def mem_objwalk(self, obj): """ Pure in-memory decompile. Start at the specified object and traverse into children and decompile No file system access, marshal access or bytecode access required """ #TODO make decompiler independent from Decompilers.unpyc import liveUnPYC as live tag = "mem_obj" self._quiet_makedir(os.path.join(self.dump_dir, tag)) ## No top level module specified so EVERYTHING encountered will be ## decompiled .....may take a while lupc = live.liveUnPYC(self) sc = lupc.get_py(obj) ##Do the output style specified try: name = "%s.py"%(obj.__name__) except: name = "%s.py"%(repr(obj)) if self.write_sourcecode: self._write_source(sc, "", name , tag) if self.display_sourcecode: self._display_source(sc)
def mem_objwalk(self, obj): """ Pure in-memory decompile. Start at the specified object and traverse into children and decompile No file system access, marshal access or bytecode access required """ #TODO make decompiler independent from Decompilers.unpyc import liveUnPYC as live tag = "mem_obj" self._quiet_makedir(os.path.join(self.dump_dir, tag)) ## No top level module specified so EVERYTHING encountered will be ## decompiled .....may take a while lupc = live.liveUnPYC(self) sc = lupc.get_py(obj) ##Do the output style specified try: name = "%s.py" % (obj.__name__) except: name = "%s.py" % (repr(obj)) if self.write_sourcecode: self._write_source(sc, "", name, tag) if self.display_sourcecode: self._display_source(sc)
def fs_unmarshal(self, fs_root, depth=None): """ Walk the filesystem from start directory indicated & to a depth inidicated The unmarshal technique will be used on each .pyc/.pyo found """ #TODO depth, make decompiler independent from Decompilers.unpyc import liveUnPYC as live tag = "fs_um" self._quiet_makedir(os.path.join(self.dump_dir, tag)) lupc = live.liveUnPYC(self) fs_root = self.normalise_path(fs_root) ##Single file supplied no need to walk the directory if os.path.isfile(fs_root): print "[+] Decompiling single file: %s"%(fs_root) sc = lupc.fs_decompile(fs_root) ##Do the output style specified if self.write_sourcecode: filename = os.path.split(fs_root)[-1] self._write_source(sc, "singlefile", filename, tag) if self.display_sourcecode: self._display_source(sc) else: print "[+] Decompiling directory starting at: %s"%(fs_root) for (path, dirs, pyx) in self._fs_walk(fs_root, depth, tag): print "[+] Decompiling via unmarshal '%s'...."%(pyx) sc = lupc.fs_decompile(os.path.join(path,pyx)) ##Do the output style specified if self.write_sourcecode: self._write_source(sc, path, pyx, tag) if self.display_sourcecode: self._display_source(sc)
def fs_unmarshal(self, fs_root, depth=None): """ Walk the filesystem from start directory indicated & to a depth inidicated The unmarshal technique will be used on each .pyc/.pyo found """ #TODO depth, make decompiler independent from Decompilers.unpyc import liveUnPYC as live tag = "fs_um" self._quiet_makedir(os.path.join(self.dump_dir, tag)) lupc = live.liveUnPYC(self) fs_root = self.normalise_path(fs_root) ##Single file supplied no need to walk the directory if os.path.isfile(fs_root): print "[+] Decompiling single file: %s" % (fs_root) sc = lupc.fs_decompile(fs_root) ##Do the output style specified if self.write_sourcecode: filename = os.path.split(fs_root)[-1] self._write_source(sc, "singlefile", filename, tag) if self.display_sourcecode: self._display_source(sc) else: print "[+] Decompiling directory starting at: %s" % (fs_root) for (path, dirs, pyx) in self._fs_walk(fs_root, depth, tag): print "[+] Decompiling via unmarshal '%s'...." % (pyx) sc = lupc.fs_decompile(os.path.join(path, pyx)) ##Do the output style specified if self.write_sourcecode: self._write_source(sc, path, pyx, tag) if self.display_sourcecode: self._display_source(sc)
def fs_objwalk(self, fs_root, depth=None): """ Walk the filesystem from start directory indicated & to the depth indicated For each object and traverse into children and decompile - no unmarshaling No access to unmarshaling required """ #TODO depth, make decompiler independent from Decompilers.unpyc import liveUnPYC as live tag = "fs_obj" self._quiet_makedir(os.path.join(self.dump_dir, tag)) lupc = live.liveUnPYC(self) fs_root = self.normalise_path(fs_root) ##Single file supplied no need to walk the directory if os.path.isfile(fs_root): #TODO single file memory traversal print "[-] single file memory traversal not supported yet" return for (path, dirs, pyx) in self._fs_walk(fs_root, depth, tag): print "[+] Decompiling in-memory '%s'...."%(pyx) subpath, package = os.path.split(path.strip("/")) ##Lazy, add path at start of path for eay import sys.path.insert(0, subpath) ##Attempt to import the .pyc/.pyo to_import = "%s.%s"%(package, os.path.splitext(pyx)[0]) try: #TODO - account for relative imports ? print "[+] Importing: from %s import %s"%(package, os.path.splitext(pyx)[0]) try: p_obj = __import__(package, globals(), locals(), [os.path.splitext(pyx)[0]], -1) p_obj = eval("p_obj.%s"%(os.path.splitext(pyx)[0])) except (ValueError, ImportError): __import__(pyx) p_obj = sys.modules[pyx] print "[+] Imported %s "%(p_obj) except Exception, err: print "[-] Error importing %s : %s"%(to_import, err) import traceback traceback.print_exc() raw_input() sys.path.remove(subpath) continue try: ##Pure memory decompile lupc.set_top_level_module(p_obj.__name__) sc = lupc.get_py(p_obj) except Exception, err: import traceback print "[-] Error decompiling %s : %s"%(p_obj, err) traceback.print_exc() continue
def fs_objwalk(self, fs_root, depth=None): """ Walk the filesystem from start directory indicated & to the depth indicated For each object and traverse into children and decompile - no unmarshaling No access to unmarshaling required """ #TODO depth, make decompiler independent from Decompilers.unpyc import liveUnPYC as live tag = "fs_obj" self._quiet_makedir(os.path.join(self.dump_dir, tag)) lupc = live.liveUnPYC(self) fs_root = self.normalise_path(fs_root) ##Single file supplied no need to walk the directory if os.path.isfile(fs_root): #TODO single file memory traversal print "[-] single file memory traversal not supported yet" return for (path, dirs, pyx) in self._fs_walk(fs_root, depth, tag): print "[+] Decompiling in-memory '%s'...." % (pyx) subpath, package = os.path.split(path.strip("/")) ##Lazy, add path at start of path for eay import sys.path.insert(0, subpath) ##Attempt to import the .pyc/.pyo to_import = "%s.%s" % (package, os.path.splitext(pyx)[0]) try: #TODO - account for relative imports ? print "[+] Importing: from %s import %s" % ( package, os.path.splitext(pyx)[0]) try: p_obj = __import__(package, globals(), locals(), [os.path.splitext(pyx)[0]], -1) p_obj = eval("p_obj.%s" % (os.path.splitext(pyx)[0])) except (ValueError, ImportError): __import__(pyx) p_obj = sys.modules[pyx] print "[+] Imported %s " % (p_obj) except Exception, err: print "[-] Error importing %s : %s" % (to_import, err) import traceback traceback.print_exc() raw_input() sys.path.remove(subpath) continue try: ##Pure memory decompile lupc.set_top_level_module(p_obj.__name__) sc = lupc.get_py(p_obj) except Exception, err: import traceback print "[-] Error decompiling %s : %s" % (p_obj, err) traceback.print_exc() continue