使用pyinstaller逆向.pyc文件

Python  /  管理员 发布于 5年前   548

搭建python环境

1.百度搜索python3.7下载，找到官网下载安装包，运行安装包并配置环境变量。

2.这里一定要安装python3.7版本的，我之前安装python3.5，不能正常使用pyinstalller库。

3.能显示一下界面说明安装成功

安装pyintaller

1.进入scripts脚本目录，执行pip install pyinstaller，不过我这里已经下好了。

2.使用archive_viewer.py工具，提取出CM.pyc文件，接着open PYZ-00.pyz压缩包，提取出压缩包中的两个.pyc文件。

3.编辑三个.pyc文件，就是PyInstaller在打包.pyc时，会把.pyc的magic和时间戳去掉，所以需要手工修复，在文件的头部插入03 F3 0D 0A 74 a7cf 5c。

4.用pip install uncompyle6命令语句， 下载uncompyle6 工具，接着反汇编

CM.py代码如下：

# uncompyle6 version 3.6.0# Python bytecode 2.7 (62211)# Decompiled from: Python 3.7.4 (tags/v3.7.4:e09359112e, Jul 8 2019, 20:34:20) [MSC v.1916 64 bit (AMD64)]# Embedded file name: b'D:\\\xd7\xca\xc1\xcf\xce\xc4\xbc\xfe\\a\xd1\xd0\xbe\xbf\xb7\xbd\xcf\xf2\xb2\xce\xbf\xbc\xd7\xca\xc1\xcf\\3-\xbc\xc6\xcb\xe3\xbb\xfa\xc8\xa1\xd6\xa4(\xd6\xd8\xb5\xe3)\\\xbf\xf2\xbc\xdc\\volatility\xce\xc4\xbc\xfe\\volatility-master\\vol.py'# Compiled at: 2018-12-07 00:22:54"""@author:    AAron Walters@license:   GNU General Public License 2.0@contact:   [email protected]@organization: Volatility Foundation"""import sysif sys.version_info < (2, 6, 0):  sys.stderr.write('Volatility requires python version 2.6, please upgrade your python installation.')  sys.exit(1)try:  import psycoexcept ImportError:  passif False:  import yaraimport textwrap, volatility.conf as confconfig = conf.ConfObject()import volatility.constants as constants, volatility.registry as registry, volatility.exceptions as exceptions, volatility.obj as obj, volatility.debug as debug, volatility.addrspace as addrspace, volatility.commands as commands, volatility.scan as scanconfig.add_option('INFO', default=None, action='store_true', cache_invalidator=False, help='Print information about all registered objects')def list_plugins():  result = '\n\tSupported Plugin Commands:\n\n'  cmds = registry.get_plugin_classes(commands.Command, lower=True)  profs = registry.get_plugin_classes(obj.Profile)  if config.PROFILE == None:    config.update('PROFILE', 'WinXPSP2x86')  assert not config.PROFILE not in profs, 'Invalid profile ' + config.PROFILE + ' selected'  profile = profs[config.PROFILE]()  wrongprofile = ''  for cmdname in sorted(cmds):    command = cmds[cmdname]    helpline = command.help() or ''    for line in helpline.splitlines():      if line:        helpline = line        break    if command.is_valid_profile(profile):      result += ('\t\t{0:15}\t{1}\n').format(cmdname, helpline)    else:      wrongprofile += ('\t\t{0:15}\t{1}\n').format(cmdname, helpline)  if wrongprofile and config.VERBOSE:    result += '\n\tPlugins requiring a different profile:\n\n'    result += wrongprofile  return resultdef command_help(command):  outputs = []  for item in dir(command):    if item.startswith('render_'):      outputs.append(item.split('render_', 1)[(-1)])  outputopts = '\nModule Output Options: ' + ('{0}\n').format(('{0}').format(('\n').join([(', ').join(o for o in sorted(outputs))])))  result = textwrap.dedent(('\n  ---------------------------------\n  Module {0}\n  ---------------------------------\n').format(command.__class__.__name__))  return outputopts + result + command.help() + '\n\n'def print_info():  """ Returns the results """  categories = {addrspace.BaseAddressSpace: 'Address Spaces', commands.Command: 'Plugins',     obj.Profile: 'Profiles',     scan.ScannerCheck: 'Scanner Checks'}  for c, n in sorted(categories.items()):    lower = c == commands.Command    plugins = registry.get_plugin_classes(c, lower=lower)    print '\n'    print ('{0}').format(n)    print '-' * len(n)    result = []    max_length = 0    for clsname, cls in sorted(plugins.items()):      try:        doc = cls.__doc__.strip().splitlines()[0]      except AttributeError:        doc = 'No docs'      result.append((clsname, doc))      max_length = max(len(clsname), max_length)    for name, doc in result:      print ('{0:{2}} - {1:15}').format(name, doc, max_length)def main():  sys.stderr.write(('Volatility Foundation Volatility Framework {0}\n').format(constants.VERSION))  sys.stderr.flush()  debug.setup()  registry.PluginImporter()  registry.register_global_options(config, addrspace.BaseAddressSpace)  registry.register_global_options(config, commands.Command)  if config.INFO:    print_info()    sys.exit(0)  config.parse_options(False)  debug.setup(config.DEBUG)  module = None  cmds = registry.get_plugin_classes(commands.Command, lower=True)  for m in config.args:    if m in cmds.keys():      module = m      break  if not module:    config.parse_options()    debug.error('You must specify something to do (try -h)')  try:    if module in cmds.keys():      command = cmds[module](config)      config.set_help_hook(obj.Curry(command_help, command))      config.parse_options()      if not config.LOCATION:        debug.error('Please specify a location (-l) or filename (-f)')      command.execute()  except exceptions.VolatilityException as e:    print e  returnif __name__ == '__main__':  config.set_usage(usage='Volatility - A memory forensics analysis platform.')  config.add_help_hook(list_plugins)  try:    main()  except Exception as ex:    if config.DEBUG:      debug.post_mortem()    else:      raise  except KeyboardInterrupt:    print 'Interrupted'# okay decompiling CM.pyc

以上就是本文的全部内容，希望对大家的学习有所帮助，也希望大家多多支持。