add the beginning of the chapter 4

Author: xanhacks

docs/reverse/practical-malware-analysis.md

@@ -45,6 +45,26 @@
     - Wireshark: Open source sniffer.
     - INetSim: Simulates commin Internet services.
 
+## Chapter 4 - Crash course in x86 disassembly
+
+- C code => *compiler* => CPU Machine Code => *Disassembler* => Assembly Code
+- **Levels of Abstraction:**
+    - **Hardware:** Electrical circuits that implements logical operations like XOR, AND, OR and NOT gates
+    - **Microcode (firmware):** An interface between hardware and machine code
+    - **Machine code:** List of Opcodes that tell the processor what to do
+    - **Low-level languages:** Human readable version of a computer architeture's instruction set (assembly).
+    - **High-level languages:** Programming languages like C, C++, ... Compiled to machine code.
+    - **Interpreted languages:** Programming languages like Python, C#, java, ... Translated to bytecode that will be executed by a interpreter.
+- **Microprocessors Architectures:** x86, x64, SPARC, PowerPC, MIPS, ARM, etc.
+- **Von Neumann Architecture:**
+    - **Central Processing Unit (CPU):** Executes code
+    - **Control Unit:** Get instructions to execute from RAM using the Instruction Pointer register
+    - **Arithmetic/Logic Unit (ALU):** Executes an instruction fetched from the RAM and plces the results in memory/registers
+    - **Main Memory:** RAM
+    - **Input/Output devices:** Devices like keyboard, mouse, monitors... 
+
+![Von_Neumann_Architecture](https://upload.wikimedia.org/wikipedia/commons/thumb/e/e5/Von_Neumann_Architecture.svg/1920px-Von_Neumann_Architecture.svg.png)
+
 ## Tools
 
 - [Detect It Easy](https://github.com/horsicq/Detect-It-Easy): Detect file and packed types.