Reverse Engineering → All Reverse Engineering articles
Two pieces remain: the other major platform, and the workflow that finds bugs. We cover how Windows exploitation differs — PE, the…
Kernel mode code runs at ring 0 — the CPU's highest privilege level. Understanding the ring 0/ring 3 boundary, how SYSCALL transfe…
Modern compiled code uses XMM and YMM registers for both floating-point and parallel integer operations (SIMD). Recognising SSE/AV…
Malware and protected software routinely pack or obfuscate their code. The binary on disk is not what runs in memory. Understandin…
Return-Oriented Programming (ROP) chains together small existing code sequences ("gadgets") — each ending in RET — to execute arbi…
Everything in a CPU is bits. Understanding how bits encode integers, negative numbers, floats, and memory addresses — and how hex …
Reverse engineering is reading compiled machine code. To do it well, you need a mental model of what the CPU is actually doing: ho…
x86 assembly is the language your disassembler speaks. Every binary you reverse has already been compiled to x86 machine code — yo…
Reverse engineering extracts understanding from compiled code with no source required. Ghidra (NSA's free decompiler), IDA Pro (in…
VM escape is the most impactful privilege escalation: code inside a guest VM achieves execution on the hypervisor host, potentiall…