Vivisect Changelog

V1.3.0 - 2026-01-09

Features

• Improve how VStruct renders structures. (#674)

• Added support for AArch64. (#224)

Fixes

• Various fixes to the PE and ELF loaders. (#659)

• Various improvements to ARM support. (#672)

• Fix readMemString to respect admin rights. (#677)

• Fix references being added for dynamic calls. (#678)

V1.2.1 - 2024-07-24

Fixes

• Fix an off by one issue in the LNK parser. (#655)

• Fix Callgraph initialization and UI rendering (#657)

• Fix an issue in readMemString where the last null byte of a wide string should be considered part of the terminator. (#663)

• Add a missing ARM alias. (#667)

• Fix default ARM arch name. (#668)

Devops

• Update to large resource class in CI configuration. (#526)

Documentation

• Fix the readthedocs build. (#654)

V1.2.0 - 2024-07-15

Features

• Various vtrace improvements. (#406)

• Defer emucode analysis pass until after pointertables analysis. (#561)

• Add API accessible architecture maturity information. (#588)

• Open xrefs and menu items in a new memory view or function graph. (#600)

• Step in the same memory map and fix saving to a file. (#608)

• Allow readMemStringto handle Wide Strings. (#609)

• Cobra dcode upgrades. (#610)

• Various VivServer enhancements. (#615)

• Add a pretty printer for PE files. (#620)

• Propagate symbolik translator down into calling conventions to ease performance issues. (#621)

• Deal with uninitialized data sections in PE files. (#622)

• Validate Extensions loaded via vivExtension/vdbExtension. (#624)

• Parse Threads structure from MiniDumpThreadListStream. (#625)

• Performance improvement for vstruct emitting of IHEX and SREC files. (#627)

• LEG architecture Aliases. (#628)

• Migrate to pyproject.toml and update CI and dependencies. (#629)

• Add a default name for locations. (#630)

• Arm improvements. (#631)

• Propagate endianness down through the workspace and memory objects. (#632)

• Large performance improvement for function graph drawing. (#636)

• Add ability to make pointer arrays via the UI and API. (#637)

• Add a default view for the UI. (#643)

• Various VivServer enhancements. (#645)

• Tag tracking in function graph and memory views in the UI.. (#646)

• RenderMemory on MemoryView Window load/restore. (#647)

• Save and Restore History for memory windows and function graphs. (#648)

• Add a vstruct parser for LNK/Microsoft shortcut files. (#649)

Fixes

• Fix usage of super keyword in a pair of classes. (#613)

• Fix up/down in memory view. (#614)

• SymbolResolver bugfix for Windows. (#617)

• Fix name of Minidump MemoryDescriptor range start. (#626)

• Descend into thunk_reg functions to avoid some infinite recursion issues. (#634)

• Add in missing IHEX_REC_STARTLINADDR check. (#638)

• Fix PE repr method when printing PE resources. (#641)

• Fix pyproject.toml for local installs. (#642)

V1.1.1 - 2023-04-07

Features

• More test resiliency for our remote server tests. (#584)

• Document getBranches API. (#589)

• Add “stepo” functionality as an option for “stepi” in VDB. (#591)

• Migrate away from some deprecated functions. (#593)

• GUI scroll improvements. (#599)

• Envi config get by string. (#604)

Fixes

• Fix 64-bit emulation of intel’s div instruction. (#575)

• Do dynamic imports in our envi module via importlib.import_module. (#587)

• Make our ELF module more resilient to failures. (#592)

• Fix a regex that uses an invalid escape sequence. (#596)

• Fix PE parser config option usage. (#605)

• Fix envi.interactive flag. (#606)

V1.1.0 - 2023-02-18

Features

• Update VDB’s handling of x64 systems. (#56)

• Symbolic switchcase analysis. (#112)

• Make Vivisect loader more elegantly handle multiple files. (#472)

• Funcgraph enhancements: AutoRefresh, FollowTheLeader, Xrefs Window, and Window Renaming. (#488)

• update impapi to cover msvcr100.dll (#522)

• Add a SaveToServer dialog. (#527)

• Update imphook names in the platarch emulators. (#530)

• Relocatable ELF Support. (#531)

• Check before making new location types in the UI. (#533)

• Turn register groups from a tuple to a dictionary. (#542)

• Store a file’s original name in the meta info. (#543)

• Add API entry for __read_chk on posix. (#545)

• Add option to WorkspaceEmulator to disable shared caching. (#547)

• Enabling POSIX Library Load notifications. (#550)

• Add i386 opcode vpcext. (#556)

• Update vamp signatures. (#566)

• Making architecture names/numbers in envi for impending architectures. (#567)

• Refactoring Windows library APIs. (#572)

• Sort context menu options and add “this window” option. (#577)

Fixes

• Various fixes to improve ARM analysis. (#473)

• Fix an issue in the remote server. (#523)

• Fix some remote gui bugs. (#525)

• Documentation build fixes. (#535)

• More documentation build fixes. (#537)

• Bump QT Versions to address hanging. (#541)

• Fix VivWorkspace opcache key creation. (#544)

• More ARM bugfixes. (#546)

• Fix and extend Windows API hooking. (#548)

• VTrace posix missing import. (#549)

• minor bugfixes: VDB RegisterView widget (#552)

• Fix i386’s vtrace archGetBackTrace results. (#553)

• Linux i386 syscall fixes. (#555)

• Pull back in some fixes that got lost in merges. (#564)

• Make MiniDump log to a named logger. (#565)

• Make BasicFile storage write the header when used from the UI. (#570)

• Arch Const Handling refactoring. (#571)

• Architecture loading emergency bugfix. (#578)

V1.0.8 - 2022-04-28

Features

• Improved Save-As capabilities when connected to a remote server and better struct making from the UI. (#501)

• Improve output for the UI’s names command. (#516)

Fixes

• Fix issue in the proxy case where we forgot to snap in the analysis modules. (#498)

• Fix string naming. (#502)

• Fix a bug in ELFPLT analysis where certain dynamic tables were missing. (#503)

• Fix an issue where ELF parsing of STT_FUNCs was based on too many bits. (#505)

• Fix an missing name issue in Save-As. (#507)

• Improve thread safety for client workspaces. (#508)

• Fix the i386 Emulator’s handling of rep(n)z. (#513)

• Fix issue when dealing with invalid PE section names. (#514)

• Fix an incorrect import name in vivbin. (#518)

• Fix a debug logging message in the libc_start_main analysis pass that would cause that analysis pass to exception out. (#519)

V1.0.7 - 2022-01-13

Features

• More Mach-O structure definitions and parsing support. (#495)

Fixes

• Tweak how i386 analysis detections calling conventions. (#493)

• Use OptionalHeader.Magic for determining PE32/PE32+. (#494)

V1.0.6 - 2022-01-03

Features

• Cohesive Memory Maps. (#450)

• Add changelog to the docs build. (#462)

• Add test for unknown workspace events. (#463)

• Flesh out Delete Relocation Event and add Test Helpers. (#471)

• Update docs with developer intro info. (#475)

• Update IPython integration module. (#487)

• Improve Emulation Taint Comments. (#490)

Fixes

• Fix PE carving. (#464)

• Update intel emulator repetition options. (#465)

• Update VDB’s UI class inheritance to deal with display crashes. (#466)

• Update the various CLIs and VAMP interfaces. (#467)

• Fix ARM’s Vivisect/VDB bridges. (#469)

• A grab bag of fixes for function thunking, ELF PLT analysis, ARM emulation, and no return display. (#470)

• Fix special character rending in the UI. (#474)

• Fix the intel emulator’s idiv instruction. (#476)

• Make MACH-O parsing work. (#486)

V1.0.5 - 2021-09-10

Fixes

• Fix ascii string size when the string terminates at the end of a memory map. (#437)

• Better handle PE delay imports that use VA pointers instead of RVA pointers. (#439)

• envi.IMemory.readMemValue: return None on truncated read. (#444)

• Only apply the rep prefix on string instructions in intel emulation. (#447)

• Fix a pair of regressions in ELF analysis. (#448)

• Align ELF memory maps to page. (#451)

• Integer division for struct array count in ELF. (#455)

• Safe harness for addRelocation method on the workspace. (#456)

• Log to appropriate logger in elfplt late module. (#458)

• Allow duplicate init and fini functions in ELF files. (#459)

• Add Vtrace Symbol test. (#460)

v1.0.4 - 2021-08-22

Features

• Add structures to UI and a compressed version of the file to the meta events. (#396)

• Actual documentation! (#400)

• Massive ELFPLT overhaul. (#401)

• Speed tweaks for the pointers pass and the workspace emulator. (#402)

Fixes

• RTD didn’t like python 3.9, so go with 3.8. (#400)

• Have ud2 on amd64 halt codeflow and fix a MACH-O bug. (#403)

• Fix issues in vtrace’s windows, vivisect/reports, PE/carve, and others. (#404)

• Tons of i386 emulator fixes. (#405)

• Safeguard mnemonic counting in codeblocks.py. (#408)

• Fix funcgraph issues with line highlighting. (#409)

• Fix issues in i386 decoding, a new thunk pass, new ELF relocations support, and more. (#411)

• Fix vstruct signed number issue. (#412)

• Change AMD64 symboliks class declaration to get the right dealloc method. (#413)

• Remove wintypes import for vtrace to avoid a python bug. (#416)

• Raise specific exception on invalid architecture. (#418)

• Raise specific exception on invalid section alignment. (#420)

• Raise specific exception on corrupt file. (#422)

• Better handle invalid exported filename in PE files. (#426)

• Fix struct.unpack issue and float issue on corrupt files. (#428)

• ARM impapi files. (#431)

• Fix python 3.8 compatibility issues (and add to CI) and fix platformDetach. (#432)

• Alignment and padding of PE sections. (#436)

• Better handle invalid import name. (#441)

v1.0.3 - 2021-05-02

Features

• Loosen requirements and bring setup and requirements.txt in line with each other (#399)

Fixes

• N/A

v1.0.2 - 2021-05-02

Features

• Refactor and update the posix impapi (#390)

Fixes

• Ancient visgraph bug (#387)

• Easier version engineering (#388)

• Remove Travis CI config and fully cut over to Circle CI (#389)

• Add check to prevent divide by zero in print stats (#392)

• Fix SaveToWorkspaceServer (#393)

• Intel emulator bug fixes (#394)

• Tests for intel emulator and more fixes (#395)

v1.0.1 - 2021-04-05

Features

• Dynamic dialog box/Extension docs (#376)

• ELF Checksec and metadata additions (#379)

• ARM Fixes/CLI Fixes/GUI Helpers (#380)

Fixes

• Callgraph/PE/vtrace fixes and pip installation update (#372)

• Extensions improvements (#374)

• Migration Doc and script/Cobra fixes/Data pointer improvement/Remote fixes (#377)

• Intel addrsize prefix fix/decoding fixes/emulator and symboliks updates/vdb fixes (#384)

• Cobra cluster updates/ARM analysis fixes/Elf parser fix (#385)

• v1.0.1 release/Intel decoding update/vtrace linux ps fix (#386)

v1.0.0 - 2021-02-23

Features

• Full Python 3 cutover (#328)

Fixes

• Make envi.codeflow stable when analyzing function (Wrapped in as part of #328)

• Fixing some issues with memory view rendering (#352)

• Python 3 Cleanup (for extensions/UI fixes/unicode detection/switchtable regression/ELF Parser) (#353)

• More memory render fixes (#355)

• More python3 fixes for API consistency and packed dll name exception handling (#357)

• Python3.6 specific import fixes (#361)

• Memory rendering tweaks to not double show bytes (#364)

• UI fixes for arrow keys, taint value fixes to prevent some infinity recursion (#365)

• Symbolik View was unusable (#366)

• DynamicBranches wasn’t populating in py, and no return improvements (#367)

• Logging update for vivbin/vdbbin (#368)

v0.2.0 - 2021-02-01

Features

• More IMAGE_FILE defs and honoring NXCOMPAT in older PE files (#319)

• Msgpack backed storage module (#321)

• Substring location accesses (#327)

• Parse and return the delay import table (#331)

• New noret pass/several API refreshes/intel emulator fixes/emucode hydra function fixes (#333)

• Migrate to CircleCI for Continuous Integration (#336)

• Enhance UI extensions (#341)

• SREC file parsing support (#343)

Fixes

• Import emulator to handle dynamic branches (switchcases) using only xrefs (#314)

• ARM Register access tweaks (#315)

• Normlize the return value/usage of i386’s getOperAddr (#316)

• Bugfix for handling deleted codeblocks (#317)

• Syntax error fixes (#318)

• PE carving fix/makePointer call in makeOpcode fix (#320)

• More intel nop instruction decodings (#326)

• More intel decodings/Codeflow fixes/Enable ARM for PE/Address infinite loop/Metadata (#329)

• Cobra: not configuring logging for everyone upon import (#330)

• Speedup for symbolik’s setSymKid and more intel decoding fixes (#332)

• Don’t configure logging in vivisect module (#334)

• Slight ARM fixes for bx flags and IHEX fixes for meta info (#337)

• PE fixes for reading at high relative offsets (#338)

• Streamline ELF tests to reduce memory footprint (#340)

• Streamline Symboliks Tests to reduce memory footprint (#342)

• Remove unused cobra imports (#344)

• More robust location handling for corrupt PE files (#347)

v0.1.0 - 2020-09-08

Features

• ELF tweaks for ARM binaries. (#290)

• Codebase cleanup in preparation to move to python 3. (#293)

• More opcode mappings for intel. (#299)

• Upgrade cxxfilt. (#302)

• Expand unittest coverage. (#303)

• Support for integrating with revsync. (#304)

• Symbolik Reduction Speedup. (#309)

Fixes

• PyPI fix for vtrace. (#300)

• Calling convention fixes (#301)

• ARM disassembly and emulation bugfixes. (#305)

• Msgpack strict_map_key bugfix. (#307)

• Make creation of $HOME/.viv directory user configurable. (#310)

v0.1.0rc1 - 2020-07-30

• Initial PyPI Release