Preprocessing of Binary Executable Files Towards Retargetable Decompilation

The goal of retargetable machine-code decompilation is to analyze and reversely translate platform-dependent executable files into a high level language (HLL) representation. This process can be used for many different purposes, such as legacy code reengineering, malware analysis, etc. Retargetable decompilation is a complex task that must deal with a lot of different platform-specific features and missing information. Moreover, input files are often compressed or protected from any kind of analysis (up to 80% of malware samples). Therefore, accurate preprocessing of input files is one of the necessary prerequisites in order to achieve the best results. This paper presents a concept of a generic preprocessing system that consists of a precise signaturebased compiler and packer detector, plugin-based unpacker, and converter into an internal platform-independent file format. This approach has been adopted and tested in an existing retargetable decompiler. According to our experimental results, the proposed retargetable solution is fully competitive with existing platformdependent tools. Keywords—reverse engineering, decompilation, packer detection, unpacking, executable file, Lissom