Warning

The RetDec project is currently in a limited maintenance mode due to a lack of resources:

• Pull Requests are welcomed. They are reviewed with priority, if possible without delays.
• Issues are reacted on with delays up to one quarter. Issues are not actively solved unless they relate to a basic project maintenance.
• The basic project maintenance continues.
• Only a very limited development is carried on.

RetDec

RetDec is a retargetable machine-code decompiler based on LLVM.

The decompiler is not limited to any particular target architecture, operating system, or executable file format:

• Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code
• Supported architectures:
  • 32-bit: Intel x86, ARM, MIPS, PIC32, and PowerPC
  • 64-bit: x86-64, ARM64 (AArch64)

Features:

• Static analysis of executable files with detailed information.
• Compiler and packer detection.
• Loading and instruction decoding.
• Signature-based removal of statically linked library code.
• Extraction and utilization of debugging information (DWARF, PDB).
• Reconstruction of instruction idioms.
• Detection and reconstruction of C++ class hierarchies (RTTI, vtables).
• Demangling of symbols from C++ binaries (GCC, MSVC, Borland).
• Reconstruction of functions, types, and high-level constructs.
• Integrated disassembler.
• Output in two high-level languages: C and a Python-like language.
• Generation of call graphs, control-flow graphs, and various statistics.

For more information, check out our

• Wiki (in progress)
• Botconf 2017 talk: slides, video
• REcon Montreal 2018 talk: slides
• Publications

Recent Updates (2025)

RetDec has received significant modernization improvements:

• 🚀 CI/CD Modernization: Build caching (50-70% faster), modern tooling (Clang 18), CTest integration
• 📦 Updated Dependencies: YARA 4.5.5, Capstone 5.0.6 with ARM64 fixes
• 📚 Enhanced Type Libraries: Modernized with +158% more Linux functions, complete OpenSSL API coverage
• 🔍 Improved Detection: Updated YARA signatures (+37% coverage) for modern malware and compilers
• ✅ Full Test Coverage: 3,237 unit tests passing, comprehensive validation

See CHANGELOG.md for detailed release notes.

Table of Contents

• Quick Start
• For Users
  • Installation
  • Use
  • Docker
  • Nightly Builds
• For Developers
  • Build and Installation
  • Testing
  • Troubleshooting
  • Use of RetDec Libraries
• Resources
  • Project Documentation
  • Related Repositories
• License
• Contributing
• Acknowledgements

Quick Start

RetDec transforms compiled binary executables into readable C-like source code, making it easier to understand what a program does without access to the original source.

Try It in 3 Steps

1. Download a pre-built package for your platform from the latest release

2. Extract the package to a directory of your choice

3. Run the decompiler on any binary file:

   # Linux/macOS
   $RETDEC_INSTALL_DIR/bin/retdec-decompiler /path/to/binary
   
   # Windows
   %RETDEC_INSTALL_DIR%\bin\retdec-decompiler.exe C:\path\to\binary.exe

The decompiler will generate a .c file with the decompiled source code in the same directory as your input binary.

What Can I Decompile?

RetDec works with:

• Executable files: Windows PE, Linux ELF, macOS Mach-O
• Object files and archives
• Firmware and embedded binaries
• Raw machine code dumps

Need More Details?

• See the Use section for platform-specific instructions
• Check the Installation section for system requirements
• Visit our Wiki for advanced usage examples
• Try the Docker image for a containerized experience

---

For Users

This section covers installation and usage of RetDec for end users who want to decompile binaries.

Installation

RetDec can be installed in two ways:

1. Pre-built packages (recommended for users): Download and unpack a pre-built stable or bleeding-edge package and follow the usage instructions below.

2. Build from source (for developers): See the Build and Installation section in the "For Developers" section below.

System Requirements

• Supported platforms: Windows (7 or later), Linux, macOS, and (experimentally) FreeBSD
• Disk space: Approximately 5 to 6 GB of free disk space for an installed version

Use

After installing RetDec, follow the platform-specific instructions below to decompile binaries.

Note: Please ensure that you are reading instructions corresponding to the used RetDec version. If unsure, refer to the retdec/share/retdec/README.md file in your installation.

Windows

1. After installing RetDec, install Microsoft Visual C++ Redistributable for Visual Studio 2017.

2. Install the following programs:

   • UPX (Optional: if you want to use UPX unpacker in the preprocessing stage)
   • Graphviz (Optional: if you want to generate call or control flow graphs)

3. To decompile a binary file named test.exe, run

   $RETDEC_INSTALL_DIR\bin\retdec-decompiler.exe test.exe
   

   For more information, run retdec-decompiler.exe with --help.

Linux

1. After installing RetDec, install the following packages via your distribution's package manager:

   • UPX (Optional: if you want to use UPX unpacker in the preprocessing stage)
   • Graphviz (Optional: if you want to generate call or control flow graphs)

2. To decompile a binary file named test.exe, run

   $RETDEC_INSTALL_DIR/bin/retdec-decompiler test.exe
   

   For more information, run retdec-decompiler with --help.

macOS

1. After installing RetDec, install the following packages:

   • UPX (Optional: if you want to use UPX unpacker in the preprocessing stage)
   • Graphviz (Optional: if you want to generate call or control flow graphs)

2. To decompile a binary file named test.exe, run

   $RETDEC_INSTALL_DIR/bin/retdec-decompiler test.exe
   

   For more information, run retdec-decompiler with --help.

FreeBSD (Experimental)

1. There are currently no pre-built "ports" packages for FreeBSD. You will have to build and install the decompiler by yourself. The process is described in the Build and Installation section below.

2. To decompile a binary file named test.exe, run

   $RETDEC_INSTALL_DIR/bin/retdec-decompiler test.exe
   

   For more information, run retdec-decompiler with --help.

Docker

Docker provides a convenient way to run RetDec without installing dependencies on your system. Docker support is maintained by the community.

Run Container

If your uid is not 1000, make sure that the directory containing your input binary files is accessible for RetDec:

chmod 0777 /path/to/local/directory

Now, you can run the decompiler inside a container:

docker run --rm -v /path/to/local/directory:/destination retdec retdec-decompiler /destination/binary

Note: Do not modify the /destination part. You only need to change /path/to/local/directory. Output files will be generated to /path/to/local/directory.

For information on building Docker images yourself, see the Build in Docker section under "For Developers".

Nightly Builds

We generate up-to-date RetDec packages from the latest commit in the master branch using:

• TeamCity servers
• GitHub Actions

These builds are meant for developers, contributors, and testers who want to try the latest features or verify bug fixes. Use at your own risk as regressions are possible. For stable releases, download from the official releases page.

TeamCity Builds

• Windows Server 2016, version 10.0
• Ubuntu Bionic Linux, version 18.04
• Mac OS X, version 10.14.6

GitHub Actions Builds

You can find builds for macOS, Linux and Windows in the latest RetDec CI workflow run.

---

For Developers

This section covers building RetDec from source and using RetDec libraries in your own projects.

Build and Installation

This section describes a local build and installation of RetDec. Instructions for Docker are given in the Build in Docker section.

Requirements

Linux

• A C++ compiler and standard C++ library supporting C++17 (e.g. GCC >= 7)
• CMake (version >= 3.6)
• Git
• OpenSSL (version >= 1.1.1)
• Python (version >= 3.4)
• autotools (autoconf, automake, and libtool)
• pkg-config
• m4
• zlib
• Optional: Doxygen and Graphviz for generating API documentation

On Debian-based distributions (e.g. Ubuntu), the required packages can be installed with apt-get:

sudo apt-get install build-essential cmake git openssl libssl-dev python3 autoconf automake libtool pkg-config m4 zlib1g-dev upx doxygen graphviz

On RPM-based distributions (e.g. Fedora), the required packages can be installed with dnf:

sudo dnf install gcc gcc-c++ cmake make git openssl openssl-devel python3 autoconf automake libtool pkg-config m4 zlib-devel upx doxygen graphviz

On Arch Linux, the required packages can be installed with pacman:

sudo pacman --needed -S base-devel cmake git openssl python3 autoconf automake libtool pkg-config m4 zlib upx doxygen graphviz

Windows

• Microsoft Visual C++ (version >= Visual Studio 2017 version 15.7)
• CMake (version >= 3.6)
• Git
• OpenSSL (version >= 1.1.1)
• Python (version >= 3.4)
• Optional: Doxygen and Graphviz for generating API documentation

macOS

Packages should be preferably installed via Homebrew.

• macOS >= 10.15
• Full Xcode installation (including command-line tools, see #425 and #433)
• CMake (version >= 3.6)
• Git
• OpenSSL (version >= 1.1.1)
• Python (version >= 3.4)
• autotools (autoconf, automake, and libtool)
• Optional: Doxygen and Graphviz for generating API documentation

FreeBSD (Experimental)

Packages should be installed via FreeBSD's pre-compiled package repository using the pkg command or built from scratch using the ports database method.

• Full "pkg" tool instructions: handbook pkg method
  • pkg install cmake python37 git autotools OR
• Full "ports" instructions: handbook ports method
  • portsnap fetch
  • portsnap extract
• For example, cmake would be
  • whereis cmake
  • cd /usr/ports/devel/cmake
  • make install clean

Build Process

Note: Although RetDec supports a system-wide installation (#94), unless you use your distribution's package manager, we recommend installing RetDec locally into a designated directory. This makes uninstallation easier as you only need to remove a single directory. To perform a local installation, run cmake with the -DCMAKE_INSTALL_PREFIX=<path> parameter, where <path> is the directory into which RetDec will be installed (e.g. $HOME/projects/retdec-install on Linux and macOS, and C:\projects\retdec-install on Windows).

• Clone the repository:
  • git clone https://github.com/avast/retdec
• Linux:
  • cd retdec
  • mkdir build && cd build
  • cmake .. -DCMAKE_INSTALL_PREFIX=<path>
  • make -jN (N is the number of processes to use for parallel build, typically number of cores + 1 gives fastest compilation time)
  • make install
• Windows:
  • Open a command prompt (e.g. cmd.exe)
  • cd retdec
  • mkdir build && cd build
  • cmake .. -DCMAKE_INSTALL_PREFIX=<path> -G<generator>
  • cmake --build . --config Release -- -m
  • cmake --build . --config Release --target install
  • Alternatively, you can open retdec.sln generated by cmake in Visual Studio IDE
• macOS:
  • cd retdec
  • mkdir build && cd build
  • cmake .. -DCMAKE_INSTALL_PREFIX=<path>
  • make -jN (N is the number of processes to use for parallel build, typically number of cores + 1 gives fastest compilation time)
  • make install
• FreeBSD:
  • sudo pkg install git cmake
  • git clone https://github.com/avast/retdec
  • cd retdec
  • mkdir build && cd build

  • # FreeBSD (and other BSDs) do need cmake, python3, git, autotools. OpenSSL is pre-installed in the OS but check its version.
    # Later versions may be available for each of the packages.
    # See what is installed:
    sudo pkg info cmake python37 autotools
    # Install/upgrade them:
    sudo pkg install cmake python37 autotools

  • cmake .. -DCMAKE_INSTALL_PREFIX=<path>
  • make -jN (N is the number of processes to use for parallel build, typically number of cores + 1 gives fastest compilation time)
  • make install

You have to pass the following parameters to cmake:

• -DCMAKE_INSTALL_PREFIX=<path> to set the installation path to <path>. Quote the path if you are using backslashes on Windows (e.g. -DCMAKE_INSTALL_PREFIX="C:\retdec").
• (Windows only) -G<generator> is -G"Visual Studio 15 2017" for 32-bit build using Visual Studio 2017, or -G"Visual Studio 15 2017 Win64" for 64-bit build using Visual Studio 2017. Later versions of Visual Studio may be used.

You can pass the following additional parameters to cmake:

• -DRETDEC_DOC=ON to build with API documentation (requires Doxygen and Graphviz, disabled by default).
• -DRETDEC_TESTS=ON to build with tests (disabled by default).
• -DRETDEC_DEV_TOOLS=ON to build with development tools (disabled by default).
• -DRETDEC_COMPILE_YARA=OFF to disable YARA rules compilation at installation step (enabled by default).
• -DCMAKE_BUILD_TYPE=Debug to build with debugging information, which is useful during development. By default, the project is built in the Release mode. This has no effect on Windows, but the same thing can be achieved by running cmake --build . with the --config Debug parameter.
• -D<dep>_LOCAL_DIR=<path> where <dep> is from {CAPSTONE, GOOGLETEST, KEYSTONE, LLVM, YARA, YARAMOD} (e.g. -DCAPSTONE_LOCAL_DIR=<path>), to use the local repository clone at <path> for RetDec dependency instead of downloading a fresh copy at build time. Multiple such options may be used at the same time.
• -DRETDEC_ENABLE_<component>=ON to build only the specified component(s) (multiple such options can be used at once), and its (theirs) dependencies. By default, all the components are built. If at least one component is enabled via this mechanism, all the other components that were not explicitly enabled (and are not needed as dependencies of enabled components) are not built. See cmake/options.cmake for all the available component options.
  • -DRETDEC_ENABLE_ALL=ON can be used to (re-)enable all the components.
  • Alternatively, -DRETDEC_ENABLE=<comma-separated component list> can be used instead of -DRETDEC_ENABLE_<component>=ON (e.g. -DRETDEC_ENABLE=fileformat,loader,ctypesparser is equivalent to -DRETDEC_ENABLE_FILEFORMAT=ON -DRETDEC_ENABLE_LOADER=ON -DRETDEC_ENABLE_CTYPESPARSER=ON).

Testing

RetDec includes a comprehensive test suite with 3,237 unit tests covering all major components.

Building with Tests

To build RetDec with tests enabled:

cmake .. -DCMAKE_INSTALL_PREFIX=<path> -DRETDEC_TESTS=ON
make -jN

Running Tests

RetDec uses CTest for test discovery and execution. After building with tests enabled:

Run all tests:

cd build
ctest --output-on-failure -j16

Run specific test suites:

ctest -R utils              # Run only utils tests
ctest -R bin2llvmir        # Run only bin2llvmir tests
ctest -R llvmir2hll        # Run only llvmir2hll tests

Run tests with verbose output:

ctest -V

Run tests directly (alternative method):

# Individual test executables are located in build/tests/
./tests/utils/retdec-tests-utils
./tests/bin2llvmir/retdec-tests-bin2llvmir
# ... etc

Test Suites

RetDec includes the following test suites:

• retdec-tests-utils (269 tests) - Utility functions
• retdec-tests-bin2llvmir (357 tests) - Binary to LLVM IR translation
• retdec-tests-llvmir2hll (1,888 tests) - LLVM IR to high-level language translation
• retdec-tests-common (145 tests) - Common functionality
• retdec-tests-fileformat (64 tests) - File format parsing
• retdec-tests-loader (65 tests) - Binary loading
• retdec-tests-ctypes (189 tests) - C type system
• retdec-tests-demangler (125 tests) - Symbol demangling
• retdec-integration-tests - End-to-end integration tests

All tests should pass on a properly configured system.

Troubleshooting

Build Issues

Problem: YARA build fails with "autoreconf: not found"

Solution: Install autotools (autoconf, automake, libtool) as described in the Requirements section.

# Ubuntu/Debian
sudo apt-get install autoconf automake libtool pkg-config

# macOS
brew install autoconf automake libtool pkg-config

# FreeBSD
sudo pkg install autotools

Problem: Linker errors with "multiple definition of topval"

Solution: This occurs when both YARA and RetDec's TLSH libraries are linked. This has been fixed in recent versions with linker flags. If you encounter this:

1. Ensure you're using the latest RetDec code
2. Clean your build directory: rm -rf build && mkdir build
3. Rebuild from scratch

Problem: ARM64 compilation errors related to ICC_SEIEN_EL1 or ICH_VSEIR_EL2

Solution: This was fixed for Capstone 5.0.6 compatibility. Update to the latest RetDec code.

Problem: Tests show "No tests were found!!!" when running ctest

Solution: Ensure you built with -DRETDEC_TESTS=ON and that enable_testing() is called in CMakeLists.txt. This has been fixed in recent versions.

Runtime Issues

Problem: Decompilation fails with missing type information

Solution: Ensure RetDec was installed properly with make install. The type databases in support/types/ must be accessible.

Problem: YARA signature compilation errors

Solution: If you see imphash-related errors, note that RetDec's YARA is compiled without OpenSSL (--without-crypto). Some rules requiring cryptographic functions are not compatible and should be removed.

Performance Issues

Problem: Build takes too long

Solutions:

• Use parallel builds: make -j16 (adjust number based on CPU cores)
• If using CI/CD: Build caching is enabled in GitHub Actions workflows
• Consider using pre-built binaries for development

Problem: CI builds are slow

Solution: Recent CI improvements include build caching which reduces build times by 50-70%. Ensure you're using the latest GitHub Actions workflows.

Getting Help

If you encounter issues not covered here:

1. Check the Wiki
2. Search existing issues
3. Open a new issue with:
   • Your OS and version
   • CMake version
   • Full build log
   • Steps to reproduce

Use of RetDec Libraries

You can easily use various RetDec libraries in your projects if they are built with CMake. RetDec installation contains all the necessary headers, libraries, and CMake scripts.

If you installed RetDec into a standard installation location of your system (e.g. /usr, /usr/local), all you need to do in order to use its components is:

find_package(retdec 5.0 REQUIRED
   COMPONENTS
      <component>
      [...]
)
target_link_libraries(your-project
   PUBLIC
      retdec::<component>
      [...]
)

If you did not install RetDec somewhere where it can be automatically discovered, you need to help CMake find it before find_package() is used. There are generally two ways to do it (pick and use only one):

1. Add the RetDec installation directory to CMAKE_PREFIX_PATH:

   list(APPEND CMAKE_PREFIX_PATH ${RETDEC_INSTALL_DIR})

2. Set the path to installed RetDec CMake scripts to retdec_DIR:

   set(retdec_DIR ${RETDEC_INSTALL_DIR}/share/retdec/cmake)

See the Repository Overview wiki page for the list of available RetDec components, or the retdec-build-system-tests for demos on how to use them.

Build in Docker

Docker support is maintained by the community. If something does not work for you or if you have suggestions for improvements, open an issue or PR.

Build Image

Building in Docker does not require installation of the required libraries locally. This is a good option for trying out RetDec without setting up the whole build toolchain.

To build the RetDec Docker image from the master branch:

docker build -t retdec - < Dockerfile

To build the image using the local copy of the repository, use the development Dockerfile:

docker build -t retdec:dev . -f Dockerfile.dev

For running containers, see the Docker section under "For Users".

---

Resources

Project Documentation

See the project documentation for an up-to-date Doxygen-generated software reference corresponding to the latest commit in the master branch.

Related Repositories

• retdec-idaplugin -- Embeds RetDec into IDA (Interactive Disassembler) and makes its use much easier.
• retdec-r2plugin -- Embeds RetDec into Radare2 and makes its use much easier.
• retdec-regression-tests-framework -- A framework for writing and running regression tests for RetDec and related tools. This is a must if you plan to contribute to the RetDec project.
• retdec-regression-tests -- A suite of regression tests for RetDec and related tools.
• retdec-build-system-tests -- A suite of tests for RetDec's build system. This can also serve as a collection of demos on how to use RetDec libraries.
• vim-syntax-retdecdsm -- Vim syntax-highlighting file for the output from the RetDec's disassembler (.dsm files).

License

Copyright (c) 2017 Avast Software, licensed under the MIT license. See the LICENSE file for more details.

RetDec incorporates a modified PeLib library. New modules added by Avast Software are licensed under the MIT license. The original sources are licensed under the following license:

• Copyright (c) 2004 - 2005 Sebastian Porst ([email protected]), licensed under the zlib/libpng License. See the LICENSE-PELIB file for more details.

RetDec uses third-party libraries or other resources listed, along with their licenses, in the LICENSE-THIRD-PARTY file.

Contributing

See RetDec contribution guidelines.

Acknowledgements

This software was supported by the research funding TACR (Technology Agency of the Czech Republic), ALFA Programme No. TA01010667.