winget install --id=dEXE.dEXE -e dEXE accepts x86_64 ELF and PE binaries, disassembles them, lifts the assembly to an SSA-inspired intermediate representation, reconstructs control flow basic blocks, and outputs valid, compilable C99 source code.
An agentic x86_64 ELF/PE binary decompiler that converts machine instructions into functional C99 code.
dEXE accepts x86_64 ELF and PE binaries, disassembles them, lifts the assembly to an SSA-inspired intermediate representation, reconstructs control flow basic blocks, and outputs valid, compilable C99 source code.
object crate.goto topologies and local register variables.dEXE is constructed with modular separation of concerns:
frontend: Parses the target binary, locates the .text section, and disassembles instructions.cfg: Identifies Basic Blocks and constructs the Control Flow Graph.ir: Parses operand variants, maps instructions to IR Opcodes, and manages register versions.backend: Formats registers and stack access, then emits C99 structure with helper definitions.cargo install dexe
git clone https://github.com/turtle170/dEXE.git
cd dEXE
cargo build --release
# Decompile a binary and output the C source
dexe -i -o
# Output with detailed logging
RUST_LOG=info dexe -i test.exe -o test.c
Options:
-i, --input Path to the input binary (x86_64 ELF or PE)
-o, --output Path to write the decompiled C99 source file
-h, --help Print help
-V, --version Print version
dEXE has been verified against a variety of test fixtures including optimized Rust binaries containing complex features such as recursive Ackerman computations, bitwise chaotic LCGs, and Collatz conjecturing nested loops. A generated C output includes standard stack simulation:
BLOCK_0x140001120:
{
rsp = rsp - 0x48ULL;
*(uint64_t*)((uintptr_t)rsp + 0x38) = rcx;
rflags = ((uint64_t)(rcx) == (uint64_t)(0x1ULL)) | ...
if ((rflags & 1) || (rflags & 2)) goto BLOCK_0x140001148;
}
This project is licensed under the Apache License 2.0. See the LICENSE file for details.