OllyDBG and 64-bit Windows 7

Page 1 of 2 1 2
07/31/2010 19:58 FriedTaco#1
I seem to have a problem, when i find an address in IDA, it doesn't match up in Olly. I'm running a 64-bit version of Windows 7 right now, is there any way to fix this?

It shows up as like 1XXXXXXX in IDA and 7XXXXXXX in Olly, and I'm pretty sure the IDA address is correct.
07/31/2010 21:17 Halfslashed#2
/facepalm

Why, oh why are you a moderator on MM.

Just use Ctrl+G for the address you wanna go to and it will take you there, end of story.
07/31/2010 21:44 FriedTaco#3
Quote:
Originally Posted by Halfslashed View Post
/facepalm

Why, oh why are you a moderator on MM.

Just use Ctrl+G for the address you wanna go to and it will take you there, end of story.

I can't, the addresses don't match up. >_> It will complain that such an address does not exist. I thought I already stated this?

I'd go ask the same on MM, but Marck took away my senior board rights due to leakage. I'm assuming I'm a suspect, though I was aware of such leaks.

Edit: Here's a screenshot before you call me an idiot and tell me the exact same thing again.

07/31/2010 22:06 Halfslashed#4
Okay, so I'll eat my words. You didn't specify enough information in your problem therefore I assumed incorrectly.

Did you even try checking the other sites? [Only registered and activated users can see links. Click Here To Register...]
07/31/2010 22:15 FriedTaco#5
Quote:
Originally Posted by Halfslashed View Post
Okay, so I'll eat my words. You didn't specify enough information in your problem therefore I assumed incorrectly.

Did you even try checking the other sites? [Only registered and activated users can see links. Click Here To Register...]
Sorry about the vagueness of my original post >.< But yes, I have checked MabiZone as well. The problem still stands with the addresses not being the same after I tried every fix i could find.
07/31/2010 22:26 Halfslashed#6
The addresses don't have to be the same. It's because Olly loads all the files that your dll loads. Most likely, it starts out in ntdll, which has a different base address than the dll you tried to load.

Oh, and two things wrong with what you're trying to do.

1. You're modifying the wrong arrow revolver, the one you're modifying is Mari's arrow revolver. The correct function is core::CSkillArrowRevolver2::OnCanEnterPreparing().

2. What you're trying to do is server sided.
07/31/2010 22:37 FriedTaco#7
Quote:
Originally Posted by Halfslashed View Post
The addresses don't have to be the same. It's because Olly loads all the files that your dll loads. Most likely, it starts out in ntdll, which has a different base address than the dll you tried to load.

Oh, and two things wrong with what you're trying to do.

1. You're modifying the wrong arrow revolver, the one you're modifying is Mari's arrow revolver. The correct function is core::CSkillArrowRevolver2::OnCanEnterPreparing().

2. What you're trying to do is server sided.
Two things:

1. Then how do I find the address I was trying to jump to?

2. The screenshots I posted there were just random addresses to show my problem, they have no relevance to what I'm trying to do.
08/01/2010 03:09 Halfslashed#8
I offered all the support that I could, I don't run a 64-bit system and I posted the only fix i know.

Maybe someone else will help you.
08/01/2010 04:14 skititlez#9
64bit uses different addresses for future references. when loading on a 64bit, the dlls have change address sometimes, i wish i could help however i never fooled around with dll edits.
08/01/2010 04:30 Trismic#10
Try this if you are on x64?

[Only registered and activated users can see links. Click Here To Register...]
08/01/2010 06:17 fenrir2037#11
Do it the hard way: Find it in IDA, sync with the hex, copy the hex, search for it in Olly...

Painful, and probably another easier way.. But that's what I can suggest from what I know :P
08/01/2010 19:51 FriedTaco#12
Quote:
Originally Posted by Trismic View Post
Try this if you are on x64?

[Only registered and activated users can see links. Click Here To Register...]
Thanks to everyone who's offered help so far, but this didn't help either, the addresses are still read differently than with IDA even when i run the script.

Quote:
Originally Posted by fenrir2037 View Post
Do it the hard way: Find it in IDA, sync with the hex, copy the hex, search for it in Olly...

Painful, and probably another easier way.. But that's what I can suggest from what I know :P
Errrm, explain what you mean by sync with the hex?
08/02/2010 01:58 kakashisfriend#13
Since it seems like a pain in the butt to be on x64, maybe virtual machine with a x32? o.o
You can find both an OS and a VM for free easily
08/02/2010 02:09 FriedTaco#14
Quote:
Originally Posted by kakashisfriend View Post
Since it seems like a pain in the butt to be on x64, maybe virtual machine with a x32? o.o
You can find both an OS and a VM for free easily
Already tried that with Microsoft Virtual PC and a copy of 32-bit Windows XP that had laying around. No luck there.
08/02/2010 04:43 fenrir2037#15
Quote:
Originally Posted by FriedTaco View Post
Errrm, explain what you mean by sync with the hex?
As in: in IDA, there's IDA-View A, and Hex View A. Get the hex you want, and then search the hex in Olly...

I really don't want to add pictures... This doesn't seem hard....
Page 1 of 2 1 2