This is what Blank told me when I asked a similar question: "If you are dealing with a black box and you want to know what makes it tick you have to study the black box for a long time. At some point you will start to see patterns in the behaviour of this black box. In this case our black box is a program running on a machine, we know this program will make use of the processor to do it's work therefore we are able to extract a lot more information. The studying so far I have done by myself. The trick is to always reason from what you do know, it will help you understand the unknown. However if you want to learn more about how to study a programs behaviour I suggest you look at Immunity Debugger, IDA Pro and some tutorials (https://tuts4you.com/download.php?list.17)."