In order to remotely debug a 64 bit process running on Windows64, we start the remote debugging server on the target machine.

We start IDAG64 (the 32-bit hosted version of IDA that is fully 64 bit capable) and use the “attach to remote win64” command .

IDA displays a list of the processes running on the 64 bit machines, we choose, click…

and, here we are, welcome to the fancy world of 64 bit debugging! Yes, the registers are a bit wide… but we are looking into a fancy compression scheme that… <to be continued>