Reputation: 35
OllyDbg on win7 64 bit
I've been following along lena151's tutorials on reverse engineering and all is going well except for unpacking. I'm running olly on a 64 bit windows 7 machine and it works fine except when the EP is always "JMP 71B00000" after following the jump an address is moved into EAX and then another one into ECX. A call is made to ECX and I get an exception that I can't pass to the program. This only happens when I step the code from the EP though. Could anyone explain to me what this is?
Upvotes: 0
Views: 2635
Answers (1)
Reputation: 848
Ollydbg cannot disassemble the binaries for 64-bit processor. I think you'd be better off with a virtual machine running a x86_32 system.
And from OllyDbg 2.0's page:
And once again: no, this version does not work under Win64!
Upvotes: 1
Related Questions
- can you debug 64bit target apps with Ollydbg 1.1?
- How to disassemble bytes that Ollydbg thinks are data, not code?
- Locating OEPs in Packed EXE Files
- ollydbg opcode trace
- Ollydbg instructions before program
- Which version of assembly does OllyDbg disassemble binary to?
- OllyDbg - non invasive debugging
- Loading Windows Symbolics in OllyDbg
- About reverse with ollydbg
- Disassemble a Dynamic Link Library with OllyDbg