A disassembler is a computer program that translates machine language into assembly language—the inverse operation to that of an assembler. The output of disassembly is typically formatted for human-readability rather than for input to an assembler, making disassemblers primarily a reverse-engineering tool. Common uses include analyzing the output of high-level programming language compilers and their optimizations, recovering source code when the original is lost, performing malware analysis, modifying software (such as binary patching), and software cracking.

A disassembler differs from a decompiler, which targets a high-level language rather than an assembly language. A fundamental method of software analysis is disassembly. Unlike decompilers, which make attempts at recreating high-level human readable structures using binaries, disassemblers are aimed at generating a symbolic assembly, meaning it's attempting to reconstruct the assembly closest to its executions. Disassembled code is hence normally more accurate but also lower level and less abstract than decompiled code and thus it can be much more easily analyzed.

Assembly language source code generally permits the use of constants and programmer comments. These are usually removed from the assembled machine code by the assembler. If so, a disassembler operating on the machine code would produce disassembly lacking these constants and comments; the disassembled output becomes more difficult for a human to interpret than the original annotated source code. Some disassemblers provide a built-in code commenting feature where the generated output is enriched with comments regarding called API functions or parameters of called functions. Some disassemblers make use of the symbolic debugging information present in object files such as ELF. For example, IDA allows the human user to make up mnemonic symbols for values or regions of code in an interactive session: human insight applied to the disassembly process often parallels human creativity in the code writing process.

It is not always possible to distinguish executable code from data within a binary. While common executable formats, such as ELF and PE, separate code and data into distinct sections, flat binaries do not, making it unclear whether a given location contains executable instructions or non-executable data. This ambiguity might complicate the disassembly process.

Additionally, CPUs often allow dynamic jumps computed at runtime, which makes it impossible to identify all possible locations in the binary that might be executed as instructions.

On computer architectures with variable-width instructions, such as in many CISC architectures, more than one valid disassembly may exist for the same binary.

Disassemblers also cannot handle code that changes during execution, as static analysis cannot account for runtime modifications.

Encryption, packing, or obfuscation are often applied to computer programs, especially as part of digital rights management to deter reverse engineering and cracking. These techniques pose additional challenges for disassembly, as the code must first be unpacked or decrypted before meaningful analysis can begin.