Static Analysis
Analysis
Static analysis examines binaries without execution. Disassemblers convert machine code to assembly language, revealing program structure, function calls, and control flow.
Essential Disassemblers
bash
# Ghidra (NSA, free and open-source)
# - Launch: ghidraRun
# - Create new project → Import file
# - Analyze with default options
# - View decompiled C code in Decompiler window
# IDA Pro (commercial, industry standard)
# - Open binary in IDA
# - Wait for auto-analysis
# - Press F5 on function for decompilation (requires Hex-Rays)
# - Export to C: File → Produce File → Create C File
# Binary Ninja (commercial, modern alternative)
# - Excellent UI and Python API
# - Built-in graph view and HLIL (High-Level IL)
# Radare2 / Cutter (free, command-line focused)
r2 binary.exe
aaa # Analyze all
pdf @ main # Disassemble main function
VV # Visual graph mode
# Quick reconnaissance commands
file binary.exe # File type and architecture
strings binary.exe # Extract strings
rabin2 -I binary.exe # Binary info (imports, exports)
objdump -d binary.exe # Disassemble (Linux)
dumpbin /ALL binary.exe # PE analysis (Windows)Start with Strings
Always run
strings first. Look for URLs, IP addresses, file paths, error messages, and function names.
This gives quick insight into the binary's purpose before diving into assembly.