x64 Assembly Language and Reverse Engineering Practicals

March 27, 2024 Courses
x64 Assembly Language and Reverse Engineering Practicals

English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 105 lectures (12h 54m) | 9.99 GB

Understand x64 (64-bit) assembly code and apply knowledge to reversing x86 and x64 programs

If you’ve been using debuggers to reverse-engineer programs and wish you had a better understanding of Assembly Language, or if you’re just looking to learn Assembly Language in a fun and exciting way, then this course is for you. Embark on a journey to master the intricacies of x64 assembly language with this specialized course, designed for those aiming to elevate their reverse engineering skills. This is the second course in this series after the first one: Assembly Language Programming for Reverse Engineering. In that earlier course the focus was on x86 basics where we covered 32-bit assembly. In this course, we continue the journey by learning x64 (64-bit assembly). In the second half of this course, we will apply all the knowledge from the first course, as well as new insights from this course, to hands-on reverse-engineering exercises with executable binaries. Taking the first course is preferable but not mandatory. You could just jump straight into this x64 course and learn the differences with x86 as you go along.

While traditional assembly language courses focus on writing code from scratch using assemblers like NASM or FASM, they often leave a knowledge gap when it comes to applying that expertise to real-world reverse engineering. This course is tailored to fill this gap, providing you with the knowledge to modify and extend the functionality of existing 32-bit and 64-bit applications.

Utilizing the powerful x64dbg debugger, we’ll bypass the traditional assemblers to teach you assembly language in the context it’s most used in the field: directly within the debugging environment. This is also known as the hacker’s perspective to assembly language. This hands-on approach ensures that you learn by doing, which is critical for effectively reverse engineering and manipulating software.

This black art is not widely taught and there are no existing courses elsewhere that put together coherently all the knowledge of assembly and reverse engineering in one place. More often than not, courses on Assembly and Reverse Engineering are offered separately. Many courses on Reverse Engineering don’t cover the background assembly language from a software hacker’s perspective. Moreover, almost all Assembly Language courses focus on writing programs from scratch rather than modifying existing programs to add new functionality with your own code using a debugger like x64dbg.

In this course, you will learn to:

  • Navigate and utilize the x64dbg debugger
  • Analyze and alter x64 executable files to inject custom code.
  • Harness data, executable and memory segments to expand program capabilities.
  • Develop new functions within existing applications for added functionality.
  • Understand the x64 Microsoft Calling conventions and Stack Frames.
  • Directly manipulate memory data segment
  • Bypass string encryption
  • Deep tracing to retrieve data and passwords
  • Use Python to patch process memory
  • Modify packed programs without unpacking
  • and more . . .

Features of this course:

This course is oriented towards practical applications

No lengthy, dull theoretical lectures

First half of this course: Learn x64 Assembly Language through the x64dbg debugger

Second half of this course: Practice reversing, tracing, extracting data, memory hacking, and modifying executable binaries

Learning Objectives:

By the end of this course, you will have a thorough understanding of x64 assembly language from a reverse engineer’s perspective, a skill set that is rare and highly sought after in fields like cybersecurity, malware analysis, and software development.

Whether you’re a security researcher, a malware analyst, a student of software security, or a programmer looking to deepen your understanding of software internals, this course is your stepping stone to becoming proficient in the ‘black art’ of assembly language and reverse engineering.

Enroll now to gain this competitive edge and take your skills to the next level. Let’s unravel the complexities of x64 together. I look forward to guiding you through every step of this exciting journey! See you inside!

What you’ll learn

  • x64 (64-bit) Assembly Language
  • Reverse Engineering
  • x64dbg debugging
  • Modifying programs
  • Injecting code into 64-bit exe files
  • Hollowing out 64-bit exe files
  • 64-bit registers
  • 64-bit memory read and write access
  • x64 calling conventions
  • Creating x64 functions
  • Password phishing without strings
  • Creating keygens
  • Reversing program code logic
  • Trace highlighting and animation
  • Stack manipulation
  • Comment tracing debug technique
  • Hooking WinAPI debug technique
  • File Patching
  • Enabling disabled buttons
  • Removing Nag Screens
  • Deep Tracing to Phish out passwords
  • Loop tracing techniques
  • Defeating Anti-Debugger protection
  • Reversing binary without strings
  • Using Python to write Loaders and Memory Patcher
  • Reversing Software Protected Binary without unpacking
  • and more . . .
Table of Contents

Introduction
1 Introduction
2 Installing Virtual Machine and x64dbg

Intro to x64 architecture
3 Why use a Debugger for learning Assembly Language
4 x64 instructions

Your First Program
5 Write your first instruction

Accessing Memory
6 Storing number constants in memory
7 Storing string constants in memory
8 Creating variables

Add Instructions
9 How to zero out a register using XOR
10 ADD instructions

Partial MOV instructions
11 Creating a new template
12 Partial MOV instructions

PUSH and POP instructions
13 Basics of PUSH and POP
14 Exercise on PUSH and POP

MOV Instructions
15 Intro to MOV Instructions
16 Practical on MOV Instructions

XCHG Instructions
17 XCHG Instruction
18 XCHG Memory

INC, DEC, NEG, ADD and SUB
19 INC and DEC
20 NEG
21 ADD and SUB

Register Flags
22 Intro to the Register Flags
23 CF Flag
24 OF Flag
25 SF Flag
26 ZF Flag

Bitwise Logical Operations
27 Introduction to Bitwise Logical Operations
28 AND Operations
29 OR Operations
30 XOR Operations
31 Flags Register
32 NOT Operation

Jump Instructions
33 Introduction to Jumps
34 JMP Instructions
35 TEST Instructions
36 CMP Instructions
37 Conditional Jumps
38 Signed Conditional Jumps
39 Implementing If Statements
40 Implementing If-Else Statements
41 Multiple IF tests
42 WHILE Loops
43 DO-WHILE Loops

Memory Arrays
44 Introduction to arrays in x64dbg
45 Looping through an array
46 LEA Instructions

MUL and DIV instructions
47 MUL instructions
48 DIV Instructions
49 IMUL Instructions

Creating Functions
50 The Stack
51 Creating Stackframes, CALL and RET instructions
52 Calling Conventions
53 Simple Function Call with 4 args and no local variables
54 Function Call with 4 args and 4 local variables
55 Function Call with 5 args
56 Function Call with 6 args
57 Function Call with 7 args

Practicals on Reverse Engineering
58 Introduction to the Practicals
59 How to check exe type

Phishing for Passwords
60 Phishing for Passwords

How to reverse a jump and patch the file
61 How to reverse a jump and patch the file

The Comment Tracing method
62 The Comment Tracing method

Patch exe to change password
63 How to directly access memory to modify password and patch the exe file

GUI Crackme Techniques
64 Enabling a disabled greyed out button
65 How to remove a Nag Message Box
66 Patching to accept any serial key and also to modify the message box

Deep Tracing Username and Password
67 Tracing username
68 Tracing password

Tracing EAX values and Stepping into Calls
69 Tracing EAX values
70 Patching to show the Right Message

Get the password
71 Tracing EAX values to get password
72 Patching to show Congrats message

Loop Tracing Long Passwords
73 Loop Tracing Part 1
74 Loop Tracing Part 2
75 Loop Tracing Part 3
76 Identifying multiple patching options to always show the good message

Loop Tracing GUI Crackme
77 Loop Tracing Registration Number – Part 1
78 Loop Tracing Registration Number – Part 2
79 Proper way to patch MessageBox

Comment Tracking Techniques
80 Comment Tracking Technique – Part 1
81 Comment Tracking Technique – Part 2
82 Patching To Show the Good Message

How to Create Keygens
83 Creating a Self-Keygen
84 Modifying MessageBox Caption using CodeCaves

How to Create Keygens even though no Error MessageBox is shown
85 Phishing for the Serial
86 Improvise an alternative MessageBox to show serial key

Fast Tracing by Toggling ZF flag
87 Fast Tracing by Toggling the ZF flag
88 Patching Multiple Jumps with Block NOPs

Removing Recurrent Nags and Defeating Anti-Debugger Protection
89 Installing Process Hacker
90 Behaviour Analysis
91 Defeating Anti-Debugger and Killing the 1st Nag
92 Killing the 2nd Nag and Avoiding Patching Relocation Memory
93 Killing 3rd Nag and Using Intermodular Exit API to Quit

Self-Keygen Using Data Segment with printf Function
94 Tracing the algorithm for key generation
95 Inject own printf function from within an exe to print out serial key

Tracing length of secret code and analyzing x64 Fastcall Parameters
96 Behaviour Analysis
97 Tracing length of secret code
98 Analyzing x64 Fastcall Parameters

Bypassing Encryption
99 Behaviour Analysis
100 Bypassing encryption by analyzing CMP instructions
101 Bypassing encryption by patching

Bypass UPX protection
102 Debug a UPX packed binary
103 Phish for password without using string search
104 Patch memory with Python

Resources For Further Study
105 Where to go for more courses on Reverse Engineering

Homepage

Resolve the captcha to access the links!