Ghidra   10.0 BETA Release

Version Link SHA-256 Notes Date
10.0beta ghidra_10.0-BETA_PUBLIC_20210521.zip f549dfccd0f106f9befb0b5afb7f2f86050356631b29bc9dd15d7f0333acbc7e Notes 2021-05-21

Ghidra 10.0 BETA - What's New

Projected Ghidra 10.0 Final Release

We anticipate pushing out the final Ghidra 10.0 release sometime towards mid to end of June 2021. We appreciate any feedback you can provide, especially in any new feature areas such as the debugger, and thanks for all your contributions and feedback you've already given!

Debugger

With the release of Ghidra 10.0-BETA, we are excited to officially introduce our new Debugger. It is still geared primarily for user-mode application debugging on Linux and Windows; however, you may find its components usable in other scenarios. To get started, please Ghidra Functionality / Debugger / Getting Started in the Help. For most, it is as easy as importing your program, opening it with the Debugger tool, and clicking the "bug" icon in the main toolbar. The Debugger's features include:

  • Debugging user-mode Windows applications on x64 hosts via dbgeng.dll/WinDbg (including 32-bit x86 applications via WoW64)
  • Debugging user-mode Linux applicaitons on amd64/x86_64 hosts via GDB (including 32-bit i686/x86 applications)
  • Quick launch to locally debug the current program
  • Recording of observations from a live debug session into a Ghidra Trace database
    • NOTE: We do not currently plan to support Trace database upgrades in future releases
  • Sharing of Trace databases via a Ghidra server
  • Time-travel(-like) exploration and annotation of Trace databases.
    • Includes capture of memory and register values over time
    • Utilizes p-code emulation to interpolate and extrapolate ahead of the target
  • Export a Trace's memory / listing (at a given time) to ASCII, Binary, HTML, Intel Hex, and XML

New Views:

  • Targets list for managing platform debugger connections
  • Interpreter Panel for accessing the platform debugger's command-line interface
  • Console Panel for viewing log messages and resolving problems
  • Objects Tree for accessing and commanding the platform debugger via a graphical user interface
    Includes Resume, Interrupt, Step, Launch, etc.
  • Dynamic Listing for viewing and annotating memory in a Trace
  • Breakpoint management:
  • Breakpoints viewer showing breakpoints from all live sessions, as well as breakpoints bookmarked in Program databases
  • Dynamic Listing actions permitting placement, toggling, and removal of breakpoints at the current address
  • (Static) Listing actions permitting the bookmarking, placement, toggling, and removal of breakpoints
  • Registers Table for viewing and annotating values in a Trace and/or modifying values of the target
  • Watches Table for evaluating SLEIGH expressions on the Trace or target machine state
    • NOTE: Dependent registers and memory are captured to the Trace, if recording from a live target
  • Stack / Frame Table for navigating frame contexts
  • Threads Timeline for listng threads and for navigating thread and time contexts
  • Modules Table for viewing modules and sections, and for mapping live Trace addresses to static Program database addresses
  • P-code Stepper/Emulator for debugging SLEIGH language specifications in-situ
  • Memory/Time plotter for viewing trace events

New APIs:

  • Trace database (backs our time-travel features and populates our machine-state UIs)
  • Platform debugger model (our abstraction of platform debuggers into a reflexive API)
  • Abstract SLEIGH / p-code execution (backs our emulation, trace interpolation, and SLEIGH watches)

Nascent support for the following:

  • Other modes, including kernel-mode, and remote debugging, as supported by the platform debugger.
    • WARNING: Ghidra's Trace recorder may not know how to cope with the environment and objects presented, causing it to behave poorly, e.g., it may greedily record things, exhaust resources, crash Ghidra, crash your debugger, crash your target, etc.
  • Connection to WinDbg Preview (via dbgmodel.dll) on Windows
  • Connection to a JVM or DalvikVM via JDI (JDWP)
  • Support for tracing the following architectures via GDB: arm, m68k, mips, powerpc (depending on versions and variants)
  • Support for tracing the following architectures via JDI: Java, Dalvik (depending on versions and variants)

User-defined Compiler Specification Extensions

Ghidra 10.0 adds support for user-defined extensions to the compiler specification assigned to a specific Program. In particular, users can now define their own:

  • Calling Conventions - which inform analyis and decompilation how parameters are passed between functions,
  • Call-Fixups - which substitute behavior for specific CALLs when analyzing a function that makes them, and
  • Callother-Fixups - which substitute behavior for certain Instructions when analyzing a function that contains them.

Prior releases only provided compiler specifications statically via .cspec files in the distribution. The new extensions are stored as part of the Program and can be added or adjusted dynamically as users build up their understanding. Extensions can be added from the Specification Extensions tab under the Options dialog for the Program.


Prototype Class Recovery From RTTI

A new prototype script RecoverClassesFromRTTIScript which recovers class information using RTTI structures has been added. The script recovers class hierarchy, inheritance types, constructors and destructors, class data types, and more. If available, pdb information is used to help fill in class structures with known names and types for class member data. If PDB is unavailable, the decompiler structure recovery is utilized to populate class data structure members.

    NOTE: As this is a prototype script, the location, names, layout of data types, and default virtual function names created by this script are likely to change in the future once an official design for Object Oriented representation is determined.

    NOTE: Windows class recovery is fairly complete and tested, however GCC class recovery is still in early development. GCC class data types have not been recovered yet but if the program has DWARF, there will be some amount of data recovered by the DWARF analyzer in the DWARF data folder.

    NOTE: For best results, run this script on freshly imported and analyzed programs. No testing has been done on programs previously imported with pre-existing user mark-up.


PDB Symbol Server

Managing and applying PDB files has a much improved GUI, including support for multiple symbol server locations.


Saved Analysis Options Configuration

Analysis options configurations can be saved by name and quickly changed using a new feature in the Analysis configuration menu. The last used named configuration will be used as the default option the next time a program is analyzed even after exiting Ghidra. This can be useful to disable one or more options, such as Stack Analysis, if the analyzer is providing poor results or the analysis is not desired for a type of binary you will be working with. For example some analysis options should be turned off by default for all suspect malware binaries on the first pass to avoid issues with some types of obfuscation.

Graphs

Data types can get complicated and might have many references to other data structures, either by declaring them as a field or as a pointer at another data type. A general graph of data type relationships from the Data Type manager has been added. In addition defined data structures in memory can be graphed by following all references to other defined data or code using the Graph->Data menu.

A new favored edge and associated layout has been added for hierarchical graphs. This edge can help closely align graph nodes that should be arranged more closely to a neighboring node, for example the node from a fall-thru edge should be arranged closer than from a branching edge.


Structure/Union Changes

A significant refactor of the Composite datatype interfaces and internals has been completed which affects Structures and Unions. The changes are intended to provide a more understandable API and allow an alignment to be specified for non-packed composites (aka, composites with internal alignment disabled).

Editor Changes

Previously, the editor contained an Align checkbox which determined if packing should be performed or not. This checkbox has been replaced by a checkbox adjacent to the pack choices (i.e., enable/disable packing). Generally, this setting would be "not-checked" (i.e., disabled) when reverse-engineering the content of a structure so that components may be placed at specific offsets. Only when there is a complete understanding of all components, as conveyed by a source header file, should this be enabled with the appropriate pack and align settings specified. In addition, when pack is enabled it is important that the component datatypes eimit the correct alignment to ensure proper placement during packing.

The align setting may know be used when packing is disabled with the composite adopting the specified alignment. The default alignment for a non-packed composite is 1 which is consistent with the current behavior in Ghidra 9.x.

Composite API Changes

The various pack and align methods of the Composite (i.e., Structure and Union) API have been changed extensively. Since these changes were primarly intended to "cleanup" the interface it was decided not eliminate (not depricate) the old methods. It was felt leaving them in place would only confuse matters when attempting to understand the new interface. It is also believed that most uses of the API generally do not utilize the pack and align settings which should minimize the impact to existing user code.

Gradle

The build infrastructure has been moved to version gradle 6.8 or later. If you wish to build Ghidra, you will need to move to at least gradle 6.8.x

New Processors

We are working on .NET/CIL that may make it into the final 10.0 release, but most likely into 10.1

Binary Exporter

New exporters that write programs imported with the PE and ELF loaders back to their original file layout have been added. Any file-backed bytes that were modified by the user in the program database will be reflected in the written file. Bytes that are part of the import process such as relocations or modified Memory Maps are not currently handled.

Bug Fixes and Enhancements

Numerous other bug fixes and improvements are fully listed below.

Change Log

Ghidra 10.0 BETA Change History (May 2021)

New Features

  • Debugger. Introduced the Debugger, along with GDB and dbgeng.dll connectors for debugging user-mode applications on Linux and Windows, respectively. The UI includes threads, timeline, modules, memory, registers, watches, etc., for examining and controlling debug targets. See Help -> Contents -> What's New for more details. (GP-986)
  • Exporter. Added new exporters that write programs imported with the PE and ELF loaders back to their original file layout. Any file-backed bytes that were modified by the user in the program database will be reflected in the written file (except on relocations). Writing back a modified Memory Map is not supported. (GP-786, Issue #1501, #1505, #19)
  • Graphing. Added Graph -> Data actions to the Code Browser, allowing visualization of specified pointer relationships in a graph. (GP-194)
  • Scripting. Added prototype RecoverClassesFromRTTIScript and that uses RTTI information to enhance Ghidra's knowledge of class hierarchy, class member function types (constructors, destructors, deleting destructors, clones) and class member data. The script will label and put member functions into correct class namespace and apply new class structures created either using PDB information, if available, or Decompiler pcode information. (GP-339)
  • Scripting. Created a script to allow users to search for image base offsets to the current cursor location in 32-bit and 64-bit programs. (GP-863)

Improvements

  • Analysis. Function signatures, including return types and argument data types, are now decoded from CLI Metadata for .NET binaries. (GP-327)
  • Analysis. Switched #Strings table processing from ASCII to UTF-8 for CIL binaries. (GP-330, Issue #423)
  • Analysis. Added Constant, Assembly, and AssemblyRef blob processing for CIL binaries. (GP-465)
  • Analysis. Added the Variadic Function Signature Override analyzer, which identifies functions that take a format string as a parameter and applies the correct signature override at each call site. (GP-516)
  • Analysis. Added ability to save and easily reuse analysis options in customer-defined configurations. (GP-544, Issue #2182, #312)
  • Analysis. Ghidra analysis is now aware of more PE/Windows non-returning functions. (GP-733, Issue #2111)
  • Analysis. ResolveX86orX64LinuxSyscallsScript now properly marks non-returning syscalls. (GP-868, Issue #2761)
  • API. Revised Structure and Union API, and associated editor, to eliminate the use of the terms Unaligned/Aligned in favor of a packing enablement designation. Also corrected various change notification issues which may improve archive synchronization and merge behavior. (GP-862, Issue #2681)
  • API. Renamed Datatype.isDynamicallySized() to DataType.hasLanguageDependantLength() to avoid confusion. This method is used internally to differentiate between fixed-length types and those whose length is determined by the compiler specification's data organization (e.g., pointers). (GP-932)
  • Basic Infrastructure. Improved error reporting when trying to launch Ghidra from the git repo without Eclipse having compiled it. (GP-815, Issue #2872)
  • Build. Command gradle -I gradle/support/fetchDependencies.gradle init now downloads the Function ID datasets from the ghidra-data GitHub repository so they will be automatically included in development mode and custom builds. (GP-678, Issue #1007)
  • Build. Performing a gradle clean no longer deletes downloaded dependencies. The top-level flatRepo directory has been replaced with the dependencies directory. (GP-811, Issue #1663)
  • Build. Ghidra now requires Gradle 6.0 or later to build. Gradle 7.x is now supported. (GP-849, Issue #2949)
  • Data Types. Added support for hexadecimal byte offset display within composite bitfield view. (GP-910, Issue #2959)
  • Decompiler. Decompiler analysis now automatically identifies and displays loop variables using standard for-loop syntax. When a loop variable is discovered, a condition, iteration, and optional initializer statement are displayed at the top of the loop. (GP-565)
  • Decompiler. Added the Max Instructions per Function Decompiler tool option, specifying the maximum number of instructions the Decompiler will decode in a single function before throwing an exception. Previously this, had been a hard-coded limit. (GP-767, Issue #2557)
  • Decompiler. The Decompiler now propagates datatypes across signed comparison operations, so constant integer and enum values display correctly. (GP-802, Issue #2565)
  • Demangler. Updated the Gnu Demangler Analyzer options to provide a list of available formats from which to choose. (GP-94, Issue #2214)
  • Demangler. Updated the GNU Demangler's Namespace-building to improve analysis performance. (GP-706, Issue #2509)
  • Demangler. Improved Demangler error checking and reporting to give underlying cause of failure. (GP-850)
  • Documentation. Added basic instructions on how to install, build, and develop Ghidra to README.md. (GP-847)
  • DWARF. Improved speed and memory usage when importing large DWARF binaries. (GP-419)
  • DWARF. Added M68000/SVR4 DWARF register mappings. (GP-556, Issue #1610)
  • DWARF. Improved handling of zero-length structure components during DWARF processing. (GP-851, Issue #2191)
  • Exporter. Made various improvements and bug fixes and to the IDA Pro exporter. (GP-831, Issue #1897, #2788, #2882, #2891)
  • FileSystems. Added support for recognizing unencrypted DMG files. (GP-845)
  • Framework. Added support for program-specific extensions to a compiler specification. Users can now define their own calling conventions and call-fixups to integrate into decompilation and other analysis (see help for Specification Extensions). (GP-653)
  • Graphing. Added capability to collapse and expand nodes in the default graph display. (GP-371)
  • Graphing. Upgraded jungrapht to version 1.1. (GP-377)
  • Graphing. Refactored graph exporters into a more extensible framework. (GP-440)
  • Graphing. Graph layout algorithms can now be chosen programmatically. (GP-551)
  • Graphing. Created additional modified versions of the MinCross layout algorithms, all named to start with Vertical Hierarchical Min-Cross, so that they accept a favoredEdge predicate. When an edge is favored, a pass though the graph layers attempts to align those edges vertically. (GP-625)
  • Graphing. Added an option to change the background color of the Function Graph window. (GP-760, Issue #1324)
  • Graphing. Updated Function Graph edge routing when applying the Use Condensed Layout option to reduce edges being clipped by vertices. (GP-768)
  • Graphing. Added option to disable the lightening of edges in the Function Graph. (GP-769, Issue #1106)
  • Graphing. Added a distinct visual edge highlight beyond just a different color for graph edge selection. (GP-793, Issue #2953)
  • Graphing. Added Display as Graph action to the Datatype Manager, allowing visualization of embedded and referenced types of the selected type(s). (GP-808)
  • Graphing. Fixed function graph bug that prevented the satellite view from showing the primary view lens. Fixed a layout bug that allowed from some vertices to get clipped when condensing the graph. (GP-940)
  • Graphing. Added Vertex and Edge attributes to GraphML export format. (GP-957, Issue #2958)
  • GUI. Added new Copy Special actions: Python Byte String, Python List, and C Array. (GP-210, Issue #744)
  • GUI. Updated the Listing to allow structure members to display Plate Comments. (GP-421, Issue #2091)
  • GUI. Copy/Pasting and Dragging data types now uses a progress monitor. (GP-422, Issue #2379)
  • GUI. Added right-click menu Data -> Save Image action to allow user to export embedded graphic resource images. (GP-426)
  • GUI. Changed Symbol Comment Annotation to use the existing symbol when available. This allows for the direct navigation of that symbol's address instead of using the search feature of the Go To Service. (GP-675)
  • GUI. Added the Shift-F10 keybinding to allow users to show the popup context menu over the currently focused item. The Menu Key can also be used on supporting keyboards. (GP-732, Issue #2790)
  • GUI. Fixed/Improved the behavior of global menu items and toolbar items with respect to which windows they appear in. These actions can now easily be configured to be either 1) only in menu bar and tool bar of the main window, 2) in the menu bar and tool bar of all windows, or 3) only the windows that have components that generate the type of context that the action consumes. Added methods to the ActionBuilder class to support these three options. Also, updated numerous actions to make sure they appear in the appropriate windows. (GP-759)
  • GUI. Improved overall UI responsiveness when performing analysis with the Symbol Table open. (GP-788)
  • GUI. Updated the Function Tags table column so that it may be used in most Ghidra tables. (GP-816, Issue #2873)
  • GUI. Updated the Defined Strings view to reload less frequently during auto-analysis. (GP-835, Issue #2889)
  • GUI. Updated function hovering in the Decompiler to find the correct function tooltip when multiple functions exist with the same name. (GP-959, Issue #2604)
  • Importer:ELF. Added markup to ELF import for .note.gnu.build-id and .gnu_debuglink sections. (GP-468)
  • Importer:ELF. Added ELF import support for SHN_MIPS_TEXT and SHN_MIPS_DATA symbol section index values and provided ability for other processor-specific ELF extensions to resolve ELF symbol memory addresses. (GP-664)
  • Importer:Mach-O. Improved support for Mach-O object files. (GP-700)
  • Importer:PE. CustomAttrib blobs in CLI/.NET metadata are now decoded. (GP-414)
  • Importer:PE. Created proper external references for PE Delay Load Imports. (GP-674, Issue #2554, #2623)
  • Importer:PE. PeLoader can now read and interpret the .pdata section of PE files that include exception handling data. (GP-729)
  • Listing. Improved Listing view performance, especially noticeable on functions with excessively large stack frames. (GP-268, Issue #109, #2351)
  • Listing. Added a tool option to hide function auto-comments that appear, trailing a function call in the Listing. (GP-752)
  • PDB. Improved Ghidra's ability to find and pull PDB files from symbol servers and symbol storage locations. (GP-42)
  • Processors. Added support for register alias specification within processor spec (*.pspec). Added WREG register aliases for PIC24 processor variants. (GP-901, Issue #2956)
  • Processors. Fixed issue with the PPAGE register not being properly restored after CALL instructions in the HCS12 processor. (GP-920, Issue #1099)
  • Processors. Fixed HCS12 IDX1 addressing with negative immediate values. (GP-937, Issue #3008)
  • Processors. Fixed V850 multiply-by-immediate calculation that produced an incorrect value when the fifth bit was set. (GP-939, Issue #2970)
  • References. Improved performance of reference management for special cases when large a number of references from the same address exist (e.g., entry point designation). (GP-696)
  • Scripting. ExportImageScript now exports all images within a user-selected region to files within a user-selected folder. (GP-231)
  • Scripting. Improved TableChooserDialog, allowing multiple rows to be processed at once. (GP-676)
  • Scripting. Updated the TableChooserDialog to allow clients to set the default column sort. (GP-792)
  • Scripting. Added Python script comment block support. (GP-843, Issue #1484, #2846)
  • Sleigh. Debug info for Sleigh constructors now includes source file names. (GP-233)
  • Sleigh. The Sleigh compiler now issues a warning if it generates a temporary varnode which might be large enough to overlap another temporary varnode. (GP-520)

Bugs

  • Analysis. Fixed how managed code entry points in .NET binaries with CIL entry points are detected and labeled. (GP-319)
  • Analysis. Can now process implementation-specific data structures for Microsoft CIL compilers. (GP-461)
  • Analysis. Corrected processing for pointers, function pointers, custom modifiers, ValueTypes, static methods, MethodRefs, MethodDefs, and PInvokes found in .NET mixed binaries. (GP-656)
  • Analysis. Improved constant analysis speed when processing large binaries with a large amount of code not in defined functions, such as exception handlers. (GP-746, Issue #2509)
  • Analysis. When OverlayAddressSpace was refactored and Decompiler made aware of it for Ghidra 9.2, the VarnodeContext was not aware of the overlays. This was fixed and should eliminate the NullPointerException caused when the Symbolic Propagator calls the Varnode constructor. (GP-751, Issue #2785, #2787)
  • Assembler. Fixed assembler issue with delay-slotted instructions. (GP-587)
  • Assembler. Fixed assemble Patch Instruction action to work on listings other than the primary static listing. (GP-623)
  • Assembler. Modified assembler Patch Instruction action to ignore external symbols which produced bad offsets for instructions. (GP-645)
  • Basic Infrastructure. Fixed an issue with Ghidra and its supporting launch scripts not being able to run correctly on Windows when an ampersand was in the path. Also fixed an issue with svrAdmin.bat and buildGhidraJar.bat not working if the Ghidra path contained a space. (GP-693, Issue #1726, #1728)
  • Build. Building of pdb.exe on Windows now works if the path to the Ghidra repository contains a space. (GP-916, Issue #2998)
  • Build. Corrected GPL DMG module build to properly utilize the jar dependencies included within the repository and distribution. (GP-934)
  • C Parsing. The C-Parser bitfield parsing has been relaxed to allow declared bitfield sizes to exceed the base datatype size. The effective bitfield size may be clamped based upon the current data organization while preserving the declared size. (GP-558)
  • Data Types. Fixed a NullPointerException that occurred when trying to edit a function data type in a data type archive when there was no open program in the tool. (GP-356, Issue #2407)
  • Data Types. Corrected the retention of datatype archive search paths, which did not properly remember disabled paths. (GP-639)
  • Data Types. Fixed potential deadlock encountered when working with the DataTypes tree. (GP-774, Issue #2832)
  • Decompiler. Fixed endianess issue for joined, two-register returns of longlong values for MIPS 32-bit little endian variants. (GP-513)
  • Decompiler. The Decompiler no longer emits comments in the middle of conditional expressions. (GP-621, Issue #1670)
  • Decompiler. Fixed Redefinition of structure ... exceptions in the Decompiler caused by a PNG Image and other opaque datatypes. (GP-820, Issue #2734)
  • Decompiler. Fixed infinite loop in the Decompiler when analyzing return values. (GP-821, Issue #2851)
  • Decompiler. Fixed bug in the Decompiler's handling of enumerated data types causing Shared type id exceptions. (GP-895, Issue #2909)
  • DWARF. Fixed and consolidated DEX and DWARF implementations of LEB128. (GP-444, Issue #2512)
  • DWARF. Fixed unnecessary ELF header parsing when DWARF analyzer checks if it needs to run. Improved DWARF analyzer's run-once logic. (GP-695)
  • DWARF. Fixed issue with DWARF data type importing that could omit the definition of a structure. (GP-929)
  • Eclipse Integration. Fixed a GhidraDev bug that prevented Ghidra projects from recognizing extensions installed in the user's ~/.ghidra/.ghidra_<version>/Extensions directory. (GP-873)
  • Extensions. Changed classpath configuration to not contain paths of removed extension libraries. (GP-522, Issue #2637)
  • FileSystems. Fixed several issues with extracting and importing DYLIB files contained within a DYLD file system. (GP-719, Issue #2934, #682)
  • FileSystems. Fixed SevenZipFileSystem to correctly fail when opening password-protected archives. (GP-730)
  • FileSystems. Fixed Ext4 file system to correctly handle sparse files. (GP-871)
  • Graphing. Fixed IllegalArgumentException when showing a graph popup window after the source component was hidden. (GP-756, Issue #1643)
  • Graphing. Fixed bug that caused all address in a function graph node to be colored when only the entry point address had a color applied. (GP-757, Issue #1080)
  • Graphing. Fixed bug in graph dominance algorithm that could cause the Select -> Scoped Flow actions to go into an infinite loop. (GP-776, Issue #2836)
  • GUI. Fixed UI lock-up issue related to the Function Tags table. (GP-266, Issue #2366)
  • GUI. Fixed missing spaces in Front End multi-line log messages. (GP-463, Issue #2534)
  • GUI. Fixed the following modal dialog issues: z-order changing when showing a modal dialog over a detached window; focusing the incorrect window after showing a modal dialog; script progress dialog not getting placed behind input dialog; script dialogs appearing over different windows. (GP-628, Issue #2398, #2480)
  • GUI. Fixed NullPointerException encountered when creating a new category in the Data Types tree while the tree is filtered. (GP-745, Issue #2799)
  • GUI. Fixed Right Alt key that did not work for Ghidra actions on some Windows systems. (GP-747, Issue #2008)
  • GUI. Fixed Function Graph bug that caused some vertex text to get clipped when using wide address format width. (GP-755, Issue #1008)
  • GUI. Fixed bug in the Listing scroll bar that caused some screen reader software to deadlock. (GP-772, Issue #2820)
  • GUI. Fixed bug that caused the UI to freeze when clicking in the Program Tree UI. The bug manifested depending upon the contents of the system clipboard. (GP-775)
  • Importer:ELF. Added support for additional PIC30 ELF relocations (4, 5, 6) and improved register symbol resolution and markup. (GP-710, Issue #2792)
  • Importer:ELF. Changed processing of ELF absolute symbols (section ID 0xfff1) to treat them as constants by defining equates instead of memory symbols. (GP-902)
  • Importer:ELF. Corrected EXTERNAL symbol alignment for PIC24, PIC30, PIC33 during ELF import. The improperly aligned symbol addresses would cause incorrect external symbol references to appear on instructions (e.g., RCALL). (GP-906)
  • Importer:PE. Fixed error when importing a PE file with an uninitialized .textbss section. (GP-397, Issue #2496)
  • Importer:PE. Fixed a bug processing RUNTIME_INFO structures that caused a failure to load PE files under certain conditions when the list is empty. (GP-924, Issue #2995)
  • Installation. Renamed database db.Record class to db.DBRecord to avoid naming conflict with java.lang.Record class and potential import issues. (GP-193)
  • Jython. Fixed pasting multi-line strings into the Python interpreter panel. (GP-487, Issue #2456)
  • Listing. Fixed #US table processing to correctly interpret the string as UTF-16LE for CIL binaries. (GP-318)
  • Listing. Fixed a sporadic listing operand hover stacktrace bug. (GP-987)
  • PDB. Escaped more character strings in MSDIA pdb.exe XML output. (GP-578, Issue #1690)
  • Processors. Fixed various issues pertaining to x86 instruction prefixes. (GP-220, Issue #2286, #2297)
  • Processors. Refactored PPC interrupt returns to include return pcode statement. (GP-703)
  • Processors. Fixed issue with ARM VMRS instruction parsing in thumb. (GP-735, Issue #2750)
  • Processors. Corrected issue with M68000 floating point dynamic k-factor instruction semantics. (GP-736, Issue #2754)
  • Processors. Fixed instruction semantics for x86 MOVUPS instruction. (GP-744, Issue #2789)
  • Processors. Simplified SuperH div1 instruction. (GP-753, Issue #2864)
  • Processors. Corrected issue with ARM co-processor registers and the MCR instruction. (GP-761, Issue #2451)
  • Processors. Fixed issued with x86 INSx.rep and OUTSx.rep pcode ordering. (GP-766, Issue #2829)
  • Processors. Corrected addresses for PIC24 TBLPAG and PSVPAG registers. (GP-798, Issue #2844, #2855)
  • Processors. Corrected decoding of some MODR/M opcode bytes in x86. (GP-800, Issue #2504)
  • Processors. Updated 8085 processor definition to disassemble XRA HL instruction. (GP-818, Issue #2447)
  • Processors. Corrected missing optional rex.w prefix for x86 conditional jump instructions. (GP-837, Issue #1163)
  • Processors. Added CALLW, ASRF, LSLF, and LSRF instructions to PIC16 language. (GP-841, Issue #1362)
  • Processors. Made corrections to wr instruction for SPARC which in some cases did not write to the appropriate ASR register. (GP-928)
  • Sleigh. Fixed multiple errors in x64 vector operation semantics. (GP-799)