What i am doing wrong to disassembled code

I am trying the code sample provided at Naveen's blog at http://naveensrinivasan.com/2010/06/11/piracy-in-net-code-%e2%80%93-part-3-%e2%80%93-even-when-the-code-is-obfuscated/.

When he runs the !u ($ip) command, he is getting a nice disassembly but when I try to run same thing, I seem to hit some unmanaged code that could not be disassembled.

0:000> !u ($ip)   
Unmanaged code  
77555e74开发者_Go百科 c3              ret  
77555e75 8da42400000000  lea     esp,[esp]  
77555e7c 8d642400        lea     esp,[esp]  
77555e80 8d542408        lea     edx,[esp+8]  
77555e84 cd2e            int     2Eh  
77555e86 c3              ret  
77555e87 90              nop  
77555e88 55              push    ebp  
77555e89 8bec            mov     ebp,esp  
77555e8b 8da42430fdffff  lea     esp,[esp-2D0h]  

Any idea what i may be doing wrong?

Your listing is completely valid disassembly of native code. The "int 2Eh" parts tell me that it is code that performs system calls:

http://www.codemachine.com/article_syscall.html

This means that the code is most likely in ntdll.dll, which is the system library whose job this is. The instruction pointer points to "ret". I am guessing the previous instruction was a "sysenter", and what actually happened is that the application just exited (it did this by making a system call). As the application exits, your debugger gets control like it would when a breakpoint hits.

Please take a closer look to see why your breakpoint is not hitting before the application exits.

Try: .lines l+s

in the command window. Also ensure that your symbols are loaded. You can use the lm command to show loaded modules.