Как декомпилировать exe python

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

A helper script for unpacking and decompiling EXEs compiled from python code.

License

WithSecureLabs/python-exe-unpacker

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Читайте также:  Forum garena showthread php

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

Git stats

Files

Failed to load latest commit information.

README.md

A script that helps researcher to unpack and decompile executable written in python. However, right now this only supports executable created with py2exe and pyinstaller.

This script glues together several tools available to the community. Hopefully, this can help people in their daily job. Several YARA rules are available to determine if the executable is written in python (This script also confirms if the executable is created with either py2exe or pyinstaller).

  • Python 2.7 or later.
  • Install all the dependency needed:
    pip2 install —user -r requirements.txt
    or if you fancy to have your dependency installed with root permission
    sudo pip2 install -r requirements.txt
  • python python_exe_unpack.py -i [malware.exe]
    • pyinstaller
      • A folder will be created with the original filename concatenated with «_extracted». For example: «malware.exe_extracted».
      • The main python file that contains the logic will usually be the file without any extension (In the folder that concatenated with «_extracted»). In the following example, «hello» is the one that contains the main python logic:
        -rw-rw-r— 1 testuser testuser 70K Nov 14 13:08 bz2.pyd
        -rw-rw-r— 1 testuser testuser 993K Nov 14 13:08 _hashlib.pyd
        -rw-rw-r— 1 testuser testuser 111 Nov 14 13:08 hello
        -rw-rw-r— 1 testuser testuser 1009 Nov 14 13:08 hello.exe.manifest
        -rw-rw-r— 1 testuser testuser 1.1K Nov 14 13:08 Microsoft.VC90.CRT.manifest
        -rw-rw-r— 1 testuser testuser 220K Nov 14 13:08 msvcm90.dll
        -rw-rw-r— 1 testuser testuser 557K Nov 14 13:08 msvcp90.dll
        -rw-rw-r— 1 testuser testuser 638K Nov 14 13:08 msvcr90.dll
        -rw-rw-r— 1 testuser testuser 628K Nov 14 13:08 out00-PYZ.pyz
        drwxrwxr-x 2 testuser testuser 12K Nov 14 13:08 out00-PYZ.pyz_extracted
        -rw-rw-r— 1 testuser testuser 5.2K Nov 14 13:08 pyiboot01_bootstrap
        -rw-rw-r— 1 testuser testuser 2.5K Nov 14 13:08 pyimod01_os_path
        -rw-rw-r— 1 testuser testuser 12K Nov 14 13:08 pyimod02_archive
        -rw-rw-r— 1 testuser testuser 22K Nov 14 13:08 pyimod03_importers
        -rw-rw-r— 1 testuser testuser 0 Nov 14 13:08 pyi-windows-manifest-filename hello.exe.manifest
        -rw-rw-r— 1 testuser testuser 2.6M Nov 14 13:08 python27.dll
        -rw-rw-r— 1 testuser testuser 10K Nov 14 13:08 select.pyd
        -rw-rw-r— 1 testuser testuser 234 Nov 14 13:08 struct
        -rw-rw-r— 1 testuser testuser 671K Nov 14 13:08 unicodedata.pyd
      • pyinstaller has an option that can encrypt python bytecode. This script will try to decrypt it and decompile the decrypted code.
      • The result of unpacking and decompiling will be located in folder «unpacked» or the location you specify.
      • If error like this shows «Error in unpacking the exe. Probably due to version incompability (exe created using python 2 and run this script with python 3)», try setting your python to a different version than the one you are using. Eg: «alias python=python2» or «alias python=python3»
      • In the above example, sometimes the python file that contains the main logic will not be in the format that uncompyle6 accept (Missing python magic numbers). The above command will prepend magic numbers and decompile it (If magic number is already preprended it will not add it and just proceed with decompiling).
      • Extreme Coders for their pyinstxtractor.py script to help unpack pyinstaller executable.
      • Extreme Coders for their instruction on how to decrypt encrypted python byte code: https://0xec.blogspot.sg/2017/02/extracting-encrypted-pyinstaller.html
      • unpy2exe
      • uncompyle6

      About

      A helper script for unpacking and decompiling EXEs compiled from python code.

      Источник

      pydumpck 1.16.0

      pydumpck is a multi-threads tool for decompile exe,elf,pyz,pyc packed by python which is base on pycdc and uncompyle6.sometimes its py-file result not exactly right ,maybe could use uncompyle6.

      Ссылки проекта

      Статистика

      Метаданные

      Лицензия: Apache Software License (MIT Licence)

      Метки pydumpck, decomplier, pe, elf, pyc, pyz

      Требует: Python >=3.7,

      Сопровождающие

      Классификаторы

      Описание проекта

      What?

      pydumpck is a multi-threads tool for decompile exe,elf,pyz,pyc packed by python which is base on pycdc and uncompyle6 .sometimes its py-file result not exactly right ,maybe could use uncompyle6.

      Install

      Usage

      usage: pydumpck   OUTPUT_DIRECTORY  THREAD  TIMEOUT  TIMEOUT_SESSION  TARGET_FILE_TYPE   .    .      .   is a multi-threads tool  decompile exe,elf,pyz,pyc packed by python which is base on pycdc and uncompyle6.sometimes its py-file result not exactly right ,maybe could use uncompyle6. positional arguments:  target_file file to extract or decompiler,combine with -y    -h, --help show this  message and  -o OUTPUT_DIRECTORY, --output OUTPUT_DIRECTORY  output archive file to  output_2938294 -w THREAD, --thread THREAD  thread count  running   cpu-count *  -t TIMEOUT, --timeout TIMEOUT  timeout running single decompiler   --session-timeout TIMEOUT_SESSION  timeout running total task   -y TARGET_FILE_TYPE, --type TARGET_FILE_TYPE  file-type of input file,can use pe,exe,elf,pyc,pyz  None : auto guess -d  .  --decompile_file  .  only decompile referred file  quick   None --header  .  specify pyc header hex-string  None not  , pydumpck will use struct.pyc     pycdc

      pydumpck xxx.exe -p uncompyle6

      pydumpck xxx.exe -p pycdc uncompyle6

      pydumpck xxx.exe -d main for only target main.py

      pydumpck xxx.exe -d main lib_base64 secert for targets main.py and lib_base64.py and secert.py

      Demo

      Notice

      pycdc speed is more than 10 times faster than uncompyle6 , and uncompyle6 is not support for python that version above 3.8.

      however pycdc sometimes return a not precisely right result.

      in pydumpck , you can use —plugin uncompyle6 for single-use or —plugin pycdc uncompyle6 for both-use.

      Источник

      Saved searches

      Use saved searches to filter your results more quickly

      You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

      Decompiles Exe’s That Were Compiled Using Pyinstaller

      ItsMerkz/Python-Exe-Decompiler

      This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

      Name already in use

      A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

      Sign In Required

      Please sign in to use Codespaces.

      Launching GitHub Desktop

      If nothing happens, download GitHub Desktop and try again.

      Launching GitHub Desktop

      If nothing happens, download GitHub Desktop and try again.

      Launching Xcode

      If nothing happens, download Xcode and try again.

      Launching Visual Studio Code

      Your codespace will open once ready.

      There was a problem preparing your codespace, please try again.

      Latest commit

      Git stats

      Files

      Failed to load latest commit information.

      README.md

      Python Modules Needed os, struct, marshal, zlib, sys Python Module Installation

      pip install os pip install struct pip install marshal pip install zlib pip install sys
      Windows Usage python decompile.py (file name)
      Linux Usage python3 decompile.py (file name)

      The Decompiler File Must Be In The Same Folder As The Exe Your Trying To Decompile Also Please Make Sure To Dm Me On Discord If You Have Any Problems Using This Haribo#1337

      About

      Decompiles Exe’s That Were Compiled Using Pyinstaller

      Источник

Оцените статью