pycdc icon indicating copy to clipboard operation
pycdc copied to clipboard
verified publisher icon zrax

Could pycdc skip some part of a problem pyc file?

Open berry22jelly opened this issue 1 year ago • 4 comments

I am try to decompyle a pyc file with some problem, I could get some output from pycdc but stuck at the promblem part, could I skip this part?

berry22jelly avatar Sep 01 '24 21:09 berry22jelly

nope as far as I"m aware about if you hit undocumented/wrong/etc opcodes it might mean you are using custom python VM

greenozon avatar Sep 04 '24 11:09 greenozon

From a user's perspective: if the error is "Unsupported opcode", you may try adding branches to ASTree.cpp and rebuild it. Even empty branches may work.

For example I'm encountering BEFORE_WITH not recognized with my 3.11 pyc, and I know very well it's a simple with-clause to read files. After comparing the pycdas results with the equivalent 3.10 pyc, I noticed SETUP_WITH_A might have similar function with BEFORE_WITH, so I add a branch alongside with it. For similar reasons I also tried adding RERAISE_A and COPY_A as empty branches. Afterwards it can pass the with-clause and continue decompiling the subsequent opcodes, which I believe are reliable as long as it reaches stack balance.

Here is my modification for reference, note that this is only a temporary workaround. GL to contributors to achieve 3.11 full support soon.

diff --git a/ASTree.cpp b/ASTree.cpp
index 050eebf..6d68258 100644
--- a/ASTree.cpp
+++ b/ASTree.cpp
@@ -1876,12 +1876,19 @@ PycRef<ASTNode> BuildFromCode(PycRef<PycCode> code, PycModule* mod)
             break;
         case Pyc::SETUP_WITH_A:
         case Pyc::WITH_EXCEPT_START:
+        case Pyc::BEFORE_WITH:
+        case Pyc::PUSH_EXC_INFO:
             {
                 PycRef<ASTBlock> withblock = new ASTWithBlock(pos+operand);
                 blocks.push(withblock);
                 curblock = blocks.top();
             }
             break;
+        case Pyc::RERAISE_A:
+            break;
+        
+        case Pyc::COPY_A:
+            break;
         case Pyc::WITH_CLEANUP:
         case Pyc::WITH_CLEANUP_START:

related to #515 #410 , etc.

RibomBalt avatar Sep 21 '24 10:09 RibomBalt

@RibomBalt Any updated PR for it? Thanks

bygreencn avatar Dec 05 '24 08:12 bygreencn

@bygreencn By far I didn't have any. As I said this is just a temporary workaround. What I did is basically just NOPing all the unknown opcodes and hoping it won't break anything else. But IMO to be qualified for a PR for such project one should at least take a serious look at how these new opcodes work and try to actually implement them.

Now I don't have time for such a PR, sorry.

RibomBalt avatar Dec 05 '24 08:12 RibomBalt