What dynamic analysis sees that static cannot
Static analysis sees every possible code path; dynamic analysis sees the taken one, with real values flowing through it. Each loses what the other captures:
| Question | Static | Dynamic |
|---|---|---|
| What can this binary do? | All branches | Only the one executed |
| What values does this variable hold? | Symbolic / unknown | Concrete |
| Is this code dead? | Hard to prove | Easy to observe |
| Does this string get decrypted at runtime? | Invisible | Trivial to dump |
| Does this branch depend on the wall clock? | Hard to detect | Visible from a single trace |
Most real RE work is hybrid: a static pass identifies interesting functions and call sites; dynamic execution provides the runtime values that close the loop. Encrypted strings appear in plaintext mid-execution. Hash functions reveal their constants. License-validation logic flows through real inputs. The static view tells you where to look; the dynamic view tells you what is actually happening at that point.
