Rebasing and debugging

rebase ida
Qix - MONICA WAS MISTREATED picture Qix - MONICA WAS MISTREATED · May 19, 2012 · Viewed 7.1k times · Source

So usually when I debug with IDA I don't come across any issues; however, with this one particular process (which is 9.9 MB in size before modules) IDA insists it rebase every single time it starts the process, which freezes IDA and forces me to wait a good 20-30 minutes before it actually starts.

Why does it do this, and can I somehow disable this? I'm new-ish to advanced debugging such as this so rebasing only makes a little sense to me.

Answer

Scott Chamberlain picture Scott Chamberlain · Sep 5, 2012

In case anyone else finds this page like I did, this can also be caused if the DLL's preferred entry point is already in use it must rebase it before it can continue.

To correct this you can use the ReBase.exe tool that comes with the windows SDK (or visual studio)

ReBase.Exe -b 7600000 myBadBasedDll.dll so that will reset the base of the dll to 0x7600000. You then must do the rebase in IDA one last time to make your idb in sync (or make a new idb after you rebase)

Edit->Segments->Rebase Program...

In the new menu check the boxes for Fix up Program and Rebase the whole image and it should be good to go.

Related questions

Squash my last X commits together using Git

How can I squash my last X commits together into one commit using Git?

Read More
Git refusing to merge unrelated histories on rebase

During git rebase origin/development the following error message is shown from Git: fatal: refusing to merge unrelated histories Error redoing merge 1234deadbeef1234deadbeef My Git version is 2.9.0. It used to work fine in the previous version. How can I …

Read More
Undoing a git rebase

Does anybody know how to easily undo a git rebase? The only way that comes to mind is to go at it manually: git checkout the commit parent to both of the branches then create a temp branch from there …

Read More