元帅的装载和执行 [英] Marshal loading and exec-ing

问题描述

我有以下Python代码：

I have this Python code:

import marshal, imp
if imp.get_magic() == '\x03\xf3\r\n':
    __code = marshal.loads('c\x00\x00\x00\x00.....\x00d\x01\x00k\x00.....\t\t\r\x01')
del marshal, imp
exec __code

if 条件检查Python版本是否为正确版本。然后 marshal 用于加载包含某些代码的字符串。

The if condition checks wheter the Python version is the "right" version. Then marshal is used to load a string containing some code.

第一个问题：该字符串是如何生成的？也许 compile（）？但是到底如何呢？
和第二个问题：我可以反编译该字符串吗？

First question: How was that string generated? Maybe compile()? But how exactly? and second question: Can I decompile that string? How?

推荐答案

就其创建方式而言，它是这样的

As far as how its created, its something like this

a = marshal.dumps(compile("def test(): return 0", "<source>", "exec"))

就算做什么呢？您永远不要解组。您不知道其中隐藏着什么恐怖点，当您将其加载时会被执行。

As far as working out what it does? You should never unmarshal it. You don't know what nugget of horror is hidden in there and will get executed when you load it in.

您可能会使用dis

print dis.disassemble_string(a)

这将为您提供代码中的每个操作。

This will give you each operation in the code.

取消测试功能的输出

>>    0 DUP_TOPX            0
      3 STOP_CODE      
>>    4 STOP_CODE      
      5 STOP_CODE      
      6 STOP_CODE      
      7 STOP_CODE      
>>    8 STOP_CODE      
      9 POP_TOP        
     10 STOP_CODE      
     11 STOP_CODE      
     12 STOP_CODE      
>>   13 BINARY_AND     
     14 STOP_CODE      
     15 STOP_CODE      
     16 STOP_CODE      
     17 POP_JUMP_IF_TRUE    13
     20 STOP_CODE      
     21 STOP_CODE      
     22 LOAD_CONST          0 (0)
     25 MAKE_FUNCTION       0
     28 STORE_NAME          0 (0)
     31 LOAD_CONST          1 (1)
... etc etc

这取决于您完成每个操作并确定它在做什么。我可以发现一些我理解的说明，例如 34 RETURN_VALUE ，但是文档此处应有助于识别其余部分

Its down to you to work through each operation and identify what it is doing. I can spot a few instructions I understand like 34 RETURN_VALUE but the documentation here should help identify the rest

这篇关于元帅的装载和执行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！