llm-kb
← Back to research
Paper

New pipeline recovers source code from stripped binaries using anchor-based retrieval and LLM reasoning

Researchers propose a method to recover source code from stripped binary functions by combining reverse engineering with anchor-based retrieval and LLM reasoning. The pipeline extracts anchors (strings, constants, external calls) via Ghidra, searches a source code database, and uses an LLM to re-rank candidates. This approach aims to identify exact source functions rather than generating approximate decompiled pseudocode.

0 engagement·1 source·Fri, Jul 10, 2026, 02:22 PM
The paper, titled 'Practical Source Code Recovery from Binary Functions Using Anchor-Based Retrieval and LLM Reasoning,' was published on arXiv on July 10, 2026. The pipeline uses Ghidra for static analysis to extract anchors such as strings, constants, external calls, and available function names. These anchors are used to query an inverted-index search database to retrieve candidate source files. The system then narrows candidates to likely function snippets and re-ranks them using LLM reasoning. The method focuses on identifying the exact source function from a database rather than generating approximate decompiled pseudocode, which could aid in reverse engineering and vulnerability analysis.

Entities

Ghidra(tool)anchor-based retrieval(concept)LLM reasoning(concept)source code recovery(concept)

Related

Tool ReleaseThu, Jul 9, 2026, 09:18 AM

LVRP: Open-source local vulnerability research pipeline uses 14B code LLM for exhaustive source-to-sink analysis

A new open-source tool called LVRP (Local Vulnerability Research Pipeline) uses a 14B code-specialized LLM to exhaustively analyze source code for vulnerabilities. It combines code graph and LLM hybrid architecture to enumerate and validate all source-to-sink paths, scaling from small scripts to large codebases like the Linux Kernel and VSCode.

45 engagement·1 source·github
ProductSun, Jul 12, 2026, 09:17 PM

Capn-hook: coding agent tool to avoid grepping the same mystery twice

Capn-hook is a tool for coding agents that records and indexes grep results so that when a developer encounters the same error or mystery again, the agent can recall the previous investigation. It uses LLMs to summarize and store grep outcomes, saving time by preventing repeated searches.

5 engagement·1 source·hackernews
ProductSun, Jul 12, 2026, 08:46 PM

AI-powered tool that auto-generates and syncs code documentation from code changes

A tool that automatically generates and updates documentation by analyzing code changes, ensuring docs always match the actual codebase. It uses LLMs to detect discrepancies and rewrite documentation, solving the problem of outdated docs for developers.

1 engagement·1 source·reddit
PaperThu, Jul 9, 2026, 11:01 PM

The Patchwork Problem in LLM-Generated Code

A new arXiv paper identifies a structural failure mode in LLM-generated code: individual patches compile and pass tests but break globally due to missing configuration keys, nonexistent imports, or omitted guards. Standard CI toolchains fail to catch these issues, posing a growing risk as LLM coding tools gain adoption.

0 engagement·1 source·arxiv
arXiv
ProductSat, Jul 11, 2026, 06:40 AM

Enola: engineering intelligence layer for AI coding agents

Enola is an open-source engineering intelligence layer that helps AI coding agents understand existing codebases. It answers questions about change impact, dependency reachability, safe module deletion, refactoring priorities, and architecture drift. The tool uses LLMs to analyze code context and provide insights that reduce mistakes from both humans and AI agents.

4 engagement·1 source·reddit