← all repositories
Dryxio/auto-re-agent

An AI agent that decompiles binaries and actually checks its homework

It exists to stop LLMs from confidently hallucinating decompiled C++ by forcing every guess through build tests and binary parity checks.

1.1k stars Python AgentsDomain Apps
auto-re-agent
Collecting fresh signals — velocity needs a few days of history.
collecting data…
star history

What it does

auto-re-agent is an autonomous pipeline that feeds decompiled binary evidence from Ghidra to LLMs acting as reverser and checker roles. It generates candidate C/C++ implementations for specific functions or classes, then subjects them to an objective structural verifier, project-specific build and test commands, and eleven heuristic parity signals that compare the candidate against assembly, control-flow graphs, and normalized P-code. The tool stops short of patching your source tree automatically; instead it produces validated overlay candidates and a knowledge graph of evidence.

The interesting bit

The unusual part is the adversarial loop: a reverser model proposes code, a checker model critiques it, and the system can spawn bounded “investigations” to gather more evidence from the binary when the two disagree. Rather than treating an LLM’s output as ground truth, the tool treats it as a hypothesis that must survive compilation, tests, and a conservative parity gate that can block acceptance on RED signals like stub markers or assembly-size mismatches.

Key highlights

  • Dual-model architecture with separate reverser and checker LLM roles, optionally using different providers (e.g., Claude for reversal, Codex for critique).
  • Evidence gathering from Ghidra including decompilation, cross-references, structs, vtables, normalized high P-code, and control-flow graphs.
  • Candidate validation via temporary project copies that run configured build and test commands before acceptance.
  • Eleven built-in parity signals comparing generated source against binary evidence, with configurable RED/YELLOW blocking policies.
  • Session history and a JSON knowledge graph connecting functions, globals, and strings across investigations.

Caveats

  • Conservative verification is the point, not the bug: the tool returns UNKNOWN when evidence is thin and rejects candidates on strong mismatches, and it does not claim to prove semantic equivalence.
  • Overloaded C++ methods that cannot be disambiguated against existing source are rejected outright rather than risk replacing the wrong function body.
  • The built-in parity signal set is fixed in 0.2.0; you can adjust thresholds and add semantic rules, but not disable individual signals.

Verdict

Worth a look if you are reverse engineering large C/C++ binaries and want an autonomous assistant that treats LLM output as suspect. Skip it if you need guaranteed semantic equivalence or a one-click decompiler that patches your codebase automatically.

Frequently asked

What is Dryxio/auto-re-agent?
It exists to stop LLMs from confidently hallucinating decompiled C++ by forcing every guess through build tests and binary parity checks.
Is auto-re-agent open source?
Yes — Dryxio/auto-re-agent is open source, released under the MIT license.
What language is auto-re-agent written in?
Dryxio/auto-re-agent is primarily written in Python.
How popular is auto-re-agent?
Dryxio/auto-re-agent has 1.1k stars on GitHub.
Where can I find auto-re-agent?
Dryxio/auto-re-agent is on GitHub at https://github.com/Dryxio/auto-re-agent.

heatdrop uses Google Analytics to see which pages get read — nothing else. Your call. How we handle data.