retdec

RetDec is a decompiler created by Avast, the security company. A decompiler takes a compiled program binary and attempts to convert it back into readable source code. Compiled programs are the files you actually run on your computer, but the human-readable code the developer originally wrote has been translated into machine instructions and is not directly readable. RetDec reverses that process, producing C code or a Python-like language as output.

The tool is described as retargetable, meaning it is not built for a single type of processor or operating system. It handles compiled files for Intel x86 and x86-64 processors, ARM and ARM64, MIPS, PowerPC, and PIC32. On the file format side it reads ELF files (common on Linux), PE files (Windows), Mach-O (macOS), COFF, archive files, and raw machine code. It runs on Windows, Linux, and macOS, and requires about 5 to 6 gigabytes of free disk space after installation.

Beyond converting code to something readable, RetDec also performs static analysis of the binary before decompiling. This includes detecting which compiler or packer was used to create the file, extracting debugging symbols if present, identifying chunks of code that came from statically linked libraries so they can be stripped out of the output, and reconstructing C++ class structures from metadata left in the binary. The output can include call graphs showing which functions call which others, and control-flow graphs mapping the paths through individual functions.

The project is built on LLVM, a widely used compiler infrastructure. Its components can also be used as libraries inside other C++ projects through a standard CMake integration pattern.

RetDec is currently in limited maintenance mode. Pull requests are welcomed and reviewed, but new feature development is minimal and reported issues may take up to a quarter to receive a response. The README attributes this to a lack of resources at Avast.