A minimal ELF decompiler for x86-64 binaries, written in C++. Extracts a single function, disassembles it with Capstone, and reconstructs pseudo-C.
g++with C++17capstone(sudo pacman -S capstoneon Arch Linux)binutils(forobjdump/readelf)
make./mini-decompiler <elf-binary> [hex-address]hex-address is the virtual address of the function to decompile (default: 0x1119).
Find it with:
objdump -d <binary> | grep "<your_func>:"$ ./mini-decompiler samples/simple_add.bin 0x1119
[Pseudo-C Output]
int func(int a) {
return a + 5;
}
$ ./mini-decompiler samples/simple_mul.bin 0x1119
[Pseudo-C Output]
int func(int a) {
return a + a + a;
}
$ ./mini-decompiler samples/simple_sub.bin 0x1119
[Pseudo-C Output]
int func(int a) {
return a - 3;
}| File | Responsibility |
|---|---|
src/elf_parser.cpp |
Read ELF64 header, locate and extract .text bytes |
src/disassembler.cpp |
Wrap Capstone, decode bytes → Instruction structs |
src/lifter.cpp |
Pattern-match instructions → pseudo-C via register/stack tracking |
src/main.cpp |
Wire everything together, CLI entry point |
Decompilation is fundamentally lossy. Variable names, types, and structure cannot be fully recovered from stripped binaries. This tool is an educational demonstration of instruction lifting and not a production decompiler.