py2exe how safe is my source ?
Tim Peters
tim.one at home.com
Mon Jun 11 03:06:17 EDT 2001
[Tomasz Stochmal, wonders about reverse-engineering .pyc files]
[Alex Martelli, doesn't cheer him up]
> ...
> From a .pyc you even get the line numbers to help you
> reconstruct the exact layout, blank lines and all... at least
> a .pyo (as obtained for import when you run Python with
> -O, or -OO to eliminate docstrings too) hides _that_:-)
Not very well, though. There's still a mechanism for finding line numbers
under -O, else tracebacks would be much harder to follow. And Python being
Python, you can figure it out easily enough with a Python program. For
example, here's a program:
def f(x):
x += 1
# Multiply by 2.
x *= 2
return x
tab = f.func_code.co_lnotab
addr, line = 0, f.func_code.co_firstlineno
i = 0
while i < len(tab):
addrincr, lineincr = map(ord, tab[i:i+2])
addr += addrincr
line += lineincr
print "bytecode offset", addr, "corresponds to line", line
i += 2
import dis
dis.dis(f)
and here's output from running that under -O:
bytecode offset 0 corresponds to line 2
bytecode offset 10 corresponds to line 4
bytecode offset 20 corresponds to line 5
0 LOAD_FAST 0 (x)
3 LOAD_CONST 1 (1)
6 INPLACE_ADD
7 STORE_FAST 0 (x)
10 LOAD_FAST 0 (x)
13 LOAD_CONST 2 (2)
16 INPLACE_MULTIPLY
17 STORE_FAST 0 (x)
20 LOAD_FAST 0 (x)
23 RETURN_VALUE
24 LOAD_CONST 0 (None)
27 RETURN_VALUE
However, from that alone, it's impossible to know whether the body of f was
*really*
def f(x):
x += \
1
x *= 2
return x
instead <wink>.
security-thru-transparency-ly y'rs - tim
More information about the Python-list
mailing list