This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 3.8 of Reversing Malicious Code
x64 vs x86 differences for reverse engineers — sixteen registers, Microsoft x64 ABI calling convention, shadow space, RIP-relative addressing, reading API arguments in x64dbg, and the Heaven Gate technique.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
Microsoft x64 ABI Calling Convention — Official Docs
Official Microsoft documentation for the x64 ABI including register usage, shadow space, and stack alignment requirements.
Compiler Explorer — x64 Output
Select x86-64 gcc or MSVC compiler. Write a function with 5+ arguments and observe the x64 calling convention — register args vs stack args.
REMA eBook 2026 — Chapter 3, x64 Analysis
Full x64 register layout diagrams and calling convention tables in the REMA eBook Chapter 3.
Quadrant 4 · Self-Assessment
Reversing Malicious Code
Covers x86 and x64 assembly analysis, control flow graphs, Windows API-level malware behaviour, DLL analysis, injection techniques, API hooking, and Living-off-the-Land attacks.
REMA Complete Assessment
A comprehensive 120-question assessment covering the entire Reverse Engineering and Malware Analysis curriculum: malware taxonomy and reverse engineering fundamentals, static and dynamic analysis, reversing malicious code, malicious web and document files, in-depth analysis of packed and fileless malware, and self-defending malware techniques.