fix: bcc on windows is elf, ignore extra flag 0x20

2025-09-24 22:47:14 +08:00
parent e892da34cf
commit 9a62615ccd
3 changed files with 6 additions and 13 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -5,6 +5,7 @@ on:
  pull_request:
    paths:
      - 'pycdc/**'
+  workflow_dispatch:

 jobs:
  build:
--- a/oneshot/shot.py
+++ b/oneshot/shot.py
@@ -111,8 +111,8 @@ async def decrypt_process_async(runtimes: Dict[str, RuntimeInfo], sequences: Lis
                        data[cipher_text_offset:cipher_text_offset+cipher_text_length], runtime.runtime_aes_key, nonce)
                    data = data[int.from_bytes(data[56:60], 'little'):]
                    bcc_architecture_mapping = {
-                        0x2001: 'dll',  # Windows x86-64
-                        0x2003: 'so',   # Linux x86-64
+                        0x2001: 'win-x64',
+                        0x2003: 'linux-x64',
                    }
                    while True:
                        if len(bcc_aes_decrypted) < 16:
@@ -121,10 +121,8 @@ async def decrypt_process_async(runtimes: Dict[str, RuntimeInfo], sequences: Lis
                        bcc_segment_length = int.from_bytes(bcc_aes_decrypted[4:8], 'little')
                        bcc_architecture_id = int.from_bytes(bcc_aes_decrypted[8:12], 'little')
                        bcc_next_segment_offset = int.from_bytes(bcc_aes_decrypted[12:16], 'little')
-                        if bcc_architecture_id in bcc_architecture_mapping:
-                            bcc_file_path = f'{dest_path}.1shot.bcc.{bcc_architecture_mapping[bcc_architecture_id]}'
-                        else:
-                            bcc_file_path = f'{dest_path}.1shot.bcc.0x{bcc_architecture_id:x}'
+                        bcc_architecture = bcc_architecture_mapping.get(bcc_architecture_id, f'0x{bcc_architecture_id:x}')
+                        bcc_file_path = f'{dest_path}.1shot.bcc.{bcc_architecture}.elf'
                        with open(bcc_file_path, 'wb') as f:
                            f.write(bcc_aes_decrypted[bcc_segment_offset:bcc_segment_offset+bcc_segment_length])
                        logger.info(f'{Fore.GREEN}Extracted BCC mode native part: {bcc_file_path}{Style.RESET_ALL}')
--- a/pycdc/pyc_code.cpp
+++ b/pycdc/pyc_code.cpp
@@ -134,15 +134,9 @@ void PycCode::load(PycData* stream, PycModule* mod)
    unsigned char pyarmor_fn_count = extra_data[0] & 3;
    unsigned char pyarmor_co_descriptor_count = (extra_data[0] >> 2) & 3;
    // bool _pyarmor_bcc = (extra_data[0] >> 4) & 1;
-    if (extra_data[0] & 0xE0)
-    {
-        fprintf(stderr, "Unsupported Pyarmor CO extra flag (0x%02X)\n", extra_data[0]);
-        fprintf(stderr, "Please open an issue at https://github.com/Lil-House/Pyarmor-Static-Unpack-1shot/issues to request support and help to make this tool better.\n");
-    }
    if (pyarmor_co_descriptor_count > 1)
    {
-        fprintf(stderr, "Do not support multiple Pyarmor CO descriptors (%d in total)\n", pyarmor_co_descriptor_count);
-        fprintf(stderr, "Please open an issue at https://github.com/Lil-House/Pyarmor-Static-Unpack-1shot/issues to request support and help to make this tool better.\n");
+        fprintf(stderr, "Multiple Pyarmor CO descriptors detected (%d in total)\n", pyarmor_co_descriptor_count);
    }

    unsigned char *extra_ptr = extra_data + 4;