LLM4CodeRE: Generative AI for Code Decompilation Analysis and Reverse Engineering
This addresses a domain-specific problem for malware analysts by improving reverse engineering of obfuscated code, though it is incremental as it builds on existing LLM methods.
The paper tackles the challenge of code decompilation analysis in malware reverse engineering by proposing LLM4CodeRE, a domain-adaptive LLM framework that supports bidirectional code translation, and it outperforms existing tools and models with robust generalization.
Code decompilation analysis is a fundamental yet challenging task in malware reverse engineering, particularly due to the pervasive use of sophisticated obfuscation techniques. Although recent large language models (LLMs) have shown promise in translating low-level representations into high-level source code, most existing approaches rely on generic code pretraining and lack adaptation to malicious software. We propose LLM4CodeRE, a domain-adaptive LLM framework for bidirectional code reverse engineering that supports both assembly-to-source decompilation and source-to-assembly translation within a unified model. To enable effective task adaptation, we introduce two complementary fine-tuning strategies: (i) a Multi-Adapter approach for task-specific syntactic and semantic alignment, and (ii) a Seq2Seq Unified approach using task-conditioned prefixes to enforce end-to-end generation constraints. Experimental results demonstrate that LLM4CodeRE outperforms existing decompilation tools and general-purpose code models, achieving robust bidirectional generalization.