Skip to content
Ali Rizvi-Santiago edited this page Aug 23, 2022 · 40 revisions

The following is a log containing (semi-)official updates. Updates don't happen too often (usually every 3-6 months) as things are only added as they're needed or requested.


This release fixes things in order to properly support Python 2.x - 3.10 and IDA 6.8 - IDA 8.0. Some minor additions with descriptions on what they affect:

General

  • Directory structure was reorganized into something a little-bit more sensical and the loader displays more useful information. In case it isn't clear, feel free to drop any files you have that contain random tools you write into the "tools" or "application" directories.
  • The loader now guarantees that the user dotfile is always run after the plugin is loaded. This way you can guarantee that the hook objects have been instantiated and can always be interfered with.
  • Support for all of the string types are now exposed via pythonic-types. They're extensions on top of str as (str, width, length) where "width" represents the character width to use and "length" is the length-prefix. If you don't care about the length-prefix, just use (str, width) and it'll assume you mean that it's null-terminated. I still think it's better to use a variable-length'd structure for these but whatever.
  • Some guards were added to symbol demangling. For some reason idaapi.demangle_name can still return None for a mangled symbol that is not equal to MANGLED_UNKNOWN. In this case, it falls back to what the original name was. This just affects tags and types which use the name when rendering.
  • All places where you can search for a name can now take packed names. Packed names are just tuples of arbitrary types which get rendered to a string. They're useful when you know you want an integer to be part of a name and don't want to explicitly render/format it (i.e. db.name('whatever', db.offset()). These have already existed as just variable-arg functions, so you shouldn't notice anything other than being able to use them in searches and listings.
  • All namespace functions now return a list by default instead of "occasionally" returning an iterator. So things like database.address() will always return the list of addresses you have selected, and function.blocks will return the list of basic-blocks for whatever. If you want to iterate, look for a .iterate() function (database.iterate, function.blocks.iterate, etc.)
  • Added support for lists and bytearrays to the hex function. Also added aliases as p, pp, pf for quick printing if the repl isn't enough. Apparently builtins._ wasn't properly assigning the previous evaluation which is now fixed.

database (db)

  • Added the database.types.has function so that you can quickly check if a type exists in a type library by name or ordinal.
  • Added another case to database.types.add that allows you to add an empty type as a place-holder when you need a name, but don't have its contents yet.
  • String decoding doesn't assume the utf character sets anymore, instead they're now using the defaults that you set in the database. These have to correspond with Python's codecs library, however. if your encoding isn't in there then it'll fall back to the utf character sets for whatever the width is. (database.get.string)

function (func)

  • Added the function.block.tag and function.blocks.select functions. These aren't doing anything different than a regular contents tag, but if you're working within the context of basic-blocks and need to tag or select things in a bunch of functions, it's pretty handy.
  • Fixed the aliases for function.arg and function.args. Apparently these were referencing the implementations in function.frame instead of function.type. (Both still do the same thing, but only one location is the right way to think about it.)
  • Renamed function.arg{,s}.location to function.arg{,s}.storage. I think of locations as an address, but these functions returned whatever the argument was being stored in.
  • The function.blocks namespace now splits all basic-blocks across calls in all versions of IDA by default and w/o networkx (networkx is still better for paths than function.blocks.traverse though). So you don't need to use function.graph if you're only composing CFGs.

ui

  • The ui.strings namespace was returning the string index, address, and string. Now it just returns the address and string.
  • Some of the windows were not being opened and closed properly in the TV interface.

This is the last release before incorporating fixes as a result of IDA 8.0 which was released this past weekend (https://www.hex-rays.com/products/ida/news/8_0/). During 7.7 some of the features related to hooking were broken. So because of my pessimism, I expect this to happen during 8.0. If you notice any issues related to this in 8.0 and don't use the tag index, open up an issue at https://github.com/arizvisa/ida-minsc/issues/new and I can try come up with a workaround.

General

  • Ensured that all namespace functions return lists, where $namespace.iterate returns an iterator. (i.e. function.chunks is a list, function.chunks.iterate iterates through them).
  • Added some useful methods to the bounds_t tuple so that you can treat it like an interval (as well as a tuple).
  • Improvements to type management and serialization/deserialization.
  • Tags do a better job of auto-correcting the types that are generated and that are applied.
  • Symbol mangling support is a little bit better in the versions of IDA that support it.
  • Fixed the byte-backed types from ctypes not being rendered in the console correctly.

ui

  • Fixed an issue in ui.notepad that resulted in it occasionally not finding its window (in the turbo vision interface).
  • Refactored the ui.application, ui.window, and ui.windows namespaces so they make more sense when trying to locate a UI widget.

database (db)

  • Added missing support for decoding pointer types to the database.get.structure function.
  • Fixed some regressions in the tag functions related to name mangling of imports/exports (both database.tag and function.tag).
  • Added a flag to switch between disassembler-guessed and user-guessed types (database.type and function.type)
  • Fixed some issues with database.set.alignment for versions of IDA prior to 7.6.
  • Both database.set.string and database.get.string use the default string type as set in the database (also supports matching against a tuple)
  • Added the database.type_is_exception and a number of cases for detecting if a basic-block is part of an exception and distinguishing which part
  • Added the database.types.declare function and its alias database.types.parse for loading types into a library.
  • Fixed some regressions with regards to database.read that had an effect on function.block.read and related.

function (func or fn)

  • The function.blocks and function.block namespaces now split across calls by default instead of honoring the flowchart (supports older IDA versions, so no more networkx unless you're composing graphs).
  • Corrected the semantics of function.chunk.at and function.chunks.at so that it's similar to function.blocks.at and related.
  • Added the function.blocks.traverse coroutine and its users function.blocks.walk and function.blocks.moonwalk.
  • Added another case to the function.type.arguments function to allow completely overwriting all of the types in a prototype.
  • Added a similar case to the function.type.arguments.names function to modify all of the argument names in one shot.

structure (struc)

  • Added support for packed naming-schemes to some of the functions in the structure module that were missing them
  • The structure.member_t.type property can now be used with idaapi.tinfo_t to assign the type destructively (overwriting overlapping fields. to avoid overwriting, use the regular member_t.typeinfo for them)
  • Added the ability to specify a negative size to the structure.members_t.remove function to remove previous elements.

instruction (ins)

  • Fixed a regression in the ins.op_structurepath and ins.op_structure functions that resulted in them not returning a correct structure path for a reference.
  • Added some missing flag registers to the ins.reg namespace for the Intel architecture.

  • Mostly documentation updates. This involved completely updating the installation page to include the installation methodology using the loader rewrite, more clarifications on the tagging page with regards to implicit tags and how they get indexed, and added another section to its examples with regards to using structure/member tags. Greets, etc.

  • Fixed a race condition(?) during type serialization which would occur when deserializing the type information for a member before IDA has loaded it into its local types

  • Added explicit functions to the database module for dealing with mangled and unmangled names in case you want one and not the other (database.mangled, database.unmangled, with aliases as demangled in case you mix them up like I do)

  • Fixed an issue in function.frame.args.iterate which would result in not all argument locations being returned if a function doesn't have a prototype applied to it (this corrects all prototype-related things in function.type and function.frame)

  • Some of the things in the function.type namespace was using the current function instead of the current address, so they would end up having a different effect when used on an import address

  • The function.name and function.tag functions will now handle name mangling properly using idaapi.get_mangled_name_type api if it's available (only on 7.7)

  • Added new properties to the function.type namespace (function.type.has_problem, function.type.is_decompiled, etc.)

  • Added the ability to list certain attributes as flags to the database.names, database.exports (database.entries), database.imports, database.functions, and database.types namespaces

  • Added a bunch of matchers to each of the namespaces such as "tagged", "problems", "typed", "frame". The database.types namespace has a bunch more so that you can query structures, arrays, enums, pointers, unions, typedefs, etc. without needing to use a chooser To test them out, use database.functions.list(decompiled=True, library=False) or database.types.list(typedef=False, structure=True)

    • database.functions: (boolean) typed, decompiled, frame, problems, library, exceptions, (boolean, string, set) tagged

    • database.names: (boolean) function, imports, typed (boolean, string, set) tagged

    • database.exports: (boolean) function, typed, (boolean, string, set) tagged

    • database.imports: (boolean) typed, (boolean, string, set) tagged

    • database.types: (boolean) typeref/typedef, integer, pointer, function, float, array, structure, union, enumeration

  • Some fixes were made so that the plugin and its indexing still works if you prefer to use IDA's debugger instead of a real debugger

  • Some of the symbolic types (such as register_t) can be evaluated (concretized? lol) if the debugger can resolve them

  • plugin loader was refactored, installation process is still being tested...but you can likely just put plugins/minsc.py in your IDA plugins directory to install it.
  • refactored instruction.op_structure (structure offsets) into both instruction.op_structure [help] and instruction.op_structurepath [help] A structure path lets you adjust a delta when applying it to an offset so that you can reference a particular member. So ins.op_strucpath is used for telling IDA the exact member that the operand is relative to and ins.op_struc is when you want IDA to figure out itself what member it should reference.

  • introduced the database.types [help] namespace with support for matching, serialization and deserialization, and alternate type libraries (these are non-indexed. so if you have 6-million types that you want to display at the same time.. you better hold on)

  • added a number of aliases to anything that uses types within the function module [help] so that gathering the inputs and outputs to a function is more straightforward.

  • added support for querying tags (non-indexed) to the structure module which can be used via structure.select [help] and for selecting members from an instance of a structure via instance(structure_t).select [help] (the implicit tags on a structure or a member are the same as address tags in that they only track changes that the user has made)

  • added the location_t (tuple) for doing arithmetic with a location and updated the cases for any functions that can use it

  • fixed issue #156 which corrects the way pointer types are applied by pythonic types (also updating the refinfo)

  • added the priorityhxevent class for receiving notifications from hex-rays (internal, and not instantiated automatically)

  • deprecated the "translate" method in all of the native types (named tuples) since they can be translated with implicit operators

  • added this page to the wiki (changelog)

  • added random snippets page to the wiki (snippets)

  • added the ability to cancel any progress bars

  • slight fix to the progress bar widget so that it detects whether the GUI is being used

module: instruction

  • some minor additions to the register promotion and demotion so that the error message is more clear
  • added preliminary support for the condition code type to the AArch32/AArch64 processors
  • op_enumeration was not returning the previous value when modifying an operand [help]
  • split up the op_structure logic into op_struc [help] and op_strucpath [help]. one for referring to a structure, the other for a path that's relative to a member (op_struc is the number on the left in the operand, op_strpath is the number on the right)
  • renamed the instruction.opt function to instruction.op_decoder and (re-)introduced instruction.op_type (with an alias as instruction.opt) which returns the pythonic type for the operand and all operands are symbolic anyways

module: database

  • added a variety of to the database.types namespace for querying and serialization/deserialization of types within a type library [help]
  • some of the functions from the database.set [help] and database.get [help] namespaces, such as database.set.array, database.get.array, and database.set.unknown now use the current selection if one wasn't specified
  • tweaked database.get.switch to try "harder" when locating a switch for the given address [help]
  • modified one of the cases of database.get.structure to enforce more strict typing (when casting) [help]
  • added a matcher (unmangled=) for querying things via the unmangled symbol name [help]
  • the address namespace now uses the current selection when one isn't specified

module: function

  • fixed blocks.graph so that it supports zero-sized basic-blocks when determining nodes and edges [help]
  • blocks.iterate now updates the navigation band when iterating and warns when a yielded block is outside the function
  • added cases to both chunk.top and chunk.bottom to allow modifying a chunk's bounds [help]
  • added a parameter to xref.down to optionally return the instruction that contains the ref
  • corrected the offset calculations in the function.frame [help] so that they're relative to $sp for the frame.args, frame.lvars, and frame.regs namespaces
  • fixed some of the functions in the function.frame.args [help] namespace so that both registers and their locations are always returned
  • fixed the documentation in the function.type namespace so that it's more clear that it can be used on anything that has a type applied to it
  • added some more aliases to the function.xref namespace for grabbing refs to parameters [help]
  • moved the logic from frame.regs into the function.type namespace to consolidate prototype stuff in the same place [help]
  • the function.type namespace has proper support for reading/writing/renaming most function parameter attributes and result types
  • the function.type namespace has proper support for reading most parameter and result location types (register, location, scatter)
  • tweaked the documentation or the function.type namespace in an attempt to make clear that it can be used on anything that has a prototype

module: structure

  • improved support for serialization/deserialization of unions (better error messages when attempting to deserialize a duplicate union)
  • the (ancient) implementations of structure.members and structure.fragment now export their information as tags instead of just name and type [help]
  • added a new "ordinal" property to a structure which can be used to locate its "local type" (instead of having to use structure_t.typeinfo)
  • added explicit functions to the structure module for distinguishing unions and modified anything that gets emitted to display whether the structure is a structure or a union

module: custom and misc

  • the custom.windbg module (undocumented) had some minor tweaks to better control the way breakpoints are written
  • added some additional tools for better scraping things out of Qt widgets to the ui module [help]
  • added the ui.message namespace for displaying modal dialog boxes [help]
  • tweaked the ui.current.symbol function to return both an identifier and a register_t [help]
  • the custom.tags module was modified to use structure and members tags for each used frame when importing or exporting a database [help]
  • tag queries database.select [help], database.selectcontents [help], func.select [help] are sorted before iterating allowing for predictability via the navigation band arrow
  • implicit tags are guaranteed to be indexed on-demand and can be disabled if desired
  • the hook management classes (ui.hooks.idb, ui.hooks.idp, ui.hooks.ui) have been refactored so that they can be treated like a list where its items are sorted by priority
  • the core tuple-based type, reftype_t is now hashable so that it can be used as keys for a dictionary or stored in a set.
  • the "allsegs_moved" hook has been deprecated as a result of changes in IDA 7.7 (IDA dispatches the hook at a different time than before)
  • improvements to the tag index and contents cache resulting in it being more consistent during a rebase
  • fixed a bug in the integer decoder used by the tag system when decoding signed integers [help]
  • fixed issue #152 which was related to a race condition that caused a crash in IDA on windows
  • fixed issue #154 which allows the referrers of a function chunk to be accessed consistently in multiple versions of IDA

module: database

  • added support for the tinfo_t and struc_t to the parameters for database.set.structure [help]
  • added a couple more navigators to the database.address [help] namespace for navigating based on tags, blocks, or functions this namespace currently includes navigators for labels, comments, instructions (types, mnemonics, readable and writable operands), stack points and stack delta, references, and the type of an address
  • modified the database.search [help] namespace to use the new pattern api when searching or iterating through results this allows you to use binary pattern format with masks (i.e. "4? ?? ??") instead of just bytes types when searching.

module: function

  • fixed the function.chunk.owners implementation so that its compatible with all supported versions of IDA [help

module: custom and misc

  • the majority of the gui widgets are now accessible and scriptable from the ui module [help]
  • added the custom.tagfix.verify function [help] and related functionality for verifying the consistency of the tag cache