Hello.
I couldn't find an appropriate section so I post here. Please move it to the right place if it doesn't belong.
Environment:
Windows 7 SP1 x64, using IDA 6.1.
Problem:
Debugging 64-bit plugins using IDA's x64 remote debugger on the same machine as the main IDA.
(Due to lack of hardware and debuggee requirements, I can't use VMs or run the remote debugger on another computer).
The above setup has been working in all cases for a few years, so it's not a configuration problem.
The last few months though, it stopped working, but only when run for a small set of (big) applications. For the remainder, it still works fine.
That points to something common to these specific applications.
A DLL (unlikely, unless it's hidden in the .NET infrastructure), a service (likely but disabling the ones I could identify didn't help), or a Windows DLL/service that is used by these applications and not the others.
The error is related to RPC or TCP/IP communications.
irs_recv: The wait operation timed out.
The sequence of processing is this:
1. IDA starts with some plugin's IDB loaded.
2. It then, either it starts the calling application or attaches to it.
3. In either case, it gets to the point where it rebases the plugin.
4. It finishes rebasing (that could take half a minute to more than an hour for the huge ones), it might go on until a few more plugins (related/unrelated to the debugged plugin), or just right away, throw out the "irs_recv" message and kill the session.
To make it interesting, sometimes it could even show a popup like:
"oops! internal error 40201" or some other number.
Being 64-bit programs, IDA can't be set as JIT as far as I know (assuming it would help) and the current Visual Studio JIT doesn't get activated by the timeout error (which makes sense since it's not a system-critical one).
Any TCP or Server timeout values I have identified and raised didn't help.
RPC tracing looks like a nightmare to get into (I tried and couldn't get anything useful out of it).
I even tried some suggestions from similar threads that dealt with problems running the Android remote server from Windows 7 (strict certificate requirements for the remote debug server), created my own certificates and resigned the relevant IDA modules, and still nothing.
Wireshark traces didn't help either (they might have had something in them but on a gig-sized trace file with no idea what to look for, it was a lost case).
Trying logging on as a different user (also admin) didn't help either.
So I'm stuck.
Has anybody come across this problem or has any suggestions on how to identify the module sending the timed out request?
Thanks in advance.
I couldn't find an appropriate section so I post here. Please move it to the right place if it doesn't belong.
Environment:
Windows 7 SP1 x64, using IDA 6.1.
Problem:
Debugging 64-bit plugins using IDA's x64 remote debugger on the same machine as the main IDA.
(Due to lack of hardware and debuggee requirements, I can't use VMs or run the remote debugger on another computer).
The above setup has been working in all cases for a few years, so it's not a configuration problem.
The last few months though, it stopped working, but only when run for a small set of (big) applications. For the remainder, it still works fine.
That points to something common to these specific applications.
A DLL (unlikely, unless it's hidden in the .NET infrastructure), a service (likely but disabling the ones I could identify didn't help), or a Windows DLL/service that is used by these applications and not the others.
The error is related to RPC or TCP/IP communications.
irs_recv: The wait operation timed out.
The sequence of processing is this:
1. IDA starts with some plugin's IDB loaded.
2. It then, either it starts the calling application or attaches to it.
3. In either case, it gets to the point where it rebases the plugin.
4. It finishes rebasing (that could take half a minute to more than an hour for the huge ones), it might go on until a few more plugins (related/unrelated to the debugged plugin), or just right away, throw out the "irs_recv" message and kill the session.
To make it interesting, sometimes it could even show a popup like:
"oops! internal error 40201" or some other number.
Being 64-bit programs, IDA can't be set as JIT as far as I know (assuming it would help) and the current Visual Studio JIT doesn't get activated by the timeout error (which makes sense since it's not a system-critical one).
Any TCP or Server timeout values I have identified and raised didn't help.
RPC tracing looks like a nightmare to get into (I tried and couldn't get anything useful out of it).
I even tried some suggestions from similar threads that dealt with problems running the Android remote server from Windows 7 (strict certificate requirements for the remote debug server), created my own certificates and resigned the relevant IDA modules, and still nothing.
Wireshark traces didn't help either (they might have had something in them but on a gig-sized trace file with no idea what to look for, it was a lost case).
Trying logging on as a different user (also admin) didn't help either.
So I'm stuck.
Has anybody come across this problem or has any suggestions on how to identify the module sending the timed out request?
Thanks in advance.