x86/x64 Assembly Essentials for Reversers
Read MOV, CMP, JNE, CALL, RET and follow data flow through registers and the stack.
Why Assembly for Reversers?
Ghidra's decompiler is helpful but imperfect — it misses some constructs, misinfers types, and can't decompile obfuscated code. Reading assembly directly provides ground truth. A reverser needs to read assembly, not write it.
Registers
x86-64 key registers:
- RAX — accumulator, return values
- RBX, RCX, RDX — general purpose
- RSI, RDI — source/destination index, first/second function args
- RSP — stack pointer
- RBP — base pointer (stack frame)
- RIP — instruction pointer
All lessons in this course
- Ghidra: Navigating and Annotating Binaries
- x86/x64 Assembly Essentials for Reversers
- Dynamic Analysis with GDB and pwndbg
- Deobfuscation and Anti-Analysis Tricks