ISSTA 2025
Wed 25 - Sat 28 June 2025 Trondheim, Norway
co-located with FSE 2025
Thu 26 Jun 2025 16:00 - 16:25 at Cosmos 3B - Decompilation and Tracing Chair(s): Philipp Straubinger

Decompilers are widely used in reverse engineering (RE) to convert compiled executables into human-readable pseudocode and support various security analysis tasks. Existing decompilers, such as IDA Pro and Ghidra, focus on enhancing the readability of decompiled code rather than its recompilability, which limits further programmatic use, such as for CodeQL-based vulnerability analysis that requires compilable versions of the decompiled code. Recent LLM-based approaches for enhancing decompilation results, while useful for human RE analysts, unfortunately also follow the same path.

In this paper, we explore, for the first time, how off-the-shelf large language models (LLMs) can be used to enable recompilable decompilation—automatically correcting decompiler outputs into compilable versions. We first show that this is non-trivial through a pilot study examining existing rule-based and LLM-based approaches. Based on the lessons learned, we design DecLLM, an iterative LLM-based repair loop that utilizes both static recompilation and dynamic runtime feedback as oracles to iteratively fix decompiler outputs. We test DecLLM on popular C benchmarks and real-world binaries using two mainstream LLMs, GPT-3.5 and GPT-4, and show that off-the-shelf LLMs can achieve an upper bound of around 70% recompilation success rate, i.e., 70 out of 100 originally non-recompilable decompiler outputs are now recompilable. We also demonstrate the semantic consistency of using this recompilable code for CodeQL-based vulnerability analysis compared to the ground-truth source code. For the remaining 30% of hard cases, we further delve into their errors to gain insights for future improvements in decompilation-oriented LLM design.

Thu 26 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

16:00 - 17:15
Decompilation and TracingResearch Papers at Cosmos 3B
Chair(s): Philipp Straubinger University of Passau
16:00
25m
Talk
DecLLM: LLM-Augmented Recompilable Decompilation for Enabling Programmatic Use of Decompiled Code
Research Papers
WONG Wai Kin Hong Kong University of Science and Technology, Daoyuan Wu Hong Kong University of Science and Technology, Huaijin Wang Ohio State University, Li Zongjie Hong Kong University of Science and Technology, Zhibo Liu Hong Kong University of Science and Technology, Shuai Wang Hong Kong University of Science and Technology, Qiyi Tang Tencent Security Keen Lab, Sen Nie Tencent Security Keen Lab, Shi Wu Tencent Security Keen Lab
DOI
16:25
25m
Talk
DataHook: An Efficient and Lightweight System Call Hooking Technique without Instruction Modification
Research Papers
Quan Hong Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Jiaqi Li Institute of Information Engineering, Chinese Academy of Sciences, Wen Zhang China Unicom Online Information Technology CO.,Ltd, Lidong Zhai Institute of Information Engineering, Chinese Academy of Sciences
DOI
16:50
25m
Talk
Tracezip: Efficient Distributed Tracing via Trace Compression
Research Papers
Zhuangbin Chen Sun Yat-sen University, Junsong Pu Beijing University of Posts and Telecommunication, Zibin Zheng Sun Yat-sen University
DOI

Information for Participants
Thu 26 Jun 2025 16:00 - 17:15 at Cosmos 3B - Decompilation and Tracing Chair(s): Philipp Straubinger
Info for room Cosmos 3B:

Cosmos 3B is the second room in the Cosmos 3 wing.

When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.

:
:
:
: