Welcome to Hex-Rays v1.2, with intrinsic function support. This release adds all intrinsic functions defined by Microsoft and Intel (with some exceptions), SSE scalar floatiing point support, local cross references, and other improvements. Please refer to the comparison page for side-by-side examples.
BIG NEWS
+ SSE scalar floating point support
+ Support for intrinsic functions (the decompiler recognizes more than 500 intrinsic functions from Microsoft and Intel)
+ New microcode preoptimization algorithm with O(n) complexity. It is much faster, especially on long basic blocks. For long basic blocks, it really makes a big difference, the analysis can be faster hundreds of times because the long basic block immediately gets optimized into something small without using the main propagation mechanism, which has O(n**2) complexity.
+ Local cross reference commands
NITPICKY DETAILS
+ added 'split' command to split too wide assignments
+ added support for signed magic divisions
+ all useless mov instructions are optimized away (before movs of aliased memory were preserved)
+ better detection of function return types: floating point flags are assumed to be never returned by functions
+ equivalent table jump instructions are collapsed into one instruction: this reduces the code complexity and speeds up the decompilation
+ functions having no fpu insns but returning a fp value (for example, as the result of a call to another function) were not detected as fpval returning functions
+ improved recognition of smod_power2
+ improved the speed of decompilation
+ objc_msgSend() and similar function prototypes are hardcoded into the decompiler to make the initial output better
+ segments with predefined names (.rdata, __const, etc) and considered to be readonly and the decompiler replaces references to such segments with the constant values from them
+ series of xchg/fxch instructions are handled better
+ strcpy() inlined with series of mov's is recognized
+ superfluous LOBYTE() and similar macros are removed, like in LOBYTE(x) & 1
+ 'jump to xrefs' command supports structure fields, labels, statement types, local variables. For example, it is possible to get a list of all references to 'myvar':
Type Line Col Pseudocode line
w 94 6 myvar = !(dwScanFlags & 1) && _this->m_dwStage != 1;
r 95 14 var30 = myvar;
r 96 11 if ( myvar )
FIXES
BUGFIX: __thiscall calls in the very first block of a function that also had the __thiscall calling convention were not detected
BUGFIX: bcc __fastcall functions returning a big structure were decompiled incorrectly (the hidden argument was located wrongly)
BUGFIX: calls were sometimes propagated too far
BUGFIX: could crash trying to decompile a fp constant reference
BUGFIX: decompilation of fragmented functions with fpu instructions could fail in some cases
BUGFIX: decompiler could interr because the type of the ternary operator was calculated inconsistently
BUGFIX: decompiler could interr trying to handle 64-bit comparisons
BUGFIX: decompiler could throw an exception if the cursor was positioned on some statement labels
BUGFIX: decompiler would interr if fpu conditional jump was optimized into unconditional jump
BUGFIX: div_power_2() rule could produce incorrect results
BUGFIX: fcomi and similar instructions were decompiled incorrectly
BUGFIX: fixed a quite subtle bug with nameless structs: a reference like p->gt;4.field (4 is the name of a nameless structure) could be split in the middle by the cpa module. this would lead to interr later because a reference like p->gt;4 is not good
BUGFIX: fixed a rare interr that could happen on complex functions (interr 656)
BUGFIX: functions tails belonging to multiple parents could cause an interr
BUGFIX: it was impossible to specify the representation of case values for synthetic switches (converted from a sequence of if's)
BUGFIX: it was still possible to convert numbers to 128-bit enums and get an interr
BUGFIX: LODWORD/HIDWORD macros were not used by the decompiler
BUGFIX: lvar allocation could crash
BUGFIX: lvar allocation could incorrectly reuse an old variable instead of creating a new one (rarely happened upon partial references to wide variables)
BUGFIX: non-zero deltas in user-defined offset were ignored by the decompiler
BUGFIX: precedence rules for * and post ++/-- operators were incorrect. the decompiler would generate **x++ instead of *(*x)++
BUGFIX: some 64-bit additions would be handled incorrectly (well, at least in theory)
BUGFIX: some 64-bit casts were erroneously removed: int64(i32)*j32 =>gt; i32*j32
BUGFIX: some nice constants that correspond to the assembly listing could still not be modified (converted to hex, etc)
BUGFIX: some signed divisions by a negative constant were not recognized
BUGFIX: the decompiler could use stale guessed type information because it was not updating its internal type storage on all database modifications
BUGFIX: the propagation could yield an incorrect result in some rare cases
BUGFIX: the representation of 'magic' division divisors could not be changed by the user
http://www.hex-rays.com/news1.shtml#100201
[课程]Linux pwn 探索篇!
