The authors present a pipeline for recovering source code from stripped binary functions by combining reverse engineering, anchor-based retrieval, and large language model reasoning.

  • The method identifies the source function from a database rather than generating decompiled pseudocode.
  • Anchors such as strings, constants, external calls, and function names are extracted using Ghidra.
  • Candidates are retrieved via an inverted-index search and re-ranked by an LLM based on disassembly and metadata.
  • On a stripped tcpdump binary with a high-fidelity database, the method achieves 95.2% assembly instruction coverage.
  • Experiments on a GitHub-based database showed lower performance with 35.5% average instruction coverage due to retrieval misses.

The results indicate that source-level binary recovery is effective when supported by high-quality databases.