This chapter serves as a reference for understanding the basic compilation process and ELF file format internals. If you are already familiar with its concepts, you can skip this chapter and use it as a reference for details you might need during your analysis.

Program Structure

Before diving into assembly instructions and how to reverse engineer program binaries, it's worth looking at where those program binaries come from in the first place.

Programs start out as source code written by software developers. The source code describes to a computer how the program should behave and what computations the program should take under various input conditions.

The programming language used by the programmer is, to a large extent, a preference choice by the programmer. Some languages are well suited to mathematical and machine learning problems. Some are optimized for website development or building smartphone applications. Others, like C and C++, are flexible enough to be used for a wide range of possible application types, from low‐level systems software such as device drivers and firmware, through system services, right up to large‐scale applications like video games, web‐browsers, and operating systems. For this reason, many of the programs we encounter in binary analysis start life as C/C++ code.

Computers do not execute source code files directly. Before the program can be run, it must first be translated into the machine instructions that ...