Disassembly Basics
Ghidra and IDA.
What Is Disassembly?
Disassembly converts a binary's machine code back into human-readable assembly instructions. It lets you read exactly what the CPU will execute.
This is essential when source code is unavailable, as is always the case with malware.
Disassembly vs Decompilation
Disassembly produces assembly. Decompilation goes further, reconstructing approximate high-level C-like pseudocode.
Pseudocode is faster to read; assembly is precise. Analysts use both, switching as needed.
All lessons in this course
- Static Analysis
- Dynamic Analysis
- Disassembly Basics
- Unpacking