2. What is a
disassembler?
– A program that translates
machine code back to assembly
code.
– It allows you to perform static
code analysis.
– Static code analysis: a technique
you can use to interpret the code
to understand the program's
behavior, without executing the
binary.
2
3. What is a
debugger?
– A debugger is a program which also
disassembles the code; apart from that,
– It allows you to execute the compiled
binary in a controlled manner.
– It allows you execute either a single
instruction or selected functions, instead
of executing the entire program.
– A Debugger allows you to perform
dynamic code analysis, and helps you
examine the aspects of the suspect binary
while it is running.
3
4. What is a de-
compiler?
– A program that translates
the machine code into the
code in a high-level
language (pseudocode).
– De-compilers can greatly
assist you with the reverse
engineering process and
can simplify your work.
4
Source: Canzanese, Raymond & Oyer, M & Mancoridis, Spiros &
Kam, Moshe. (2005). A survey of reverse engineering tools for the
32-bit Microsoft Windows environment.
5. IDA Pro tool
– Interactive Disassembler
(IDA)
– A powerful disassembler
and a versatile debugger.
– It is used for reverse
engineering.
– https://hex-rays.com/ida-
pro/
5
6. IDA Pro tool (Cont.)
– IDA Pro has become the de-facto
standard for the analysis of hostile
code, vulnerability research and
commercial off-the-shelf validation.
6