Malware rarely ships with source code, yet knowing what typical C constructs look like in a disassembler is the analyst’s first superpower. In this module, you install a properly tooled Visual Studio, review the compile-link-load-runtime pipeline, and write a simple program while playing with some compiler options to see how each flag reshapes the PE file. Then you flip perspectives: load the freshly built binary into IDA/Ghidra, trace its functions, and correlate assembly patterns back to their C origins. By the end, you’ll grasp how everyday coding choices surface in machine code, knowledge that lets you recognise, label, and reason about unknown malware far faster in later modules.