EEPW论坛

呵呵，IDA Pro 总算增加Debug功能了！赶快学习吧。 Windows PE Integrated debugger 官方介绍如下： New features in version 4.50 (12/02/2003) Processors new processor: Intel xScale new processor: Mitsubishi M32R (advanced) new processor: Mitsubishi MELPS740 new processor: Mitsubishi M7700 family (advanced) new processor: NEC 78K0 (advanced) new processor: NEC 78K0S (advanced) new processor: Fujitsu FR family new processor: STMicroelectronics ST9+ (advanced) IBM PC: borland RTTI-templates with GUID are supported IBM PC: rep prefix is used when the Intel manual says it should be IBM PC: the current compiler is taken into account when using the __fastcall calling convention (before only Borland was supported) IBM PC: better handling of indirect calls (mov offset func-add-call is detected) ARM: call sequences like "mov lr, pc; ldr pc, something" are recognized by ida and don't interrupt the execution flow ARM: SUB Rx, PC, #imm is replaced by ADR Rx, label; ARM module is commented ARM: stack variables are supported ARM: option to disable pointer dereferencing is added AVR: better configuration file; config file management is improved AVR: interrupt vectors are supported AVR: EEPROM file extension by default is BIN MIPS: memory mapping is supported PowerPC little-endian mode can be specified by the user MC68K: respect the user-defined offsets for o_mem and o_near addressing modes ST7: new config file FILE FORMATS COFF loader sets up the default data segment (better analysis) better recognition of VxD driver files HEX: added support of extended segment information record type PE: better support of invalid files PE: FS and GS register values are set to unknown at the loading time PE: If the debug information is corrupted (in packed files, for example), IDA doesn't die but gracefully skips it PE: section permissions are loaded into the database LX: IDA always uses "metapc" processor and ignores the processor type specified in the file header PSX object files: additional fixup record types are supported (26 and 30) PSX object files: ida knows how to skip record type 60. We still don't know what this record type means, but at least we can load files with this record present. Memory dump loader: now it accepts dumps with one digit per byte Mitsubishi HEX file extended address records are supported palmpilot loader: better check of time stamp New XBE file format is supported stricter check of PalmPilot files the pdb plugin has been rewritten (requires VC++ to be compiled) USER INTERFACE flow chart: option to print block labels 'jump in a new window' command added in context and main menus 'jump to file offset' command new command: move a segment which allows to move an existing segment to another address it is possible to hide/unhide arbitrary regions command to toggle leading zeroes on a number value of an enum member can now be changed graphs: now supports recursion depth new dialog box to easily assign structure offsets/union paths to a selection "en masse" previous & next drop-down menus for navigation stack (as in the Internet Explorer) options in 'Browser' to set maximum lines & auto clean of upper items cursor for search/auto-analysis in the navigation toolbar + associated color option customizable background color for memo hints (Options -> Colors 1) hexview: better handling of highlight-background combinations hide/unhide all now works on functions, structs & enums for GUI & TXT highlight the problematic line in a 'problem hint' on the navigation toolbar hints on "Address" & "Called function" columns in callees hints on hidden functions, structures & enumerations hints on navigation toolbar (on stars, after a search) hints on structures in a struct window hints on xrefs in a struct window hints on xrefs now print preceding lines and highlight the destination name input text fields are in Courier font jump commands (using the lists in the search toolbar) now open a new disassembly window if needed xrefs in structure and enumeration windows are not displayed because they confuse the users notepad now automatically popups at start if it was saved as opened in the database register hints now print the associated comment the function prototype is linked to the function stack argument definitions the input database name is displayed in the title bar the welcome dialog box can be resized ida displays the welcome form is the input file is not specified in the command line user defined graphs: option to print function comments (use the same color as regular comments) desktop/top commands added to tabs popup menu the 'show flags' command displays all information about the structure members faster arrows management ida runs faster KERNEL IMPROVEMENTS new switch -o to specify the output database from the command line WinCE: several IDS files were updated/added FLAIR: plb supports wildcards in the file names c parser: multiple byte character constants are supported c parser: better handling of pointer modifiers; several bugs are fixed ida looks for the referenced DLLs in the input file directory it is possible to autoload a til file when a dll is referenced (see ids\idsnames) vc6win.til is not loaded for pe files with subsystem==native (usually they are system drivers and they don't need vc6win.til) the annoying "can't add structure member cx" message removed the default loading address for all file types is 0 (this can be overridden by the file format) ids files with '-' is idsnames do not prevent the kernel from using the corresponding dll from the system directory IDC and SDK IDC: GetFloat(), GetDouble() functions are added IDC: GetOriginalByte() function is added IDC: GetStringType() function IDC: descriptions of NextHead, PrevHead, AskFile IDC functions are updated+ IDA environment variable is not required to build modules anymore added comments about filling the op_t structure; fixed some typos in netnode.hpp COLOR_INV is added hidden plugins are supported: PLUGIN_HIDE flag is introduced idaw choose() function respects the batch mode negative buffer sizes are handled properly (str2user, user2str, pack_ds) new function flag FUNC_BOTTOMBP. It means that the frame pointer is equal to the stack pointer in the function and it points to the bottom of the stack frame. ph.flag PR_CHK_XREF: don't allow near xrefs between segments with different bases. This flag is used for IBM PC only. read_ioport_device() function reports about configuration files with no devices renamed FIXUP_PTR32->FIXUP_PTR16, FIXUP_PTR48->FIXUP_PTR32 the user-defined data supplied to linearray_t is documented in kernwin.hpp up to 16 source files for plugins setBreak() function is added the processor extension callbacks are called for all instructions, not only when cmd.itype >= CUSTOM_CMD_ITYPE find_ioport_bit() returns NULL is the bit name is NULL rebase_program() is added. This function allows to shift the whole program in the memory. Since rebasing the program involves correcting the relocated bytes, the file loader takes part of the job. File loaders may have "move_segm" callback functions now. now a good behaving procesor module handles the ph.move_segm event numop2str(): output instruction operand with optional leading zeroes; is_lzero(),toggle_lzero() to modify the display of leading zeroes; inf.s_genflags introduced; atoa, b2a32, b2a64, b2_width function parameters has been changed move_segm_start(), set_segm_start(), set_segm_end() may destroy the adjacent segment if necessary; ADDSEG_QUIET flas has been added new type of segments: SEGM_DEBUG. Used in the debugger. get_sourcefile() function prototype has been changed. Now it returns the range information. hidden_area_t and functions to work with it are introduced byteValue() function is renamed to _byteValue(); this function should not be used anymore if possible. The reason is that it works only with 8-bit processors and doesn't take into account possible debugger side-effects. BUGFIXES BUGFIX: MIPS R5900 madd/msub instructions were not disassembled BUGFIX: C166: ida would create strange references if the first segment of the program was not loaded at the address 0; .end start would display garbage if there was no start address BUGFIX: ARM switch jumps were recognizied only for R0BUGFIX: Intel HEX files could be loaded incorrectly BUGFIX: MS DOS executables with the entry point at FFF0:0100 are loaded correctly BUGFIX: Amiga: zero sized hunks caused problems BUGFIX: COFF: skip .stab* debug information sections BUGFIX: IDA would fail to load some invalid PE filesBUGFIX: "Create"/"Edit" (purged bytes)/"End of" function actions are now updated properly BUGFIX: can now rename a register for one instruction BUGFIX: can now rename everywhere (externs, ...) BUGFIX: copy to clipboard from the list views could hang BUGFIX: correct work on multiple monitor desktops BUGFIX: cursor disappearing if using CTRL-TAB BUGFIX: hints on local labels weren't always highlighted BUGFIX: ida could crash if several standard enums were added without uncollapsing them BUGFIX: ida would go to the top of the screen during analysis even if it was put to the bottom (z-order) BUGFIX: if the messages window was minimized to invisibility, then the next start of ida would not display messages on the status bar. BUGFIX: infinite scrolling enum window BUGFIX: it is impossible to rename a register to another register name BUGFIX: it is possible to open xrefs window even the current item has no xrefs BUGFIX: it was impossible to use the function name at the function header to double click, jump to xrefs, etc. if the name contained undisplayable characters (ibm pc, mips, mc68k) BUGFIX: navigation toolbar not updated once displaying after undock+hide BUGFIX: opening a database without closing the current one could leave the names, functions, or strings window unopened even if they should have been opened for the new databases; this could also lead to a crash BUGFIX: pressing the down arrow of the scrollbar now stops once no more lines BUGFIX: the collect garbage flag would stay once set until ida exits BUGFIX: the width of the ordinals field in the "jump to entry point" was 3 positions which was not enough to display big ordinals. made it 8. BUGFIX: window98 resources were depleted fast BUGFIX: "jump to the beginning" with home-home-home key was not working if used twice with "jump to address" in between BUGFIX: after repeatedly closing/opening the structs/enums window the renaming of a struct/enum member could lead to an access violation BUGFIX: no more "list index out of bounds" message if the number of columns in a chooser changedBUGFIX: type specification was printed incorrectly: int (*fnc1(void))[5]; BUGFIX: some borland thunk mangled names were not demangled BUGFIX: truncated names from gnu compiler would cause problems during demangling BUGFIX: verification of the new manual operand would fail for 32-bit operands if the old operand didn't have a segment register and the new one has BUGFIX: unions were not displayed in the list of standard structures BUGFIX: IDA was marking the return instructions of some functions as "unknown_libname" BUGFIX: it was not possible to disable the plugin hotkey BUGFIX: pcf was not detecting coff files properly BUGFIX: autoload vc6win.til only for IBM PC PE filesBUGFIX: IDC function GetSegmentAttr() was broken BUGFIX: refresh the screen after IDC scripts BUGFIX: manual execution of VXD.IDC could hang ida BUGFIX: qmakepath() could generate file names with several backslashes in them[upload=gif]UploadFile/200342313252418864.gif[/upload]