This article provides a detailed guide on using pyi-archive_viewer to extract PYC bytecode files from PyInstaller-generated EXE files, and decompiling them into Python source code using the uncompyle6 tool.

Extracting PYC Files

.pyc files are Python bytecode files automatically generated by the Python interpreter to cache compiled Python code, improving subsequent module loading speed.

PYC files retain sufficient information to reconstruct the original code structure; unoptimized .pyc files can be nearly 100% restored;

Use the pyi-archive_viewer command to extract bytecode files from EXE files:

Run pyi-archive_viewer to inspect bundled files:

pyi-archive_viewer only works with PyInstaller-generated EXE files;

pyi-archive_viewer main.exe

Using main.exe as example, this command lists bundled files and enters interactive mode with output similar to:

Options in 'main.exe' (PKG/CArchive):
 pyi-contents-directory _internal
Contents of 'main.exe' (PKG/CArchive):
 position, length, uncompressed_length, is_compressed, typecode, name
 0, 248, 344, 1, 'm', 'struct'
 248, 2861, 5304, 1, 'm', 'pyimod01_archive'
 3109, 14025, 34022, 1, 'm', 'pyimod02_importers'
 22113, 1564, 3065, 1, 's', 'pyi_rth_inspect'
 23677, 589, 982, 1, 's', 'main'
 24266, 56219, 109440, 1, 'b', 'VCRUNTIME140.dll'
 80485, 45317, 84760, 1, 'b', '_bz2.pyd'

 ...
 
?

The main entry typically represents the main script file (multiple entries may exist for multi-file programs).

Enter x main to extract the file as main.pyc, then q to quit:

? x main
Output filename? main.pyc
? q

The extracted bytecode file is incomplete - PyInstaller removes MAGIC information during processing and requires reconstruction.

Restoring MAGIC Header

Extract base_library.zip from main.exe using the same method, then decompress it.

Using a hex editor, open any .pyc file from base_library.zip.

Copy all content before E3 00 00 00 and prepend it to main.pyc:

A7 0D 0D 0A 00 00 00 00 06 F5 69 68 19 00 00 00
E3 00 00 00 ...

This header varies by Python version - do not copy the example directly.

Decompiling PYC

Use uncompyle6 to decompile the reconstructed PYC file back to Python source.

Installing uncompyle6

Install via pip:

pip install uncompyle6

After installation, execute:

uncompyle6 .\main.pyc --output .

The decompiled source files will appear in the current directory.