Static analysis and dynamic analysis are great techniques to understand the basic functionality of malware, but these techniques do not provide all the required information regarding the malware's functionality. Malware authors write their malicious code in a high-level language, such as C or C++, which is compiled to an executable using a compiler. During your investigation, you will only have the malicious executable, without its source code. To gain a deeper understanding of a malware's inner workings and to understand the critical aspects of a malicious binary, code analysis needs to be performed.

This chapter will cover the concepts and skills required to perform code analysis. For a better understanding of the subject, this chapter will make use of relevant concepts from both C programming and assembly language programming. To understand the concepts covered in this chapter, you are expected to have a basic programming knowledge (preferably C programming). If you are not familiar with basic programming concepts, start with an introductory programming book (you can refer to the additional resources provided at the end of this chapter) and return to this chapter afterward.

The following topics will be covered from a code analysis (reverse engineering) perspective:

• Computer basics, memory, and the CPU
• Data transfer, arithmetic, and bitwise operations
• Branching and looping
• Functions and stack
• Arrays, strings, and structures
• Concepts of the x64 architecture