python打包的exe反编译_python2 反编译pyinstaller打包的可执行exe文件

先上个链接，基于python3的反编译python打包的exe文件的教程

?https://blog.csdn.net/weixin_46847476/article/details/105358131

故事开始于pyinstxtractor.py?反编译query.exe文件后不会直接生成query.py文件，是没有扩展名的query文件，需要根据struct文件修改query文件，具体是往query文件里添加若干个16进制字符串，此例是16个hex。

C:\Users\netmanager\Desktop\python_test>dir

驱动器 C 中的卷没有标签。

卷的序列号是 1556-183E

C:\Users\netmanager\Desktop\python_test 的目录

2020-10-07 20:52

2020-10-07 20:52

2020-10-07 20:40 0 mod_hex_py2.py

2020-10-07 12:26 1,467 query

2020-10-07 20:52 0 query.py

2020-10-07 12:26 1,467 query.pyc

2020-10-07 12:26 234 struct

5 个文件 3,168 字节

2 个目录 56,282,697,728 可用字节

C:\Users\netmanager\Desktop\python_test>dir

驱动器 C 中的卷没有标签。

卷的序列号是 1556-183E

C:\Users\netmanager\Desktop\python_test 的目录

2020-10-07 21:21

2020-10-07 21:21

2020-10-07 21:21 941 mod_hex_py2.py

2020-10-07 12:26 1,467 query

2020-10-07 20:52 0 query.py

2020-10-07 12:26 1,467 query.pyc

2020-10-07 21:21 1,475 query2.pyc

2020-10-07 12:26 234 struct

6 个文件 5,584 字节

2 个目录 56,280,313,856 可用字节

C:\Users\netmanager\Desktop\python_test>uncompyle6 -o . query2.pyc

query2.pyc --

# Successfully decompiled file

C:\Users\netmanager\Desktop\python_test>dir

驱动器 C 中的卷没有标签。

卷的序列号是 1556-183E

C:\Users\netmanager\Desktop\python_test 的目录

2020-10-07 21:23

2020-10-07 21:23

2020-10-07 21:21 941 mod_hex_py2.py

2020-10-07 12:26 1,467 query

2020-10-07 20:52 0 query.py

2020-10-07 12:26 1,467 query.pyc

2020-10-07 21:23 1,401 query2.py

2020-10-07 21:21 1,475 query2.pyc

2020-10-07 12:26 234 struct

7 个文件 6,985 字节

2 个目录 56,280,096,768 可用字节

C:\Users\netmanager\Desktop\python_test>dir

驱动器 C 中的卷没有标签。

卷的序列号是 1556-183E

C:\Users\netmanager\Desktop\python_test 的目录

2020-10-07 21:37

2020-10-07 21:37

2020-10-07 21:37 1,028 mod_hex_py2.py

2020-10-07 12:26 1,467 query

2020-10-07 20:52 0 query.py

2020-10-07 12:26 1,467 query.pyc

2020-10-07 21:23 1,401 query2.py

2020-10-07 21:21 1,475 query2.pyc

2020-10-07 21:37 1,475 query3.pyc

2020-10-07 12:26 234 struct

8 个文件 8,547 字节

2 个目录 56,278,953,984 可用字节

C:\Users\netmanager\Desktop\python_test>uncompyle6 query3.pyc

# uncompyle6 version 3.7.4

# Python bytecode 2.7 (62211)

# Decompiled from: Python 2.7.18 (v2.7.18:8d21aa21f2, Apr 20 2020, 13:19:08) [MSC v.1500 32 bit (Intel)]

# Embedded file name: query.py

# Compiled at: 1995-09-28 00:18:56

import wmi, os

f = os.popen('systeminfo | findstr \xcf\xb5\xcd\xb3\xd0\xcd\xba\xc5')

print f.read()

f.close()

def sys_version():

c = wmi.WMI()

print '\nOS:'

for sys in c.Win32_OperatingSystem():

print sys.Caption, sys.BuildNumber, sys.OSArchitecture, sys.CSName, sys.RegisteredUser,

print '\nCPU:'

for processor in c.Win32_Processor():

print processor.Name.strip()

print '\nMemory:'

for Memory in c.Win32_PhysicalMemory():

print int(Memory.Capacity) // 1073741824, 'GB'

print '\nDISK:'

for physical_disk in c.Win32_DiskDrive():

if physical_disk.Size:

print '\t' + str(physical_disk.Caption) + ' :\t' + str(long(physical_disk.Size) // 1000000000) + 'GB'

print '\nIP:'

for interface in c.Win32_NetworkAdapterConfiguration(IPEnabled=1):

print 'MAC: %s' % interface.MACAddress

for ip_address in interface.IPAddress:

print '\tIP: %s' % ip_address

print '\nBIOS:'

bios = c.Win32_BIOS()[0]

print bios.Version

print bios.Manufacturer

print bios.ReleaseDate

sys_version()

rawinput_a = raw_input('\xc7\xeb\xb9\xd8\xb1\xd5\xb3\xcc\xd0\xf2')

# okay decompiling query3.pyc

C:\Users\netmanager\Desktop\python_test>

?上面是命令提示符cmd操作过程

下面是给query文件头部加上struct文件的前16个16进制字符串的代码，用于python2,

python3的开头的链接里有。

# -*- coding: cp936 -*-

'''python v2.7

print binascii.hexlify.__doc__

b2a_hex(data) -> s; Hexadecimal representation of binary data.

---

print binascii.unhexlify.__doc__

a2b_hex(hexstr) -> s; Binary data of hexadecimal representation.

hexstr must contain an even number of hex digits (upper or lower case).

'''

import binascii

file = 'query'

with open(file,'rb') as f:

content = f.read()

a = binascii.hexlify(content)

print 'query文件的前30个HEX字符串'

print a[:30]

print '*'*30

file1 = 'struct'

with open(file1,'rb') as f1:

content1 = f1.read()

b = binascii.hexlify(content1)

print 'struct文件的前30个HEX字符串'

print b[:30]

prefix_part = binascii.unhexlify(b[:16])

#经比较,pyinstxtractor.py反编译后的"query"文件少了16个HEX字符

f2 = open('query3.pyc','wb')

f2.write(prefix_part) # 加上"struct"文件的前16个HEX字符对应的头部文件binary data

f2.write(content) # 把query文件写入query3.pyc

f2.close()

f.close()

f1.close()

raw_input_a = raw_input('完成头部文件添加,在当前目录查找query3.pyc')

?