Reverse Engineering Stack Exchange
Reverse Engineering Stack Exchange

Questions tagged [x86-64]

172 questions
22
votes
3 answers

What are the qualitative differences in reverse engineering x64/Win64 code versus x32/Win32 code?

Many professional reverse engineers spend their days looking at 32-bit code compiled for Windows, and familiarity breeds proficiency. What are the high-level differences between reverse engineering 64-bit Windows programs versus 32-bit ones? I am…
Rolf Rolles
  • 9,198
  • 1
  • 23
  • 33
4
votes
2 answers

Purpose of NOP immediately after CALL instruction

There are a lot of ... code ... call sub_... nop ... code ... patterns in an executable dump I am working on. They appear in the middle of subroutines and I believe don't serve alignment purposes. I am curious about the origins of this…
uranix
  • 143
  • 5
3
votes
1 answer

How to break on a window creation

in x32/x64 debugger, how can I break when a new window is opened? When inside my application, I click the "File" button in the menu bar then select "options" I want to break on that call to open the window. (The window has multiple tabs, with…
Raz Razman
  • 361
  • 1
  • 3
  • 8
1
vote
2 answers

x64 processor module

I just downloaded Ghidra last evening on a Fedora Linux machine with 4 Intel Core i5-7200U CPUs. When querying the "installed processor modules" in "Help" I get a listing of 41 processors. x86 is on the list, but x64 is not. How do I fix that, and…
tavmem
  • 21
  • 3
1
vote
1 answer

Why do I get e8 00 00 00 00 for all libc function calls?

I just started learning reverse engineering. The near call instruction (e8) is very confusing to me. It took me a while to figure out how address calculation works for local functions. Now I'm looking at the output of // gcc -c test.c void test()…
Alex
  • 111
  • 3