Hex vs Binary vs Decimal: Explained for Programmers and Reverse Engineers

OllyDbg Reverse Engineering Series — Part 3 of 60

Understanding number systems is essential before reading disassembly inside OllyDbg.

Every time I opened OllyDbg, I kept seeing things like 00401000, FF, 0x1A, MOV EAX, 0xFF. I sort of just accepted it and moved on. But at some point I realized I don’t actually understand what any of these numbers mean. I’m just pattern matching.

That’s a problem. Because in reverse engineering, numbers are literally everywhere. Every memory address, every value in a register, every byte in the Memory Dump it’s all hex. If you don’t understand hex properly, you’re just guessing.

So this part is dedicated entirely to number systems. Binary, decimal, hex what they are, why they exist, how to convert between them, and most importantly why you actually care when you’re inside OllyDbg.

No practical this time either we’re still building the mental model. The practical comes when we’re reversing real programs and these concepts will click naturally in context.

---

Why Does a Computer Even Use Binary?

You and I count with 10 digits 0 through 9. Why 10? Probably because we have 10 fingers. That’s it. No deep reason.

A computer doesn’t have fingers. It has transistors tiny electronic switches built into the processor. And a switch has exactly two states: ON or OFF. That’s it. Nothing in between.

So computers count using only two digits 0 and 1. OFF is 0, ON is 1. That’s binary.

Everything inside your computer photos, videos, .exe files, assembly instructions is ultimately just a very long string of 0s and 1s. Billions of tiny switches flipping on and off.

---

The Same Number, Three Different Ways to Write It

Here’s something that confused me at first. Decimal, binary, and hex are not different values they’re different ways of writing the same value.

Look at this:

Decimal  →  255
Binary   →  11111111
Hex      →  FF

All three mean exactly the same number. You’re just writing it in three different formats. Like how “100 rupees”, “one hundred rupees”, and “₹100” all mean the same thing.

In OllyDbg you’ll almost always see hex. Rarely decimal, almost never binary. But you need to understand all three to know what’s actually going on.

---

Binary - Counting With Light Switches

Let me explain binary counting in the simplest way I know.

Imagine two light switches side by side. Each switch is either OFF (0) or ON (1). Now count using those switches:

Switch 2 | Switch 1 | Value
---------|----------|-------
   0     |    0     |  zero
   0     |    1     |  one
   1     |    0     |  two
   1     |    1     |  three

When Switch 1 runs out (goes past 1), it flips back to 0 and Switch 2 turns on. Exactly like a car odometer rolling over.

Add a third switch and you can count up to 7. Add a fourth and you get up to 15. Add 8 switches and you can represent 256 different values (0 to 255).

Don’t look at 10 in binary and think “ten.” Think “Switch 2 is ON, Switch 1 is OFF.” That’s two.

00 = zero
01 = one
10 = two    ← switch 1 rolled over, switch 2 turned on
11 = three

Each switch is called a bit. Eight bits together is called a byte. You’ll see these words constantly in RE work.

1 bit  =  one switch  =  one 0 or 1
8 bits =  1 byte      =  one pair of hex digits

---

Why Hex and Not Binary?

Binary gets long very fast. The number 255 in binary is 11111111 eight digits. A memory address in binary looks like this:

Binary:  00000000010000000001000000000000
Hex:     00401000

Same address. One is 32 characters of 0s and 1s. The other is 8 characters you can actually read and remember.

Hex is basically a compressed version of binary. And the compression is clean every single hex digit maps to exactly 4 binary digits:

F  =  1111
F  =  1111

FF =  11111111

This is why hex became the standard for low-level work. It’s short, readable, and maps directly to binary without any messy conversion. Once you’re used to it, reading FF is as natural as reading 255.

---

How Hex Actually Works - The 16 Digits

Decimal has 10 digits: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9

Hex has 16 digits. We have 10 number symbols and needed 6 more, so we borrowed letters:

0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F

Their values:

A = 10
B = 11
C = 12
D = 13
E = 14
F = 15

So after 9 you don’t write 10 you write A. After F you write 10 (which means sixteen, not ten).

Decimal 10  =  Hex A
Decimal 11  =  Hex B
Decimal 15  =  Hex F
Decimal 16  =  Hex 10

---

Converting Hex to Decimal - It’s Just Powers of 16

Decimal works in powers of 10:

345  =  3×100 + 4×10 + 5×1
     =  3×10² + 4×10¹ + 5×10⁰

Hex works exactly the same way just powers of 16 instead of 10:

FF  =  F×16  +  F×1
    =  15×16 +  15×1
    =  240   +  15
    =  255

One more:

2F  =  2×16  +  F×1
    =  2×16  +  15×1
    =  32    +  15
    =  47

And:

1A  =  1×16  +  A×1
    =  1×16  +  10×1
    =  16    +  10
    =  26

You don’t need to do this manually every time OllyDbg’s command bar handles it instantly. But understanding the process means when you see FF you instinctively know it’s a large value near 255, and 1A is a small value around 26. That rough intuition helps a lot while reversing.

---

The 0x Prefix - What It Means

In OllyDbg and assembly you’ll often see values written like 0xFF or 0x1A. That 0x prefix means absolutely nothing except “this number is written in hex.” It’s just a label so you know the format.

So 0xFF and FF are identical. Same value, same format. Some tools write the prefix, some don’t.

When you see an assembly instruction like:

MOV EAX, 0xFF

Break it down:

• MOV - copy a value somewhere
• EAX - the destination register (think of it as a small box)
• 0xFF - the value being copied in (FF hex = 255 decimal)

So this instruction just means: put the number 255 into the EAX register.

Before:  EAX = 00000000
MOV EAX, 0xFF
After:   EAX = 000000FF

Simple as that. And MOV EAX, 0x1A means put 26 into EAX. Same idea, smaller number.

---

How This All Connects in OllyDbg

Every number you see in OllyDbg is hex. Now that you know hex, let’s look at what you’ll actually encounter:

Memory addresses in the Disassembler:

00401000   PUSH EBP

00401000 is a hex address a location in RAM. Not one million four hundred and one thousand. Just a specific spot in memory.

Values in registers:

EAX = 000000FF

That’s 255 in decimal. All 8 switches ON.

Bytes in the Memory Dump:

48 65 6C 6C 6F

Five bytes. In ASCII that’s “Hello” you can see it in the right column of the dump window.

Single character lookup:
41 in hex = 65 in decimal = ASCII character ‘A’. The OllyDbg command bar ? 41 will tell you this instantly. We’ll use this live when we start reversing actual programs.

---

What I Found Confusing (And Now Don’t)

“Binary 10 looks like ten but it isn’t ten that messed me up.”
Don’t read it as a number. Read it as switches. 10 in binary means Switch 2 ON, Switch 1 OFF. That’s two. The shape looks like “ten” but the value is two.

“What is 0x is it part of the address?”
No. 0x is just a prefix meaning “hex.” It’s not a value, not an address, not part of the number. 0xFF and FF are the same thing. The 0x is just a label.

“Why not just use decimal everywhere?”
Because hex maps cleanly to binary every hex digit = exactly 4 bits. Decimal doesn’t have that clean relationship. For low-level work where you care about individual bits and bytes, hex is just much more natural.

---

What We Learned - Glossary

---

Coming Up Next

In Part 4 we go deep on CPU registers - EAX, EBX, ECX, EDX, ESP, EBP, EIP and what each one actually does. You’ve been seeing these names since Part 2. Time to properly understand them.

→ Part 4: CPU Registers - What They Are and Why They Matter

← Part 2: OllyDbg Interface Tour - Every Window Explained