This chapter was designed to expose you to a constant task in malware analysis: abstracting yourself from the details. Don’t get bogged down in the low-level details, but develop the ability to recognize what the code is doing at a higher level.

We’ve shown you each of the major C coding constructs in both C and assembly to help you quickly recognize the most common constructs during analysis. We’ve also offered a couple of examples showing where the compiler decided to do something different, in the case of structs and (when an entirely different compiler was used) in the case of function calls. Developing this insight will help you as you navigate the path toward recognizing new constructs when you encounter them in the wild.