X64 Disassemblers IDA and WINDBG. IDA doesnt show x64 opcodes

Question

So i just started learning WINDBG, upgrading from ollydbg to 64bit. and while studying something weird happed: on WINDBG i see all the RXX Registers and opcodes while on IDA i still see the EXX opcodes while debugging the same EXE (notepad.exe for instance) Does anyone have any idea why is that? Example:

WINDBG:

0:000> u notepad!_security_init_cookie L5

notepad!_security_init_cookie:    
00000000`ffaf3380 48895c2418      mov qword ptr [rsp+18h],rbx    
00000000`ffaf3385 57              push rdi    
00000000`ffaf3386 4883ec20        sub rsp,20h    
00000000`ffaf338a 488b05e7cc0000  mov rax,qword ptr [notepad!_security_cookie (00000000ffb00078)]    
00000000`ffaf3391 488364243000    and qword ptr [rsp+30h],0

IDA:

___security_init_cookie proc near ; CODE XREF: _WinMainCRTStartupp    
.text:01003053 8B FF            mov edi, edi    
.text:01003055 55               push ebp    
.text:01003056 8B EC            mov ebp, esp    
.text:01003058 83 EC 10         sub esp, 10h    
.text:0100305B A1 10 C0 00 01   mov eax, ___security_cookie

or a picture: on the left is WINDBG on right right its IDA

Answer 1

There are two versions of IDA included in your installation. please confirm that you are using the 64-bit version of IDA (e.g., idaq64.exe).

If the PE file being disassembled is 64-bit, and the IDA version being used is the one designed for 64-bit disassembly, then you will indeed see the correct registers. If not, then most likely one of these conditions is not true.

Answer 2

You have disassembled the 32-bit Notepad in IDA.

Did you open notepad.exe from system32? In that case IDA got the 32-bit version (since it's a 32-bit executable and so is subject to WoW64 filesystem redirection).

The easiest way to "fix" this is to copy the file out of the system32 directory somewhere else and open it from there.