What's new:
- added the decompiler bindings
- Expose simpleline_t type to IDAPython. That lets the user to set the bgcolor & text for each line in the decompilation.
- Wrapped new functions from the IDA SDK
Various fixes:
for non-code locations, idc.GetOpnd() would create instructions instead of returning empty result
- idb_event::area_cmt_changed was never received in IDB_Hooks (and descendants)
- idb_event::ti_changed, and idb_event::op_ti_changed notifications were not accessible in IDAPython
- op_t.value was truncated to 32 bits under IDA64.
- print_tinfo() wouldn't return a valid string.
- readsel2() was not usable.
- read_selection() was buggy for 64-bit programs.
- StructMembers() considered holes in structures, and didn't properly iterate through the whole structure definition.
- There was no way to call calc_switch_cases() from IDAPython.
- when using multi-select/multi-edit choosers, erroneous event codes could be sent at beginning & end of batch deletion of lines.
- When, in a PluginForm#OnCreate, the layout of IDA was requested to change (for example by starting a debugging session), that PluginForm could be deleted and create an access violation.
- tinfo_t objects created from IDAPython could cause an assertion failure at exit time.
- Usage of IDAPython's DropdownListControl was broken.
What's new:
- Proper multi-threaded support
- Better PyObject reference counting with ref_t and newref_t helper classes
- Improved the pywraps/deployment script
- Added IDAViewWrapper class and example
- Added idc.GetDisasmEx()
- Added idc.AddSegEx()
- Added idc.GetLocalTinfo()
- Added idc.ApplyType()
- Updated type information implementation
- Introduced the idaapi.require() - see http://www.hexblog.com/?p=749
- set REMOVE_CWD_SYS_PATH=1 by default in python.cfg (remove current directory from the import search path).
Various bugfixes:
- fixed various memory leaks
- asklong/askaddr/asksel (and corresponding idc.py functions) were returning results truncated to 32 bits in IDA64
- fix wrong documentation for idc.SizeOf
- GetFloat/GetDouble functions did not take into account endianness of the processor
- idaapi.NO_PROCESS was not defined, and was causing GetProcessPid() to fail
- idc.py: insert escape characters to string parameter when call Eval()
- idc.SaveFile/savefile were always overwriting an existing file instead of writing only the new data
- PluginForm.Close() wasn't passing its arguments to the delegate function, resulting in an error.
- added MakeYword
- wrap obsolete IDA API functions too, so that old scripts continue to work
- added debugger trace related functions in idc.py
BUGFIX: IDAPython would fail with a cryptic error message if there was no free space on the current disk
BUGFIX: site-packages directory was missing from sys.path
BUGFIX: functions for working with additional lines (LineA/LineB etc) were broken
BUGFIX: GetFixup* functions from idc.py were broken
BUGFIX: IDA could not start if another python27.dll was present in PATH and importing site.py for that Python installation failed
BUGFIX: SaveBase() was broken
BUGFIX: IDAPython would fail with a cryptic error message if there was no free space on the current disk
BUGFIX: IDAPython: site-packages directory was missing from sys.path
BUGFIX: IDAPython: functions for working with additional lines (LineA/LineB etc) were broken
BUGFIX: IDAPython: GetFixup* functions from idc.py were broken
BUGFIX: IDAPython: IDA could not start if another python27.dll was present in PATH and importing site.py for that Python installation failed
BUGFIX: IDAPython: SaveBase() was broken
BUGFIX: Dbg/Idp hooks automatically unhook when hook object is not referenced anymore
note: these patches are already applied in IDAPython that comes with IDA Pro 6.4
- The Functions() generator function now accepts function tail start parameter
- Added into idc.py: DbgRead/DbgWrite/SetTargetAssembler and stack pointer related functions
- Wrapped more type info related functions
- IDA Pro 6.2 support
- added set_idc_func_ex(): it is now possible to add new IDC functions using Python
- added visit_patched_bytes() (see ex_patch.py)
- added support for the multiline text input control in the Form class
- added support for the editable/readonly dropdown list control in the Form class
- added execute_sync() to register a function call into the UI message queue
- added execute_ui_requests() / check ex_uirequests.py
- added add_hotkey() / del_hotkey() to bind Python methods to hotkeys
- added register_timer()/unregister_timer(). Check ex_timer.py
- added the IDC (Arrays) netnode manipulation layer into idc.py
- added idautils.Structs() and StructMembers() generator functions
- removed the "Run Python Statement" menu item. IDA now has a unified dialog.
Use RunPlugin("python", 0) to invoke it manually.
- better error messages for script plugins, loaders and processor modules
- bugfix: Dbg_Hooks.dbg_run_to() was receiving wrong input
- bugfix: A few Enum related functions were not properly working in idc.py
- bugfix: GetIdaDirectory() and GetProcessName() were broken in idc.py
- bugfix: idaapi.get_item_head() / idc.ItemHead() were not working
- ph_get_operand_info() would crash IDA sometimes
- idc.SetBptCond() was broken
- idc.GetFunctionCmt() was memory leaking
- Form.GetFieldValue() was failing for numeric controls
- Exceptions originating from the director classes will be displayed
And other minor mods...
- Introduced the CLI '?' pseudo-command to retrieve doc strings
- Introduced the CLI '!' pseudo-command to shell execute a command
- Added IDP/assemble notification event
- bugfix: High 64 bit addresses were not parsed correctly in IDA64
- bugfix: AskUsingForm() C function was not wrapped by SWIG
- NextHead()/PrevHead() have optional 2nd parameter now
- Added AskUsingForm() with embedded forms support (check ex_askusingform.py example and formchooser.py in the SDK)
- Added idautils.DecodePreviousInstruction() / DecodePrecedingInstruction()
- Added idc.BeginTypeUpdating() / EndTypeUpdating() for fast batch type update operations
- Added more IDP callbacks
- Added UI_Hooks with a few notification events
- Added idaapi.process_ui_action() / idc.ProcessUiAction()
- Added netnode.index() to get netnode number
- Better handling of ea_t values with bitwise negation
- Execute statement hotkey (Ctrl-F3), script timeout, and other options are now configurable with Python.cfg
- bugfix: idaapi.msg() / error() and warning() so they don't accept vararg
- bugfix: processor_t.id constants were incorrect
- bugfix: get_debug_names() was broken with IDA64
- Various bugfixes
- Fixed idaapi.msg() / error() and warning() so they don't accept vararg
- Fixed processor_t.id constants
- idaapi.BasicBlock and FlowChart are now new-style classes
- IDA 6.0 support
- Python CLI now prints expression evaluation result (no need to use print())
- Changed Alt-8 to Ctrl-F3 (because it conflicts with window switching key Alt+n)
- Added get_highlighted_identifier()
- Added PluginForm class to allow UI development with either PyQt4 or PySide
- Added idautils.Entries() to enumerate entrypoints
- idc / AddConst() was broken
- Minor fixes
idaapi.cvar.database_idb seems to point to a realloc'ed buffer. When IDA is working on an IDB stored in a directory with a long path and a second IDB with a shorter path is loaded, the buffer will be overwritten with the new path to the IDB, which will end in "\x00" and the leftovers of the older, longer path will follow.
The problem with GetIdbPath() is that it returns the whole bufer, NULL and "leftovers" included, which leads to trouble in Python. Specifically some functions like os.path.splitext which will look for the extension starting from the end of the buffer and will return an invalid split.
The patch simply post-processes the contents of idaapi.cvar.database_idb returning a Python string with all characters up to the "\x00"
- wrapped print_type
- minor mods to idc.py
- added idautils.GetIdbDir
- added Names()
- added Modules()
- added idautils.peutils_t()
- simplecustviewer_t.GetLineNo() now returns -1 on failure
- idc.py / setregval: it was not possible to set register values > 0x7fffffff
- added AUTHORS.txt and changed the banner
- IDAPython_ExecFile() will print script execution errors to the log window too
- added 'ph' into idaapi. It is a replacement for idaapi.cvar.ph
- added runscript to init.py for backward compatibility
- added cli_t support
It is now possible to identify the registers of a decoded instruction with:
cmd = DecodeInstruction(here())
if cmd[0].is_reg(proc_regs.eax): print "EAX is used"
or something like:
if cmd[1].is_reg(proc_regs.al): print "al is used"