You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
example.zip: zip 4 files, script i used (nedbatchelder), simple code with obfuscated pyc file example and custom_dis module working well
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
assignee=Noneclosed_at=<Date2018-08-27.09:59:16.409>created_at=<Date2016-04-05.09:51:17.700>labels= ['invalid', 'type-bug', 'library']
title='Disasembler fall with Key Error while disassemble obfuscated code.'updated_at=<Date2018-08-27.09:59:16.407>user='https://github.com/pulina'
Many obfuscators use simple technice for block disasemblation. Add broken instructions (for example unknown op codes) and use flow control (SETUP_EXCEPT or JUMP_FORWARD) to skip broken instructions. Interpreter work in right way skipping broken instruction or catch error and go to except instructions but disasembler iterate over all instructions and every where assume that code is correct and doing something like :
elif op in hasname:
print '(' + co.co_names[oparg] + ')',
Which fails because variable oparg not in co_names table or refer to not existing name or const. Why dis lib not assume that code can be broken and try disassemble it as good as it can any way.
Or if we rely on the assumption that if code disasseblation done with no problem this mean that code is good. We can add flag where we can disassemble unsteady code or even add other method like dis_unsafe or something like that.
Include: obfuscated and unobfuscated pyc files for testing.
Change proposition:
Cherry-pick code dis module from 3.5 python with some changes required to normal working. Working example included.
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: