Is it possible to decompile a .dll/.pyd file to extract Python Source Code?

Asked 24/2, 2016 at 11:42 Answered 10/12, 2016 at 11:53

Solved python dll decompiling extract pyd

Are there any ways to decompile a dll and/or a .pyd file in order to extract source code written in Python?

Thanks in advance

Coastguardsman answered 24/2, 2016 at 11:42 Comment(3)

is not same question(dll not a .pyc file ) ! My idea No can't ! Maybe convert to assembly code but how to follow data/function tree ? – Cognac 24/2, 2016 at 14:23

@Torxed this is indeed not the same question, pyd files are produced by Cython. Unlike pyc/bytecode, the pyd files are binaries that do not contain the original python source. Although it does not protect from reverse-engineering, it does make it a lot harder, and prevents someone from obtaining the exact original sources of your code. – Libau 28/3, 2018 at 15:15

#5287753 – Hatband 11/3 at 10:7

I assume the .pyd/.dll files were created in Cython, not Python?

Anyway, generally it's not possible, unless there's a decompiler designed specifically for the language the file was originally compiled from. And while I know about C, C++, Delphi, .NET and some other decompilers, I've yet to hear about Cython decompiler.

Of course, what Cython does is convert your Python[esque] code into C code first, which means you might have more luck finding a C decompiler and then divining the original Python code based on the decompiled C code. At the very least, this way you'll be dealing with translation from one (relatively) high-level language to another.

Worst-case scenario, you'll have to use a disassembler. However, recreating Python code from disassembler's output isn't going to be easy (pretty similar to divining the biological functions of a brain from chemical formulas of proteins that make up it's cells).

You might look at this question on ideas and suggestions regarding various decompilers and disassemblers, and proceed your investigation from there.

Subbasement answered 25/2, 2016 at 11:0 Comment(4)

Thanks for the helpful reply, I'll make sure to do some extra research. – Coastguardsman 25/2, 2016 at 16:7

@YoussefImam I don't agree with this answer, see my answer https://mcmap.net/q/49208/-is-it-possible-to-decompile-a-dll-pyd-file-to-extract-python-source-code – Oech 10/12, 2016 at 11:53

@Oech Reading your updated answer, it seems that .pyd files compiled by Cython do not have source code embedded into them after all. If you could show it to be otherwise, I would be really interested, but until then, I'll stand by my answer. – Subbasement 12/12, 2016 at 11:56

@Basj, is it possible to reverse engineer the C-code then, there is this software that I need to reverse engineer, it is written in Python and has .pyd files in it. – Saltworks 23/9, 2017 at 16:8

I don't agree with the accepted answer, it seems that yes, the content of the source code is accessible even in a .pyd.

Let's see for example what happens if an error arrives:

1) Create this file:

whathappenswhenerror.pyx

A = 6 
print 'hello'
print A
print 1/0 # this will generate an error

2) Compile it with python setup.py build:

setup.py

from distutils.core import setup
from Cython.Build import cythonize
setup(ext_modules = cythonize("whathappenswhenerror.pyx"), include_dirs=[])

3) Now import the .pyd file in a standard python file:

testwhathappenswhenerror.py

import whathappenswhenerror

4) Let's run it with python testwhathappenswhenerror.py. Here is the output:

hello 
6 
Traceback (most recent call last):
  File "D:\testwhathappenswhenerror.py", line 1, in <module>
    import whathappenswhenerror
  File "whathappenswhenerror.pyx", line 4, in init whathappenswhenerror (whathappenswhenerror.c:824)
    print 1/0 # this will generate an error 
ZeroDivisionError: integer division or modulo by zero

As you can see the line of code print 1/0 # this will generate an error that was in the .pyx source code is displayed! Even the comment is displayed!

4 bis) If I delete (or move somewhere else) the original .pyx file before step 3), then the original code print 1/0 # this will generate an error is no longer displayed:

hello
6
Traceback (most recent call last):
  File "D:\testwhathappenswhenerror.py", line 1, in <module>
    import whathappenswhenerror
  File "whathappenswhenerror.pyx", line 4, in init whathappenswhenerror (whathappenswhenerror.c:824)
ZeroDivisionError: integer division or modulo by zero

But does this mean it's not included in the .pyd? I'm not sure.

Oech answered 10/12, 2016 at 11:53 Comment(11)

Moving the pyx shows that the Traceback uses some sort of link from the pyd (so in Linux) to lines in the pyx. The code is not in the pyd. – Petta 10/12, 2016 at 18:49

@Basj, if the pyx file is in same location and when you do import whathappenswhenerror, how do you know it's importing .pyd and not pyx? Probably it's importing pyx and hence the code display on error. – Estimative 22/5, 2018 at 10:22

You can tell that it is using the pyx file by looking at the traceback (File "whathappenswhenerror.pyx", line 4) – Decennary 9/3, 2019 at 17:43

Precisely, this answer is not correct. It seems, it's importing from .pyx – Bayle 7/9, 2020 at 9:8

An answer to a different question that convincingly shows that this answer is wrong – Careaga 9/12, 2020 at 8:59

@Basj: Your answer shows that you have never done reverse engineering. – Unawares 13/7, 2023 at 21:13

@Unawares I wonder what is the purpose of your comment? Make me feel inferior? I doubt this comment about what I have done or not done in my life is really useful for our community... – Oech 14/7, 2023 at 5:59

Your answer is completely wrong. And your answer does show how to get Python code back. Just displaying the name of a *.py file is NOT code! A stacktrace is not code. It is not possible to decompile Python code to the original. If you would ever have done REAL reverse engineering you would have opened a PYD file in a disassembler like IDA pro and see that you get nothing of the original code back. – Unawares 15/7, 2023 at 20:46

@Unawares Ok, fine, then just downvote my answer. No need to elaborate about "what I have done" or "never done". It is not possible to decompile Python code to the original: this sentence is wrong. You can, for example with a .pyc file (different context from OP's question). I have already done it. – Oech 21/7, 2023 at 15:8

Nobody who sells a Python application will be so stupid to provide the PYC files. They are not available. And if you read the question correctly it asks for DLL/PYD files. The question does not ask for PYC files. So your answer stays wrong. You can delete it. – Unawares 24/7, 2023 at 19:15

@Unawares This is not true. For your information, many applications were distributed that included .pyc file (or in a derivative way). Please read posts about decompilation of early versions of the Dropbox Windows client (coded in Python, with modified interpreter ; but still some people achieved a decompilation). Anyway this is out of topic, so I stop the conversation here. – Oech 8/8, 2023 at 8:50

whathappenswhenerror.pyx

setup.py

testwhathappenswhenerror.py

Recommended topics

Hot tags