This work addresses the trade-off in binary indirect call resolution, where static analysis achieves high recall but low precision, while machine learning methods offer high precision yet limited coverage. To reconcile this, the authors propose a multi-layer hybrid framework that significantly improves precision without sacrificing recall. The approach innovatively integrates conservative value-set analysis (BPA), a learning-driven soft signature scorer (iScoreGen), and a memory-aware selective interprocedural backward analysis (iScoreRefine), enabling configurable precision-recall trade-offs. Experimental evaluation on SPEC CPU2006 and real-world binaries shows that iScoreGen alone reduces incorrect targets by 19.2% on average, and when combined with iScoreRefine, achieves a 44.3% reduction while maintaining a high recall of 97.8%, substantially outperforming current state-of-the-art techniques.

Indirect call resolution remains a key challenge in reverse engineering and control-flow graph recovery, especially for stripped or optimized binaries. Static analysis is sound but often over-approximates, producing many false positives, whereas machine-learning approaches can improve precision but may sacrifice completeness and generalization. We present iResolveX, a hybrid multi-layered framework that combines conservative static analysis with learning-based refinement. The first layer applies a conservative value-set analysis (BPA) to ensure high recall. The second layer adds a learning-based soft-signature scorer (iScoreGen) and selective inter-procedural backward analysis with memory inspection (iScoreRefine) to reduce false positives. The final output, p-IndirectCFG, annotates indirect edges with confidence scores, enabling downstream analyses to choose appropriate precision--recall trade-offs. Across SPEC CPU2006 and real-world binaries, iScoreGen reduces predicted targets by 19.2% on average while maintaining BPA-level recall (98.2%). Combined with iScoreRefine, the total reduction reaches 44.3% over BPA with 97.8% recall (a 0.4% drop). iResolveX supports both conservative, recall-preserving and F1-optimized configurations and outperforms state-of-the-art systems.