这份代码似乎依然在一些 exe 的反编译上有问题

[LittFlower]

当我使用最新版本的 pyinstxtractor.py 时，我得到的 1.pyc 似乎依然没有一个正确的文件头，以至于当我使用 uncompyle6 时会报错：

~ uncompyle6 1.pyc 
Unknown type 0
Traceback (most recent call last):
  File "/home/temp/.local/bin/uncompyle6", line 11, in <module>
    sys.exit(main_bin())
  File "/home/temp/.local/lib/python2.7/site-packages/uncompyle6/bin/uncompile.py", line 194, in main_bin
    **options)
  File "/home/temp/.local/lib/python2.7/site-packages/uncompyle6/main.py", line 328, in main
    do_fragments,
  File "/home/temp/.local/lib/python2.7/site-packages/uncompyle6/main.py", line 230, in decompile_file
    do_fragments=do_fragments,
  File "/home/temp/.local/lib/python2.7/site-packages/uncompyle6/main.py", line 78, in decompile
    assert iscode(co), ("%s does not smell like code" % co)
AssertionError: None does not smell like code

我使用的 exe 文件可以在这里下载（ github 的 issue 似乎无法上传 exe 文件）

按照我的设想，根据 struct.pyc 的文件头可知正确的文件头应当是：

但使用此脚本反编译得到的 1.pyc 的文件头却是：

我使用的反编译命令是：python3 pyinstxtractor.py pyre.exe，它看起来很正常。

我使用 010editor 这个16进制编辑器查看了这两个 pyc 文件，上面的两种图片即来自于此。

[LittFlower]

我自己修改了一下源代码（为了实现自动补充文件头），您可以在这里查看它。（不一定普适但可以解决上述问题）

[Blank-c]

wut??

[LittFlower]

wut??

发生甚么事了？

[Blank-c]

wut??

What happened?

it would have been better if you wrote in english

[LittFlower]

wut??

What happened?

it would have been better if you wrote in english

......emm I'm sorry....

[KrynixOfficial]

This code still seems to have problems with decompilation of some exe's is what it says

[extremecoders-re]

Please check again with the latest build. This should be working now.

[extremecoders-re]

In a Python 3.7 environment, run

$ python3.7 pyinstxtractor.py pyre.exe
[+] Processing pyre.exe
[+] Pyinstaller version: 2.1+
[+] Python version: 3.7
[+] Length of package: 5796250 bytes
[+] Found 61 files in CArchive
[+] Beginning extraction...please standby
[+] Possible entry point: pyiboot01_bootstrap.pyc
[+] Possible entry point: 1.pyc
[+] Found 133 files in PYZ archive
[+] Successfully extracted pyinstaller archive: pyre.exe

You can now use a python decompiler on the pyc files within the extracted directory

Now you can decompile 1.pyc

$ uncompyle6 pyre.exe_extracted/1.pyc
# uncompyle6 version 3.8.0
# Python bytecode 3.7.0 (3394)
# Decompiled from: Python 3.7.12 | packaged by conda-forge | (default, Oct 26 2021, 06:08:21)
# [GCC 9.4.0]
# Embedded file name: 1.py


def check():
    a = input('plz input your flag:')
    c = [144, 163, 158, 177, 121, 39, 58, 58, 91, 111, 25, 158, 72, 53, 152, 78, 171, 12, 53, 105, 45, 12, 12, 53, 12, 171, 111, 91, 53, 152, 105, 45, 152, 144, 39, 171, 45, 91, 78, 45, 158, 8]
    if len(a) != 42:
        print('wrong length')
        return 0
    b = 179
    for i in range(len(a)):
        if ord(a[i]) * 33 % b != c[i]:
            print('wrong')
            return

    print('win')


check()
# okay decompiling pyre.exe_extracted/1.pyc

[LittFlower]

Great! Thanks for your help.