Python反编译

pyc是python的字节码文件,通常保存在__pycache__目录下,作用类似于缓存,可以加快脚本的运行速度
pyc文件可以被修改为恶意的pyc,进行Pyc poisoning 攻击

1. pyc反编译

1.1. uncompyle6

https://github.com/rocky/python-uncompyle6.git

pip install uncompyle6
uncompyle6 .\struct.pyc

1.2. Easy Python Decompiler

https://sourceforge.net/projects/easypythondecompiler/
exe的很友好,拖进来就能反编译,反编译的文件后缀为 .dis
Pasted image 20260204114732.png

1.3. 在线网站反编译

2. Python exe反编译

pip install pyinstxtractor-ng 
python -m pyinstxtractor_ng windowsupdate.exe