IDA 5.1 Beta 1 (updated).

Posted on 2007-01-22 by Oliver

Last week Ilfak released the first beta version of the upcoming IDA 5.1. I am one of the lucky ones who get to test IDA in beta stage already. And since everyone should know how I love IDA – a.k.a. the best disassembler in the world – I want to present some of my personal highlights of this beta:

  • There is now a __usercall calling convention which allows us to specify the details about a calling convention making IDA even more flexible. So now you can even map exotic calling conventions into your IDB.
  • Half a year back Ilfak explained the Simplex method. This will improve the stack pointer tracing immensely and from running it on some MS binaries I can tell you it really does!
  • “PC: multiple byte nop’s are supported”, meaning that you will now be able to switch it on and off at will not only for some NOPs. This will make analysis of some rootkits easier since some of the KMD use multi-byte NOPs.
  • “IDS files can be applied to the database of the dll itself”
  • “IDS: many MS Windows IDS files have been updated”
  • “Visual Studio signature files have been updated”
  • “IDC: Added __GUI__ and __TXT__ predefined macros. One of them will be defined depending on the current user interface “
  • “IDC: added functions to handle breakpoints “
  • “IDC: added functions to query and manipulate function chunks (tails)”
  • “gui: the middle mouse button closes tabs “
  • “gui: reuse the existing stack view on Ctrl-K”

The red ones are especially useful and I asked for these on the forum as well. All in all excellent work as always. Thanks Ilfak and thanks to the rest of the DataRescue team as well!

If you haven’t tried IDA, get the demo version from DataRescue or even better buy it. It is worth every single cent … and even more :mrgreen: … IDA is one of my alltime favorites.

Ilfak wrote me that for the next beta we’ll get a new preprocessor symbol (and kernel/SDK function) to find out the IDA version and therefore provide forward and backward compatibility. This will be really useful, I think.

Update (2007-01-25): The IDC symbol will be __IDA_VERSION__ and has the literal value "5.1" for the upcoming version. A kernel function get_kernel_version() will provide the same functionality to plugins. The IDA 5.1 beta 1 does not change the IDB revision, so the databases can be opened with IDA 5.0. However, I am not certain whether this will still be the case for the final release.

//Oliver

This entry was posted in EN, Reversing, Software and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *