REcompile: A decompilation framework for static analysis of binaries

Reverse engineering of binary code is an essential step for malware analysis. However, it is a tedious and time-consuming task. Decompilation facilitates this process by transforming machine code into a high-level representation that is more concise and easier to understand. This paper describes REcompile, an efficient and extensible decompilation framework. REcompile uses the static single assignment form (SSA) as its intermediate representation and performs three main classes of analysis. Data flow analysis removes machine-specific details from code and transforms it into a concise high-level form. Type analysis finds variable types based on how those variables are used in code. Control flow analysis identifies high-level control structures such as conditionals, loops, and switch statements. These steps enable REcompile to produce well-readable decompiled code. The overall evaluation, using real programs and malware samples, shows that REcompile achieves a comparable and in many cases better performance than state-of-the-art decompilers.