EPISODE · May 17, 2026 · 20 MIN
Course 33 - Static Analysis for Reverse Engineering | Episode 5: Register Fundamentals, Graphical Analysis, and the Easy Peasy Solution
from CyberCode Academy · host CyberCode Academy
In this lesson, you’ll learn about: cracking 64-bit software and understanding architectural differences1. Transition from 32-bit to 64-bit🔹 Register Naming Changes32-bit:EAX, EBX, ECX64-bit:RAX, RBX, RCX🔹 New RegistersAdditional registers introduced:R8 → R15👉 These give you:More space for data handlingMore efficient execution2. Key Difference: Parameter Passing🔹 32-bit SystemsArguments passed via:Stack🔹 64-bit SystemsArguments passed via:Registers (faster & cleaner)🔹 Common Calling Convention (Important)First parameters usually go into:RCXRDXR8R9👉 This changes how you:Trace function callsIdentify input comparisons3. Identifying a 64-bit BinaryUse tools like:Detect It EasyLook for:PE64 format4. Practical Analysis WorkflowUsing:x64dbg🔹 Step 1: Find Key StringsSearch for:“Wrong password”“Access denied”👉 Leads you to:Validation functions🔹 Step 2: Use Graph View (CFG)**Press:GThis shows:Decision branchesLogic flow🔹 Step 3: Locate Decision PointsIdentify:Comparisons (CMP)Conditional jumps (JE, JNE, etc.)🔹 Step 4: Trace Credentials**Follow:Register values (NOT stack like before)👉 Look inside:RCX / RDX / R8 / R95. “Fishing” for CredentialsTrack how input is compared against:Hardcoded valuesStored strings👉 Often you’ll find:Correct username/password directly in registers6. Essential x64dbg Graph Shortcuts🔹 Navigation & SimulationEnterFollow a branch- (Minus)Go back🔹 SynchronizationS keyReturn to origin of graph🔹 Trace RecordingHighlights:Actual execution path👉 Helps you see:What REALLY happens during runtimeKey Takeaways64-bit = new registers + new workflowParameters are passed via registers, not stackCFG makes logic easier to understandCredential checks are still:Comparisons + jumpsCore cracking logic remains the sameBig InsightEven though architecture evolved:👉 The mindset didn’t changeYou’re still:Finding comparisonsTracking inputsUnderstanding branchesMental Model Upgrade32-bit thinking:“Check the stack”64-bit thinking:“Check the registers first”You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy
What this episode covers
In this lesson, you’ll learn about: cracking 64-bit software and understanding architectural differences1. Transition from 32-bit to 64-bit🔹 Register Naming Changes32-bit:EAX, EBX, ECX64-bit:RAX, RBX, RCX🔹 New RegistersAdditional registers introduced:R8 → R15👉 These give you:More space for data handlingMore efficient execution2. Key Difference: Parameter Passing🔹 32-bit SystemsArguments passed via:Stack🔹 64-bit SystemsArguments passed via:Registers (faster & cleaner)🔹 Common Calling Convention (Important)First parameters usually go into:RCXRDXR8R9👉 This changes how you:Trace function callsIdentify input comparisons3. Identifying a 64-bit BinaryUse tools like:Detect It EasyLook for:PE64 format4. Practical Analysis WorkflowUsing:x64dbg🔹 Step 1: Find Key StringsSearch for:“Wrong password”“Access denied”👉 Leads you to:Validation functions🔹 Step 2: Use Graph View (CFG)**Press:GThis shows:Decision branchesLogic flow🔹 Step 3: Locate Decision PointsIdentify:Comparisons (CMP)Conditional jumps (JE, JNE, etc.)🔹 Step 4: Trace Credentials**Follow:Register values (NOT stack like before)👉 Look inside:RCX / RDX / R8 / R95. “Fishing” for CredentialsTrack how input is compared against:Hardcoded valuesStored strings👉 Often you’ll find:Correct username/password directly in registers6. Essential x64dbg Graph Shortcuts🔹 Navigation & SimulationEnterFollow a branch- (Minus)Go back🔹 SynchronizationS keyReturn to origin of graph🔹 Trace RecordingHighlights:Actual execution path👉 Helps you see:What REALLY happens during runtimeKey Takeaways64-bit = new registers + new workflowParameters are passed via registers, not stackCFG makes logic easier to understandCredential checks are still:Comparisons + jumpsCore cracking logic remains the sameBig InsightEven though architecture evolved:👉 The mindset didn’t changeYou’re still:Finding comparisonsTracking inputsUnderstanding branchesMental Model Upgrade32-bit thinking:“Check the stack”64-bit thinking:“Check the registers first”You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy
NOW PLAYING
Course 33 - Static Analysis for Reverse Engineering | Episode 5: Register Fundamentals, Graphical Analysis, and the Easy Peasy Solution
No transcript for this episode yet
Similar Episodes
Dec 23, 2025 ·11m
Dec 17, 2025 ·10m