes are handled, etc.

The gdb and windbg debugger modules support local and remote debugging. We tried to make the debugger modules as open as possible: target-specific commands can be sent to all backend engines in a very easy and user-friendly way.
As usual, better analysis and many minor changes have been made. If you spend plenty of time analyzing gcc generated binaries, you’ll certainly appreciate that IDA handles its weird way of preparing outgoing function arguments. Now it can trace and find arguments copies to the stack with mov statements.
The new IDA will support Python out of box, thanks to Gergely Erdelyi, who kindly agreed the Python plugin to be included in the official distribution. In fact, the main IDA window will have a command line to enter any python (or other language) expressions and immediately get a result in the message window.
We will prepare the detailed list of improvements later this week.

This entry was posted in IDA Pro. Bookmark the permalink.

8 Responses to IDA v5.4 release is not that far away

  1. Aleck says:

    awesome, thanks! for the Python already included in the bundle and for the command line window. Hope it will make my job easier;-)

  2. Friend says:

    Hi,
    What’s new in hex-rays decompiler?
    Does it support ARM or MIPS now?
    Thanks for your great works.
    BR

  3. Ilfak Guilfanov says:

    We will release a new version of the decompiler too. No ARM/MIPS support yet, sorry. We are currently working on the floating point support and it is not something easy to do…

  4. Scott says:

    How full featured will the WinDBG module be? Will you be supporting the debugger extension interface?
    If IDA could become a drop in replacement for WinDBG that would, in a word, rock.

  5. Ilfak Guilfanov says:

    Extensions are loaded and available through the command line. We’ll prepare a small video illustrating it. The user will be able to enter any command he could enter in WinDbg and get the results in the message window.
    UPD: maybe we will filter execution control commands so they do not interfere with IDA, like you will have to use IDA commands to resume execution or set breakpoints

  6. Matthew says:

    This is just about the best news in the windows driver dev world that I’ve heard in a long, long time. Scott has it right – this will rock.
    So, will you have need for beta testers? If so, I would love to volunteer my services.

  7. Ilfak Guilfanov says:

    One more beta tester will not hurt :) If you happen to have an active IDA Advanced license, please drop a message at support.