Rizin Versions Save

• Roll back prepackaged XZ version to 5.2.9

• Disable PCRE2 JIT on macOS
• Fix building with newer tree-sitter runtimes

• Fix global variable loading from projects
• Fix PageUp and PageDown use in the graph mode of Vv
• Fix pf format generation for union C types
• Remove the plugin from the list if the initialization step fails
• Unset static linking of PCRE2 if the system library is present
• Do not use the WX pages allocator for PCRE2 JIT on macOS platforms

In this release we continued adding the RzIL uplifting support for different architectures - Infineon Tricore, NEC V810, NEC(Renesas) V850, GameBoy. Floating point support for x86 RzIL uplifting was added as well (experimental until the next release).

One more notable change - by default we use the Capstone 6, you can read about details in the auto-sync blog post. Capstone 3 (and below) support was removed.

Another major change - greatly improved support for DWARF and PDB debug information, including various versions, compressed formats, different architectures support, and extracting global variables.

Support for loading debug information from debuginfod was added as well as support for loading "splitdebug" DWARF files.

Various refactorings to improve binary loading and analysis speed were performed, along with continuing battle to eliminate global state to make Rizin thread-safe.

New command line options

• rz-bin -dd to download DWARF from the debuginfod server

New and changed commands

In this release we continued refactoring from the old shell to the new one.

• A new command to list all RzIL instructions in the current function similar to pdf to print all assembly instructions - plf
• Added new command to print CFG (agF) and the interprocedual CFG (agCi)
• Added new command to print references to a global variable (avgx)
• Extended afvl commands to support long (afvll) and table (afvlt) outputs, integrated DWARF storage information
• pf. now requires space after dot
• Any pf command now recognizes named format - it should start from dot, e.g. pfs .bla where bla is the format name
• Defining new format now requires using pfn <format name> <format>
• Listing named formats - pfn (before - pf.)
• Print definition of the named format - pfn <format name>, previously pf.bla
• Writing data requires using pfw command instead of just pf or pf.
• pfw now supports both variants: pfw bla.foo 42 and pfw bla.foo=42

Configuration variables changes:

Removed options:

• bin.maxstr
• scr.rainbow

Renamed options:

• bin.minstr is now str.search.min_length
• bin.maxstrbuf is now str.search.buffer_size
• bin.str.enc is now str.search.encoding

New options:

• str.search.reload
• str.search.max_threads
• str.search.max_uni_blocks
• str.search.max_region_size
• str.search.raw_alignment
• str.search.check_ascii_freq
• str.search.mode
• bin.dbginfo.debuginfod
• bin.dbginfo.debuginfod_urls
• bin.dbginfo.dwo_path
• bin.dbginfo.debug_file_directory
• bin.hashes.default
• asm.var.fold

New features

Support for new hash and encryption algorithms - SM3, SM4

New architectures

• Renesas RX
• Renesas RL78
• Renesas (formerly NEC) RH850 (continuation of NEC V850)

New depedendencies

• PCRE2

Documentation

Code documentation and man pages were updated and improved.

Sponsors

@stephen-fox

• Fix a double free in LE file format handling
• Fix arrow keys on some terminals
• Fix #3835: off-by-1 for 32-bit x86 stack args
• Fix dbg.hwbp config variable
• Fix j/k movements in visual hexdump mode
• Fix some leftovers of the ?i command
• Try searching for backtrace() in libexecinfo.
• Implement add r#, K in the x86 assembler
• Improvements in w? help and env command
• regex: support \s
• Refactor some rz_core_cmd*() calls to use the API instead

• Update to Capstone 5.0.1
• Update to zlib 1.3
• Fix syscall definitions preprocessing
• Fix forgotten remnants of the old ? command (was changed and reworked to % command in previous releases)
• Refactor pointer command (*) to use the API
• Fix multiple Use-After-Frees in disassembly and PYC parsing code
• Fix division by zero in s++ and s-- commands
• Fix infinite loop condition in parsing some ELF files
• Fix various memory leaks
• Fix env command help message
• Update rizin and rz-diff man pages

• Fix CVE-2023-40022
• Fix memory leak in disassembly
• Fix Tricore disassembly performance
• Fix AVX512 detection in BLAKE3 (fixes building for older generations of macOS systems)
• Fix help in visual mode
• Unify crypto plugin API to match other types of plugins
• Add %$ command to handle Rizin $varname variables

RzIL

In this release, we continued improving RzIL support. The significant addition is implementing floating point numbers theory and uplifting the most common ARM VFP/NEON instructions to it.

Added new commands aoi and agI to show RzIL in the text and graph forms correspondingly:

Command changes

• asm.dwarf.* options were moved into asm.debuginfo.*.
• Added new aaC command to run classes analysis
• Removed typelinks (tl commands) and completely switched to using global variables instead (avg commands)
• Added a new command, help, to serve as an introduction to the rizin shell.
• Evaluation commands that were before ? subcommands are moved to % space, and environment variable commands were removed from % (env should be used instead)
• Added p=r command to display entropy edges
• Added interactive variants of p== commands (append v suffix):

Analysis

• Added ability to demangle Borland C++ and Rust symbols
• In preparation for migration from ESIL to RzIL, removed incomplete ESIL support in WASM and RSP architectures
• Embedded parser of C types updated to support C23 syntax.

Miscellaneous

• Default Capstone is now 5.0
• The Tricore plugin was rewritten from scratch and is based on Capstone now.
• Added MD2 hash algorithm support

Sponsors

@stephen-fox

• Fix CVE-2023-27590
• Fix Linux debugger compilation for ARM64 targets
• Fix cross-compilation when using the system OpenSSL library
• Fix various sscanf() issues in the Linux native debugger, coredumps handling.

This release fixes the building issues with system capstone versions, and a type formatting crash