DamnPythonEvasion
That guy uses python to bypass anti-virus, goddamn!基于python pyd的shellcode免杀绕过
Install / Use
/learn @baiyies/DamnPythonEvasionREADME
DamnPythonEvasion
An evasion method based on Python pyd. As we all know, Python is an interpreted language, and after packaging with PyInstaller, we can extract the pyc file and then decompile it to get the source code. However, we can compile the py source file into a pyd file through CPython, and then dynamically link it when PyInstaller is packing. Since the pyd is a binary file compiled from C code, it's almost impossible to get the source code from it, thereby achieving the purpose of protecting the code.
Test Environment
- python3.8 64-bit
- vs2019(Needed for CPython compilation)
- pyinstaller
Usage Guide
1. Install VS2019 and Python3
2. pip install pyinstaller
3. pip install cython
4. Modify the scbytes in execute.py to your own shellcode
5. python setup.py build_ext --inplace
6. pyinstaller -F main.py -w --noupx
Now if everything goes well, you can find the packaged main.exe file in the dist directory.
Test Results
Based on current test results, it can bypass 360 and Huorong.
Related Skills
node-connect
345.9kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
claude-opus-4-5-migration
106.4kMigrate prompts and code from Claude Sonnet 4.0, Sonnet 4.5, or Opus 4.1 to Opus 4.5
frontend-design
106.4kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
model-usage
345.9kUse CodexBar CLI local cost usage to summarize per-model usage for Codex or Claude, including the current (most recent) model or a full model breakdown. Trigger when asked for model-level usage/cost data from codexbar, or when you need a scriptable per-model summary from codexbar cost JSON.
