Ghidra   Releases

Version Link SHA-256 Notes Date
9.2 ghidra_9.2_PUBLIC_20201113.zip ffebd3d87bc7c6d9ae1766dd3293d1fdab3232a99b170f8ea8b57497a1704ff6 Notes 2020-11-13
9.1.2 ghidra_9.1.2_PUBLIC_20200212.zip ebe3fa4e1afd7d97650990b27777bb78bd0427e8e70c1d0ee042aeb52decac61 Notes 2020-02-12
9.1.1 ghidra_9.1.1_PUBLIC_20191218.zip b0d40a4497c66011084e4a639d61ac76da4b4c5cabd62ab63adadb7293b0e506 Notes 2019-12-18
9.1 ghidra_9.1_PUBLIC_20191023.zip 29d130dfe85da6ec45dfbf68a344506a8fdcc7cfe7f64a3e7ffb210052d1875e Notes 2019-10-23
9.0.4 ghidra_9.0.4_PUBLIC_20190516.zip a50d0cd475d9377332811eeae66e94bdc9e7d88e58477c527e9c6b78caec18bf Notes 2019-05-16
9.0.2 ghidra_9.0.2_PUBLIC_20190403.zip 10ffd65c266e9f5b631c8ed96786c41ef30e2de939c3c42770573bb3548f8e9f Notes 2019-04-03
9.0.1 ghidra_9.0.1_PUBLIC_20190325.zip 58ffa488e6dc57e2c023670c1dfac0469bdb6f4e7da98f70610d9f561b65c774 Notes 2019-03-25
9.0 ghidra_9.0_PUBLIC_20190228.zip 3b65d29024b9decdbb1148b12fe87bcb7f3a6a56ff38475f5dc9dd1cfc7fd6b2 Notes 2019-02-28

Change Log

Ghidra v9.2 (November 2020)

New Features

  • Graphing. A new graph service and implementation was created. The graph service provides basic graphing capabilities. It was also used to generate several different types of graphs including code block graphs, call graphs, and AST graphs. In addition, an export graph service was created that supports various formats. (GP-211)
  • PDB. Added a new, prototype, platform-independent PDB analyzer that processes and applies data types and symbols to a program from a raw (non-XML-converted) PDB file, allowing users to more easily take advantage of PDB information. (GT-3112)
  • Processors. Added M8C SLEIGH processor specification. (GT-3052)
  • Processors. Added support for the RISC-V processor. (GT-3389, Issue #932)
  • Processors. Added support for the Motorola 6809 processor. (GT-3390, Issue #1201)
  • Processors. Added CP1600-series processor support. (GT-3426, Issue #1383)
  • Processors. Added V850 processor module. (GT-3523, Issue #1430)

Improvements

  • Analysis. Increased the speed of the Embedded Media Analyzer, which was especially poor for large programs, by doing better checking and reducing the number of passes over the program. (GT-3258)
  • Analysis. Improved the performance of the RTTI analyzer. (GT-3341, Issue #10)
  • Analysis. The handling of Exception records found in GCC-compiled binaries has been sped up dramatically. In addition, incorrect code disassembly has been corrected. (GT-3374)
  • Analysis. Updated Auto-analysis to preserve work when encountering recoverable exceptions. (GT-3599)
  • Analysis. Improved efficiency when creating or checking for functions and namespaces which overlap. (GP-21)
  • Analysis. Added partial support of Clang for Windows. (GP-64)
  • Analysis. RTTI structure processing speed has been improved with a faster technique for finding the root RTTI type descriptor. (GP-168, Issue #2075)
  • API. The performance of adding large numbers of data types to the same category has been improved. (GT-3535)
  • API. Added the BigIntegerNumberInputDialog that allows users to enter integer values larger than Integer.MAX_VALUE (2147483647). (GT-3607)
  • API. Made JSON more available using GSON. (GP-89, Issue #1982)
  • Basic Infrastructure. Introduced an extension point priority annotation so users can control extension point ordering. (GT-3350, Issue #1260)
  • Basic Infrastructure. Changed file names in launch.bat to always run executables from System32. (GT-3614, Issue #1599)
  • Basic Infrastructure. Unknown platforms now default to 64-bit. (GT-3615, Issue #1499)
  • Basic Infrastructure. Updated sevenzipjbinding library to version 16.02-2.01. (GP-254)
  • Build. Ghidra's native Windows binaries can now be built using Visual Studio 2019. (GT-3277, Issue #999)
  • Build. Extension builds now exclude gradlew artifacts from zip file. (GT-3631, Issue #1763)
  • Build. Reduced the number of duplicated help files among the build jar files. (GP-57, Issue #2144)
  • Build. Git commit hash has been added to application.properties file for every build (not just releases). (GP-67)
  • Contrib. Extensions are now installed to the user's settings directory, not the Ghidra installation directory. (GT-3639, Issue #1960)
  • Data Types. Added mutability data settings (constant, volatile) for Enum datatype. (GT-3415)
  • Data Types. Improved Structure Editor's Edit Component action to work on array pointers. (GP-205, Issue #1633)
  • Decompiler. Added Secondary Highlights to the Decompiler. This feature allows the user to create a highlight for a token to show all occurrences of that token. Further, multiple secondary highlights are allowed at the same time, each using a unique color. See the Decompiler help for more information. (GT-3292, Issue #784)
  • Decompiler. Added heuristics to the Decompiler to better distinguish whether a constant pointer refers to something in the CODE or DATA address space, for Harvard architectures. (GT-3468)
  • Decompiler. Improved Decompiler analysis of local variables with small data types, eliminating unnecessary casts and mask operations. (GT-3525)
  • Decompiler. Documentation for the Decompiler, accessible from within the Code Browser, has been rewritten and extended. (GP-166)
  • Decompiler. The Decompiler can now display the namespace path (or part of it) of symbols it renders. With the default display configuration, the minimal number of path elements necessary are printed to fully resolve the symbol within the current scope. (GP-236)
  • Decompiler. The Decompiler now respects the Charset and Translate settings for string literals it displays. (GP-237)
  • Decompiler. The Decompiler's analysis of array accesses is much improved. It can detect more and varied access patterns produced by optimized code, even if the base offset is not contained in the array. Multi-dimensional arrays are detected as well. (GP-238, Issue #461, #1348)
  • Decompiler. Extended the Decompiler's support for analyzing class methods. The class data type is propagated through the this pointer even in cases where the full prototype of the method is not known. The methods isThisPointer() and isHiddenReturn() are now populated in HighSymbol objects and are accessible in Ghidra scripts. (GP-239, Issue #2151)
  • Decompiler. The Decompiler will now infer a string pointer from a constant that addresses the interior of a string, not just the beginning. (GP-240, Issue #1502)
  • Decompiler. The Decompiler now always prints the full precision of floating-point values, using the minimal number of characters in either fixed point or scientific notation. (GP-241, Issue #778)
  • Decompiler. The Decompiler's Auto Create Structure command now incorporates into new structures data-type information from function prototypes. The Auto Fill in Structure variant of the command will override undefined and other more general data-types with discovered data-types if they are more specific. (GP-242)
  • Demangler. Modified Microsoft Demangler (MDMang) to handle symbols represented by MD5 hash codes when their normal mangled length exceeds 4096. (GT-3409, Issue #1344)
  • Demangler. Upgraded the GNU Demangler to version 2.33.1. Added support for the now-deprecated GNU Demangler version 2.24 to be used as a fallback option for demangling. (GT-3481, Issue #1195, #1308, #1451, #1454)
  • Demangler. The Demangler now more carefully applies information if generic changes have been made. Previously if the function signature had changed in any way from default, the demangler would not attempt to apply any information including the function name. (GP-12)
  • Demangler. Changed MDMang so cast operator names are complete within the qualified function name, effecting what is available from internal API. (GP-13)
  • Demangler. Added additional MDMang Extended Types such as char8_t, char16_t, and char32_t. (GP-14)
  • Documentation. Removed Eclipse BuildShip instructions from the DevGuide. (GT-3634, Issue #1735)
  • FID. Regenerated FunctionID databases. Added support for Visual Studio versions 2017 and 2019. (GP-170)
  • Function Diff. Users may now add functions ad-hoc to existing function comparison panels. (GT-2229)
  • Function Graph. Added Navigation History Tool option for Function Graph to signal it to produce fewer navigation history entries. (GT-3233, Issue #1115)
  • GUI. Users can now view the Function Tag window to see all functions associated with a tag, without having to inspect the Listing. (GT-3054)
  • GUI. Updated the Copy Special action to work on the current address when there is no selection. (GT-3155, Issue #1000)
  • GUI. Significantly improved the performance of filtering trees in the Ghidra GUI. (GT-3225)
  • GUI. Added many optimizations to increase the speed of table sorting and filtering. (GT-3226, Issue #500)
  • GUI. Improved performance of bit view component recently introduced to Structure Editor. (GT-3244, Issue #1141)
  • GUI. Updated usage of timestamps in the UI to be consistent. (GT-3286)
  • GUI. Added tool actions for navigating to the next/previous functions in the navigation history. (GT-3291, Issue #475)
  • GUI. Filtering now works on all tables in the Function Tag window. (GT-3329)
  • GUI. Updated the Ghidra File Chooser so that users can type text into the list and table views in order to quickly jump to a desired file. (GT-3396)
  • GUI. Improved the performance of the Defined Strings table. (GT-3414, Issue #1259)
  • GUI. Updated Ghidra to allow users to set a key binding to perform an equivalent operation to double-clicking the XREF field in the Listing. See the Show Xrefs action in the Tool Options... Key Bindings section. (GT-3446)
  • GUI. Improved mouse wheel scrolling in Listing and Byte Viewers. (GT-3473)
  • GUI. Ghidra's action context mechanism was changed so that actions that modify the program are not accidentally invoked in the wrong context, thus possibly modifying the program in ways the user did not want or without the user knowing that it happened. This also fixed an issue where the navigation history drop-down menu did not represent the locations that would be used if the next/previous buttons were pressed. (GT-3485)
  • GUI. Updated Ghidra tables to defer updating while analysis is running. (GT-3604)
  • GUI. Updated Font Size options to allow the user to set any font size. (GT-3606, Issue #160, #1541)
  • GUI. Added ability to overlay text on an icon. (GP-41)
  • GUI. Updated Ghidra options to allow users to clear default key binding values. (GP-61, Issue #1681)
  • GUI. ToggleDirectionAction button now shows in snapshot windows. (GP-93)
  • GUI. Added a new action to the Symbol Tree to allow users to convert a Namespace to a Class. (GP-225, Issue #2301)
  • Importer. Updated the XML Loader to parse symbol names for namespaces. (GT-3293)
  • Importer:ELF. Added support for processing Android packed ELF Relocation Tables. (GT-3320, Issue #1192)
  • Importer:ELF. Added ELF import opinion for ARM BE8. (GT-3642, Issue #1187)
  • Importer:ELF. Added support for ELF RELR relocations, such as those produced for Android. (GP-348)
  • Importer:MachO. DYLD Loader can now load x86_64 DYLD from macOS. (GT-3611, Issue #1566)
  • Importer:PE. Improved parsing of Microsoft ordinal map files produced with DUMPBIN /EXPORTS (see Ghidra/Features/Base/data/symbols/README.txt). (GT-3235)
  • Jython. Upgraded Jython to version 2.7.2. (GP-109)
  • Listing. In the PCode field of the Listing, accesses of varnodes in the unique space are now always shown with the size of the access. Fixed bug which would cause the PCode emulator to reject valid pcode in rare instances. (GP-196)
  • Listing:Data. Improved handling and display of character sequences embedded in operands or integer values. (GT-3347, Issue #1241)
  • Multi-User:Ghidra Server. Added ability to specify initial Ghidra Server user password (-a0 mode only) for the svrAdmin add and reset commands. (GT-3640, Issue #321)
  • Processors. Updated AVR8 ATmega256 processor model to reflect correct memory layout specification. (GT-933)
  • Processors. Implemented semantics for vstmia/db vldmia/db, added missing instructions, and fixed shift value for several instructions for the ARM/Thumb NEON instruction set. (GT-2567)
  • Processors. Added the XMEGA variant of the AVR8 processor with general purpose registers moved to a non-memory-mapped register space. (GT-2909)
  • Processors. Added support for x86 SALC instruction. (GT-3367, Issue #1303)
  • Processors. Implemented pcode for 6502 BRK instruction. (GT-3375, Issue #1049)
  • Processors. Implemented x86 PTEST instruction. (GT-3380, Issue #1295)
  • Processors. Added missing instructions to ARM language module. (GT-3394)
  • Processors. Added support for RDRAND and RDSEED instructions to x86-32. (GT-3413)
  • Processors. Improved x86 breakpoint disassembly. (GT-3421, Issue #872)
  • Processors. Added manual index file for the M6809 processor. (GT-3449, Issue #1414)
  • Processors. Corrected issues related to retained instruction context during a language upgrade. In some rare cases this retained context could interfere with the instruction re-disassembly. This context-clearing mechanism is controlled by a new pspec property: resetContextOnUpgrade. (GT-3531)
  • Processors. Updated PIC24/PIC30 index file to match latest manual. Added support for dsPIC33C. (GT-3562)
  • Processors. Added missing call-fixup to handle call side-effects for 32 bit gcc programs for get_pc_thunk.ax/si. (GP-10)
  • Processors. Added ExitProcess to PEFunctionsThatDoNotReturn. (GP-35)
  • Processors. External Disassembly field in the Listing now shows Thumb disassembly when appropriate TMode context has been established on a memory location. (GP-49)
  • Processors. Changed RISC-V jump instructions to the more appropriate goto instead of call. (GP-54, Issue #2120)
  • Processors. Updated AARCH64 to v8.5, including new MTE instructions. (GP-124)
  • Processors. Added support for floating point params and return for SH4 processor calling conventions. (GP-183, Issue #2218)
  • Processors. Added semantic support for many AARCH64 neon instructions. Addresses for register lanes are now precalculated, reducing the amount of p-code generated. (GP-343)
  • Processors. Updated RISCV processor to include reorganization, new instructions, and fixes to several instructions. (GP-358, Issue #2333)
  • Program API. Improved multi-threaded ProgramDB access performance. (GT-3262)
  • Scripting. Improved ImportSymbolScript.py to import functions in addition to generic labels. (GT-3249, Issue #946)
  • Scripting. Python scripts can now call protected methods from the GhidraScript API. (GT-3334, Issue #1250)
  • Scripting. Updated scripting feature with better change detection, external jar dependencies, and modularity. (GP-4)
  • Scripting. Updated the GhidraDev plugin (v2.1.1) to support Python Debugging when PyDev is installed via the Eclipse dropins directory. (GP-186, Issue #1922)
  • Sleigh. Error messages produced by the SLEIGH compiler have been reformatted to be more consistent in layout as well as more descriptive and more consistent in providing line number information. (GT-3174)

Bugs

  • Analysis. Function start patterns found at 0x0, function signatures applied from the Data Type Manager at 0x0, and DWARF debug symbols applied at 0x0 will no longer cause stack traces. In addition, DWARF symbols with zero length address range no longer stack trace. (GT-2817, Issue #386, #1560)
  • Analysis. Constant propagation will treat an OR with zero (0) as a simple copy. (GT-3548, Issue #1531)
  • Analysis. Corrected Create Structure from Selection, which failed to use proper data organization during the construction process. This could result in improperly sized components such as pointers and primitive types. (GT-3587)
  • Analysis. Fixed an issue where stored context is initializing the set of registers constantly. (GP-25)
  • Analysis. Fixed an RTTI Analyzer regression when analyzing RTTI0 structures with no RTTI4 references to them. (GP-62, Issue #2153)
  • Analysis. Fixed an issue where the RTTI analyzer was not filling out RTTI3 structures in some cases. (GP-111)
  • API. Fixed NullPointerException when attempting to delete all bookmarks from a script. (GT-3405)
  • API. Updated the Class Searcher so that Extension Points found in the Ghidra/patch directory get loaded. (GT-3547, Issue #1515)
  • Build. Updated dependency fetch script to use HTTPS when downloading CDT. (GP-69, Issue #2173)
  • Build. Fixed resource leak in Ghidra jar builder. (GP-342)
  • Byte Viewer. Fixed Byte Viewer to correctly load the middle-mouse highlight color options change. (GT-3471, Issue #1464, #1465)
  • Data Types. Fixed decoding of static strings that have a character set with a smaller character size than the platform's character size. (GT-3333, Issue #1255)
  • Data Types. Correctly handle Java character sets that do not support the encoding operation. (GT-3407, Issue #1358)
  • Data Types. Fixed bug that caused Data Type Manager Editor key bindings to get deleted. (GT-3411, Issue #1355)
  • Data Types. Updated the DataTypeParser to handle data type names containing templates. (GT-3493, Issue #1417)
  • Data Types. Corrected pointer data type isEquivalent() method to properly check the equivalence of the base data type. The old implementation could cause a pointer to be replaced by a conflicting pointer with the same name whose base datatype is not equivalent. This change has a negative performance impact associated with it and can cause additional conflict datatypes due to the rigid datatype relationships. (GT-3557)
  • Data Types. Improved composite conflict resolution performance and corrected composite merge issues when composite bitfields and/or flexible arrays are present. (GT-3571)
  • Data Types. Fixed bug in SymbolPathParser naive parse method that caused a less-than-adequate fall-back parse when angle bracket immediately followed the namespace delimiter. (GT-3620)
  • Data Types. Corrected size of long for AARCH64 per LP64 standard. (GP-175)
  • Decompiler. Fixed bug causing the Decompiler to miss symbol references when they are stored to the heap. (GT-3267)
  • Decompiler. Fixed bug in the Decompiler that caused Deleting op with descendants exception. (GT-3506)
  • Decompiler. Decompiler now correctly compensates for integer promotion on shift, division, and remainder operations. (GT-3572)
  • Decompiler. Fixed handling of 64-bit implementations of alloca_probe in the Decompiler. (GT-3576)
  • Decompiler. Default Decompiler options now minimize the risk of losing code when renaming or retyping variables. (GT-3577)
  • Decompiler. The Decompiler no longer inherits a variable name from a subfunction if that variable incorporates additional data-flow unrelated to the subfunction. (GT-3580)
  • Decompiler. Fixed the Decompiler Override Signature action to be enabled on the entire C-code statement. (GT-3636, Issue #1589)
  • Decompiler. Fixed frequent ClassCast and IllegalArgument exceptions when performing Auto Create Structure or Auto Create Class actions in the Decompiler. (GP-119)
  • Decompiler. Fixed a bug in the Decompiler that caused different variables to be assigned the same name in rare instances. (GP-243, Issue #1995)
  • Decompiler. Fixed a bug in the Decompiler that caused PTRSUB off of non-pointer type exceptions. (GP-244, Issue #1826)
  • Decompiler. Fixed a bug in the Decompiler that caused load operations from volatile memory to be removed as dead code. (GP-245, Issue #393, #1832)
  • Decompiler. Fixed a bug causing the Decompiler to miss a stack alias if its offset was, itself, stored on the stack. (GP-246)
  • Decompiler. Fixed a bug causing the Decompiler to lose Equate references to constants passed to functions that were called indirectly. (GP-247)
  • Decompiler. Addressed various situations where the Decompiler unexpectedly removes active instructions as dead code after renaming or retyping a stack location. If the location was really an array element or structure field, renaming forced the Decompiler to treat the location as a distinct variable. Subsequently, the Decompiler thought that indirect references based before the location could not alias any following stack locations, which could then by considered dead. As of the 9.2 release, the Decompiler's renaming action no longer switches an annotation to forcing if it wasn't already. A retyping action, although it is forcing, won't trigger alias blocking for atomic data-types (this is configurable). (GP-248, Issue #524, #873)
  • Decompiler. Fixed decompiler memory issues reported by a community security researcher. (GP-267)
  • Decompiler. Fix for Decompiler error: Pcode: XML comms: Missing symref attribute in <high> tag. (GP-352, Issue #2360)
  • Decompiler. Fixed bug preventing the Decompiler from seeing Equates attached to compare instructions. (GP-369, Issue #2386)
  • Demangler. Fixed the GnuDemangler to parse the full namespace for operator symbols. (GT-3474, Issue #1441, #1448)
  • Demangler. Fixed numerous GNU Demangler parsing issues. Most notable is the added support for C++ Lambda functions. (GT-3545, Issue #1457, #1569)
  • Demangler. Updated the GNU Demangler to correctly parse and apply C++ strings using the unnamed type syntax. (GT-3645)
  • Demangler. Fixed duplicate namespace entry returned from getNamespaceString() on DemangledVariable. (GT-3646, Issue #1729)
  • Demangler. Fixed a GnuDemangler ClassCastException when parsing a typeinfo string containing operator text. (GP-160, Issue #1870, #2267)
  • Demangler. Added stdlib.h include to the GNU Demangler to fix a build issue on some systems. (GP-187, Issue #2294)
  • DWARF. Corrected DWARF relocation handling where the address image base adjustment was factored in twice. (GT-3330)
  • File Formats. Fixed a potential divide-by-zero exception in the EXT4 file system. (GT-3400, Issue #1342)
  • File Formats. Fixed date and time parsing of dates in cdrom iso9660 image files. (GT-3451, Issue #1403)
  • Graphing. Fixed a ClassCastException sometimes encountered when performing Select -> Scoped Flow -> Forward Scoped Flow. (GP-180)
  • GUI. Fixed inconsistent behavior with the interactive python interpreter's key bindings. (GT-3282)
  • GUI. Fixed Structure Editor bug that prevented the F2 Edit action from editing the correct table cell after using the arrow keys. (GT-3308, Issue #703)
  • GUI. Updated the Structure Editor so the Delete action is put into a background task to prevent the UI from locking. (GT-3352)
  • GUI. Fixed IndexOutOfBoundsException when invoking column filter on Key Bindings table. (GT-3445)
  • GUI. Fixed the analysis log dialog to not consume all available screen space. (GT-3610)
  • GUI. Fixed issue where Location column, when used in the column filters, resulted in extraneous dialogs popping up. (GT-3623)
  • GUI. Fixed Data Type Preview copy action so that newlines are preserved; updated table export to CSV to escape quotes and commas. (GT-3624)
  • GUI. Fixed tables in Ghidra to copy the text that is rendered. Some tables mistakenly copied the wrong value, such as the Functions Table's Function Signature Column. (GT-3629, Issue #1628)
  • GUI. Structure editor name now updates in title bar and tab when structure is renamed. (GP-19)
  • GUI. Fixed an issue where drag-and-drop import locks the Windows File Explorer source window until the import dialog is closed by the user. (GP-27)
  • GUI. Fixed an issue in GTreeModel where fireNodeChanged had no effect. This could result in stale node information and truncation of the text associated with a node in a GTree. (GP-30)
  • GUI. Fixed an issue where the file chooser directory list truncated filenames with ellipses on HiDPI Windows. (GP-31)
  • GUI. Fixed an uncaught exception when double-clicking on UndefinedFunction_ in Decompiler window. (GP-40)
  • GUI. Updated error handling to only show one dialog when a flurry of errors is encountered. (GP-65, Issue #2185)
  • GUI. Fixed an issue where Docking Windows are restored incorrectly if a snapshot is present. (GP-92)
  • GUI. Fixed a File Chooser bug causing a NullPointerException for some users. (GP-171, Issue #1706)
  • GUI. Fixed an issue that caused the script progress bar to appear intermittently. (GP-179, Issue #1819)
  • GUI. Fixed a bug that caused Call Tree nodes to go missing when showing more than one function with the same name. (GP-213, Issue #1682)
  • GUI:Project Window. Fixed Front End copy action to allow for the copy of program names so that users can paste those names into external applications. (GT-3403, Issue #1257)
  • Headless. Headless Ghidra now properly honors the -processor flag, even if the specified processor is not a valid opinion. (GT-3376, Issue #1311)
  • Importer. Corrected an NeLoader flags parsing error. (GT-3381, Issue #1312)
  • Importer. Fixed the File -> Add to Program... action to not show a memory conflict error when the user is creating an overlay. (GT-3491, Issue #1376)
  • Importer. Updated the XML Importer to apply repeatable comments. (GT-3492, Issue #1423)
  • Importer. Fixed issue in Batch Import where only one item of a selection was removed when attempting to remove a selection of items. (GP-138)
  • Importer. Corrected various issues with processing crushed PNG images. (GP-146, Issue #1854, #1874, #1875, #2252)
  • Importer. Fixed RuntimeException occurrence when trying to load NE programs with unknown resources. (GP-182, Issue #1596, #1713, #2012)
  • Importer. Fixed batch import to handle IllegalArgumentExceptions thrown by loaders. (GP-227, Issue #2328)
  • Importer:ELF. Corrected ELF relocation processing for ARM BE8 (mixed-endian). (GT-3527, Issue #1494)
  • Importer:ELF. Corrected ELF relocation processing for R_ARM_PC24 (Type: 1) that was causing improper flow in ARM disassembly. (GT-3654)
  • Importer:ELF. Corrected ELF import processing of DT_JMPREL relocations and markup of associated PLT entries. (GP-252, Issue #2334)
  • Importer:PE. Fixed an IndexOutOfBoundsException in the PeLoader that occurred when the size of a section extends past the end of the file. (GT-3433, Issue #1371)
  • Listing:Comments. Fixed bug in Comment field that prevented navigation when clicking on an address or symbol where tabs were present in the comment. (GT-3440)
  • Memory. Fixed bug where sometimes random bytes are inserted instead of 0x00 when expanding a memory block. (GT-3465)
  • Processors. Corrected the offset in SuperH instructions generated by sign-extending a 20-bit immediate value composed of two sub-fields. (GT-3251, Issue #1161)
  • Processors. Fixed AVR8 addition/subtraction flag macros. (GT-3276)
  • Processors. Corrected XGATE ROR instruction semantics. (GT-3278)
  • Processors. Corrected semantics for SuperH movi20 and movi20s instructions. (GT-3337, Issue #1264)
  • Processors. Corrected SuperH floating point instruction token definition. (GT-3340, Issue #1265)
  • Processors. Corrected SuperH movu.b and movu.w instruction semantics. (GT-3345, Issue #1271)
  • Processors. Corrected AVR8 lpm and elpm instruction semantics. (GT-3346, Issue #631)
  • Processors. Corrected pcode for the 6805 BSET instruction. (GT-3366, Issue #1307)
  • Processors. Corrected ARM constructors for instructions vnmla, vnmls, and vnmul. (GT-3368, Issue #1277)
  • Processors. Corrected bit-pattern for ARM vcvt instruction. (GT-3369, Issue #1278)
  • Processors. Corrected TriCore abs instructions. (GT-3379, Issue #1286)
  • Processors. Corrected x86 BT instruction semantics. (GT-3423, Issue #1370)
  • Processors. Fixed issue where CRC16C LOAD/STOR with abs20 were not mapped correctly. (GT-3529, Issue #1518)
  • Processors. Fixed M68000 MOVE USP,x and MOVE x,USP opcodes. (GT-3594, Issue #1593)
  • Processors. Fixed the ARM/Thumb TEQ instruction pcode to be an XOR. (GP-23, Issue #1802)
  • Processors. Emulation was broken by a regression in version 9.1.2. Emulation and Sleigh Pcodetests now work correctly. (GP-24, Issue #1579)
  • Processors. Fixed carry flag issue for 6502 CMP, CPX, and CPY instructions. (GP-34)
  • Processors. Corrected the SuperH high-order bit calculation for the rotr instruction. (GP-47)
  • Processors. Corrected ELF ARM relocation processing for type 3 (R_ARM_REL32) and added support for type 42 (R_ARM_PREL31). (GP-164, Issue #2261, #2276)
  • Scripting. Moved Jython cache directory out of tmp. (GP-36)
  • Scripting. Fixed a NoClassDefFoundError when compiling GhidraScript under JDK14. (GP-59, Issue #2152)
  • Scripting. Fixed issues with null result when searching for the script directory. (GP-103, Issue #2187)
  • Scripting. Fixed scripting issue where, if there were non-ASCII characters in the user path, Jython would not work. (GP-204, Issue #1890)
  • Sleigh. Corrected IndexOutOfBoundsException in SLEIGH when doing simple assignment in disassembly actions block. (GT-3382, Issue #745)
  • Symbol Tree. Fixed the Symbol Tree so that clicking an already-selected symbol node will still trigger a Listing navigation. (GT-3436, Issue #453)
  • Symbol Tree. Fixed the Symbol Tree to not continuously rebuild while performing Auto-analysis. (GT-3542)
  • Version Tracking. Fixed Version Tracking Create Manual Match action. (GT-3305, Issue #2215)
  • Version Tracking. Fixed a NullPointerException encountered when changing the Version Tracking options for the Listing Code Comparison when no data was loaded. (GT-3437, Issue #1143)
  • Version Tracking. Fixed Version Tracking exception triggered in the Exact Functions Instructions Match correlator encountered when the two functions being compared differed in their number of instructions. (GT-3438, Issue #1352)

Ghidra v9.1.2 (February 2020)

Bugs

  • Data Types. Improved PDB composite reconstruction to attempt pack(1) alignment if default alignment fails. (GT-3401)
  • Data Types. Added missing support for multi-user merge of unions and structures containing bitfields or a trailing flexible array member. (GT-3479)
  • Data Types. Corrected structure editor save button enablement issue when editing bitfields within an unaligned structure. (GT-3519, Issue #1297)
  • Disassembly. Corrected potential infinite loop with disassembler caused by branch to self with invalid delay slot instruction. (GT-3511, Issue #1486)
  • GUI. Corrected processor manual display for Microsoft Windows users, which was not displaying processor manual and was, instead, rendering a blank page in web browser. (GT-3444)
  • GUI:Bitfield Editor. Added field comment support to composite bitfield editor. (GT-3410)
  • Importer:MachO. A MachO loader regression, in Ghidra 9.1.1, when laying down symbols at the correct location, has been fixed. (GT-3487, Issue #1446)
  • Languages. Corrected mnemonic for ARM thumb RSB.w instruction. (GT-3420, Issue #1365)
  • Languages. Corrected issue in M68000 with some move instructions not creating correct array assignments. (GT-3429, Issue #1394)
  • Languages. Updated x86 processor manual index file with latest Intel and AMD manuals. (GT-3489, Issue #1078)
  • Multi-User:Ghidra Server. Corrected Ghidra Server remote interface errors that occur when running with Java 11.0.6 (and later) release, which would throw RemoteException "Method is not Remote" errors. (GT-3521, Issue #1440)
  • PDB. Corrected PDB XML generation for zero-length classes and structures and resolved various datatype dependency issues encountered during PDB Analysis. Changed line numbers from hex to decimal. (GT-3462, Issue #1410)

Ghidra v9.1.1 (December 2019)

Improvements

  • Importer:MachO. Improved import/load time of DYLD shared cache files. (GT-3261)
  • Program API. Cached the addresses that correspond to executable memory to improve analysis performance. (GT-3260)

Bugs

  • Analysis. Fixed a symbol name error that occurred in the Objective-C analyzer. (GT-3321, Issue #1200)
  • Analysis. Constant references are now computed correctly within functions in overlay spaces. (GT-3373)
  • Build. Corrected build of DMG.jar which was improperly built within Ghidra 9.1 release. (GT-3364)
  • Decompiler. Fixed bug causing Pcode: XML comms: Badly formed address errors when decompiling HCS12 XGATE code. (GT-3297)
  • Decompiler. Fixed Array DataType must be Fixed length exceptions related to function pointer data types. (GT-3309)
  • Decompiler. Fixed bug causing decompiler to drop statements, assigning string constants to global variables. (GT-3315)
  • Decompiler. Fixed issue with enum name strings causing Low-level Error: XML error: syntax error in the decompiler. (GT-3387, Issue #1329)
  • GUI. Fixed a potential ConcurrentModificationException in the interactive python interpreter. (GT-3280)
  • Importer:PE. Fixed an exception in the PeLoader that occurred when the size of the memory block for the headers is larger than the file size. (GT-3344, Issue #1266)
  • Languages. Corrected Sparc floating point instruction pcode implementation. (GT-3202)
  • Languages. Corrected the semantics of the PowerPC e_cmpi instruction. (GT-3228, Issue #1127)
  • Languages. Corrected bit generation for PowerPC instructions se_bclri, se_bgeni, se_bseti, and se_btsti. (GT-3232, Issue #967)
  • Languages. Corrected register definitions for x86 RDRAND instruction. (GT-3253, Issue #1169)
  • Languages. Corrected signed immediate calculation for some powerPC VLE offsets being incorrect. (GT-3254, Issue #1160)
  • Languages. Resolved issue with x86 escape opcodes preventing certain instruction patterns from decoding. (GT-3256)
  • Languages. Corrected bug in XGATE LDH instruction shifting out high bits. (GT-3268)
  • Languages. Corrected processing of R_MIPS_REL32, R_X86_64_RELATIVE, and R_X86_64_RELATIVE64 ELF relocations affecting relocatable binaries which have non-zero section/segment load addresses. (GT-3349)
  • Listing. Fixed missing scroll bar in listing. (GT-3290)
  • Listing. Fixed issue that was causing a stack trace to be generated when contiguous addresses were cleared for a range greater than Integer.MAX. (GT-3357)
  • Listing:References. Corrected Create Default Reference action bug which did not handle composite/array data components properly. (GT-3371)

Ghidra v9.1 (October 2019)

New Features

  • Data Types. Added bit-field support to Structure and Union editor. An additional Bit-field Editor was also added for explicit bit-field placement within unaligned structures. (GT-559)
  • Eclipse Integration. Added new GhidraSleighEditor Eclipse plugin in the installation directory under Extensions/Eclipse. (GT-113)
  • GUI. Added method for turning off table sorting by control-clicking the only sorted table column. (GT-2763, Issue #87)
  • GUI. Hovering on an address will now show where the byte at that address came from in the imported file. (GT-3016, Issue #154)
  • Importer:MachO. Added new importer/loader for DYLD-shared cache files. (GT-2343)
  • Languages. Implemented Intel MCS-96 processor module. (GT-2350)
  • Languages. Added SH1/2/2a sleigh processor specification. (GT-3029, Issue #715)
  • Languages. Added Tricore processor specification. (GT-3041, Issue #567)
  • Languages. Added HCS12X processor specification. (GT-3049)
  • Languages. Added HCS05 and HCS08 sleigh processor specifications. (GT-3050)
  • Languages. Added SH4 sleigh processor specification. (GT-3051, Issue #37)
  • Languages. Added MCS-48 processor specification. (GT-3058, Issue #638)
  • Memory. Added new API to preserve imported program's original bytes and how they map to memory blocks. (GT-2845)
  • Program API. Added Bit-field support for structures and unions. Warning: Version upgrade will be forced on all modified programs and data type archives that are open for update. (GT-557)
  • Sleigh. Added two new extension modules (SleighDevTools and GnuDisassembler) in support of processor module development. Added support for pcode junit tests which utilize emulation of cross-compiled C test code to verify sleigh pcode (i.e., instruction semantics). The SleighDevTools extension provides the pcode test C source and associated build scripts, as well as external disassembler support for aiding in the validation of disassembled instruction syntax. (GT-3067)

Improvements

  • Analysis. Added example script, ResolveX86orX64LinuxSyscallsScript.java, for decompiling Linux system calls in x86 and x64. Added syscall-related exercises to Advanced class. (GT-3113)
  • Basic Infrastructure. Made bash scripts more portable, allowing Ghidra to be launched on additional platforms. (GT-2742, Issue #347)
  • Build. Created a new Gradle task that automates some installation procedures defined in DevGuide.md. (GT-2897)
  • Build. The build now allows newer versions of Gradle to be used. (GT-3017, Issue #737)
  • Data Types. All DataType archives have been regenerated to support the new bit-field functionality. (GT-2878)
  • Data Types. CategoryPath now accepts forward slashes in its components. (GT-2961)
  • Data Types. Fixed Structure Editor bug that caused the Data Type field of a row to be edited after a successful name field edit. (GT-3109, Issue #703)
  • Decompiler. Most forms of unnecessary or redundant copy statements are now removed from the decompiler output. (GT-2839)
  • Decompiler. Added ability to double-click a Decompiler brace syntax token to navigate to the matching brace. (GT-2846)
  • Decompiler. Updated the Decompiler to navigate to the label of a goto statement when that label is double-clicked. (GT-2847)
  • Decompiler. Updated the Decompiler's Copy action to copy the symbol under the cursor when there is no selection. (GT-2914, Issue #411)
  • Decompiler. Fixed broken External Navigation: Navigate to External Program option found in Edit -> Tool Options.... (GT-2932)
  • Decompiler. The decompiler's logic for handling optimized division has been updated to recognize forms typically found in executables generated with more recent 64-bit compilers. (GT-2968, Issue #668)
  • Decompiler. Implemented call-fixup for x64 __chkstk function. (GT-3006, Issue #670, #671)
  • Decompiler. The decompiler simplifies many new sign-bit extraction forms used in optimized division and comparison expressions. (GT-3036)
  • Decompiler. Ghidra now supports protected mode addressing when analyzing 16-bit x86 programs. This is the default variant when analyzing NE format executables, but it can also be used for MZ (and other) formats. (GT-3090, Issue #98)
  • Decompiler. Added the Show References to Address and Find References to Symbol actions to the Decompiler. Added Find Uses of Field action to the Structure Editor. (GT-3115, Issue #474, #542, #543)
  • Decompiler. Updated the Decompiler's Edit Data Type action to work on more fields. (GT-3116, Issue #275, #511)
  • Decompiler. Renaming a single parameter within the decompiler window no longer prevents the data types of parameters from floating. Retyping a single parameter locks the data type for that parameter but no longer prevents the data types of other parameters from floating. (GT-3162)
  • Documentation. Fixed typos and other errors in GitHub-related documentation. (GT-2748, Issue #345, #361, #370, #375, #398)
  • Documentation. Added documentation to the DevGuide.md on how to run unit/integration tests. (GT-3046, Issue #815, #832)
  • DWARF. Corrected DWARF analysis to handle binaries that are imported at non-default locations. (GT-2963, Issue #637)
  • Emulator. Added improved emulation support at the API level including a simplified API exposed via the EmulatorHelper class. Sample GhidraScripts, which utilize this API, have been provided. (GT-3066)
  • Function Graph. Updated the Function Graph to show the current program selection when zoomed out. (GT-2735)
  • Function Graph. Added an option to the Function Graph to allow more complex edge routing that will go around non-incident vertices. See the Tool Options for more information and to enable this feature. (GT-3019, Issue #811)
  • Function Graph. Fixed Function Graph edge layout bugs that caused some edges to get clipped by vertices. (GT-3161)
  • GUI. Added listener to Script Table Chooser Dialog that will get notified when the dialog closes. (GT-2216)
  • GUI. Fixed global Tool auto-save option so that it persists between Ghidra sessions. (GT-2818, Issue #231)
  • GUI. Added the apple.laf.useScreenmenuBar option to hoist the menu bar out of the window on macOS. The option is off by default but can be activated in support/launch.properties. (GT-2859, Issue #562)
  • GUI. Updated the Repeat Text Search/Repeat Memory Search menu items to show the search dialog for long searches. (GT-2872, Issue #585)
  • GUI. Updated Structure Editor to allow user key bindings to work. (GT-2894, Issue #504)
  • GUI. Python interpreter key bindings for sending reset and interrupt commands are now configurable. (GT-2901, Issue #588)
  • GUI. Tweaked default graphic settings in support/launch.properties to support a wider range of displays out-of-the-box. (GT-2913, Issue #341)
  • GUI. Added the ability to assign key bindings to activate individual component providers. (GT-2925, Issue #539)
  • GUI. Fixed rendering issue in the Search Results table's Preview column. (GT-2942, Issue #550)
  • GUI. Updated the Function Signature Editor's Data Type Chooser dialog to allow for keyboard navigation. (GT-3110, Issue #636)
  • GUI. Fixed NullPointerException in the DB Viewer component. (GT-3163, Issue #1023)
  • Importer. Updated x86 16-bit processor binding for IDA. (GT-3004, Issue #771)
  • Importer:ELF. Improved ELF loader ability to cope with malformed headers including negative file offsets and missing section names. (GT-2933, Issue #35)
  • Importer:PE. PeLoader better accounts for section alignment when laying out memory blocks, allowing additional bytes from the file to be loaded into memory. (GT-2827, Issue #327, #418)
  • Importer:PE. Removed out-of-place call to demangler and laying down of types from PeLoader. This fix enables demangling and other analyzers to be applied correctly and in the proper order. (GT-2849)
  • Importer:PE. PeLoader now adds TLS callback functions as entry points. (GT-2898, Issue #102)
  • Languages. Added new Task Monitor service to better handle user experience when there are delays in building languages. (GT-2376)
  • Languages. Corrected ARM/Thumb instruction parsing for Thumb bl and add instructions. (GT-2744, Issue #362)
  • Languages. Added AVR8 manual index file. (GT-2828, Issue #346)
  • Languages. Improved support for ARM on Windows. (GT-2880)
  • Languages. M68000 LSL.W, ASL.B, LSL.B, and ASL.W instructions now correctly set the CF flag. (GT-2907, Issue #619)
  • Languages. Updated x86 manual index files. (GT-2943, Issue #366)
  • Languages. Improved macro label-related error reporting in slaspec files. (GT-2995, Issue #522)
  • Languages. Added MIPS special 0x1f patterns. (GT-3005, Issue #709)
  • Languages. Added proper updating of the X condition flag register for the M68000 processor lsl and lsr instructions. (GT-3137, Issue #983)
  • Languages. Implemented PowerPc VLE Interrupt Handler Efficiency Instructions. (GT-3143, Issue #935)
  • Languages. Ghidra now correctly models SPARC 64-bit stack bias. (GT-3201)
  • Languages. Updated AVR32 instruction manual index to latest version. (GT-712)
  • Listing. Updated Listing to support horizontal scrolling by holding the Shift key when using the mouse wheel. (GT-3105, Issue #451)
  • Listing:References. Created new overriding reference types, which improve and extend the ability to override calls, jumps, and callothers. (GT-2885)
  • Multi-User. Added a script to allow repository admins the ability to terminate multiple file checkouts belonging to an individual user on a shared project. (GT-2893)
  • Multi-User:Ghidra Server. Added additional Ghidra Server authentication modes including: Active Directory via Kerberos and JAAS. The JAAS framework can facilitate use of LDAP, PAM, and other JAAS-supported extensions which utilize a login name and password. (GT-2658)
  • Multi-User:Ghidra Server. Changed Ghidra Server repositories storage to ignore file/folder names which start with a period. This will impose a restriction on naming of Ghidra projects where they can no longer start with a period. (GT-3218)
  • PDB. Now using HTTPS for Microsoft symbol server URL. (GT-2819, Issue #369)
  • PDB. PDB processing can now store data types that contain forward slashes under a CategoryPath. (GT-2974, Issue #94, #182)
  • PDB. PDB Analyzer no longer automatically includes the PDB path specified in the program's PE header when searching for the PDB. However, the filename in this path is considered during the search. The analyzer's Unsafe: Include PE PDB Path in PDB Search option allows the user to revert to the original PDB search algorithm. (GT-3076, Issue #277)
  • Program API. Added SHA256 hash to Program metadata and API. (GT-2753, Issue #331)
  • Scripting. Updated Script Table Chooser Dialog: to fix bug with tracking work items, to add new API methods for item removal and dialog closed notification, and to prevent the same item from being worked on more than once. (GT-2724, Issue #307)
  • Scripting. Fixed MultiInstructionMemReference Ghidra script to place the reference correctly on instructions with a delay slot. (GT-2906)
  • Sleigh. The sleigh compiler now reports line numbers for the -n NOP command line option. (GT-2905, Issue #561)
  • Sleigh. SLEIGH compiler now warns when building an operand in a constructor may unintentionally overwrite another operand. (GT-3085)
  • Testing:Junits. test.gradle getLogFileUrl() no longer searches user .dir for log4j properties file. (GT-2834, Issue #499)
  • Testing:Junits. Added new Gradle task to run integration tests and generate an HTML report. (GT-3060, Issue #870)
  • Tool. Fixed bug that caused an exported tool to exclude plugin configuration settings. (GT-3193, Issue #1065)

Bugs

  • Analysis. Fixed an exception in the EmbeddedMediaAnalyzer that occurred when media was discovered at the very end of the address space. (GT-2890)
  • Analysis. Recognition and disassembly of the FMA, F16C, and several missing AVX instructions have been added to the base x86 processor specification. The pcode for these instructions is pseudo-op and not a full pcode implementation. (GT-3168)
  • Basic Infrastructure. Updated the apache-commons-lang3 library to version 3.9 which supports Java 11. (GT-2879)
  • Basic Infrastructure. Prevented Ghidra from launching with 32-bit Java installations. (GT-3146, Issue #882)
  • Data Types. Corrected string data default label generation when defined within uninitialized memory, which will now render as STRING_address. (GT-2715, Issue #272)
  • Data Types. Improved ASCII string data handling for processors with a char size greater than one (1). (GT-2842)
  • Data Types. Changed BooleanDataType to extend AbstractIntegerDataType including support as a bit-field. (GT-3170)
  • DbViewer. Corrected concurrent modification issue within DbViewer resulting in NullPointerException. (GT-3192, Issue #1076)
  • Decompiler. Fixed aliasing issue where the decompiler would sometimes drop initialization or other code writing to the stack. (GT-2369)
  • Decompiler. Fixed bug causing the decompiler to incorrectly omit the display of infinite loops when they contained switch statements. (GT-2852, Issue #443)
  • Decompiler. Integer extension casts are no longer printed in the decompiler if the extension is implied. (GT-2857)
  • Decompiler. Improved handling of overlay spaces. In particular, the decompiler is now able to handle references into overlays defined on the OTHER space. Added SLEIGH version numbers. (GT-2873)
  • Decompiler. Updated the Decompiler to place the cursor on the function signature when a function is decompiled. (GT-2882)
  • Decompiler. Fixed a common source of Data type does not fit errors when using the Retype actions in the decompiler. (GT-2956)
  • Decompiler. Fixed equals() method in Varnode AST. (GT-2959, Issue #677)
  • Decompiler. Users can no longer rename undefined functions from the decompiler. (GT-3043, Issue #753)
  • Decompiler. Fixed a bug that did not allow the prototype for a specific CALL to an external function to be overridden in the decompiler. (GT-3145)
  • Decompiler. Restricted Auto Fill in Structure command to operate only on pointer variables. (GT-3182)
  • Decompiler. Fixed bug in the analysis of stack variables for SPARC, which caused extraneous local variables and missed stack parameters in the decompiler. (GT-3200)
  • Decompiler. Fixed one source of Type propagation algorithm not settling warnings in the decompiler. (GT-3213, Issue #839)
  • Decompiler:Java. Updated Decompiler's hovers to show preview for data types on variables and return types. (GT-2629)
  • Decompiler:Java. Fixed error involving decompilation of certain invokedynamic instructions in JVM class files. Made numerous minor improvements to decompilation of JVM bytecode. (GT-2757, Issue #287)
  • Demangler. Fixed a NullPointerException in DemangledFunctionPointer. (GT-2948, Issue #609)
  • DWARF. Empty DWARF compilation unit sections will now be ignored. (GT-2939, Issue #690)
  • Exporter. Negative memory references in idaxml.py no longer cause errors. (GT-2696, Issue #213, #885)
  • Exporter. Fixed Intel Hex Exporter to not ignore the Address Space option value. (GT-2749)
  • Exporter. Fixed cancellation behavior of the C/C++ exporter. (GT-2881, Issue #591)
  • File Formats. Fixed an out-of-memory error in the CPIO file system. (GT-2912)
  • File Formats. DmgClientFileSystem no longer falsely matches zlib compressed files. (GT-2926, Issue #583)
  • File System Browser. Fixed NullPointerException when clicking Get Info on a directory in a zip file in the file system browser when the element was a directory that did not have a corresponding entry in the zip file. Changed the Get Info action to show information about both the highlighted file and any file system mounted from that file. (GT-2758)
  • File System Browser. Fixed dialog stacking problem in File System Browser when double-clicking a container file to open the filesystem inside it. (GT-2764)
  • File System Browser. Reduced the disk usage of the DYLD-shared cache file system. (GT-2887)
  • Function Graph. Fixed exception encountered when a Function Graph's entry node was put into a group node. (GT-3074)
  • Function Graph. Fixed Function Graph edge routing bug that sometimes caused edge flowing upward to route unexpectedly. (GT-3153, Issue #994)
  • GUI. Fixed stack trace when deleting large memory block that is in its own address space. (GT-2699)
  • GUI. Changed Data Type Preview to allow adding string data types. (GT-2832)
  • GUI. Fixed display of operand scalar values in tooltip popup of Decompiler and Listing windows. (GT-2836, Issue #120)
  • GUI. Fixed bug in Data Type Preview that caused a rendering error in Structures as primitive types were deleted. (GT-2844)
  • GUI. Fixed Symbol Tree ClassCastException that happened when clicking a node while the tree was still loading. (GT-2870, Issue #96)
  • GUI. Fixed bug that prevented the XRef's Ref Type column from sorting correctly. (GT-2892)
  • GUI. Fixed Listing bug so that the cursor gets restored to the previous location on Ghidra startup. (GT-2927, Issue #505)
  • GUI. Updated Edit Function Signature dialog to have focus in the signature field when first opened. Also added undo/redo support. (GT-2947, Issue #635)
  • GUI. Fixed exception in the References Editor encountered when closing the editor with an active edit in the table. (GT-2951)
  • GUI. Fixed bug where the Ghidra menu mnemonic was not being set by the ampersand ('&') character in the last field of the menu path. (GT-2954)
  • GUI. Updated the Component Provider's Close button to allow for key bindings. (GT-2971, Issue #533)
  • GUI. Fixed tool navigation button enablement when using snapshot windows. (GT-2973)
  • GUI. Corrected Function Editor issue where parsed signature text resulted in incorrect type sizes which impacted custom storage selection. Also added support for parsing signatures which reference types from an open datatype archive. (GT-3059)
  • GUI. Updated resizing in Select Bytes dialog. (GT-3072)
  • GUI. Fixed bug where listing would jump to random location when opening or closing a large structure or array. (GT-3088)
  • GUI. Fixed bug that caused some tables (e.g., the Symbol Table) to sort twice during their initial loading of data. (GT-3142)
  • GUI. Drag-and-Drop bug causing incorrect drop highlighting has been fixed. (GT-3219, Issue #1093)
  • Help. Fixed NullPointerException when navigating the Help UI. (GT-2830, Issue #493)
  • Importer. Fixed issues in the MapLoader that prevented .map files from being added to an existing program. (GT-2972, Issue #762)
  • Importer. For batch import, fixed issue where last character of directory name was truncated on Windows workstations. (GT-3012, Issue #797)
  • Importer. Fixed a bug in how the NE importer creates External Function symbols for the procedures it imports, allowing the decompiler to properly access any available information. (GT-3140, Issue #770)
  • Importer. Fixed a bug that prevented some old-style Windows executables from getting loaded by the MzLoader. (GT-3180, Issue #1054)
  • Importer:ELF. Added ELF relocation handler for R_AARCH64_JUMP26. (GT-2999, Issue #775)
  • Importer:ELF. Improved ELF MIPS support for GP-relative relocations encountered in PIC compiled binaries. Also added support for R_MIPS_RPREL32 relocation. (GT-3026, Issue #764)
  • Importer:ELF. ELF x86-64 relocations R_X86_64_GOT32, R_X86_64_PLT32, R_X86_64_SIZE32, R_X86_64_SIZE64, and R_X86_64_GOTPC32 have been fixed to relocate correctly. Additional ELF x86-64 relocations, found mostly in unlinked .o files, have been added. (GT-3089, Issue #910)
  • Importer:PE. Fixed a problem in the PeLoader that would result in section names being incorrectly used as primary symbols. This could result in function names being wrong. (GT-3195, Issue #761, #1051)
  • Languages. Utilized FLOAT_NEG pcodeop to simplify PowerPC fneg instructions. (GT-2781, Issue #387)
  • Languages. Added 6502 I status bit save and restore. (GT-2826, Issue #469)
  • Languages. Corrected alternate register definitions in z80 processor. (GT-2876, Issue #520)
  • Languages. Reviewed all processor modules for GhidraSleighEditor syntax errors. (GT-2902)
  • Languages. Added support for RD, WR, FS, and GSBASE instructions in x86. (GT-2940, Issue #554, #555)
  • Languages. Added fixes for sign extension of ADD, AND, CMP, and SUB instructions on x86-64bit. (GT-2955, Issue #881)
  • Languages. Updated PIC-30 division pcode to correct decompilation issue. (GT-3008)
  • Languages. Fixed x86 AAM instruction. (GT-3015)
  • Languages. Corrected x86 decode of MOVBE instruction. (GT-3039, Issue #822)
  • Languages. Corrected M68000 mov3q instruction decode and semantics. (GT-3080, Issue #905)
  • Languages. The JVM instruction I2D now correctly pushes an 8-byte double on the stack. (GT-3081)
  • Languages. Fixed problem displaying processor manuals in Windows Firefox. (GT-3084)
  • Languages. Encoding of MOV into debug registers has been relaxed. (GT-3117)
  • Languages. Corrected behavior of PowerPC vectorPermute pcodeop for emulation. (GT-3148)
  • Languages. Corrected MIPS relocation computation for R_MIPS_26, R_MIPS16_26, and R_MICROMIPS_26_S1. (GT-3154, Issue #1001)
  • Languages. Corrected the bit patterns for PowerPC VLE rlwimi and rlwinm instructions. (GT-3159, Issue #752)
  • Languages. Corrected instruction semantics for AARCH64 BLR instruction. (GT-3191)
  • Languages. Corrected fall-through override semantics for cases where pcode simply drops into the next address. (GT-3196, Issue #1083)
  • Languages. Corrected the semantics of the PowerPC se_bmaski instruction. (GT-3230, Issue #1123)
  • Listing. Fixed potential infinite loop when editing long comments. (GT-2824, Issue #437)
  • Listing. Fixed potential ClassCastException in Listing comments. (GT-3023)
  • Listing. Cursor in the listing now stays in the proper column after editing a field. (GT-3045, Issue #702)
  • Listing. Fixed a problem with register highlighting that could occur on certain register/sub-register combinations. (GT-3071, Issue #810)
  • Multi-User. Corrected terminate checkout from viewed checkout list which was always terminating first row range based upon number of selected rows and not the actual selected rows. (GT-2903)
  • Multi-user. Corrected ability for user to cancel checkin/checkout to Ghidra Server. (GT-3208)
  • Multi-User:Ghidra Server. Added proper Ghidra Server interface binding with new -i option. Corrected -ip option to strictly convey remote access hostname to clients. The updated server will only accept connections from Ghidra 9.1 and later clients due to the registry port now employing TLS. (GT-2685, Issue #101, #645)
  • Multi-User:Ghidra Server. Fixed argument-passing bug in svrAdmin script. (GT-3082, Issue #907)
  • Multi-User:Merge. Corrected merge problem affecting modified Function Definition datatypes which could result in a NullPointerException. (GT-2922)
  • PDB. Added char16_t and char32_t to PDB BASIC_TYPE_STRINGS. (GT-2952, Issue #685)
  • PDB. Addressed memory leaks and string handling issues in pdb.exe. (GT-2975, Issue #674, #597, #598, #599, #600)
  • PDB. Can now recover stack variables from more recent Visual Studio version PDBs. (GT-3014)
  • PDB. Fixed PDB validation logic, which caused a more severe error message to be created, masking the real issue. (GT-3209, Issue #198, #1024)
  • Program API. Corrected parameter storage which failed to properly refresh after undo/redo. (GT-3130, Issue #960)
  • Program API. Corrected function parameter ordinal numbering when more than one auto-parameter is present. (GT-3214)
  • Project Manager. Fixed a problem with creating Ghidra projects in Windows root directories (e.g., Z:\). (GT-2585)
  • Project Manager. Fixed a path traversal vulnerability that could occur when restoring a malicious project archive. (GT-3001, Issue #789)
  • Scripting. GhidraScript.askDomainFile() now correctly throws a CancelledException when the cancel button is clicked. (GT-2841)
  • Scripting. Removed deprecated scripting methods older than 5 releases. (GT-2949)
  • Security. Removed use of insecure XMLEncoder/XMLDecoder from Ghidra code base. (GT-3198, Issue #1090)
  • Sleigh. Corrected Sleigh compiler bug which performed improper bounds checking for named register offset specification when space wordsize is not one (1). (GT-3034, Issue #831)
  • Testing:CUnits. Fixed error logging in pcodetest for reporting an error when running a compile command. (GT-3199, Issue #1089)
  • Version Tracking. Fixed NullPointerException in Version Tracking hashing algorithm. (GT-2976)

Ghidra v9.0.4 (May 2019)

New Feature

  • GUI. Function tags are now viewable by function.

Improvements

  • Decompiler. Improved modeling of CFG on Windows 10. (Issue #340)
  • Patcher. Renamed patch directory to /Ghidra/patch and added README.txt that explains how the patch directory is used.
  • Search. Updated the Decompiler Data Type Finder to find references to inside of nested array access in a line of Decompiler C output. (Issue #416)
  • Sleigh. Improved error reporting for SLEIGH compiler. (Issue #364)

Bugs

  • Analysis. Code that checks for thunks no longer throws an exception if the PC is not set for the processor.
  • Analysis. Made a fix to enable Apply button when changing tool options. (Issue #40)
  • Data Types. Fixed concurrent modification exception when replacing one datatype for another that results in some other datatype being renamed.
  • Decompiler. Fixed dynamic variables and equates in 16-bit x86 programs. (Issue #336)
  • Decompiler:Java. Fixed DEX decompilation regression issue. (Issue #350)
  • Eclipse Integration. Fixed exception in Eclipse GhidraDev plugin that occurred when performing certain actions on a Ghidra project that was imported from a previously exported Archive File. (Issues #283, #383)
  • GUI. Improved documentation on how to deal with HiDPI monitor issues in Linux. In the <ghidra_installation>/support/launch.properties file, change VMARGS=-Dsun.java2d.xrender from false to true.
  • GUI. Restored the default 'p' key binding for creating pointers within the listing display.
  • Importer. Fixed an exception that occurred when batch importing APK files. (Issue #426)
  • Languages. The 6502 Zero page indexed addressing has been corrected to only access the Zero page. (Issue #201)
  • Languages. The 68000 BCD arithmetic instructions now have pcode semantics that allow disassembly to continue. (Issue #227)
  • Multi-User:Ghidra Server. Restored ability to execute svrAdmin script in development mode.
  • Multi-User:Ghidra Server. Corrected severe script error in svrAdmin.bat introduced with 9.0.3 build.
  • GUI. Restored the default 'p' key binding for creating pointers within the listing display.
  • Search. Fixed NullPointerException in Decompiler Data Type Reference Finder. (Issue #407)

Ghidra v9.0.2 (April 2019)

Bugs

  • Analysis. Constant reference analysis boundary controls for speculative references has been fixed. Speculative references are references created from computed constants passed as parameters, stored to a location, or from indexed offsets from a register. (Issue #228)
  • Decompiler. Fixed rendering bug in the Decompiler when the "Find" dialog is closed. (Issue #282)
  • Decompiler. Fixed decompiler handling of Function Definition data types. (Issue #247)
  • Decompiler. Fixed "Free Varnode" exception in RuleConditionalMove. (Issue #294)
  • Diff. Fixed exceptions that can occur in the Diff View for programs with overlays.
  • Documentation. Corrected the spelling of "listener" throughout the source code. (Issue #235)
  • Exporter. Exporting a selection as Intel Hex will now allow a selection of any length. Previously this was restricted to multiples of 16 bytes. (Issue #260)
  • GUI. Fixed exception that occurs after disabling MyProgramChangesDisplayPlugin.
  • GUI. Updated the "Open Program" dialog to disallow file drop operations. (Issue #252)
  • Languages. The ARM Thumb CMP.W and LSL isntructions have been changed to correctly decode. There are still issues to work out with Unpredictable execution when Rd is the PC. (Issue #280)
  • Multi-User:Ghidra Server. Corrected bug introduced into ghidraSvr.bat which could prevent Ghidra Server startup (Issue #279)
  • Scripting. MultiInstructionMemReference script has been corrected to consider input and output registers when placing a reference on an instruction.

Security

  • Basic Infrastructure. Added a property to support/launch.properties to prevent log4j from using jansi.dll on Windows. (Issue #286)

Ghidra v9.0.1 (March 2019)

New Features

  • Scripting. Created a script to show all equates within the current selection. (Issue #111)

Improvements

  • Basic Infrastructure. Updated commons-compress library to version 1.18. (Issue #171)
  • Eclipse Integration. Ghidra now connects to the Eclipse GhidraDev plugin on 127.0.0.1 rather than localhost.
  • GUI. Turned on font anti-aliasing by default for Linux. (Issue #212)
  • GUI. Fixed Options Dialog slow scrolling speed. (Issue #27)
  • Importer:ELF. Corrected bug in ELF loader which can improperly process the GOT, PLT and relocations when multiple symbol tables exist within the ELF binary. (Issue #52)
  • Languages. Added ARM/Thumb SRS instruction decodes for undefined modes. (Issue #216)
  • Multi-User:Ghidra Server. Corrected the Ghidra Server service wrapper (YAJSW) configuration for Mac OS X to prevent a startup timeout condition which could occur.

Bugs

  • API. Fixed equals method on Varnode class. (Issue #97)
  • API. Fixed a bug in MaskImpl.complementMask(). (Issue #187)
  • Basic Infrastructure. Fixed special character handling in idaxml.py. (Issue #75)
  • Basic Infrastructure. Ghidra now forces the locale to en_US by default. Only the en_US is currently supported. This fixes certain unexpected exceptions. (Issue #209)
  • Diff. Fixed exceptions occasionally encountered when starting a Diff session. (Issue #211)
  • Documentation. Fixed javadoc search box redirecting to broken links. (Issue #129)
  • Function Graph. Fixed Function Graph exception when generating tooltip. (Issue #65)
  • GUI. Updated window placement to keep windows on screen. (Issue #41)
  • GUI. Add/Edit References dialog now restricts users to creating refs in valid memory address spaces.
  • GUI. Fixed exception when exiting Ghidra while a table is being edited. (Issue #51)
  • GUI. Fixed some touchpad scrolling issues. (Issue #2)
  • GUI. Fixed stack trace in the Data Type Manager's tooltip generation. (Issue #133)
  • GUI. User key binding settings for the Recently Used and Define Pointer actions no longer lost after re-launching tool. (Issue #152)
  • GUI. Toolbar buttons now respond to fast clicking.
  • Importer:MachO. The MachOLoader can now find import libraries found in Universal Binary files. (Issue #136)
  • Importer:PE. The PeLoader now correctly parses the GuardCFFunctionTable when entries are more than 4 bytes each. (Issue #220)
  • Languages. Added missing PowerPC VLE conditional branch instructions: e_bdnz and e_bdz. (Issue #103)
  • Languages. Fixed instruction semantics for several instructions and added Control Flow Enforcement, NOP variants, CMP variants, UD1, and prefixed call instructions to X86 processor specification. (Issues #22, #53, #158, #157)
  • Languages. The 68000 MOVE instruction now correctly sets the CF and VF flags. (Issue #163)
  • Languages. Added four missing MOVEM instruction variants to the 68000 processor. (Issue #219)
  • Languages. An incorrect usage of X instead of Y in indexed mode for the 6502 has been corrected.(Issue #201)
  • Languages. Added support for ARM Thumb half BL instruction on processor variants prior to v6. (Issue #39)
  • Multi-User:Ghidra Server. Removed support for native OS authentication from Ghidra Server (removed modes -a2 and -a3) due to incompatibility with newer OS releases including Windows 10 and Windows Server 2016. Re-introduction of this will be considered for a future release.
  • PDB. Corrected NPE error when processing PDB files. (Issues #138, #188)
  • Scripting. Fixed a bug in ImportSymbolsScript.py that prevented it from running. (Issue #170)

Security

  • Basic Infrastructure. Running Ghidra in debug mode no longer opens remotely accessible ports by default. (Issue #6)
  • GUI. The Defined Strings plugin no longer renders HTML in its table. (Issue #45)
  • Project Manager. Fixed an XXE vulnerability affecting projects and many other saved components. (Issue #71)

Ghidra v9.0

Initial Release