使用pyinstaller逆向.pyc文件
搭建python环境
1.百度搜索python3.7下载,找到官网下载安装包,运行安装包并配置环境变量。
2.这里一定要安装python3.7版本的,我之前安装python3.5,不能正常使用pyinstalller库。
3.能显示一下界面说明安装成功
安装pyintaller
1.进入scripts脚本目录,执行pipinstallpyinstaller,不过我这里已经下好了。
2.使用archive_viewer.py工具,提取出CM.pyc文件,接着openPYZ-00.pyz压缩包,提取出压缩包中的两个.pyc文件。
#uncompyle6version3.6.0
#Pythonbytecode2.7(62211)
#Decompiledfrom:Python3.7.4(tags/v3.7.4:e09359112e,Jul82019,20:34:20)[MSCv.191664bit(AMD64)]
#Embeddedfilename:b'D:\\\xd7\xca\xc1\xcf\xce\xc4\xbc\xfe\\a\xd1\xd0\xbe\xbf\xb7\xbd\xcf\xf2\xb2\xce\xbf\xbc\xd7\xca\xc1\xcf\\3-\xbc\xc6\xcb\xe3\xbb\xfa\xc8\xa1\xd6\xa4(\xd6\xd8\xb5\xe3)\\\xbf\xf2\xbc\xdc\\volatility\xce\xc4\xbc\xfe\\volatility-master\\vol.py'
#Compiledat:2018-12-0700:22:54
"""
@author:AAronWalters
@license:GNUGeneralPublicLicense2.0
@contact:awalters@4tphi.net
@organization:VolatilityFoundation
"""
importsys
ifsys.version_info<(2,6,0):
sys.stderr.write('Volatilityrequirespythonversion2.6,pleaseupgradeyourpythoninstallation.')
sys.exit(1)
try:
importpsyco
exceptImportError:
pass
ifFalse:
importyara
importtextwrap,volatility.confasconf
config=conf.ConfObject()
importvolatility.constantsasconstants,volatility.registryasregistry,volatility.exceptionsasexceptions,volatility.objasobj,volatility.debugasdebug,volatility.addrspaceasaddrspace,volatility.commandsascommands,volatility.scanasscan
config.add_option('INFO',default=None,action='store_true',cache_invalidator=False,help='Printinformationaboutallregisteredobjects')
deflist_plugins():
result='\n\tSupportedPluginCommands:\n\n'
cmds=registry.get_plugin_classes(commands.Command,lower=True)
profs=registry.get_plugin_classes(obj.Profile)
ifconfig.PROFILE==None:
config.update('PROFILE','WinXPSP2x86')
assertnotconfig.PROFILEnotinprofs,'Invalidprofile'+config.PROFILE+'selected'
profile=profs[config.PROFILE]()
wrongprofile=''
forcmdnameinsorted(cmds):
command=cmds[cmdname]
helpline=command.help()or''
forlineinhelpline.splitlines():
ifline:
helpline=line
break
ifcommand.is_valid_profile(profile):
result+=('\t\t{0:15}\t{1}\n').format(cmdname,helpline)
else:
wrongprofile+=('\t\t{0:15}\t{1}\n').format(cmdname,helpline)
ifwrongprofileandconfig.VERBOSE:
result+='\n\tPluginsrequiringadifferentprofile:\n\n'
result+=wrongprofile
returnresult
defcommand_help(command):
outputs=[]
foritemindir(command):
ifitem.startswith('render_'):
outputs.append(item.split('render_',1)[(-1)])
outputopts='\nModuleOutputOptions:'+('{0}\n').format(('{0}').format(('\n').join([(',').join(oforoinsorted(outputs))])))
result=textwrap.dedent(('\n---------------------------------\nModule{0}\n---------------------------------\n').format(command.__class__.__name__))
returnoutputopts+result+command.help()+'\n\n'
defprint_info():
"""Returnstheresults"""
categories={addrspace.BaseAddressSpace:'AddressSpaces',commands.Command:'Plugins',
obj.Profile:'Profiles',
scan.ScannerCheck:'ScannerChecks'}
forc,ninsorted(categories.items()):
lower=c==commands.Command
plugins=registry.get_plugin_classes(c,lower=lower)
print'\n'
print('{0}').format(n)
print'-'*len(n)
result=[]
max_length=0
forclsname,clsinsorted(plugins.items()):
try:
doc=cls.__doc__.strip().splitlines()[0]
exceptAttributeError:
doc='Nodocs'
result.append((clsname,doc))
max_length=max(len(clsname),max_length)
forname,docinresult:
print('{0:{2}}-{1:15}').format(name,doc,max_length)
defmain():
sys.stderr.write(('VolatilityFoundationVolatilityFramework{0}\n').format(constants.VERSION))
sys.stderr.flush()
debug.setup()
registry.PluginImporter()
registry.register_global_options(config,addrspace.BaseAddressSpace)
registry.register_global_options(config,commands.Command)
ifconfig.INFO:
print_info()
sys.exit(0)
config.parse_options(False)
debug.setup(config.DEBUG)
module=None
cmds=registry.get_plugin_classes(commands.Command,lower=True)
forminconfig.args:
ifmincmds.keys():
module=m
break
ifnotmodule:
config.parse_options()
debug.error('Youmustspecifysomethingtodo(try-h)')
try:
ifmoduleincmds.keys():
command=cmds[module](config)
config.set_help_hook(obj.Curry(command_help,command))
config.parse_options()
ifnotconfig.LOCATION:
debug.error('Pleasespecifyalocation(-l)orfilename(-f)')
command.execute()
exceptexceptions.VolatilityExceptionase:
printe
return
if__name__=='__main__':
config.set_usage(usage='Volatility-Amemoryforensicsanalysisplatform.')
config.add_help_hook(list_plugins)
try:
main()
exceptExceptionasex:
ifconfig.DEBUG:
debug.post_mortem()
else:
raise
exceptKeyboardInterrupt:
print'Interrupted'
#okaydecompilingCM.pyc
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持毛票票。
声明:本文内容来源于网络,版权归原作者所有,内容由互联网用户自发贡献自行上传,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任。如果您发现有涉嫌版权的内容,欢迎发送邮件至:czq8825#qq.com(发邮件时,请将#更换为@)进行举报,并提供相关证据,一经查实,本站将立刻删除涉嫌侵权内容。