最强反编译工具 ida pro 7.0 x86 arm x64 f5 for mac版全插件原始安装文件泄露版

最强反编译工具 ida pro 7.0 x86 arm x64 f5 for mac版全插件原始安装文件泄露版 + sdk_utils
完整安装包+7.0最新sdk工具包+破解补丁
国内某团购群泄露的的版本
x86 arm x64 f5插件为最新版本 正版价值人民币3-5万
IDA_Pro_v7.0_and_Hex-Rays_Decompiler_(ARMx64,ARM,x64,x86) for mac all

• 简单说一下, 关于keypatch已全面支持 ida 7.0(x86, x64) 
  https://github.com/keystone-engine/keypatch 做了一点适配 
  安装步骤, 可以参见 
  http://blog.csdn.net/fjh658/article/details/52268907 (题外话)
• 自身二进制架构变化 (同时发布x86, x64; 在OS中, 可同时安装)
  
  
  • x64 主打新变化 (跟着OS趋势走(64位), 所有之前的32位插件, 都要重新 适配, 编译)
  • x86 延续了6.95的功能做了部分增强, 修复bug. (过渡兼容阶段)
    
• 大量的c/c++ API做了重构
  
  • 参见 
    https://www.hex-rays.com/products/ida/7.0/docs/api70_porting_guide.shtml
    
• 对应的idapython API也跟着变化
  
  • 为了兼容性6.95, 参见 
    https://www.hex-rays.com/products/ida/7.0/docs/idapython_backward_compat_695.shtml
    
• 全面支持国际化(主打UTF-8)
  
  • 字符串自动分析 
    https://www.hex-rays.com/products/ida/7.0/docs/strlits.shtml
    
  
  

IDA: What's new in 7.0HighlightsWelcome to IDA 7.0!

• The biggest news is that IDA is a native 64-bit application! First of all it means that now it can eat all memory of your computer and thrash it :) But jokes aside, switching to 64-bit aligns IDA with other modern software and makes it more compatible with the rest of the world. For example, IDAPython integration will be easier and more streamlined because many operating systems nowadays come with the 64-bit Python preinstalled (32-bit Python won't work anymore).
• Second, we took this change as an opportunity (since old 32-bit plugins won't work with 64-bit IDA anyway) to clean up the IDA API, make it more consistent and less confusing. If we failed or succeeded is to be seen, but we ourselves like the new API much more. The fundamental concepts remain the same and IDA did not lose any bit of its functionality during the cleanup. We minutely tested all changes and ensured that all our tests continue to pass as before or better. We also tried to make our 3 APIs: C++, Python, and IDC, to be closer to each other. Function names and their functionality are the same in most cases, but we tried to stay pythonic in Python and C++-ish in the C++ interface. Since the changes are huge and it is easy to lose your way, we prepared a Porting guide from the IDA 4.9-6.x API to the IDA 7.0 API which explains what has changed and how. We hope that it will greatly help you when porting your plugins to the new 7.0 API.
• For Python and IDC we implemented a compatibility layer that will help you with your scripts. Most of them should run fine on 7.0 with very minor or no changes. We plan to turn off the compatibility layer in the next release, so please dedicate some of your time to port your scripts to run without it. See the IDA 7.0: IDAPython backward-compatibility with 6.95 APIs page for more info.
• To make the transition even smoother, we are also publishing a 32-bit version of IDA. It can (and should) be only used to run old 32-bit plugins while you are porting them to 64-bit. The 32-bit version of IDA can read v7 databases but it lacks some very nice new features. Let us introduce them now.
• Now IDA is a truly international application that can speak all languages of the world because it uses UTF-8 everywhere. All scripts and plugins can use it. You can use UTF-8 in the disassembly listing, including comments or even the function names. This is not what we advise, therefore odd characters in names require some fine tuning. See the IDA 7.0: Automatic discovery of string literals during auto-analysis page for all the gory details.
  By the way, the existing databases will have to be upgraded to benefit from the UTF-8 encoding. We tried to make the upgrade process as simple as before but there is a catch: since old databases could use any encoding, IDA has to guess the old encoding on the fly. To learn how to help IDA with this error prone task, see the IDA 7.0: Internationalization page.
  
• IDA now parses and annotates exception handling information and RTTI. We plan to improve the decompiler and IDA to take advantage of this information in the future.
  
• We greatly improved Objective C support both in IDA and the Decompiler. Now the metadata can be parsed on demand, not only at the loading time. The decompiler produces much nicer output:
  
• We improved the OSX and iOS debuggers to handle OSX 10.13 and iOS 11. There are many changes under the hood but your experience should be the same as before or even better.
  
  

Complete changelist

• Processor Modules
  
  • ARM: added one more pattern of thumb->arm transition
  • ARM: arm64: use simplified aliases for UBFM/SBFM instructions when applicable
  • ARM: handle vfp instructions: VMOV immediate, VCVTB, VCVTT, VCVT with a fixed point operand
  • ARM: reduced complexity of the SP-analysis from quadratic to linear;
  • ARM: added a fix for Thumb switches with full addresses
  • ARM: added support of the new clang's switch pattern for arm64
  • ARM: extended LDRB switch pattern
  • ARM64: take into account instruction STP can load callee arguments into stack - add corresponding comments to such instructions
  • MIPS: recover more cross-references from stripped statically-linked PIC ELF files
  • MSP430: added simplification "movx @SP+, dst" -> "popx dst"
  • PC: added decoding of Control-flow Enforcement extension
  • PC: added decoding of newer AVX-512 extensions (4FMAPS, 4VNNIW, and VPOPCNTDQ)
  • PC: added new switch pattern
  • PC: decode PTWRITE instruction
  • PC: decode VMFUNC instruction
  • PC: detect more switch patterns from clang
  • PC: improved epilog detection
  • PC: improved prolog detection
  • PC: improved stack frame analysis in x64 files
  • PC: support another variation of x64 table-based switch with switch variable stored on the stack
  • PPC: added missed extended mnemonics 'rotld'
  • PPC: added new config flag PPC_ABI_EMBEDDED/ISA_EABI;
  • PPC: added support of PowerPC64 ELF V2 ABI
  • PPC: improved switch patterns;
  • PPC: r13-based operands are printed using simplified @sda suffix
  • SuperH: improved detection of functions when addresses are calculated with movi20s + add/sub
  • SuperH: added register definitions for SH7256
  • TMS320C3: improved stack tracing
  • tricore: added TRICORE_DEVICE and TRICODE_IORESP config parameters so that they can be set from scripts
    
• File Formats
  
  • DWARF: Store file/line number information in IDB (only if requested, since it comes with a performance penalty)
  • ELF: added processing of many previously unsupported PPC64 relocations
  • ELF: annotate headers (ELF, PHT, SHT) and convert more known data to structs (symtab, strtab, relocations, dynamic information)
  • ELF: annotate preinit/init/fini function arrays
  • ELF: convert all strtab entries to ascii strings (even the ones that are not referenced)
  • ELF: describe DT_HASH and DT_GNU_HASH
  • ELF: describe symbols using symtab from DYNAMIC section
  • ELF: detect overlapping sections in SHT and prevent them from processing data (but still load them in the database)
  • ELF: don't obliterate data when patching PLT
  • ELF: don't skip processing relocations if symbol index is 0 (happens with IRELATIVE relocs)
  • ELF: IDA now uses the PHT by default instead of the SHT to load segments from ELF files
  • ELF: improved support for TLS variables in relocatable files
  • ELF: load symbols using symtab from DYNAMIC section when .dynamic section yields no symbols
  • ELF: PLT relocations for pc are now processed at relocation-application-time, instead of relying on the presence of a .plt section
  • ELF: ppc: added new ida.cfg variable PPC_FIX_GNU_VLEADRELOC_BUG to work around binutils bug 20744
  • ELF: process .ctors/.dtors sections for all architectures
  • ELF: recognize PLT stub functions from R_386_GLOB_DAT relocations
  • MACHO: support dyld_shared_cache files from OSX 10.13 and iOS 11
  • MACHO: support dyld cache slide info v2. This should improve analysis for dyld_shared_cache files from iOS 10 and OSX 10.12
  • MACHO: improved analysis of single modules within dyld_shared_cache files that have slide info
  • MACHO: added an option to load for single module plus its dependencies for dyld cache
  • MACHO: fixed incorrect resolution of Mach-O import table entries in files using both LC_DYLD_INFO_ONLY and LC_SYMTAB
  • MACHO: improved speed of objc metadata parsing
  • MACHO: support for apple-protected binaries from OSX versions < 10.6
  • MACHO: support x64 macOS kernelcaches with ketxs relocated at runtime
  • MACHO: added processing of the ARM64_RELOC_ADDEND relocation;
  • MACHO: allow the user to override the ASLR slide for dyld_shared_cache files
  • OBJC: added Objective-C Analysis Plugin; the plugin tries to create an xref between calls to objc_msgSend and the function that will ultimately be called by msgSend
  • OBJC: perform Objective-C specific analysis on the decompiler output
  • OBJC: implemented a "step into" action for Objective-C (Debugger>Run until message received)
  • OBJC: allow user to jump to a method definition given a selector string (Jump>Jump by selector)
  • OBJC/MACHO: IDA can now extract Objective-C type info via 'Load debug info' in the Modules view during debugging
  • OBJC: now objc metadata can be parsed on demand, not just at load time
  • OBJC: implement demangling of objective-C methods in Swift classes
  • TDS: added support for executable with debug info appended to the end of the file
  • PDB: added an explicit check for odd paths (e.g. UNC) of pdb files; if such a path is detected, we display one more warning to the user
    
• Debugger
  
  • debugger: iOS: support debugging on iOS 11
  • debugger: iOS: support source-level debugging in Remote iOS Debugger
  • debugger: iOS: support Appcalls in Remote iOS Debugger
  • debugger: iOS: added support for ARM(64) FPU/NEON registers
  • debugger: iOS: identify regions of process memory in greater detail
  • debugger: iOS: always allow the user to specify a pid when attaching to a process
  • debugger: OSX: support debugging on OSX 10.13
  • debugger: OSX: improved support for debugging system libs from /usr/lib and /System/Library/Frameworks (any libs included in the dyld_shared_cache)
  • debugger: OSX: identify regions of process memory in greater detail
  • debugger: remote mac debuggers are signed and don't have to be run as root
  • debugger: BOCHS: added support for Bochs 2.6.9
  • debugger: LINUX: added environment variable IDA_SKIP_SYMS to ignore the exported names from the main module
  • debugger: LINUX: try to load separate debug info file for libpthread.so, if environment variable DEBUG_FILE_DIRECTORY is set
  • debugger: GDB: added software breakpoint for powerpc
  • debugger: GDB: added support for banked ARM register layouts
  • debugger: GDB: added support for no-acknowledgment mode (QStartNoAckMode) for reliable connections (set by default; unset by changing the stub options)
  • debugger: GDB: added support for uploading files to the server
  • debugger: GDB: enable "run a program before starting debugging" option and "Choose a configuration" for all processors including x86/x64
  • debugger: GDB: fetch processes list from gdbserver if supported
  • debugger: GDB: fetch target description from gdb stub as early as possible (mimic GDB behavior)
  • debugger: GDB: show the full path to be run if the user enabled "Run external program before debugging" before actually executing it
  • debugger: PIN: added support for appcall
  • debugger: debug servers can now be launched with '-kk' to specify that in case the connection between IDA & them is broken, the process should be terminated immediately
  • ios_deploy: added "codesign" and "appify" phases
  • ios_deploy: added "usbproxy" phase
  • ios_deploy: added "launch" phase
  • ios_deploy: added "kill" and "proclist" phases
  • ios_deploy: added "install_ex" phase
    
• Kernel/Misc
  
  • kernel: switched to PCRE2 for the regular expression engine. Now Perl extensions (\s, \d, \w and so on) can be used in regular expressions
  • kernel: improved handling of 'noret' function attribute (fix endless looping in some cases);
  • kernel: documented ABANDON_DATABASE in ida.cfg
  • kernel: added separate "mingw" abi name; it can be specified for the visual studio compiler
  • kernel: renamed environment variable NONAMES to be IDA_NONAMES
  • FLIRT: Added detection of 32-bit mingw/mingw-w64 startup functions
  • FLIRT: Added detection of 64-bit mingw-w64 startup functions
  • FLIRT: Added detection of Android Bionic libc startup for ARM
  • FLIRT: Added MFC signatures for vc1410 (Visual Studio 2017)
  • FLIRT: Added MFC signatures for vc143 (Visual Studio 2015 Update 3)
  • FLIRT: Added signatures for Android NDK/ARM (up to version 13b)
  • FLIRT: BC: added signatures for xe102 (RAD Studio 10.2 Tokyo)
  • FLIRT: DM: added signatures for Digital Mars 2.073.0
  • FLIRT: ICL: Added signatures for icl164 (Intel C++ 16.4)
  • FLIRT: ICL: Added signatures for icl170 (Intel C++ 17.0)
  • FLIRT: ICL: Added signatures for icl171 (Intel C++ 17.1)
  • FLIRT: ICL: Added signatures for icl174 (Intel C++ 17.4)
  • FLIRT: VC: Added signatures for vc1410 (Visual Studio 2017)
  • FLIRT: VC/VC64: added signatures for ucrt 15063 (Windows 10 Creators Update SDK)
  • FLIRT: pcf/pelf/plb/...: added option to modify pattern using regex (-E)
  • FLIRT: pcf/pelf/plb/...: added option to skip bytes before first label at pattern beginning
  • FLIRT: remove __ehhandler and __unwindfunclet pseudo-functions from signatures
  • FLIRT: the parser tools now remove by default any bytes before the first label (unset with -L)
  • FLIRT: mingw, mingw-w64: added detection of 32- and 64-bit mingw-w64 startup functions from the sourceforge builds (7.1.0rev2 and 7.2.0rev0)
  • FLIRT: sigmake: document -v (verbose) switch
  • FLIRT: upgraded ulink signatures
  • IDS: Added IDS files for MFC120 and MFC140
  • PCF: added option to specify startup segment name
  • PCF: the -s option (skip unknown relocations) has been renamed to -k
  • SIG: added signatures for VS ucrt 14393 (Windows 10 Anniversary Update SDK)
  • TIL: Updated UEFI TILs to version 2.5
  • TIL: Updated NTAPI type library
  • TIL: Added type library for Android NDK
  • RTTI: new plugin for parsing RTTI (run-time type information) produced by MSVC, GCC and LLVM in PE, COFF and ELF files
  • RTTI: added detection for MSVC's ThrowInfo and related sub structures
  • RTTI: added type information to comment for catchable types
  • EH_PARSE: new plugin to parse EH (exception handling) information present in ELF, COFF, Mach-O, and PE files. NOTE: enable display in Options-General-Try block lines
    
• User Interface
  
  • UI/qt: ability to delete breakpoints by group
  • UI/qt: ability to toggle between mangled & demangled versions of "Imports" & "Exports"
  • UI/qt: added fuzzy-searching in choosers
  • UI/qt: implemented ability to write custom actions for individual registers in the "General registers" (and similar) view (E.g., during a debugging session)
  • UI/qt: on Windows, text in message boxes (and warnings, errors, ...) can now be selected with the mouse, and copied to clipboard (it was already the case on OSX & Linux)
  • UI/qt: when copying tabular data (e.g. from choosers) to the clipboard, IDA now generates tab-separated values instead of aligning the text with spaces
  • UI/qt: when running on Linux/X11, selecting parts of the disassembly with the mouse (or Shift+navigation), will update the X11 'selection' clipboard (limited to what's visible on the screen.)
  • UI/qt: the Python/IDC command line auto-completion now responds to "Shift+Tab" appropriately, and goes back in history
  • UI/debugging: improve the formatting of the Call Stack window
  • UI/txt: decompiler can now be used interactively in the text version of IDA
  • UI: create/add/delete segment messages could be mixed up in the log
  • UI: do not ask permission to overwrite empty files, no info will be lost anyway
  • UI: pressing F9 with no debugger selected now starts the process automatically after user selects a debugger
  • UI: added a new action "copy field info to pointers"; it copies name and type info from a struct definition to the pointed locations for the current struct variable;
  • UI: all navigation actions are now proper actions, allowing their shortcuts to be overriden (and to be triggered programmatically.)
  • UI: many cursor movement actions can now be assigned another user-defined shortcuts
  • UI: mention that selector values are in paragraphs
  • UI: proximity view: added option to not show the collapsed nodes
  • UI: script snippets are now automatically saved to the database (and thus persisted to disk when the user presses Ctrl+W)
  • UI: script snippets: Pressing <Tab> or <Shift+Tab> while there is a selection, will cause that selection to be "block indented" (or unindented)
  • UI: on Windows, use Consolas font by default, as the venerable FixedSys is lacking glyphs for many Unicode characters
    
• Scripts & SDK
  
  • IDAPython: ability to programmatically query or set the graph position + zoom level
  • IDAPython: ability to store attributes on tinfo_t objects
  • IDAPython: added example showing how to synchronize two graph views (i.e., IDA View-B follows IDA View-A, at another zoom level)
  • IDAPython: added IDAPython module ida_dex to access loaded DEX file information
  • IDAPython: hexrays: cexpr_t & cinsn_t are now writeable, allowing many modifications of the C tree
  • IDAPython: opened many low-level graphviewer-related functions (those were previously unavailable)
  • IDAPython: support for microcode_filter_t (see vds8.py example)
  • IDAPython: added View_Hooks for hooking IDAView events
  • IDAPython: fix idaapi.py dependencies
  • IDAPython: exposed get_predef_insn_cmt()
  • IDC: fix documentation for the StepUntilRet() function
  • IDC: support 64bit file/linput size/offset
  • SDK: numerous changes. see this page for details.
  • 下载地址：
    http://www.juhevip.cn/thread-124927-1-1.html