Practical Binary Analysis

Practical Binary Analysis covers all major binary analysis topics in an accessible way, from binary formats, disassembly, and basic analysis to advanced techniques like binary instrumentation, taint analysis, and symbolic execution. Order a hardcopy or ebook online at No Starch Press or from Amazon, or download a free sample chapter.

Cover of Practical Binary Analysis. Table of contents.

Virtual Machine and Code Samples

The book comes with a virtual machine that contains all the examples and software. You can download it from this torrent. The username and password for the VM are both “binary.” To use the VM you'll need VirtualBox. You can also download just the example code.

Important: Make sure to update the VM to ensure that any errata are fixed. You can always get the latest updates by opening a terminal on the VM and running the following command:

cd /home/binary && wget -q \
        && chmod 755 && ./

Note that you should use only the above command to update. Updating the OS or any software packages, for instance with apt, is not recommended because some of the pre-installed binary analysis toolkits have very specific expectations about the system.

Running Code Samples on Windows and Other Platforms

If you know what you're doing and you really want to run the code samples on a platform other than the VM, that should be possible in most cases. Most of the tools used in the book, including Capstone, Pin, and Triton, are made to work on Linux, Windows, and macOS. The major exception is libdft; unfortunately, porting it to Windows is probably hopeless without a major rewrite.

Triton and libdft depend on older Pin versions that don't work on Linux kernel 4.4+. Therefore, getting these tools to work on a modern Linux distro can be a challenge. If you still want to attempt this, you may want to skim my notes on getting Pin 2.13, Pin 2.14, and libdft to work on Ubuntu 16.04. Note that this involves downgrading the kernel, which is not recommended for any kind of production system.


  • Virtual machine with all code samples and software (username/password “binary”) Magnet link Torrent file
  • Archive with all code samples Archive (.tar.gz)
  • Patch for libdft Patch file
  • Virtual machine (direct download w/ limited bandwidth, please use only if you can't use the torrent) VM (.ova)
  • Sample chapter on basic binary analysis PDF
  • Table of contents PDF


Please report any factual or typographic errors in the book to No Starch Press or to the author at 52%5D2%3F5C%3A6DD6o8%3E2%3A%3D%5D4%40%3Eda.andriesse‹ατ› The current list of errata is available here.

Community Contributions

Made something cool? Let me know and I'll add it to the list!

CTF Walkthroughs

  • Chapter 5 CTF walkthrough @ Nucu Labs lvl2
  • Chapter 5 CTF walkthrough @ Cool|Byte lvl1-lvl4 lvl5
  • Chapter 5 CTF walkthrough @ Matteo Malvica lvl6 lvl7
  • Chapter 5 CTF walkthrough @ Miles Mulet lvl8
  • Chapter 5 CTF walkthrough @ Loïc Pefferkorn lvl2-lvl4 lvl5-lvl7 lvl8

Exercise Solutions

  • 0xe1a00000's examples and solutions to selected exercises Github
  • Fast, parallel, cross-variant ROP/JOP gadget finder (expanded solution to Ch8 exercise) Github
  • lucadidomenico's solution to the Ch11 format string vulnerability exercise Github
  • Fare9's solutions to the Ch12 exercises Pastebin
  • lucadidomenico's solution to the Ch13 license key exercise Github

Code and Tools

  • Fare9's custom versions of the PBA tools Github


In case of questions or comments, contact me at 52%5D2%3F5C%3A6DD6o8%3E2%3A%3D%5D4%40%3Eda.andriesse‹ατ›

PGP key

Here's my [PGP key].

PGP key fingerprint

A82C A27D 4A27 CF84 7C23
BC58 BAD7 CA8E F693 94DD

Author Bio

Dennis Andriesse is currently working as an Offensive Security Researcher for Intel. Before that, he was an academic in VUSec, doing research on binary analysis and eventually obtaining a Ph.D. in System and Network Security. He is one of the main contributors to PathArmor, a Control-Flow Integrity system which defends against control-flow hijacking attacks such as ROP. Some of his research on binary analysis has been integrated into Binary Ninja. Andriesse was also one of the attack developers involved in the takedown of the GameOver Zeus P2P botnet, and has dabbled in Rowhammer and microarchitectural attacks. Find his academic website here.