IDA Pro 5.5 goes alpha
After many months of work, IDA Pro 5.5 is now in alpha stage and this week the beta will be out for testing.
In this version many small and big improvements took place, here is a partial change list:
- PC module improvements
- PE loader improvements
- ARM processor module improvements
- Improved Hex-View:
- Edit support
- Data display format: words, dwords, doubles, ...
- Unicode or custom codepages
- Bochsrc file loader: load a bochsrc file and start debugging the disk image
- Windows Crash dump support: IDA now accepts MS Windows Crash dump files. Load the crash dump file and IDA Pro will create a database with the memory contents of the crash (if they were included). You can also run the Windbg debugger module and issue commands to the debugger engine to investigate more about the crash
- Docking interface: all windows are now dockable, allowing you to make optimal use of the desktop space.
This is for example how a desktop configuration could look like:
And this is another desktop configuration for the debugger:
The IDA Pro book
Comments
What about sourse files support? It will be really useful for my job as I am developing security and very often need to see how it looks in disassembler, and also browsing what hackers managed to change there.
Posted by: Andrew | June 2, 2009 03:43 PM
Wow, that was quick! 5.4 just came out a few months ago...
Posted by: Rolf Rolles | June 2, 2009 03:52 PM
Hello Andrew,
Sorry not in this version, but we are planning to add support for source code debugging in the future.
Posted by: Elias Bachaalany![[TypeKey Profile Page]](http://hexblog.com/nav-commenters.gif)
|
June 2, 2009 04:02 PM
Hi Ilfak,
Did you ported the Bochs module to Linux? And, can you patch a process in memory when you're debugging it?
Thanks
Posted by: Anonymous | June 2, 2009 07:37 PM
Thanks for the great work. I'm definitely excited about the improved HEX view & ARM updates.
Posted by: Jerry | June 2, 2009 10:56 PM
Hi,
How about allowing editing of actual instructions and then rebuilding the executable? I see that hex-editing will be there, but something where you could change an instruction (even if it decreases or increases the size of the executable) and have IDA recalculate all address references in other instructions -- and in the executable header, such as the entry point address -- then allowing you to rebuild whatever executable or binary you loaded would be very cool.
Is such a thing feasible? I haven't used IDA in a while, so maybe I'm a bit behind and some work has been done.
Though, I did love how it had support for multiple archs and could tell what compiler / libc was used (call printf is so much more helpful than call 0x7ffbc114).
-Jon
Posted by: Jonathan Stuart | June 3, 2009 05:41 AM
The new UI looks absolutely fantastic, much less dispersive than the current one - expecially the debugger configuration.
Anyway, can you comment a bit more about PC module improvements and PE loader improvements?
Great job!
Posted by: Paolo Palumbo | June 3, 2009 07:44 AM
@Rolf: Not that quick, we are June already ;)
@Anon: Sorry Bochs debugger module is not ported to linux. Yes you can edit the process memory while debugging it.
You could do that right now with the "Patch" menu, scripting and SDK.
@Jon: Sorry IDA Pro does not allow you to edit and then rebuild the executable. In a sense, you can do that by taking a listing, re-assembling it and inserting it back to an appropriate place in the executable.
@Paolo: A full change list will be released soon.
Posted by: Elias Bachaalany![[TypeKey Profile Page]](http://hexblog.com/nav-commenters.gif)
|
June 3, 2009 11:31 AM
Docking interface - awesome!. my suggestion: remove File->Create Exe file option it's confusing and mostly useless
Posted by: JC | June 3, 2009 04:48 PM
Hi Ilfak,
"ARM module improvement" -> are we gonna be able to single-step ARM thumb code?
Thank you,
Nico
Posted by: Nico | June 5, 2009 03:06 PM
@Nico: we do support single stepping Thumb code (for platforms where debugging is available). If you have any issues, please contact support!
Posted by: Igor Skochinsky | June 5, 2009 03:35 PM