元帅的装载和执行 [英] Marshal loading and exec-ing
问题描述
我有以下Python代码:
I have this Python code:
import marshal, imp
if imp.get_magic() == '\x03\xf3\r\n':
__code = marshal.loads('c\x00\x00\x00\x00.....\x00d\x01\x00k\x00.....\t\t\r\x01')
del marshal, imp
exec __code
if
条件检查Python版本是否为正确版本。然后 marshal
用于加载包含某些代码的字符串。
The if
condition checks wheter the Python version is the "right" version. Then marshal
is used to load a string containing some code.
第一个问题:该字符串是如何生成的?也许 compile()
?但是到底如何呢?
和第二个问题:我可以反编译该字符串吗?
First question: How was that string generated? Maybe compile()
? But how exactly?
and second question: Can I decompile that string? How?
推荐答案
就其创建方式而言,它是这样的
As far as how its created, its something like this
a = marshal.dumps(compile("def test(): return 0", "<source>", "exec"))
就算做什么呢?您永远不要解组。您不知道其中隐藏着什么恐怖点,当您将其加载时会被执行。
As far as working out what it does? You should never unmarshal it. You don't know what nugget of horror is hidden in there and will get executed when you load it in.
您可能会使用dis
print dis.disassemble_string(a)
这将为您提供代码中的每个操作。
This will give you each operation in the code.
取消测试功能的输出
>> 0 DUP_TOPX 0
3 STOP_CODE
>> 4 STOP_CODE
5 STOP_CODE
6 STOP_CODE
7 STOP_CODE
>> 8 STOP_CODE
9 POP_TOP
10 STOP_CODE
11 STOP_CODE
12 STOP_CODE
>> 13 BINARY_AND
14 STOP_CODE
15 STOP_CODE
16 STOP_CODE
17 POP_JUMP_IF_TRUE 13
20 STOP_CODE
21 STOP_CODE
22 LOAD_CONST 0 (0)
25 MAKE_FUNCTION 0
28 STORE_NAME 0 (0)
31 LOAD_CONST 1 (1)
... etc etc
这取决于您完成每个操作并确定它在做什么。我可以发现一些我理解的说明,例如 34 RETURN_VALUE
,但是文档此处应有助于识别其余部分
Its down to you to work through each operation and identify what it is doing. I can spot a few instructions I understand like 34 RETURN_VALUE
but the documentation here should help identify the rest
这篇关于元帅的装载和执行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!