Build python environment
1. Baidu search python3.7 download, find the official website to download the installation package, run the installation package and configure environment variables.
2. here must be installed python3.7 version, I previously installed python3.5, can not properly use pyinstalller library.
3. Can show the interface that the installation is successful
Install pyintaller
1. Go to the scripts scripts directory and execute pip install pyinstaller, but I've already done that here.
2. Use the archive_viewer.py tool to extract the file, then OPEN the zip file and extract the two .pyc files in the zip file.
3. Edit the three .pyc files, that is, PyInstaller will remove the .pyc magic and timestamp when packing .pyc, so you need to fix it manually by inserting 03 F3 0D 0A 74 a7cf 5c in the header of the file.
4. Use the pip install uncompyle6 command statement to download the uncompyle6 utility, and then disassemble it.
The code is as follows:
# uncompyle6 version 3.6.0
# Python bytecode 2.7 (62211)
# Decompiled from: Python 3.7.4 (tags/v3.7.4:e09359112e, Jul 8 2019, 20:34:20) [MSC v.1916 64 bit (AMD64)]
# Embedded file name: b'D:\\\xd7\xca\xc1\xcf\xce\xc4\xbc\xfe\\a\xd1\xd0\xbe\xbf\xb7\xbd\xcf\xf2\xb2\xce\xbf\xbc\xd7\xca\xc1\xcf\\3-\xbc\xc6\xcb\xe3\xbb\xfa\xc8\xa1\xd6\xa4(\xd6\xd8\xb5\xe3)\\\xbf\xf2\xbc\xdc\\volatility\xce\xc4\xbc\xfe\\volatility-master\\'
# Compiled at: 2018-12-07 00:22:54
"""
@author: AAron Walters
@license: GNU General Public License 2.0
@contact: awalters@
@organization: Volatility Foundation
"""
import sys
if sys.version_info < (2, 6, 0):
('Volatility requires python version 2.6, please upgrade your python installation.')
(1)
try:
import psyco
except ImportError:
pass
if False:
import yara
import textwrap, as conf
config = ()
import as constants, as registry, as exceptions, as obj, as debug, as addrspace, as commands, as scan
config.add_option('INFO', default=None, action='store_true', cache_invalidator=False, help='Print information about all registered objects')
def list_plugins():
result = '\n\tSupported Plugin Commands:\n\n'
cmds = registry.get_plugin_classes(, lower=True)
profs = registry.get_plugin_classes()
if == None:
('PROFILE', 'WinXPSP2x86')
assert not not in profs, 'Invalid profile ' + + ' selected'
profile = profs[]()
wrongprofile = ''
for cmdname in sorted(cmds):
command = cmds[cmdname]
helpline = () or ''
for line in ():
if line:
helpline = line
break
if command.is_valid_profile(profile):
result += ('\t\t{0:15}\t{1}\n').format(cmdname, helpline)
else:
wrongprofile += ('\t\t{0:15}\t{1}\n').format(cmdname, helpline)
if wrongprofile and :
result += '\n\tPlugins requiring a different profile:\n\n'
result += wrongprofile
return result
def command_help(command):
outputs = []
for item in dir(command):
if ('render_'):
(('render_', 1)[(-1)])
outputopts = '\nModule Output Options: ' + ('{0}\n').format(('{0}').format(('\n').join([(', ').join(o for o in sorted(outputs))])))
result = (('\n ---------------------------------\n Module {0}\n ---------------------------------\n').format(command.__class__.__name__))
return outputopts + result + () + '\n\n'
def print_info():
""" Returns the results """
categories = {: 'Address Spaces', : 'Plugins',
: 'Profiles',
: 'Scanner Checks'}
for c, n in sorted(()):
lower = c ==
plugins = registry.get_plugin_classes(c, lower=lower)
print '\n'
print ('{0}').format(n)
print '-' * len(n)
result = []
max_length = 0
for clsname, cls in sorted(()):
try:
doc = cls.__doc__.strip().splitlines()[0]
except AttributeError:
doc = 'No docs'
((clsname, doc))
max_length = max(len(clsname), max_length)
for name, doc in result:
print ('{0:{2}} - {1:15}').format(name, doc, max_length)
def main():
(('Volatility Foundation Volatility Framework {0}\n').format())
()
()
()
registry.register_global_options(config, )
registry.register_global_options(config, )
if :
print_info()
(0)
config.parse_options(False)
()
module = None
cmds = registry.get_plugin_classes(, lower=True)
for m in :
if m in ():
module = m
break
if not module:
config.parse_options()
('You must specify something to do (try -h)')
try:
if module in ():
command = cmds[module](config)
config.set_help_hook((command_help, command))
config.parse_options()
if not :
('Please specify a location (-l) or filename (-f)')
()
except as e:
print e
return
if __name__ == '__main__':
config.set_usage(usage='Volatility - A memory forensics analysis platform.')
config.add_help_hook(list_plugins)
try:
main()
except Exception as ex:
if :
debug.post_mortem()
else:
raise
except KeyboardInterrupt:
print 'Interrupted'
# okay decompiling
This is the whole content of this article.