4

Say I am in the python interpreter and define a function as follows:

def h(a):
  return a

If I want to look at the bytecode (not a disassembly using dis), I can typically use h.func_code.co_code. Is there any other way to look at the bytecode?

For example, in the interpreter, if I just type h without making it a function call, I get the address of the function. Can I use that address to get the bytecode? Is there some other way?

Some additional info from the comments:

The app is written in python and packed using something like Py2App, cx_freeze, or py2exe. I played some tricks on the executable and now, when launched, the executable dumps me to a python command line. From there, I manually typed my function h into the interepeter.

Other attributes of h.func_code are present such as co_varnames, co_argcount, etc, but co_code is not.

If I type in h.func_code.co_code into the interpreter, I get 'code' object has no attribute 'co_code'.

UPDATE: From the comments again. As far as I can tell the opcodes have been remapped for the python interpreter that was shipped with the app.

Improve this question
17
  • 1
    Why isn't h.func_code.co_code good enough? Using the memory address is not going to be any easier. Commented Sep 20, 2012 at 13:40
  • Because for some reason it isn't there. I'm learning about python reverse engineering and it seems there were some protections added to the piece of software. One of which seems to have made co_code unavailable. Commented Sep 20, 2012 at 13:42
  • 1
    For starters, do you know it's written in Python? What's it's type? (Also, dir can be overriden by the object, don't bet your farm on its output.) Commented Sep 20, 2012 at 13:49
  • 1
    @mikeazo that doesn't look like a version string. What's the full version string? Commented Sep 20, 2012 at 14:13
  • 1
    It is theoretically possible to remove the co_code attribute from the python interpreter. That would require a custom interpreter build. You could still just load all the python code into your own interpreter (just unzip the zipfiles in the Contents/Resources/ directory and put those on your path. Commented Sep 20, 2012 at 14:25

1 Answer 1

Reset to default
5

If you have defined your own def h(): pass dummy function, and that function does not have a .func_code.co_code value, then most likely the included python interpreter is a custom compiled version where the co_code slot has been cleared.

The work-around is simple, copy the Contents/Resources zipfiles (in all subdirs) elsewhere, add those to your PYTHONPATH and import the code into your own interpreter.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.