CS6038/CS5138 Malware Analysis, UC

Course content for UC Malware Analysis

View on GitHub
9 February 2017

Assembly Language Crash Course (Pt. 1)

by

Assembly Language Crash Course (Pt. 1)

This lecture introduces the class to mainstream CPU architecture, the compilation & translation stage, and the distinctions between native machine language and more general machine-agnostic programming languages, such as C.

We delve into how a compiler will break up the source code for a program into multiple blocks, to construct a Control Flow Diagram, that governs execution flow. These blocks are then compiled, and subsequently translated, into a native machine language for the target platform (such as x86-64 machine code).

The human-readable representation of this is typically referred to as “assembly language”.

Using visual static analysis tools, such as IDA, this CFG is reconstructed from compiled code and then presented to an analyst for review.

Slides: lecture-w05-2.pdf (PDF)

Video: CS7038: Wk05.2 - Assembly Language Crash Course

Example sources from lecture:

Some helpful links to static analysis tools leveraging assembly language:

Helpful machine-language and assembly references:

ARM Reference, for comparison:

home

tags: malware lecture c asm cfg decompilation