[Tips]Make IDA display all function's adress as rebased (maybe i'm out of date)

**demonguy** · 10-22-2012

1.Be sure your current active window is "IDA-View"
2.Use menu command "Edit"->"Segments"->"Rebase Program" . and rebases to 0x0
3.wait for a moment and all adress wil be displayed as rebased...

i don't know why all masters in this forum don't do this, maybe there is a particular reason?

**Bananenbrot** · 10-22-2012

If you try to debug with ida, it will always rebase to wow.exe's base address. It happens that wow.exe's default image base is 0x400000. So if ida is currently rebased at that position, you don't have to wait each time when you start to debug.

**demonguy** · 10-22-2012

But it's really strange, each time i debug with IDA, it will always be rebased to a random address such as 0x11C0000, often more than 0x1000000, How to force it to rebase on 0x400000?

**_Mike** · 10-22-2012

Originally Posted by demonguy

But it's really strange, each time i debug with IDA, it will always be rebased to a random address such as 0x11C0000, often more than 0x1000000, How to force it to rebase on 0x400000?

Disable ASLR.
If you have visual studio (or just editbin.exe) installed, open up a VS command prompt and enter
'editbin /dynamicbase:no wow.exe'

Or find some other PE editor which can do the same.

**Bananenbrot** · 10-23-2012

Or use setdllcharacteristics « Didier Stevens. Credits to Cypher. Or go with _Mike's suggestion, seems to be even easier.

**DrakeFish** · 10-26-2012

To disable ASLR, you can also download EMET, a Microsoft tool that allows disabling ASLR on specific EXE's (or globally).

Link: Download EMET from Official Microsoft Download Center

edit: I may have spoke too soon, I just tried app-specific ASLR on WoW and it seems like it doesn't work. However, disabling ASLR system-wide should work.

**sitnspinlock** · 10-27-2012

Originally Posted by DrakeFish

To disable ASLR, you can also download EMET, a Microsoft tool that allows disabling ASLR on specific EXE's (or globally).

Link: Download EMET from Official Microsoft Download Center

edit: I may have spoke too soon, I just tried app-specific ASLR on WoW and it seems like it doesn't work. However, disabling ASLR system-wide should work.

it does, and needs to. for legacy applications without relocations

Shout-Out

User Tag List

Thread: [Tips]Make IDA display all function's adress as rebased (maybe i'm out of date)

Thread Tools

Search Thread

[Tips]Make IDA display all function's adress as rebased (maybe i'm out of date)

Similar Threads

[Small tip] Makeing gold easily.

[Tip] Making easy gold with the Auction House

[Tip] Make some gold when you're bored

Tip: make loads of gold when WOTLK comes out.

Can you make it so all undead looks like this dood

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino