// Comparison

Practical Binary Analysis vs Practical Reverse Engineering: Which Should You Read?

Two cybersecurity books on Reverse Engineering, compared honestly: who each is for, what each does best, and which to read first.

Advanced

5/52018

Practical Binary Analysis

Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly

Dennis Andriesse

Dennis Andriesse on the binary toolchain you can actually script: ELF internals, dynamic taint analysis, symbolic execution and instrumentation with concrete code-along examples.

Advanced

4/52014

Practical Reverse Engineering

x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

Bruce Dang, Alexandre Gazet, Elias Bachaalany

A working reverser's textbook from three Microsoft / Quarkslab veterans, covering the architectures and toolchain you'll actually meet on real targets, including the Windows kernel and modern obfuscation patterns.

Read this if

Reverse engineers ready to stop being IDA clickers and start being programmers who happen to RE. Andriesse covers DBI (Pin), taint analysis (Triton), and symbolic execution (angr) at exactly the level a practitioner needs to weaponize them.

Reverse engineers transitioning from "I can read disassembly" to "I can audit a Windows kernel driver." The architecture-first companion to Practical Malware Analysis.

Skip this if

RE beginners who haven't yet finished Practical Reverse Engineering, or readers without C and Python comfort. The book assumes you can already disassemble; the value is in the automation layer.

Beginners with no assembly background, or readers focused exclusively on Linux/userland. The book is heavy on Windows internals and assumes you'll do the exercises in WinDbg.

Key takeaways

Modern RE is automated RE; the book is the bridge between hand-driven analysis and the toolchain that scales to large binaries.
Symbolic execution is finally accessible to working RE engineers thanks to angr, and Andriesse's framing is what makes it click for most practitioners.
Custom DBI passes solve a category of problems that no GUI tool can; the book teaches you when to reach for them and how to write them.

x86, x64, ARM, kernel-mode debugging, and anti-RE techniques in a single coherent volume; nothing else competes for breadth.
The kernel debugging chapters are the practical introduction the official Windows Internals book never quite delivers for security audiences.
Anti-RE coverage (obfuscation, packing, anti-debug, virtualization-based protection) is the bridge to modern malware analysis that PMA consciously skips.

How they compare

We rate Practical Binary Analysis higher (5/5 against 4/5 for Practical Reverse Engineering). For most readers, that means Practical Binary Analysis is the primary pick and Practical Reverse Engineering is a useful follow-up.

Both books target advanced-level readers, so the choice is about topic, not difficulty.

Practical Binary Analysis and Practical Reverse Engineering both cover Reverse Engineering, so reading them in sequence reinforces the same material from different angles.

Keep reading