2. Why reverse engineer?
• Security researchers use it to
• Understand and defend against malware
• Find vulnerabilities as part of pen testing
• Malware authors use it to
• Find bypasses in security software
• Find vulnerabilities to abuse
• IP theft
3. x64 General purpose register set
Accumulator
Base
Counter
Data
Stack Base pointer
Source Index
Destination Index
Stack Pointer
Auxiliary
4. x64 Calling convention
• First 4 arguments in registers, rest on the stack
void func(arg1, arg2, arg3, arg4, arg5, …)
RCX RDX R8 R9
Stack
6. IDA
• Popular RE tool for binaries
• Supports many different binary formats and CPU architectures
• Quite user friendly
• Expensive license!
• Alternatives
• Binary Ninja
• Ghidra