Merge branch 'main' of https://git.mamahaha.work/sangge/BackDoorBuster into feature/pyc-detection

detection/pyc_detection.py

@@ -1,9 +1,36 @@
 from typing import List, Tuple
 import uncompyle6
 import io
+import os
+import subprocess
 
 
-def disassemble_pyc(file_path: str) -> str:
+def run_pycdc(exe_path: str, pyc_file: str) -> str:
+    """
+    Executes pycdc.exe with the given .pyc file using a command line string and captures the output.
+
+    Args:
+        exe_path (str): Path to the pycdc.exe executable.
+        pyc_file (str): Path to the .pyc file to decompile.
+
+    Returns:
+        str: Output from pycdc.exe.
+    """
+    if not os.path.isfile(exe_path):
+        print(f"ERROR: The specified pycdc.exe path is not valid: {exe_path}")
+        print("Please check your pycdc path.")
+        exit(1)
+
+    command = f'"{exe_path}" "{pyc_file}"'
+    result = subprocess.run(command, capture_output=True, text=True, shell=True)
+
+    if result.returncode != 0:
+        raise Exception(f"Error running pycdc.exe: {result.stderr}")
+
+    return result.stdout
+
+
+def disassemble_pyc(file_path: str, pycdc_addr=None) -> str:
     """
     Disassembles a .pyc file using uncompyle6.
 
@@ -18,5 +45,11 @@ def disassemble_pyc(file_path: str) -> str:
         uncompyle6.main.decompile_file(file_path, output)
         return output.getvalue()
     except Exception as e:
-        print(f"Error occurred while disassembling: {e}")
-        return ""
+        if pycdc_addr is None:
+            print(
+                "ERROR: For Python 3.11 and above, you need to install pycdc and compile it yourself to obtain pycdc.exe."
+            )
+            print("repo: https://github.com/zrax/pycdc.git")
+            exit(1)
+        else:
+            return run_pycdc(pycdc_addr, file_path)