This release contains a few important security fixes:

• CVE-2022-36043
• CVE-2022-36040
• CVE-2022-36041
• CVE-2022-36039
• CVE-2022-36044
• CVE-2022-36042

Apart from those, were fixed:

• Various minor packaging and installation issues and improvements
• Various minor fixes on big-endian platforms
• GCC 12 compilation warnings.
• Update libzip to v1.9.2
• Update rz-libdemangle
• Fix #2851 - wrong AVR analysis jump value for rjmp/rcall
• Fix the crash of command fg
• Fix pg with fewer than 5 arguments
• Fix afx command JSON output
• Print graph when dmhg is executed
• Fix the heap overflow in TUI
• Fix for file sharing permission on Windows
• Fix #2957 - oob read in pe_section.c
• Fix #2970 - oob read in pe/pe.c and bin/golang.c
• Fix #2970 - oob read in coresymbolication.c and in bin_dyldcache.c
• Fix #2972 - oob read in ne.c
• Fix #2971 - null deref dwarf_process.c
• Fix #2968 - null deref in mdmp.c
• Fix #2965 - null deref and div by zero in mach0_rebase.c
• Fix #2962 - oob read in bin.c
• Fix #2961 - oob read in coresymbolication.c
• Fix #2958 #2960 #2973 - oob read in dwarf.c
• Fix #2955 - oob read in dex.c
• Fix #2954 - oob read in dex.c
• Fix #2953 - oob read in magic/funcs.c
• Fix #2952 - null deref in dyldcache.c
• Fix #2993 - Check rz_buf_read_le32_offset return status parsing LE bins
• Fix integer overflow in mach0
• Fix oob read on luac
• Fix RzBitmap length type and added ownership and checks.
• Fix strdup on nullptr in rz_core_bin_apply_strings
• Fix oob read on _luac_build_info and luac memleaks
• Fix oob read on rz_pkcs7_parse_spcdata
• Fix oob read on rz_x509_parse_tbscertificate
• Fix oob read and endian dependency in asm_ebc
• Fix OOB read in 6502 analysis plugin.
• Fix reset followed by color change in rz_cons_html_filter
• Fix always true if due wrong check in search
• Fix the failure of switching panel command
• Fix double free of enum member name
• core_search_for_xrefs_in_boundaries omits the negative return value
• Fix the crash caused by get_long_object()

Full Changelog: https://github.com/rizinorg/rizin/compare/v0.4.0...v0.4.1

Here we are again with a new release of Rizin, v0.4.0. We are still in the v0.y.z realm, but we are getting closer and closer to what we can consider our first stable release v1.0.0, with fully working projects and a uniform shell experience. In the meantime, we are moving forward with several side projects that we hope you will enjoy and that will help your reverse engineering experience, like automatic signature detection, FLIRT signatures creation, firmware base address computation, a new Intermediate Language (RzIL) and more.

As usual, keep reading for more insights and let us know of any bugs you find or improvements you would like to see in future versions.

New

• FLIRT files can be used to apply analysis information gathered from one binary to another one, allowing the reverse engineer to more easily recognize library functions or standard functions that are usually not binary specific. Rizin can now create such FLIRT files (both in .pat and .sig extensions), which can be later applied to other Rizin sessions or even opened directly by IDA.

$ rizin -A -qc "zfc /tmp/curl.sig" curl-example-dbg
704 FLIRT signatures were written in '/tmp/curl.sig'
$ rz-sign -aa -o /tmp/curl.pat curl-example-dbg
rz-sign: written 704 signatures to /tmp/curl.pat.

• Signature files (e.g. .sig) can be placed in the installation prefix to form a library that Rizin automatically uses while analyzing a binary, in order to find known functions and ease the reversing process.

$ rizin -A curl-example
[x] Applied 5 FLIRT signatures via sigdb

• Automatic golang function and string recovery for x86/x64/PowerPC/MIPS/ARM/RISC-V.

$ rizin -A example-go-1.18-stripped
[x] Found go 1.18 pclntab data.
[x] Recovered 4794 symbols and saved them at sym.go.*
[x] Analyze all flags starting with sym.go. (aF @@f:sym.go.*)
[x] Analyze all instructions to recover all strings used in sym.go.*
[x] Recovered 3448 strings from the sym.go.* functions.

• A new Intermediate Language RzIL has been introduced in Rizin, primarily intended for representing the semantics of machine code and designed as a clone of BAP's Core Theory. It is going to replace ESIL in the future, even though they will both live within Rizin for the time being. ARM32, ARM64, AVR, and 6502 assemblies can already be lifted to RzIL, allowing you to emulate code without running it. Some of the reasons that moved us away from ESIL are: its lack of typing, for example it was hard to discern accesses of different signs, sizes, and bool from integer; its hard to read string representation; being all string-based without a real structure.

  As many reverse engineers are familiar with the concept of SMT (Satisfiability Modulo Theories), RzIL should be familiar as well. In essence, it's a superset of SMT Bitvectors theory plus SMT Arrays (Bitvector-indexed arrays of Bitvectors to represent memory), and Effects (to represent side effects, like jump or branch). Thus, main core concept that was added in Rizin is the algebra of bitvectors, with corresponding functions in RzUtil. Moreover, the readable representation of RzIL was added, in a form of S-expressions:

$ rz-asm -a arm -b 32 -d 1233a0e1
lsl r3, r2, r3
$ rz-asm -a arm -b 32 -I 1233a0e1
(set r3 (<< (var r2) (cast 8 false (var r3)) false))

• Sometimes when reverse engineering a firmware you get just a raw binary, without any structured file format (e.g. ELF). Finding the base address where the raw data is supposed to be run from is often a tedius process. We now try to automate the identification of few possible candidates addresses through the new B command.

$ rizin -e log.level=3 -qc B stm32f103-dapboot-v1.20-bluepill.bin
INFO: basefind: located 7 strings
INFO: basefind: located 1459 pointers
score candidate  
-----------------
4     0x08000000
1     0x79ca6000

Improvements

• Improved analysis on DEX files, especially on cross-references to imports.
• GPL code can be now disabled via -Duse_gpl=false
• rz-diff -H option now supports infinite scrolling when binary diffing.
• Improved accuracy of the strings search and EBCDIC encoding support.
• Significant improvement of the Hexagon disassembly and analysis.

Extras

• FLIRT signature database is the database generated from rizinorg/sigdb-source, used as a library of signatures that can be automatically recognized in the binaries you analyze. It can be installed via the meson option -Dinstall_sigdb=true while installing Rizin from source or added later via e flirt.sigdb.path=path/to/sigdb.
• rz-libyara is now available as RzCore plugin for parsing and creating yara rules.
• rz-libdemangle is our extracted library providing APIs to demangle symbols for various languages. It currently supports C++, Rust, Swift, Java, MSVC and ObjC. C++ and Rust are under GPL license and they can be compiled out if necessary. As a standalone library it can be used by any other project, so try it out if you need it!
• Official Apple swift demangler is now available as RzDemangler plugin.
• rz-retdec Retdec decompiler plugin for Rizin
• rz-libmc7 Siemens Simatic S7 bytecode dissassembler
• rz-tracetest a testing tool for the correctness of RzIL lifters, which compares executions of instructions from a real trace against the result of executing the same instructions in the RzIL VM. This is a very important piece to ensure that our RzIL lifters produce good results.

Full Changelog: https://github.com/rizinorg/rizin/compare/v0.3.4...v0.4.0

• Fix the RZ_BIN_PREFIX test for Windows (#2189)
• Make meson.build work again with meson 0.55.3 (#2113)

• Add dist script to remove .git folders from subprojects
• Add -e option to rz-diff to set configuration variables
• Fix #2089 by checking the kind of DWARF attribute before demangling
• Fix #469 by checking the value of analysis.jmp.cref
• Fix #1710 by changing rflags register using dr
• Fix #2013 for dependencies names which are called libmagic and libxxhash

• Fix: UAF caused by parse_type_abstract_declarator_node()
• Fix wrong buffer size reporting with shm://
• Initialize retctx,ctx before freeing the inner elements
• Init all fields in rz_cmd_state_output_init()
• Fix #726 - Fix building for x86 Windows with clang-cl
• Fix -Wunused-function warning on Mac
• Fix OOB write for DWARF with abbrev with count 0
• Fix crash due to NULL pointer dereference in rz_analysis_block_recurse()
• Fix +/- in visual cursor mode
• Fix self-referential typedef format
• Make rz_strbuf_slice() truncate on excessive len

• Add pid/pidfile on man/rz-run and make a pid option a boolean
• Fix rax -t not considering GMT argument
• Fixed 'Ctrl+Arrow' and 'Alt+Arrow' in rizin shell
• Fix integer overflow and excessive memory usage in jump table analysis
• Fix infinite loop if first case of switch table points to same block
• Fix some NULL derefs in Windows Debugger
• Removed junk on screen in visual mode with two columns
• Detect shm_open() function with Meson
• Haiku OS and DragonflyBSD build fixes
• PE header parsing fixes when opened through shm:// IO plugin
• Added CRC32 and entropy values in it output
• Fix NULL pointer dereference due missing small_block method when OpenSSL is used.
• Fix potential buffer overflow in RC2 hash
• Move TSLanguage initialization into new rz_core_cmd_new() API
• [DEX] remove bottleneck on rz_list_get_n()
• Fix invalid v command resulting in black screen
• Add few missing Windows types
• Fix rotating colors with C in visual mode
• Fix #1864: Find main() of Fedora 35 x86_64 /bin/ls
• Use empty dependencies to avoid comparing different types (Meson 0.60 compatibility)
• [Debug] Let gdb attach regularly and reset reason after attach
• Enable flushing for oldinput_get_help()
• Provide API for calculating sections digests
• Move files to generate windows installer under dist/windows

Rizin v0.3.0

A new release of Rizin is here, v0.3.0! This release has taken a bit longer than expected, but a lot of things have been done since the last release, including our first GSoC in the Rizin project. Look at our blogpost to know more about GSoC 2021.

Below we would like to give you a glimpse at what we did, but be aware this is only a small fraction of the changes. You should look at our git history to see everything. Some of our work directly improves our users' experience, while others is more under the hood work, though we are sure it ultimately improves the experience of using and developing Rizin as well.

Keep reading for some highlights of this new release.

New

• New RzType module: We moved all the types related functions from the RzAnalysis module to a new separate module: RzType. Instead of using a custom stripped-down version of the TinyCC, RzType parses C code by using a grammar defined with Tree-Sitter. RzType parser and loader now better validates types, which allowed us to fix several mistakes in the shipped type libraries for Linux, MacOS, and Windows. When a type is unknown or it is a typedef/atomic type without an underlying specification you may also find the special new type unknown_t which is an integer of the current file/platform word size. This new module allows us to better use types in several places of Rizin, Cutter and rz-ghidra!
• SPDX headers: All files have been marked with SPDX headers that will help you and us check what kind of code we ship, which licenses, copyrights, etc.. Checks are in place in CI to ensure that all files will have SPDX headers going forward.
• rz-diff hexadecimal view: We rewrote big parts of rz-diff tool to remove the dependency on the diff/git diff binary, optimize diffing functions and provide a new hexadecimal diffing view through the new -H option.
• Shell new behavior: Rizin can now be started without any argument and it won't open any file, allowing you to later open a binary with o command as usual. We switched the behavior of - and = when starting Rizin, to better match what Linux users expect from a tool: - now reads the binary from stdin, while = now opens a malloc-ed file in memory. Try things with rizin and rizin =.
• Global variables: So far you could only define variables local to a function (see afv commands), but we are now introducing global variables that can be defined at any fixed address with a given type. See avg? to see how to handle them. This is still a very early concept, but we plan to use them more and more for disassembly printing, analysis, in Cutter, and in rz-ghidra. They are going to replace the “type link” function you may know under the tl commands.

Improvements

• ELF parsing: Code for ELF parsing has been heavily refactored and adjusted to make better use of dynamic info provided in segments instead of relying on untrusted sections. Few new variables have been introduced to alter how ELF files should be parsed and validated, see elf vars with el elf. Support for DT_HASH and DT_GNU_HASH allows to determine more accurately the number of symbols in the dynamic symbol table. As one of the results of this work, a known anti-analysis technique that tries to hide used symbols is now defeated by Rizin.
• No more io.cache required to apply relocations: It was common in Rizin to get warning messages telling you to enable io.cache to fix binary relocations. We think that was unnecessary and wrong in concept as well. With this new release, the most relevant binary plugins were refactored to provide a list of mappings together with changes that should be applied on top, making relocations patching very easy and transparent for the end user. You will not have to set any particular variable nor will you see changes applied by Rizin itself mixed with changes you, as a user, did to the binary.
• Commands ported to Rizin shell: Several commands were ported to Rizin unified shell, making them more consistent and easy to use. These commands have an automatically generated help, their arguments can be wrapped in quotes like you do in bash and they integrate better with Rizin. Some of those commands are: afvxa, afvxv, dts, L, pg, dmh, dm, pt, dc, H, av, ph, avg, i, !.
• Project migration: With the first release of Rizin we mentioned our new project implementation which would allow our users to keep using older projects as they update their Rizin tools. Even though we are not at release 1.0.0 we already implemented project migrations that automatically update your old projects as you load them! Please report any issue you find with this, so that by the release 1.0.0 we can deliver something as stable as possible!
• Support for multidex APK files: Initial work to support multidex APK
• rz-hash: Code related to rz-hash was heavily refactored and it now supports loading of large files as well as HMAC combined with any hash algorithm.

Fixes

• Fix debugger in static build: The statically compiled rizin binary provided with last release was not able to debug other binaries, due to it being compiled on Alpine and the code using the ptrace API with the wrong types of arguments.

• FLIRT decompression: Did you know you could load IDA FLIRT signatures files in Rizin with the zf commands? Now we support z-lib compressed FLIRT signatures as well, so try to load your FLIRT database with Rizin.

• DEX parsing: Several bug fixes ranging from correctly listing symbols in a dex file, to better printing of methods and fields names, to resolution of invoke-virtual methods.

• Ports: Added CI jobs for NetBSD and Linux PowerPC - all tests pass, various fixes for HaikuOS, DragonFlyBSD.

There is more in this release and even more to come in the upcoming ones, like a new Intermediate Language, RzIL, that will replace ESIL, improved usage of PDB files, global variables refinement and yet other improvements on ELF parsing. If you wish to help us develop, test, document Rizin or you are just curious about it, look at our website https://rizin.re/community/ to know how to reach out to us!

Enjoy Rizin v0.3.0,

The Rizin team

• Remove unnecessary exit() calls from librz/
• Fix wrong demangling of __TIFFSwab16BitData
• Prevent infinite recursion in DWARF parsing
• Detect presence of extern char **environ (fixes old MacOS build)
• Fix SDB and SPP linking with RzUtil
• Fix RzDiff/RzTest to use subprocess API
• Fetching all references with rz-pm to support release tags
• Fix FreeBSD 13 build
• Fix Gentoo SDB build to use proper Python environment
• Fix the wrong use of wcstombs()
• Various UAF, OOB, NULL DEREF fixes

Command changes

• Add exit command to exit Rizin
• Add dmhv as verbose version of dmh
• Add afb-* command to delete all basic blocks of a function
• Support in newshell for <cmd>?*[j] and ?*[j] <command>
• Extend output of iS to show more information about sections
• Fix =!= in newshell to support "fd" argument
• Merge CL and iX into ix
• Remove ?: because it does not exist and contains :
• Rename o: to oC to avoid :
• Rename s: to spad to avoid :
• Rename =: and =&: to =r and =&r to avoid :
• Rename sH commands to sh
• Remove "comment" argument from zi* and f*
• Remove the command tail
• Remove tfc, move to tf, add tfk
• Remove tna and tnn commands
• Remove join command
• Remove head command
• Remove less and directly list ls command
• Remove touch command
• Remove axF command
• Remove afb. and change how afbi commands work to be more consistent with afb
• Port q commands to newshell
• Port afb commands to newshell
• Port afB command to newshell
• Port afs commands to newshell
• Port afx command to newshell
• Port afS command to newshell
• Port afo command to newshell
• Port afu command to newshell
• Port afv commands to newshell
• Port t commands to newshell
• Port dsu commands to newshell
• Port wf commands to newshell

Analysis improvements

• Complete acvf command to better lookup function address on vtable offset
• Better type analysis

Updates

• Update rizin-shell-parser to tree-sitter 0.19.4
• Update embedded SDB

Architecture changes

• Java bytecode disassembly/analysis/assembly/binary plugins are rewritten from scratch and covered by tests
• Implemented Lua 5.4 bytecode disassembly/analysis/binary plugins (luac)
• Enabled Python bytecode (pyc) support and covered by tests
• Remove Whitespace Asm+Analysis Plugins (ws) because the Results are wrong

Debugging

• Various heap parsing improvements (dmh command)

Various

• Performance improvements on loading big files with DWARF information
• Improve developer and contributor documentation
• Add tests for different compilers and ABI
• Better SPDX/REUSE conformance of the source code
• Cleanup of the code to remove unnecessary parts e.g. some of JSON duplicated code
• Refactored all dependencies into Meson subprojects (lz4, zip, zlib, yxml, etc)
• Removed old ACR/Makefile files
• Refactored to use API calls instead of calling commands (rz_core_cmd*()) inside Rizin codebase
• Improved static "portable" builds to use relative paths for supplementary files

This release updates the tree-sitter dependency to 0.19.4, which is relevant for some distribution maintainers. Apart from this, 0.1.2 is identical and ABI-compatible to 0.1.1.

This is an intermediate bugfix release before the larger 0.2.0.

Changes

• Add more config vars to the projects load wxclusions (#911)
• Rename esil.7 to rz-esil.7 manpage to avoid collisions with r2
• Fix UAF in rz_bin_reset_strings() (#772)
• Check if core plugin implements call before calling (#670)
• Use GZip when compressing android release archives (#575)
• Provide both x86/x64 windows installers (#548)
• core/agraph: reintroduce Shift-Tab to move to prev node (#553)
• Fix io.va being set to true after aaft (#459)
• Fix "‘%s directive argument is null" warnings (#464)
• Consider all functions in afl. and print error if no function is there
• Fix signature in JSON mode in Mach-O and check for NULL signature (#463)
• #include <errno.h> explicitly in rz_types.h (#452)
• COFF: set zero size for label-symbols (#448)
• COFF: handle empty sections (#447)
• Meson: Escape paths on Windows (#444)
• Fix memleaks in ESIL op handlers (#438)
• Prevent FD_ZERO formatting from mangling by clang-format (#437)
• Fix crash with es without args (#436)
• Fix crash with el without args (#434)
• Extend warning when debug on macOS fails

v0.1.0

Today, we're shipping our first release, Rizin 0.1.0 :rocket:.

It has been a long ride and we're thankful to all the developers who contributed to Rizin and decided to stick with us. We couldn't have done it without you all.

We're so excited to bring you the first release of Rizin, which is the opening shot of the project and only the beginning. The release is packed with new and robust features. We now have Projects and a plethora of commands switched to our new unified command parser. Below, you'll find a complete and comprehensive list of what's new and what has changed.

On this first release of Rizin, we put our efforts in refactoring and discarding parts of the code that are not the focus of Rizin as a reverse engineering framework, and those which were unpurposed, outdated or left as proof of concepts. Along with this refactoring, we improved the building and packaging process (see more in our "Why Meson" blog post). Apart from that, the two biggest changes are new, actually working Projects (see more in our "Introducing new Projects" blog post) and migration of many commands and auto-completion feature to the "newshell" (a tree-sitter-based commands parser) which is now set to default. Some of the unnecessary commands were removed, some commands and configuration variables were changed to pursue a better user experience and to smooth the learning curve.

See the more detailed list of the changes below:

• New features

  • New Projects implementation from scratch - see more at our blog: "Introducing Projects"

• Command changes

  • Commands converted to newshell:
    • uniq
    • uname
    • ls
    • *
    • _
    • sleep
    • . subcommands
    • P subcommands
    • = subcommands
    • s subcommands
    • & subcommands
    • w subcommands (not complete)
    • z subcommands
    • e subcommands
  • Relevant changes to commands
    • @@ and @@@ commands were unified under @@ . See @@? for more info.
    • seek history commands were all moved under sH. In particular: s- (seek undo) becomes sHu; s+ (seek redo) becomes sHr; s*, s, s! are grouped under sH; s= is removed
    • sl (seek line) and prl were removed
    • s accepts only an absolute value. Instead of having different behaviour on s +10+3 vs s 10+3, now s behaves the same. If you want to move relative to the current offset, use sd (seek delta).
    • ss (seek silent) subcommands were removed in favour of the new eval var cfg.seek.silent, that is accepted by all seek commands.
    • e? was removed in favour of el (eval list). Other commands that listed evals in different formats (e*, ej, etc.) were moved under el.
    • e, was removed because e can now accept multiple sets/gets in one shot
    • ev and evj were removed in favour of ell and elJ.
    • ed was removed since there can be multiple configuration files
    • e won't accept spaces when assigning a value to a variable. e asm.bytes = true is not valid anymore, while e asm.bytes=true is. This allows the command to support multiple arguments easily, like e asm.bytes=true asm.arch=x86.
    • The commands converted to newshell do not accept the syntax without a space between the command name and the argument anymore, in favor of a more rigid approach that splits them, similar to what's done by other shells (e.g. s+3 , z-zigname won't work anymore)
  • Misc
    • Commands that provide different output modes are grouped together
    • Commands are defined through a YAML file that describe the command, its arguments, a summary and a longer description.
    • The help tree structure is automatically computed based on the YAML definition. For each command, arguments and sub-options in the help are automatically printed most of the times.

• New commands

  • opr , opn to open next file and opp to open previous file
  • Lp to list parser plugins
  • om.j for JSON output of om. to show the map for the current offset
  • aecb to continue backwards in ESIL emulation mode
  • Add rz-ax -I option to convert from/to LONG and IP address

• Configuration variables' changes

  • cfg.newshell.autocompletion to enable/disable autocompletion based on newshell data. This uses the information provided in cmd_descs.yaml to know the type of each argument. Those info are the same used by the shell to know how many arguments a command accepts. It supports autocompletion of all the arguments of a command, not just the first. However it works only for commands converted to newshell and it is currently disabled by default
  • cfg.seek.silent when true, seek commands do not save seek movements in the seek history
  • cfg.seek.histsize maximum size of the seek history
  • asm.bytes set to false by default
  • Set asm.tabs to 6 and enable asm.tabs.once by default
  • Rename asm.filter to asm.sub.names
  • Add analysis.cc and analysis.syscc to set the current calling convention and syscall convention, remove hardcoded conventions
  • zign.{graph,bytes,offset,refs,hash,types} moved to zign.match.
  • dbg.create_new_console added, to create a new console window for the debugee on debug start
  • Added cfg.json.* variables for JSON encoding settings
  • Added asm.hint.call.indirect to make indirect calls follow the target address
  • Removed http.sync, http.ui, http.sandbox scr.tts , scr.demo, file.desc, file.md5, file.location, dbg.libc.dbglib, cmd.xterm, lines.*, cmd.pdc, cmd.log

• Code cleanup

  • Removed WebUI and HTTP server implementation (except pieces required for the RzPipe http:// to work.
  • Removed the sandbox feature, donut printing, stiv (image preview), 2048 game
  • Removed scr.demo mode
  • Removed cfg.r2wars mode
  • Removed snow from Visual Panels mode
  • Removed function folding feature from Visual mode
  • Removed pdc pseudo decompiler in favor of RzGhidra and JSDec (URL)
  • Removed rz-patch tool (former rapatch2)
  • Removed citem (i. command)
  • Removed incomplete TTS support (cfg.fortunes.tts and scr.tts, also |T command)
  • Removed various outdated and unused scripts from sys/
  • Removed MinGW and Cygwin support from ACR/Makefiles
  • Removed Emscripten support
  • Removed (some of them moved to the book (URL)) various outdated documentation files from doc/
  • Removed the REIL support (aetr command)
  • Removed a2f analysis mode (analysis.a2f configuration variable)
  • Removed io.mmap plugin and rely on io.default implementation instead
  • Removed afc= command (use analysis.cc instead)
  • Removed afil command
  • Removed obsolete Windows debugging files (w32.[ch])
  • Removed unused callback.c
  • Removed filesystems mount support (m commands) and outdated GRUB code
  • Removed T commands (logging feature)
  • Removed u commands and Q alias
  • Removed ' and \ (both are an alias for =!) commands
  • Removed : commands
  • Removed p3 command (3D stereogram)
  • Removed /me command (IRC-like feature)
  • Removed support for the multiline comments (/* */)
  • Removed join, head, and less commands in favor of the ~ subcommands
  • Removed afc=, arS

• Refactoring

  • SDB switched to use submodule instead of embedding into the repository
  • Tree-sitter runtime switched to use submodule instead of embedding into the repository
  • Most of the JSON printing migrated to the PJ API
  • Extract subprocess API used in rz-test to RzUtil, as a preliminary step in re-using those API for all code paths that interact with a child process
  • Reduce coupling between RzCore and Tasks
  • Move seek history processing from RzIO to RzCore
  • Refactoring to reduce code duplication of all binutils-based disassembly and assembly plugins (CRIS, HPPA, Lanai, MIPS, PPC, SPARC plugins)
  • Remove global variables from rz-find tool
  • Set C99 as the minimum required C standard supported. C99 standard has been used to compile SDB for many years, so we are now just taking full advantage of the standard in the whole project.
  • Code style is unified and automated with clang-format tool, see sys/clang-format.py script.
  • License headers updated to use SPDX machine-friendly format
  • Use meson dist to create the source tarball and refactor building release artifacts and corresponding CI logic

• Assembly improvements

  • New PowerPC assembly plugin (asm.ppc)

• Analysis improvements

  The basic blocks module was completely rewritten resulting in speed and analysis quality improvements for all supported architectures.

  Detection of the changes upon write and and refreshing the function graph.

  Improved UTF-16 strings autodetection

  Added ESIL sign extension operator ~=

  The analysis of the following architectures was improved significantly:

  • AVR
  • SPC700
  • V850
  • RISC-V (including new asm.pseudo plugin)
  • ARM32 (mostly pseudocode and ESIL improvements, update arm.winedbg)
  • ARM64 (including the major fix for the variable access analysis and syscall support)
  • SystemZ (added calling convention support)
  • Tricore (added instruction descriptions, see asm.describe)
  • PowerPC (libvle updates)
  • x86 (ESIL updates)

• File formats

  • COFF: add ARMNT and ARM64 support
  • COFF: various small parsing fixes
  • Rewritten *.ar parsing to support multifile archives
  • PE and Windows minidump parsing fixes and performance optimizations
  • PE fixes for delayed imports
  • PE support for the RISC-V target
  • Print additional ELF headers with rz-bin -H option
  • Improvements for DWARF and PDB parsing and information import

• Debugger

  • WinDbg/KD fixes
  • FreeBSD and DragonFlyBSD fixes
  • dts (debug trace session and reversible debugging feature) improvements
  • Add support and autodetection of the RISC-V targets for the GDB remote server connection

• IO

  • Cache performance optimizations

• Tests

  • Add an option to store logs with rz-test (-o option)

• Misc:

  • Static builds are switched to use Alpine/Musl-based builds to not depend on the GLIBC version
  • Show all possible config variable values in the Ve menu