I would like to know if anybody got OllyDbg working in 64-bit windows. I mean to debug 32-bit application of course, but on a 64-bit platform. I was trying without much success, it attach alright, but terminated right after I start single-stepping. Even I applied the OllyAdvanced 1.26 beta 12 patch with x64 compability mode, same result. The weird thing is if I was single stepping during a DLL initialization before going into OEP, everything was fine, but after that, not a chance. I suspect it has to do with threading when the debuggee got attached. Is there a workaround? Thanks.

There is a workaround here:
http://reverseengineering.blog.com/1841448/

It works for me.

TiGa

Thanks for the info. I will see if that fix the problem. Looks like there's something to do with ZwSetInformationThread in x64 windows. Why olldbg use that API anyway? Maybe patching olldbg to make it nice with the internal API will be better than to bypass it.

Prior to finding this, I was running Olly in a VM with XP.

TiGa

64-bit Windows is full of fail.

Why not use 32-bit?

Honestly, I ask myself this every day. It started as an experiment but lasted far too long already.

I wanted to test Vista so why not test x64 at the same time?

I don't really have problems from the x64 part, only some small annoyances.
Anything that uses ring-0 requires the 64-bit version.
I never tried XP 64 before.

I tried Vista 32 but it seemed sluggish compared to the other. The new graphical thingies seem to run better on the 64-bit version, so I switched back.

What kind of fails should I be wary of?

TiGa

The future is full of uncertainty . . . (Duh!)

The only sure thing is that we cannot avoid it. . .
Perhaps we can influence it?