← Back to Writing
March 24, 20269 min read

The Art of Reading Assembly

assemblyreverse-engineeringlearninglow-levelbeginners

The Art of Reading Assembly

Most developers spend their careers never looking at assembly code. I think that's a mistake.

Not because you need to write assembly—you probably don't. But being able to read it changes how you understand computers. It's the difference between knowing a language exists and actually speaking it, even if only at a conversational level.

This isn't a guide to becoming an assembly expert. It's about developing enough familiarity that when you encounter it—whether in a disassembler, a compiler output, or a debugger—you can make sense of what you're seeing.

What Even Is Assembly?

Before we go further, let's clarify what we're talking about.

When you write code in Python, JavaScript, or C, your computer can't actually run it directly. It needs to be translated into machine code—raw binary instructions that the CPU understands. Assembly is the human-readable version of those instructions.

Think of it as a hierarchy:

  • High-level code (Python, JavaScript): "make me a sandwich"
  • Low-level code (C): "get bread, add ingredients, close sandwich"
  • Assembly: "move hand to location 0x1234, grab object, move to location 0x5678"
  • Machine code: 01001000 10110101... (what the CPU actually executes)

Assembly sits right above machine code. Each assembly instruction corresponds almost directly to a single CPU operation. That's why it looks so alien—you're seeing the raw commands that make computation happen.

Why Bother?

When I first opened Ghidra (a reverse-engineering tool that shows you assembly code) to analyze an older device's firmware, the wall of assembly instructions was overwhelming. Function calls I couldn't recognize. Register operations that seemed arbitrary. Control flow that looked like spaghetti.

But here's what I've learned: you don't need to understand every instruction to understand what code is doing. Assembly becomes readable once you recognize the patterns.

Understanding assembly has made me better at:

  • Debugging: When things break in unexpected ways, sometimes the only truth is in the disassembly
  • Optimization: You can't optimize what you can't measure, and you can't measure what you don't understand
  • Reverse Engineering: Obviously—but also, it trains you to think about how code executes, not just what it does
  • Security: Vulnerabilities often live in the gap between what code appears to do and what it actually does

Some Quick Background

Before looking at patterns, a few concepts that help:

Registers are tiny, incredibly fast storage locations inside the CPU. Think of them as variables that the CPU can access instantly. Common ones you'll see: rax, rbx, rcx (on x86-64). Each has a specific size and sometimes a specific purpose.

The Stack is a region of memory used for temporary storage during function calls. When a function is called, it "pushes" data onto the stack. When it returns, it "pops" data off. It's literally a stack—last in, first out, like a stack of plates.

Instructions are the individual commands: mov (move data), add (addition), jmp (jump to another location), call (call a function), etc. Each CPU architecture (x86, ARM, RISC-V) has its own instruction set, but the concepts are similar.

Start with Patterns, Not Instructions

The mistake most people make is trying to learn assembly like a foreign language: memorizing instruction sets, addressing modes, calling conventions. That's backwards.

Instead, recognize patterns:

Pattern 1: Function Prologue/Epilogue

asm
push rbp ; Save old frame pointer mov rbp, rsp ; Set up new frame sub rsp, 0x20 ; Allocate stack space ... leave ; Restore stack ret ; Return to caller

What this means in English: "I'm starting a function. Let me save some information about where I came from, set up my workspace, and make room for my local variables."

Once you recognize this pattern, you know you're looking at function boundaries. You don't need to understand every detail—you just need to know "this is where a function starts."

The ret at the end means "I'm done, go back to whoever called me."

Pattern 2: Loops

asm
.loop: ; do something dec rcx ; Decrement counter jnz .loop ; Jump if not zero

Translation: "Keep doing this until the counter reaches zero."

Decrement + conditional jump = loop. That's it. You've just identified iteration without understanding every instruction in the loop body. This is essentially a for or while loop in assembly form.

Pattern 3: Comparisons

asm
cmp eax, 0x10 ; Compare register with value jle .branch ; Jump if less or equal

What's happening: "Is this value less than or equal to 16? If yes, go somewhere else. If no, keep going."

Compare + conditional jump = if statement. Once you see this pattern, you can start mapping out program logic. This is your if/else in machine language.

The Tools Matter

Ghidra is my go-to for static analysis (looking at code without running it). Its decompiler isn't perfect, but it's good enough to give you a high-level view while you're learning to read the assembly. The split view—assembly on one side, decompiled C on the other—is invaluable for learning. It's like having subtitles while learning a foreign language.

GDB or lldb for dynamic analysis (watching code run). Sometimes the best way to understand assembly is to step through it instruction by instruction while watching registers and memory change. Like watching a slow-motion replay of what the CPU is doing.

Compiler Explorer (godbolt.org) is brilliant for learning. Write C code, see the assembly output, modify the C, see how the assembly changes. It's like having a Rosetta Stone for your specific compiler and architecture.

A Practical Approach

When I encounter assembly I don't understand, I follow this process:

  1. Find the boundaries: Identify function starts and ends (look for those prologue/epilogue patterns)
  2. Trace the flow: Follow jumps and branches to understand control flow (where does execution go?)
  3. Identify patterns: Look for loops, comparisons, function calls
  4. Focus on data movement: Where is data coming from? Where is it going?
  5. Ignore the noise: Not every instruction matters for understanding what code does

For example, looking at a function, I ask:

  • What are the function arguments? (Usually in specific registers or stack positions—like function parameters)
  • What does it return? (Usually in rax/eax on x86-64—the "return value")
  • Does it call other functions?
  • Does it loop?
  • Where does it read/write memory?

Pro tip: A lot of assembly instructions are just "bookkeeping"—saving and restoring values, setting up the stack, preparing for function calls. You can often skip over these when trying to understand the core logic.

You Don't Need to Be an Expert

Here's the secret: you don't need to be fluent in assembly. You need to be comfortable enough that it's not intimidating.

When I'm reverse-engineering firmware, I'm not carefully analyzing every instruction. I'm:

  • Scanning for interesting function calls (like "is this calling a WiFi function? A cryptography function?")
  • Looking for string references ("ah, this prints an error message")
  • Identifying main loops ("this is the program's heartbeat")
  • Finding where hardware peripherals are accessed (specific memory addresses)
  • Understanding control flow at a high level

The assembly is just the medium. The goal is understanding the system.

Start Small

If you want to start reading assembly:

1. Write a tiny C program

Something like:

c
int add(int a, int b) { return a + b; }

2. Compile it and look at the assembly

bash
gcc -S -O0 program.c # Creates a .s file with assembly # Or use Compiler Explorer online

3. Find your function in the output

See the prologue? The stack setup? The actual addition? The return?

You'll see something like:

asm
add: push rbp ; Function start mov rbp, rsp mov DWORD PTR [rbp-4], edi ; First argument mov DWORD PTR [rbp-8], esi ; Second argument mov edx, DWORD PTR [rbp-4] mov eax, DWORD PTR [rbp-8] add eax, edx ; The actual addition! pop rbp ; Function end ret

Can you spot the addition? That's the heart of the function. Everything else is setup and cleanup.

4. Change the code slightly

Add an if statement. See what changes (you'll see a comparison and a jump). Add a loop. See the pattern (a label and a conditional jump back to it).

That's it. You're reading assembly.

A Word of Encouragement

If you're coming from high-level languages, assembly can feel like looking at the Matrix. All those cryptic three-letter instructions, hexadecimal numbers, and register names.

But remember: every program you've ever run—every app, game, website—eventually became this. Assembly isn't some arcane magic. It's just the CPU's native language.

And just like you don't need to understand every word of French to get the gist of a French restaurant menu, you don't need to understand every instruction to get the gist of assembly code.

Why It Matters

In an age where we abstract away everything—where you can build entire applications without thinking about the machine—there's something grounding about reading assembly.

It reminds you that every line of high-level code eventually becomes machine instructions. That performance isn't magic—it's about what the CPU actually executes. That security vulnerabilities often live in assumptions about what code means versus what it does.

You don't need to write assembly (seriously, modern compilers are better at it than humans). But being able to read it? That's a superpower worth developing.

It's like understanding how a car engine works. You don't need to be a mechanic, but knowing the basics changes how you drive, how you diagnose problems, and how you appreciate the engineering beneath the hood.

Start with one small function. Recognize one pattern. Build from there.

The art of reading assembly isn't about memorization—it's about pattern recognition. And anyone can learn to see patterns.

So, the next time you see a wall of assembly, don't close the tab. Look for the patterns. You might just see the computer breathing for the first time.

✦ ASK AI

Ask about this post

AI answers are based solely on this post's content. Press Enter to send.

Comments

No comments yet. Be the first!

Leave a Comment