IDA 8.4 版本新年大更新！逆向工程界的瑞士军刀升级啦！

开年大吉，IDA 8.4版来袭，逆向界的小伙伴们，这是给你们的新年开工大礼，让我们在二进制代码的海洋里扬帆远航！🎁🔥👨‍💻

这次IDA 8.4版本的更新，对于从事iOS/macOS逆向分析的安全研究员和开发者尤其有益。IDA 更新增加了对Apple特有指令和系统寄存器的支持，极大提升了对ARM架构和iOS/macOS软件的分析准确性。

同时，对Rust编程语言的解析能力的增强，也使得从事Rust应用程序逆向和安全分析的专家能更有效地处理和理解Rust编译的二进制文件。

此外，Debugger的改进使得Android应用逆向工程师能在没有调试信息的情况下，更稳定地进行动态分析 Dalvik 指令。

而界面的现代化改进，则让所有从事逆向工程的专业人士在长时间工作中享受更佳的用户体验。

简单写写亮点更新，具体的更新请点击阅读原文 🎉

IDA 8.4 版本的亮点功能包括：

• 统一类型存储（ASMTIL）：新版本中，结构体、枚举和局部类型视图被整合到局部类型中，旨在简化类型操作流程。

• ARM/iOS 改进：增加对苹果特有指令和系统寄存器的支持，提高了在 iOS 和 macOS 软件上的逆向工程体验。

• 调试器升级：对最新版本的 Android 提供了更好的支持，增强了对没有调试信息应用的兼容性，并对远程调试服务器进行了更新，包括对 ARM64 Linux 的支持。

调试的时候也可以指定环境变量了。

• 界面现代化：图标和字体都进行了矢量化处理，提高了界面在不同缩放级别下的清晰度，并改善了通过触控板的滚动和缩放体验。

• 改进的图形布局：在处理大型函数时，图形布局更加清晰，边缘交叉减少。

• 改进对 Rust 元数据的解析：新增了一个插件用于解析 Rust 特有的数据和结构，同时支持 Rust 名字的解析。

• 其他各种处理器模块、文件格式、标准插件和内核等的更新和改进。

• 新增的 FLIRT 签名生成插件和对新的 SDK 接口的支持。

• 用户界面上增加了一些新的菜单项和上下文菜单选项，如“查找寄存器定义”和“查找寄存器使用”。

Full list of changes and new features:

Processor modules

• ARM: added some Apple-specific A64 system registers
• ARM: added support for most ARMv8.6-A instructions: FHM, BF16, SHA3, SHA512, SM3, SM4
• ARM: decode Apple-specific instructions used in iOS and macOS (GXF, AMX, SDSB etc.)
• ARM: detect calls in A64 mode when X30 (LR) points to the address after a branch
• ARM: expand the architecture settings dialog with explicit options for ARMv8-A, ARMv8-M and ARMv9
• ARM: improved handling of references to fields of structure instances
• ARM: improved xref creation for LDP and STP instructions
• PC: added decoding of new Sapphire Rapids instructions (UINTR and HRESET)
• PC: support x86 switch variation produced by GCC 4.8
• PPC: implemented a simple regtracker (regfinder)
• PPC: improved handling of references to fields of structure instances
• MIPS: added support of $s1 as frame register in mips16 functions
• MIPS: improved handling of references to fields of structure instances
• NEC850: implemented a simple regtracker (regfinder)
• NEC850: print the target for indirect jumps and calls (when available)
• NEC850: support a new switch pattern (uses 'bnc' after 'addi')
• TMS320C28X: added support for extended instructions (FPU, FPU64, VCU, VCRC, VCU-II, TMU, FINTDIV)

File formats

• MACHO: overhaul of the dyld shared cache module selection system
• MACHO: properly describe versioned arm64e ABI Mach-O files
• MACHO: support relocations provided by the __chain_starts section in Apple's firmware components (e.g. SPTM, TXM)
• MACHO: added support for dyld slide info version 5 (macOS 14.4)

FLIRT / TILS / IDS

• FLIRT: added signatures for icl 231 (Intel C++ 2023.1.0)
• FLIRT: go: runtime signatures for go1.22 (x86_64)
• FLIRT: go: startup and runtime signatures for go1.21 (x86_64)
• FLIRT: VC: added signatures for vc14.36 (Visual Studio 2022.16)
• FLIRT: VC: added signatures for vc14.37 (Visual Studio 2022::VC17.7)
• TIL: MacOSX12.0 SDK
• TIL: MacOSX13.0 SDK
• TIL: MacOSX14.0 SDK
• TIL: iPhoneOS15.0 SDK
• TIL: iPhoneOS16.4 SDK
• TIL: iPhoneOS17.0 SDK

Standard plugins

• makesig: new plugin to generate FLIRT signatures from the current database
• makesig: Added File > Produce file > Create SIG file... action
• DWARF: Handle oversized bitfield groups at the end of structures
• idaclang: parse __attribute__((annotate("...")))
• OBJC: added support for relative lists of properties and protocols (iOS17 optimization)
• OBJC: got rid of extra cast to 'Class' in the calls to objc_alloc() and objc_alloc_init()
• OBJC: handle object initialization using objc_opt_new
• OBJC: simplify calls to the 'objc_msgSend$method' helpers and add cross-references to destination method using the decompiler
• rust: new plugin for parsing rust-specific data and constructs (e.g. splitting merged string literals)
• rust: support demangling of both legacy and the v0 mangling format (RFC 2603)
• SWIFT: group functions by the module name; added an option to swift.cfg
• SWIFT: updated demangler for Swift 5.9

Kernel/Misc

• kernel: added a new analysis option "Merge strlits" (enabled by default, disabled for golang)
• kernel: allow constant with value 0 for bitmask enum if zero is not the only one constant in group and there is more than 1 group
• kernel: allow register names as struct/union member names.
• kernel: assume g++ 3.x (Itanium ABI) name mangling by default
• kernel: improve strlit discovery from cross-references
• kernel: parse __attribute__((annotate("...")))

Scripting & SDK

• IDAPython: implemented idc.sizeof(), equivalent of the IDC function
• IDAPython: improve doc and error message for ida_typeinf.calc_type_size()
• IDC: highlight more keywords in the script editor
• SDK: improved get_utf8_char() not to move the pointer past the terminating zero
• SDK: improved idb_event::local_types_changed to include more detailed info about the modified types
• SDK: renamed get_ordinal_qty -> get_ordinal_limit

UI

• UI: added "Find register definition" and "Find register use" to the IDA View context menu
• UI: debugger: added environment variables to the process options dialog
• UI: enable folders in the Functions window by default
• UI: FLIRT signatures can now be loaded from arbitrary location and not just IDA's sig folder
• UI: graph: add ability to select graph edges, in addition to nodes
• UI: graph: highlight item under mouse after jump on edge (when the animation stops)
• UI: graph: improved readability of the graph overview's focus area
• UI: highlight focused area in the mini graph view
• UI: improved displaying of string literals in terse structure view
• UI: improved Local Types view to be a complete replacement for assembler-style Enums and Structs (which are deprecated)
• UI: improved output of array of structs and output of varstruct (if last field is not empty)
• UI: improved output of terse struct with nested varstruct
• UI: improved wheel scrolling, to make it smoother (and more accurate)
• UI: new icon set, SVG-based and with a refreshed palette
• UI: reduce the delay when invoking 'Convert to array' action
• UI: save "Turn on sync