Table of content :
Reverse engineering requires a solid foundation in computer architecture. As someone who is new to reverse engineering, I suggest you study computer architecture in order to be able to correlate one process to another. Understanding how systems work at a low level is essential before diving into analyzing compiled binaries and malware. To help you build this foundation, let's start by understanding the key components that make up a computer system. Every program that runs on your computer involves interaction between two main parts:
CPU (Processor)
├── Registers (RAX, RBX, RIP, RFLAGS, etc.)
└── Control Logic (executes instructions)
RAM (Memory)
├── Stack (function calls, local variables)
├── Heap (dynamic allocation)
├── Code Segment (.text - instructions)
└── Data Segment (.data, .bss - global variables)
When you analyze a binary or debug malware, you're observing how these components work together. The CPU executes instructions from the Code Segment, uses Registers for fast operations, and constantly reads from and writes to RAM (the Stack, Heap, and Data Segment). By understanding this relationship, you'll be able to trace program execution and understand what's happening at every step.
Modern computers primarily use two architecture families:
These architectures define how the CPU processes instructions and manages data.
You can read more about x86/x64 CPU architecture here : https://yuriygeorgiev.com/2024/02/19/x86-64-cpu-architecture-the-stack/
Understanding where and how data is stored is critical. In x86/x64 architecture, we have four main components in memory:
Registers are small, ultra-fast storage locations built directly into the CPU itself. They are the fastest memory the CPU can access, but there are only a limited number of them (typically 16 in x64 architecture)