X64 Assembly Language And Reverse Engineering Practicals

Understand x64 (64-bit) assembly code and apply knowledge to reversing x86 and x64 programs

What you'll learn

x64 (64-bit) Assembly Language

Reverse Engineering

x64dbg debugging

Modifying programs

Injecting code into 64-bit exe files

Hollowing out 64-bit exe files

64-bit registers

64-bit memory read and write access

x64 calling conventions

Creating x64 functions

Password phishing without strings

Creating keygens

Reversing program code logic

Trace highlighting and animation

Stack manipulation

Comment tracing debug technique

Hooking WinAPI debug technique

File Patching

Enabling disabled buttons

Removing Nag Screens

Deep Tracing to Phish out passwords

Loop tracing techniques

Defeating Anti-Debugger protection

Reversing binary without strings

Using Python to write Loaders and Memory Patcher

Reversing Software Protected Binary without unpacking

and more . . .

Requirements

Completed the first course in this series: Assembly Language Programming for Reverse Engineering

Windows OS running Intel x86_86 architecture

Oracle VirtualBox Running Windows 10 or 11 virtual machine

Description

If you've been using debuggers to reverse-engineer programs and wish you had a better understanding of Assembly Language, or if you're just looking to learn Assembly Language in a fun and exciting way, then this course is for you. Embark on a journey to master the intricacies of x64 assembly language with this specialized course, designed for those aiming to elevate their reverse engineering skills. This is the second course in this series after the first one: Assembly Language Programming for Reverse Engineering. In that earlier course the focus was on x86 basics where we covered 32-bit assembly. In this course, we continue the journey by learning x64 (64-bit assembly).  In the second half of this course, we will apply all the knowledge from the first course, as well as new insights from this course, to hands-on reverse-engineering exercises with executable binaries. Taking the first course is preferable but not mandatory. You could just jump straight into this x64 course and learn the differences with x86 as you go along.While traditional assembly language courses focus on writing code from scratch using assemblers like NASM or FASM, they often leave a knowledge gap when it comes to applying that expertise to real-world reverse engineering. This course is tailored to fill this gap, providing you with the knowledge to modify and extend the functionality of existing  32-bit and 64-bit applications.Utilizing the powerful x64dbg debugger, we'll bypass the traditional assemblers to teach you assembly language in the context it's most used in the field: directly within the debugging environment. This is also known as the hacker's perspective to assembly language. This hands-on approach ensures that you learn by doing, which is critical for effectively reverse engineering and manipulating software.This black art is not widely taught and there are no existing courses elsewhere that put together coherently all the knowledge of assembly and reverse engineering in one place. More often than not, courses on Assembly and Reverse Engineering are offered separately. Many courses on Reverse Engineering don't cover the background assembly language from a software hacker's perspective. Moreover, almost all Assembly Language courses focus on writing programs from scratch rather than modifying existing programs to add new functionality with your own code using a debugger like x64dbg.In this course, you will learn to:- Navigate and utilize the x64dbg debugger- Analyze and alter x64 executable files to inject custom code.- Harness data, executable and memory segments to expand program capabilities.- Develop new functions within existing applications for added functionality.- Understand the x64 Microsoft Calling conventions and Stack Frames.- Directly manipulate memory data segment- Bypass string encryption - Deep tracing to retrieve data and passwords- Use Python to patch process memory- Modify packed programs without unpackingand more . . .Features of this course:This course is oriented towards practical applicationsNo lengthy, dull theoretical lecturesFirst half of this course: Learn x64 Assembly Language through the x64dbg debuggerSecond half of this course: Practice reversing, tracing, extracting data, memory hacking, and modifying executable binariesLearning Objectives:By the end of this course, you will have a thorough understanding of x64 assembly language from a reverse engineer's perspective, a skill set that is rare and highly sought after in fields like cybersecurity, malware analysis, and software development.Whether you're a security researcher, a malware analyst, a student of software security, or a programmer looking to deepen your understanding of software internals, this course is your stepping stone to becoming proficient in the 'black art' of assembly language and reverse engineering.Enroll now to gain this competitive edge and take your skills to the next level. Let's unravel the complexities of x64 together. I look forward to guiding you through every step of this exciting journey! See you inside!

Overview

Section 1: Introduction

Lecture 1 Introduction

Lecture 2 Installing Virtual Machine and x64dbg

Section 2: Intro to x64 architecture

Lecture 3 Why use a Debugger for learning Assembly Language

Lecture 4 x64 instructions

Section 3: Your First Program

Lecture 5 Write your first instruction

Section 4: Accessing Memory

Lecture 6 Storing number constants in memory

Lecture 7 Storing string constants in memory

Lecture 8 Creating variables

Section 5: Add Instructions

Lecture 9 How to zero out a register using XOR

Lecture 10 ADD instructions

Section 6: Partial MOV instructions

Lecture 11 Creating a new template

Lecture 12 Partial MOV instructions

Section 7: PUSH and POP instructions

Lecture 13 Basics of PUSH and POP

Lecture 14 Exercise on PUSH and POP

Section 8: MOV Instructions

Lecture 15 Intro to MOV Instructions

Lecture 16 Practical on MOV Instructions

Section 9: XCHG Instructions

Lecture 17 XCHG Instruction

Lecture 18 XCHG Memory

Section 10: INC, DEC, NEG, ADD and SUB

Lecture 19 INC and DEC

Lecture 20 NEG

Lecture 21 ADD and SUB

Section 11: Register Flags

Lecture 22 Intro to the Register Flags

Lecture 23 CF Flag

Lecture 24 OF Flag

Lecture 25 SF Flag

Lecture 26 ZF Flag

Section 12: Bitwise Logical Operations

Lecture 27 Introduction to Bitwise Logical Operations

Lecture 28 AND Operations

Lecture 29 OR Operations

Lecture 30 XOR Operations

Lecture 31 Flags Register

Lecture 32 NOT Operation

Section 13: Jump Instructions

Lecture 33 Introduction to Jumps

Lecture 34 JMP Instructions

Lecture 35 TEST Instructions

Lecture 36 CMP Instructions

Lecture 37 Conditional Jumps

Lecture 38 Signed Conditional Jumps

Lecture 39 Implementing If Statements

Lecture 40 Implementing If-Else Statements

Lecture 41 Multiple IF tests

Lecture 42 WHILE Loops

Lecture 43 DO-WHILE Loops

Section 14: Memory Arrays

Lecture 44 Introduction to arrays in x64dbg

Lecture 45 Looping through an array

Lecture 46 LEA Instructions

Section 15: MUL and DIV instructions

Lecture 47 MUL instructions

Lecture 48 DIV Instructions

Lecture 49 IMUL Instructions

Section 16: Creating Functions

Lecture 50 The Stack

Lecture 51 Creating Stackframes, CALL and RET instructions

Lecture 52 Calling Conventions

Lecture 53 Simple Function Call with 4 args and no local variables

Lecture 54 Function Call with 4 args and 4 local variables

Lecture 55 Function Call with 5 args

Lecture 56 Function Call with 6 args

Lecture 57 Function Call with 7 args

Section 17: Practicals on Reverse Engineering

Lecture 58 Introduction to the Practicals

Lecture 59 How to check exe type

Section 18: Phishing for Passwords

Lecture 60 Phishing for Passwords

Section 19: How to reverse a jump and patch the file

Lecture 61 How to reverse a jump and patch the file

Section 20: The Comment Tracing method

Lecture 62 The Comment Tracing method

Section 21: Patch exe to change password

Lecture 63 How to directly access memory to modify password and patch the exe file

Section 22: GUI Crackme Techniques

Lecture 64 Enabling a disabled greyed out button

Lecture 65 How to remove a Nag Message Box

Lecture 66 Patching to accept any serial key and also to modify the message box

Section 23: Deep Tracing Username and Password

Lecture 67 Tracing username

Lecture 68 Tracing password

Section 24: Tracing EAX values and Stepping into Calls

Lecture 69 Tracing EAX values

Lecture 70 Patching to show the Right Message

Section 25: Get the password

Lecture 71 Tracing EAX values to get password

Lecture 72 Patching to show Congrats message

Section 26: Loop Tracing Long Passwords

Lecture 73 Loop Tracing Part 1

Lecture 74 Loop Tracing Part 2

Lecture 75 Loop Tracing Part 3

Lecture 76 Identifying multiple patching options to always show the good message

Section 27: Loop Tracing GUI Crackme

Lecture 77 Loop Tracing Registration Number - Part 1

Lecture 78 Loop Tracing Registration Number - Part 2

Lecture 79 Proper way to patch MessageBox

Section 28: Comment Tracking Techniques

Lecture 80 Comment Tracking Technique - Part 1

Lecture 81 Comment Tracking Technique - Part 2

Lecture 82 Patching To Show the Good Message

Section 29: How to Create Keygens

Lecture 83 Creating a Self-Keygen

Lecture 84 Modifying MessageBox Caption using CodeCaves

Section 30: How to Create Keygens even though no Error MessageBox is shown

Lecture 85 Phishing for the Serial

Lecture 86 Improvise an alternative MessageBox to show serial key

Section 31: Fast Tracing by Toggling ZF flag

Lecture 87 Fast Tracing by Toggling the ZF flag

Lecture 88 Patching Multiple Jumps with Block NOPs

Section 32: Removing Recurrent Nags and Defeating Anti-Debugger Protection

Lecture 89 Installing Process Hacker

Lecture 90 Behaviour Analysis

Lecture 91 Defeating Anti-Debugger and Killing the 1st Nag

Lecture 92 Killing the 2nd Nag and Avoiding Patching Relocation Memory

Lecture 93 Killing 3rd Nag and Using Intermodular Exit API to Quit

Section 33: Self-Keygen Using Data Segment with printf Function

Lecture 94 Tracing the algorithm for key generation

Lecture 95 Inject own printf function from within an exe to print out serial key

Section 34: Tracing length of secret code and analyzing x64 Fastcall Parameters

Lecture 96 Behaviour Analysis

Lecture 97 Tracing length of secret code

Lecture 98 Analyzing x64 Fastcall Parameters

Section 35: Bypassing Encryption

Lecture 99 Behaviour Analysis

Lecture 100 Bypassing encryption by analyzing CMP instructions

Lecture 101 Bypassing encryption by patching

Section 36: Bypass UPX protection

Lecture 102 Debug a UPX packed binary

Lecture 103 Phish for password without using string search

Lecture 104 Patch memory with Python

Students who have completed my first course in this series: Assembly Language Programming for Reverse Engineering,Anyone who already know x86 Assembly (32-bit) and want to learn x64 (64-bit) Assembly from a hacker's perspective,Security researchers