RetDec - Retargetable machine-code decompiler based on LLVM

The decompiler is not limited to any particular target architecture, operating system, or executable file format:

• Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code.
• Supported architectures (32b only): Intel x86, ARM, MIPS, PIC32, and PowerPC.

Features:

• Static analysis of executable files with detailed information.
• Compiler and packer detection.
• Loading and instruction decoding.
• Signature-based removal of statically linked library code.
• Extraction and utilization of debugging information (DWARF, PDB).
• Reconstruction of instruction idioms.
• Detection and reconstruction of C++ class hierarchies (RTTI, vtables).
• Demangling of symbols from C++ binaries (GCC, MSVC, Borland).
• Reconstruction of functions, types, and high-level constructs.
• Integrated disassembler.
• Output in two high-level languages: C and a Python-like language.
• Generation of call graphs, control-flow graphs, and various statistics.

For more information, check out our

• Wiki (in progress)
• Botconf 2017 talk
• Publications

Installation and Use

Currently, we support only Windows (7 or later), Linux, and unofficially macOS.

Warning: Decompilations of larger binaries (1 MB or more) may require a lot of RAM. When running decompilations, we advise you to limit the maximal virtual memory for processes before decompiling to prevent potential swapping and unresponsiveness. On Linux, you can run e.g. ulimit -Sv 9863168 in your shell to limit the maximal virtual memory to 8 GB.

Windows

1. Either download and unpack a pre-built package from the following list, or build and install the decompiler by yourself (the process is described below):
   • 32b Windows (v3.0)
   • 64b Windows (v3.0)
2. Install Microsoft Visual C++ Redistributable for Visual Studio 2015.
3. Install MSYS2 and other needed applications by following RetDec's Windows environment setup guide.
4. Now, you are all set to run the decompiler. To decompile a binary file named test.exe, go into $RETDEC_INSTALL_DIR/bin and run:

   bash decompile.sh test.exe

   For more information, run bash decompile.sh --help.

Linux

1. There are currently no pre-built packages for Linux. You will have to build and install the decompiler by yourself. The process is described below.
2. After you have built the decompiler, you will need to install the following packages via your distribution's package manager:
   • Bash
   • UPX
   • bc
   • Graphviz
3. Now, you are all set to run the decompiler. To decompile a binary file named test.exe, go into $RETDEC_INSTALL_DIR/bin and run:

   ./decompile.sh test.exe

   For more information, run ./decompile.sh --help.

macOS

Warning: macOS build was added based on community feedback and is not directly supported by the RetDec team. We do not guarantee you that these instructions will work for you. If you encounter any problem with your build, submit an issue so the macOS community can help you out.

1. There are currently no pre-built packages for macOS. You will have to build and install the decompiler by yourself. The process is described below.
2. After you have built the decompiler, you will need to install the following packages:
   • Bash
   • UPX
   • Graphviz
   • GNU getopt -- should be first in PATH
3. Now, you are all set to run the decompiler. To decompile a binary file named test.exe, go into $RETDEC_INSTALLED_DIR/bin and run:

   # /usr/local/bin/bash if installed via Homebrew
   /path/to/gnu/bash ./decompile.sh test.exe
   

   For more information, run ./decompile.sh --help.

Build and Installation

This section describes a manual build and installation of RetDec.

Requirements

Linux

• A C++ compiler and standard C++ library supporting C++14 (e.g. GCC >= 4.9)
• CMake (version >= 3.6)
• Git
• Perl
• Python (version >= 3.4)
• Bash
• Bison (version >= 3.0)
• Flex
• coreutils
• wget
• libtool
• ncurses (for libtinfo)
• zlib
• Optional: Doxygen and Graphviz for generating API documentation

On Debian-based distributions (e.g. Ubuntu), the required packages can be installed with apt-get:

sudo apt-get install build-essential cmake git perl python3 bash coreutils wget bc doxygen graphviz upx flex bison zlib1g-dev libtinfo-dev autoconf automake pkg-config m4 libtool

On RPM-based distributions (e.g. Fedora), the required packages can be installed with dnf:

sudo dnf install git cmake make gcc gcc-c++ perl python3 bash zlib-devel flex bison m4 coreutils autoconf automake libtool ncurses-devel wget bc doxygen graphviz upx pkg-config

Windows

• Microsoft Visual C++ (version >= Visual Studio 2015 Update 2)
• Git
• MSYS2 and some other applications. Follow RetDec's Windows environment setup guide to get everything you need on Windows.
• Active Perl. It needs to be the first Perl in PATH, or it has to be provided to CMake using CMAKE_PROGRAM_PATH variable, e.g. -DCMAKE_PROGRAM_PATH=/c/perl/bin.
• Python (version >= 3.4)

macOS

• Full Xcode installation (Command Line Tools are untested)
• CMake (version >= 3.6)
• Newer versions of Bison and Flex, preferably installed via Homebrew
• wget
• Python (version >= 3.4, macOS has 2.7)

Github Project