Results 1 to 7 of 7

Thread: Ollydbg / Vista x64 Issues

  1. #1
    uber.core
    Guest

    Exclamation Ollydbg / Vista x64 Issues

    Hi guys, I'm new to the forum and I hope someone can assist my issue.

    First off I'm new to Ollydbg and all of this mess

    I've been following a video tutorial and learning the works and usefullness of this
    Program. It runs perfectly on my XP Pro 32bit laptop but I've recently purchased a new one with x64 Vista on it.

    Now to the issue, I can load Olly fine without it being in compatability mode, but when I open a program to debug, Vista greets me with a ".exe has stopped working" Now I've tried running in compatability mode aswell and still to no avail, same message. Yet Olly is running fine and dandy and the program "does" open within it, but it says on the top left in red "Terminated" and I cant do anything with it.

    Does anyone have any feedback on steps and measures I can take to prevent this?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Olly is a 32 bit debugger. It will crash, sooner or later in a 64 bit environment. Do not use or Hammer to tight a bolt!
    Olly runs, inside wow (windows 32 on Windows 64) virtual Machine environment, but, as soon as you try to read another process, the debug API stop cooperating and the process crash.
    Consider using windbg or IDA debugger for win 64 systems

  3. #3
    uber.core
    Guest
    Olly loads fine, its the parent process that I'm trying to open inside Olly that fails to start. I know there has to be a work around.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Try this plugin:
    http://portal.b-at-s.info/downloadt.php?id=12

  5. #5
    uber.core
    Guest

    Thumbs up

    Ah well to all of you who think you cant use ollydbg in a Vista x64 Enviroment the biggest noob of all would like to prove you wrong. I have a script that bypasses the error I was getting and once loaded, all you have to do is use the "trace into" button and happy cracking! Just put this in your ollys script folder! I recommend getting the CrackersKit! Since I'm not sure if there are any dependancies on the Scripts folder itself.

    copy and paste this:

    // Get address of api to patch away

    gpa "ZwSetInformationThread", "ntdll.dll"


    // Store it in eax

    mov eax, $RESULT


    // Write the 'retn 10, nop' at beginning of api

    mov [eax], #c2100090#


    // Let program run until first exception

    run


    // Just step into exception twice

    esti

    esti


    // Now step over it and let the program execute...

    esto


    // ... until it breaks at EP.

    cob


    // Place a nice comment there. Now we SHOULD be at EP.

    cmt eip, "[ POSSIBLY PROGRAM'S ENTRY POINT ]"




    -Then save it in notepad with the file extension .osc -


    "Noob'n It Since Windows ME"
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Just use jstorme's plugin, it seems to work fine. The script is just kind of weird workaround.

  7. #7
    plmmzhangshun
    Guest
    继续使用XP啊,我感觉XP挺好的!

    Continue to use XP
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. RBoT Packer Issues
    By vect0r in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: October 30th, 2009, 22:27
  2. WinMX Issues
    By Silver in forum Off Topic
    Replies: 11
    Last Post: April 18th, 2005, 01:41

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •