When you load a file into IDA, whether a standard executable format (e.g. PE, ELF, Macho-O), or a raw binary, IDA assigns a particular address range to the data loaded from it, either from the file’s metadata or user’s input (in case of binary file). The lowest address from those occupied by the file is commonly called imagebase and you can usually see it in the file comment at the start of the disassembly listing:
There may be situations where you may need to move the loaded data to another address. The most common case is probably debugging on a live system: due to ASLR (Address space layout randomization), or simple memory usage patterns, the addresses occupied by the executable/library at runtime may not match the defaults used by IDA. If you use IDA’s own debugger, it should adjust addresses automatically, but in other situations you can do it manually via the rebasing action.
Rebasing
To move the currently loaded file to another address, you can use Edit > Segments > Rebase program…
You can then specify the new address or a shift value (positive or negative):
The “Fix up relocations” option will adjust values which depend on the load address (if the input file has relocation info and it was parsed by IDA), simulating the process performed by the OS loader/dynamic linker.
“Rebase the whole image” uses an algorithm optimized for moving the whole file at once (otherwise each segment is moved separately which may fail if there is an overlap between old and new addresses).
See also:
Igor’s tip of the week #41: Binary file loader
Igor’s Tip of the Week #122: Manual load
Article Link: Igor’s Tip of the Week #168: Rebasing – Hex Rays