66167

OllyDbg incorrectly replaces lines with “jmp 71B00000” in Win7x64

Question:

I had spent a lot of time to find a solution for this problem. As you know OllyDbg is a popular debugger but has a problem on Win7 x64.

every file (with different compilers!) that I open with the olly it replace some first lines with:

jmp 71B00000

some advices like "comodo sandbox, compatibility" does't work and I don't want to use virtual machine.

Answer1:

I had the same exact issue and managed to fix it. If you do indeed have comodo firewall installed, you have to uninstall it, reboot, then reinstall it. Make sure you NEVER, EVER turn on sandboxing again. For some reason, even with sandbox off, after its been activated on win7 x64, it STILL messes around with your software.

Answer2:

According to the <a href="http://www.ollydbg.de/" rel="nofollow">OllyDbg homepage</a> and the <a href="http://www.ollydbg.de/version2.html" rel="nofollow">changelog of the current version</a>, OllyDbg does not support debugging 64-bit executables yet. It also seems that it has received no testing on Windows 64-bit, although it might still work for 32-bit executables.

It seems that for the time being you are out of luck...

Recommend

  • Antimatch with Regex
  • Skobbler : Set the language of advice instruction and the distance between the instructions
  • Why can't I tune tunable parameter “L” for block “Series RLC branch”?
  • 8086 assembly division
  • dot 2 pixels together
  • Neo4j: Inserting 7k nodes is slow (Spring Data Neo4j / SpringRestGraphDatabase)
  • Tab files into pandas dataframe according to columns with missing headers
  • In x86 assembly, is ESP decremented twice after a call and then push, before data is saved on the st
  • @media syntax / possible combinations
  • Get exact date by providing week number of month and day?
  • Destructuring assignment within import statements
  • How to do a pull request from my current state
  • Vue.js / webpack creates no build file?
  • Matlab imwrite() quality
  • x86: Count transitions from 1 to 0 in 32 bit number
  • is there anyway to pass back additional data in jqgrid treeGrid url request?
  • npm thinks node is out of date, but it isn't
  • Deploy same Javascript webapp build to different environments
  • javascript add operation returns bad result
  • Why is it ambiguous to call overloaded ambig(long) and ambig(unsigned long) with an integer literal?
  • Installing PAR::Packer on Windows, dmake error 255
  • WebApp in AppServices vs CloudService
  • Swipe Gesture Recognizer not working for me
  • Android application not restoring state when installed from .apk, works fine from eclipse
  • Specifying virtual keyboard type for EditText in XML
  • Python cosine function precision [duplicate]
  • HttpClient: disabling chunked encoding
  • Trying to get the char code of ENTER key
  • SAXReader not re-ecape characters
  • Graphics.CopyFromScreen [Web application] + The handle is invalid
  • ADO and msqli connections very slow
  • Checking free space on FTP server
  • R - Combining Columns to String Based on Logical Match
  • Read text file and split every line in MSBuild
  • javaw.exe and eclipse startup problems
  • Function pointer “assignment from incompatible pointer type” only when using vararg ellipsis
  • Return words with double consecutive letters
  • R: gsub and capture
  • AT Commands to Send SMS not working in Windows 8.1
  • how to add data labels for bar graph in matlab