), we take the malware binary as input and generate assembly language code as output, usually with a disassembler. ( discusses the most popular disassembler, IDA Pro.)

Assembly language is actually a class of languages. Each assembly dialect is typically used to program a single family of microprocessors, such as x86, x64, SPARC, PowerPC, MIPS, and ARM. x86 is by far the most popular architecture for PCs.

covers malware compiled for the Intel 64 architecture.) Here, we’ll focus on the x86 architecture aspects that come up most often during malware analysis.

Note

For additional information about assembly, Randall Hyde’s The Art of Assembly Language, 2nd Edition (No Starch Press, 2010) is an excellent resource. Hyde’s book offers a patient introduction to x86 assembly for non-assembly programmers.