Disassemblers and debuggers can be used for example, for parsing compiled Windows executables and displaying their code as assembly instructions. Tools like OllyDbg have debugging capabilities, which allow for executing the most interesting parts of the malicious program slowly and under highly controlled conditions, to better understand the purpose of the code.

A college lecture at City College San Francisco by Sam Bowne based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901, chapter 8:

Memory dumpers can be used for obtaining protected code located in the lab system’s memory and dumping it to a file. This technique is particularly useful when analysing packed executables, which are difficult to disassemble because they encode or encrypt their instructions, extracting them into RAM only during run-time.