| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 |
- import os
- import sys,re
- import pyinstxtractor
- exe_file=r"D:/xx.exe"
- sys.argv = ['pyinstxtractor', exe_file]
- pyinstxtractor.main()
- # 2. 预处理pyc文件修护校验头
- def find_main(pyc_dir):
- for pyc_file in os.listdir(pyc_dir):
- if not pyc_file.startswith("pyi-") and pyc_file.endswith("manifest"):
- main_file = pyc_file.replace(".exe.manifest", "")
- result = f"{pyc_dir}/{main_file}"
- if os.path.exists(result):
- return main_file
- pyc_dir = os.path.basename(exe_file)+"_extracted"
- main_file = find_main(pyc_dir)
- main_file
- # 读取从pyz目录抽取的pyc文件的前4个字节作基准:
- pyz_dir = f"{pyc_dir}/PYZ-00.pyz_extracted"
- for pyc_file in os.listdir(pyz_dir):
- if pyc_file.endswith(".pyc"):
- file = f"{pyz_dir}/{pyc_file}"
- break
- with open(file, "rb") as f:
- head = f.read(4)
- list(map(hex, head))
- # ['0x42', '0xd', '0xd', '0xa']
- # 校准入口类:
- import shutil
- if os.path.exists("pycfile_tmp"):
- shutil.rmtree("pycfile_tmp")
- os.mkdir("pycfile_tmp")
- main_file_result = f"pycfile_tmp/{main_file}.pyc"
- with open(f"{pyc_dir}/{main_file}", "rb") as read, open(main_file_result, "wb") as write:
- write.write(head)
- write.write(b"\0"*12)
- write.write(read.read())
- # 校准子类:
- pyz_dir = f"{pyc_dir}/PYZ-00.pyz_extracted"
- for pyc_file in os.listdir(pyz_dir):
- pyc_file_src = f"{pyz_dir}/{pyc_file}"
- pyc_file_dest = f"pycfile_tmp/{pyc_file}"
- print(pyc_file_src, pyc_file_dest)
- with open(pyc_file_src, "rb") as read, open(pyc_file_dest, "wb") as write:
- write.write(read.read(12))
- write.write(b"\0"*4)
- write.write(read.read())
- # 3. 开始反编译
- from uncompyle6.bin import uncompile
- if not os.path.exists("py_result"):
- os.mkdir("py_result")
- for pyc_file in os.listdir("pycfile_tmp"):
- sys.argv = ['uncompyle6', '-o',
- f'py_result/{pyc_file[:-1]}', f'pycfile_tmp/{pyc_file}']
- uncompile.main_bin()
|
