The authors present a pipeline for recovering source code from stripped binary functions by combining reverse engineering, anchor-based retrieval, and large language model reasoning.
- The method identifies the source function from a database rather than generating decompiled pseudocode.
- Anchors such as strings, constants, external calls, and function names are extracted using Ghidra.
- Candidates are retrieved via an inverted-index search and re-ranked by an LLM based on disassembly and metadata.
- On a stripped tcpdump binary with a high-fidelity database, the method achieves 95.2% assembly instruction coverage.
- Experiments on a GitHub-based database showed lower performance with 35.5% average instruction coverage due to retrieval misses.
The results indicate that source-level binary recovery is effective when supported by high-quality databases.