Analysis of a 64-bit Windows PE executable, tracing back step by step from the entry point to understand how the program processes user input, using assembly language, the internal workings of PE sections, and deliberately discreet validation logic, revealing a simple but clever mechanism typical of small reverse engineering challenges. Windows PE Reverse Engineering – Crackme #1 Infos: Executable name: crack_me.exe Format: PE32+ Architecture: x86-64 Windows Sections: 3 sections Executable: Console Techniques/Concepts used RIP-relative addressing to access data without an absolute address Data stored directly in the .text section (inline data) Mapping table indexed via a bitwise mask (AND 0x7) Verification loop combining user input and an internal table I use PE-bear, which analyzes files in PE (Portable Executable) format. ...

Step‑by‑step analysis of a 64‑bit Windows PE executable, focusing on entry point analysis, runtime initialization, stack frame inspection, and conditional branching to understand how user input is validated in a basic crackme challenge. Windows PE Reverse Engineering – Crackme #2 Infos: Executable name: 3outof6.exe Format: PE32+ Architecture: x86-64 Windows Sections: 19 sections Executable: Console Techniques/Concepts used RIP-relative addressing to access data without an absolute address DLL imports & IAT (Import Address Table) Environment dependency awareness CRT / Runtime initialization analysis CRT (C RunTime) all code automatically added by the compiler. RIP = address of the next instruction, used for relative addressing in x86‑64. ...

In progress