liveUnPYC

class liveUnPYC.CoParser(code_obj, verboseDisasm=False)[source]

An equivilent to the Parser class in the parse module where rather than parsing marshalled code objects we parse a raw code object. The result being the creation of a PyCode object that UnPYC can then do it’s magic on

r_tuple(obj)[source]

Construct a PyTuple object from an existing tuple with each member being set as a valid Py* type as well, so e.g. a PyTuple of PyStrings

class liveUnPYC.liveUnPYC(pyretic, top_level_module=None, verbose=True, debug=True)[source]

Traverse an object either in memory or from filesystem and decompile back to source through accessing code objects rather than .pyc files

Relies on the UnPyc decompiler: http://unpyc.sourceforge.net/

top_level_object - the object that will be treated as parent, anything
not parented by this module will not be traversed stops you diving down rabbit holes with ‘from foo import *

Leave as None is you want to recurse

fs_decompile(mod_name)[source]

Take an obfuscated .pyc file and decompile by grabbing the bytecode and unmarshaling with the obfuscating Python runtimes own marshalling code

The opcode remapping must already have taken place

If you have access to to files/filesystem and the runtime allows you access to it’s marshaller module use this, you will get the best output

get_args(obj)[source]

get the argument spec for a function / method

get_class(obj, indent)[source]

Breaks a class into it’s consituents: variables, functions etc

get_doc(obj, indent)[source]

My get doc function - wraps the inspect modules getdoc but adds in indentation and triple quotes so we can drop into a code listing

get_func(obj, indent, identity='')[source]

Decompiles an instantiated Python function object from

get_generator(obj, indent)[source]

Decompiles a generator object

get_instances(obj, indent)[source]

Get all top level instances into a usable string form, do not show builtins etc

http://docs.python.org/reference/datamodel.html

get_method(obj, indent)[source]

Get access to the function object in a method

get_py(obj, indent=0)[source]

Determine the type of python object that has been passed and as appropriate call a sub function to access the code object and decompile that back to source

Called recursively

mem_decompile(obj)[source]

Take an object & interogate it, do both decompilation of code objects and source code reconstruction from live interactive querying

obj - Python object to interogate for decompilation back to source

Previous topic

REpdb

This Page