Re: Confusion re: use of rebaseall vs. rebase to relieve BitDefender woes

Thanks so much for your response!  A few mop-up questions below. Hope you
don't mind.

Eliot Moss <> wrote:
Dear Ed -- I posted this a couple of days ago under another

My apologies. I thought I'd researched this carefully before posting. Should have cast my net a bit wider, I guess.

Here is the rebase procedure that works for me:

/bin/rebase -d -b 0x61000000 -o 0x20000 -v -T <file with list of dll and so files> > rebase.out

I notice that the rebaseall defaults (assuming I have them correctly) for the -b and -o flags are: -b: 0x70000000 -o: 0x10000 Was there some bit of information in particular that caused you to choose 0x61000000 and 0x20000, respectively, or was it a matter of trial and error? (If you know of a good reference for windows's memory model and layout, feel free to point me in that direction).


/bin/peflags -d0 -v -T <file with list of dll and so files> > peflags-d.out

Okay, so with the -d0 flag, you're telling peflags to set the dynamicbase flag to 0 on all specified files - meaning, I guess that these libraries and executables should NOT be "randomly rebased at load time by the OS?" A naive question: why wouldn't you want that to occur? (again, if the answer to that question is too involved, feel free to point me to documentation).

/bin/peflags -t0 -v -T <file with list of exe files> > peflags-t.out

And here the -t0 flag sets the "tsaware" flag to 0 on the specified files -- i.e., the executable/library should not be reconfigured as multi-user. Correct?

I note from microsoft's site that "/TSAWARE is not valid for drivers, VxDs, or
DLLs."  But is there some reason you wouldn't want the .exe files to to be
mult-user aware?  Other than the fact that on a standalone desktop PC, it wouldn't
really make much sense :-> ?

Note particularly the base and -o values, and be sure the check the output. Also, you have to do all this under ash, etc., and build a list of files first with find (or just list particular directories' files). I found there ae one or two files I had to exclude because rebase halts on them.

Best wishes -- Eliot Moss

Thanks again for your help and patience! And again, a pointer to documentation will suffice to answer my questions -- particularly if any or all of them would require a treatise by way of answer ;-)

-- Ed

