Dissecting Binaries: The Six Layers of a Hardened Binary

This is one of Dissecting Binaries with machine-code-analyzer, a series where I point the tool at real binaries and write up what falls out. A modern binary defends itself in layers. None of the layers is a wall. Each one takes a single technique out of an attacker’s toolbox. It is the stack of them, and the way they interlock, that makes an exploit expensive to write. The clearest way to see the layers is to remove them....

July 7, 2026 · 9 min · Hagen Paul Pfeifer

Dissecting Binaries: How Functions Begin

This is one of Dissecting Binaries with machine-code-analyzer, a series where I point the tool at real binaries and write up what falls out. Every text on x86 assembly teaches the same function prologue: push %rbp mov %rsp, %rbp Save the old frame pointer, point it at the current stack top, and now you have a stable base to address locals and walk the stack. It is in every textbook, every course, every disassembly screenshot from 2010....

July 4, 2026 · 5 min · Hagen Paul Pfeifer

Dissecting Binaries: A Tour of the Analyzer

This opens Dissecting Binaries with machine-code-analyzer, a series where I point the tool at real binaries and write up what falls out. I keep asking small questions about binaries and never having a quick way to answer them. How big is the average function in this program? How much of it is cold error handling that almost never runs? Does it use SIMD at all? Was it built with the stack protector?...

June 14, 2026 · 7 min · Hagen Paul Pfeifer