Open w1nds opened 1 year ago
Hey, thanks for making methods 1 and 2 work on Linux! Did you try both methods? Can you maybe include the build command you used to compile the library? Definitely interested in including this.
Sorry, I haven't tried it on Linux python 3.x, I tried 2.x directly。
build the library command
gcc test.cpp -o test.so -fPIC -shared -ldl
Hey, I'm not asking to try it on Python 3.x, I was just wondering if you tried both method 1 and method 2. Since those are the methods that require injecting. Thanks for the build command btw!
Yes, I tried method 1 and 2, both suggest some syntax errors, I tried to modify some syntax errors in method 2, until suggest inspect module object has no attribute 'Signature' ,then I came to submit the issue, haha...
Ah, that wasn't clear in your first message. Currently, I'm not planning on supporting Python 2.x. You can try to figure out what functions I used are non-existing in Python 2.x and try to find alternatives for them. I'll gladly accept a pull request if you figure it out!
some questions, thx
i used method 2 in linux for python2.7。 the py script import an package encryped by pyarmor,for example:
# -*- coding: utf-8 -*-
import re
import sys
from test.fuck.handle import main
if __name__ == '__main__':
sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
sys.exit(main())
everything under the test package is encrypted,i inject then run method2 ,but the dumped file is _usr_lib64_python2.7_threading.pyc,not the test.fuck.handle.main function I want。
I rebuild libpython for python2.7,modifyed PyEval_EvalFrameEx function to dump the PyCodeObject,but I found that the dumped pyc is the same as the original file after decompiling,it's also__pyarmor__(__name__, __file__, 'v\xd0
sorry for my poor english ,I don't know if you understand my description O(∩_∩)O~
Is the test
module importing any external libraries? If so you can create a .py file with the same name and put an input() which will give you time to dump it while Python is executing the test
module. It could be possible that you'll have to change the script to make it find the test
module in the threads, as the name of the frame will probably be the name of the module that you're hijacking. You could also just put the method 2 inside of the hijacked module so that when the script imports the module you can just do sys._getframe(1) to get the test
's module.
decrypt python 2.7 under Linux, hope it will be supported.
Injector:https://github.com/gaffe23/linux-inject so: