explaingit

0xz0f/z0fcourse_reverseengineering

5,821C++Audience · developerComplexity · 4/5Setup · easy

TLDR

A free beginner-to-intermediate course teaching reverse engineering on 64-bit Windows, how to read compiled programs without source code, reverse DLLs, and analyze real malware samples.

Mindmap

mindmap
  root((repo))
    What it does
      Teaches reverse engineering
      64-bit Windows focus
      Beginner to intermediate
    Topics Covered
      Program structure basics
      DLL reversing
      Malware analysis samples
    Resources
      Markdown chapters on GitHub
      PDF downloads available
      TryHackMe rooms
    Community
      Discord server
      Hands-on labs
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Learn how to read compiled Windows programs without their source code using low-level instructions

USE CASE 2

Analyze real malware samples to understand what they do and how they work

USE CASE 3

Reverse-engineer a Windows DLL and incorporate it into your own custom program

USE CASE 4

Build foundational skills for security research or penetration testing on Windows

Tech stack

C++x64 AssemblyWindowsMarkdown

Getting it running

Difficulty · easy Time to first run · 5min

No installation required, read Markdown files directly on GitHub or download the PDF ZIP (password: reverse).

No explicit license stated, check the repository directly before using content commercially.

In plain English

This repository is a free reverse engineering course focused on 64-bit Windows. Reverse engineering in this context means taking a compiled program, one where you don't have the original source code, and figuring out what it does by reading the low-level instructions the computer executes. This skill is used in security research, malware analysis, and understanding software at a deep level. The course is structured to take someone from beginner to intermediate level. It starts with the basics of how compiled programs are structured, then works through progressively more complex examples: reversing small programs, reversing a DLL (a type of Windows library file) and incorporating it into a custom program, and eventually reversing real malware samples. The course specifically covers 64-bit Windows because it is the most common environment today and has only one calling convention to worry about, which simplifies the learning process. The theory and concepts carry over to 32-bit Windows and other operating systems as well. The author created the course because they found existing resources on reverse engineering to be outdated, expensive, or difficult to follow. The course is written in Markdown and stored as files in the repository, making it readable directly on GitHub. PDF versions are also available in ZIP archives with the password "reverse" for people who prefer that format. The PDFs may not be fully up to date, so the Markdown version is recommended. The first six chapters of the course are also available interactively on TryHackMe, a platform for hands-on security learning, through two dedicated rooms. A Discord server accompanies the course for questions and updates.

Copy-paste prompts

Prompt 1
I am working through the z0fcourse reverse engineering course on 64-bit Windows. Here is an assembly snippet, walk me through what this function is doing step by step: [paste assembly]
Prompt 2
Help me set up x64dbg to analyze a Windows executable. What are the first things I should look at to understand what the program does?
Prompt 3
I am reversing a Windows DLL and need to figure out what a function does from its assembly. It calls these Windows APIs: [list them]. What does each API do and what might this function's purpose be?
Prompt 4
Guide me through safely analyzing a malware sample in a sandboxed environment, covering what artifacts to look for and how to document findings.
Prompt 5
I just finished the DLL reversing chapter in z0fcourse. How do I write a C++ program that loads a reversed DLL and calls a function I identified at offset 0x1040?
Open on GitHub → Explain another repo

← 0xz0f on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.