Episode Details
Back to Episodes
Course 33 - Static Analysis for Reverse Engineering | Episode 5: Register Fundamentals, Graphical Analysis, and the Easy Peasy Solution
Published 1 week, 3 days ago
Description
In this lesson, you’ll learn about: cracking 64-bit software and understanding architectural differences1. Transition from 32-bit to 64-bit🔹 Register Naming Changes
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- 32-bit:
- EAX, EBX, ECX
- 64-bit:
- RAX, RBX, RCX
- Additional registers introduced:
- R8 → R15
- More space for data handling
- More efficient execution
- Arguments passed via:
- Stack
- Arguments passed via:
- Registers (faster & cleaner)
- First parameters usually go into:
- RCX
- RDX
- R8
- R9
- Trace function calls
- Identify input comparisons
- Use tools like:
- Detect It Easy
- Look for:
- PE64 format
- x64dbg
- Search for:
- “Wrong password”
- “Access denied”
- Validation functions
- Press:
- G
- This shows:
- Decision branches
- Logic flow
- Identify:
- Comparisons (CMP)
- Conditional jumps (JE, JNE, etc.)
- Follow:
- Register values (NOT stack like before)
- RCX / RDX / R8 / R9
- Track how input is compared against:
- Hardcoded values
- Stored strings
- Correct username/password directly in registers
- Enter
- Follow a branch
- - (Minus)
- Go back
- S key
- Return to origin of graph
- Highlights:
- Actual execution path
- What REALLY happens during runtime
- 64-bit = new registers + new workflow
- Parameters are passed via registers, not stack
- CFG makes logic easier to understand
- Credential checks are still:
- Comparisons + jumps
- Core cracking logic remains the same
- Finding comparisons
- Tracking inputs
- Understanding branches
- 32-bit thinking:
- “Check the stack”
- 64-bit thinking:
- “Check the registers first”
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy