x86 Assembly Crash Course

The assembly language is the lowest level of human-readable language. It is also the highest level of language into which a binary can be reliably decompiled. When learning malware reverse engineering, knowing the basics of assembly language is essential. This is because when we get a malware sample to analyze, it is most likely a compiled binary. We cannot view this binary's C/C++ or other language code because that is not available to us. What we can do, however, is to decompile the code using a decompiler or a disassembler. The problem with decompiling is that a lot of information in the written code is removed while it is compiled into a binary; hence we won't see variable names, function names, etc., as we do while writing code. So the most reliable code we have for a compiled binary is its assembly code. In this room, we will learn the basics of assembly that we can use in the malware analysis rooms to understand what a binary is doing while looking at its assembly code.

Learning Objectives

We will be covering the following topics:

• Opcodes and operands
• General assembly instructions
• Arithmetic and logical instructions
• Conditionals
• Branching instructions

Prerequisites

Before starting this room, it is highly recommended that you complete the x86 Architecture Overview room first.