classification
Title: Disasembler fall with Key Error while disassemble obfuscated code.
Type: behavior Stage: resolved
Components: Library (Lib) Versions: Python 2.7
process
Status: closed Resolution: not a bug
Dependencies: Superseder:
Assigned To: Nosy List: ncoghlan, pulina, serhiy.storchaka, steven.daprano, yselivanov
Priority: normal Keywords:

Created on 2016-04-05 09:51 by pulina, last changed 2018-08-27 09:59 by serhiy.storchaka. This issue is now closed.

Files
File name Uploaded Description Edit
example.zip pulina, 2016-04-05 09:51 zip 4 files, script i used (nedbatchelder), simple code with obfuscated pyc file example and custom_dis module working well
Messages (2)
msg262895 - (view) Author: Szymon KuliƄski (pulina) * Date: 2016-04-05 09:51
Many obfuscators use simple technice for block disasemblation. Add broken instructions (for example unknown op codes) and use flow control (SETUP_EXCEPT or JUMP_FORWARD) to skip broken instructions. Interpreter work in right way skipping broken instruction or catch error and go to except instructions but disasembler iterate over all instructions and every where assume that code is correct and doing something like :

elif op in hasname:
                print '(' + co.co_names[oparg] + ')',


Which fails because variable oparg not in co_names table or refer to not existing name or const. Why dis lib not assume that code can be broken and try disassemble it as good as it can any way. 

   15 JUMP_IF_TRUE             3 (to 19)
   18 <WRONG INSTRUCTION>      (33333333)
   19 LOAD_NAME                1 (b)

Or if we rely on the assumption that if code disasseblation done with no problem this mean that code is good. We can add flag where we can disassemble unsteady code or even add other method like dis_unsafe or something like that. 

Include: obfuscated and unobfuscated pyc files for testing. 

Change proposition:

Cherry-pick code dis module from 3.5 python with some changes required to normal working. Working example included.
msg324161 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2018-08-27 09:59
The dis module is not supposed to support invalid bytecode. This is a new feature, and 2.7 can give only bug fixes.
History
Date User Action Args
2018-08-27 09:59:16serhiy.storchakasetstatus: open -> closed

nosy: + serhiy.storchaka
messages: + msg324161

resolution: not a bug
stage: resolved
2016-04-05 10:27:56steven.dapranosetnosy: + steven.daprano
2016-04-05 09:55:23SilentGhostsetnosy: + ncoghlan, yselivanov
2016-04-05 09:51:17pulinacreate