1、BlackHat Asia 2024/rockygnu.orgBlackHat Asia 2024/rockygnu.org����-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode Decompiler and:How to Read and Writea High-Level Bytecode DecompilerBlackHat Asia,2024Rocky Bernstein Slide text:uncompyle6decompyle3rockygnu.orghttps:/rocky.github.io
2、/blackhat-asia-2024-additional/all-notes-printBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSurveyBlackHat Asia 20����24/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSurveyHow many people ha
3、ve used,or?BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-L�������evel Bytecode DecompilerSurveyHow many people have used,or?How many people ha��������ve used the above todecompile Python bytecode?BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Writ
4、e a Hig�������h-Level Bytecode DecompilerSurveyHow many people have used,or?How many people have used the above todecompile Python bytecode?How many people have used uncompyle6,ordecompyle3?BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerGithu
5、b commit statistics for uncompyle6I am the current maintainer and developer of uncompyle6,anddecomp�������yle3.BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSo,who am I?BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read an
6、d Write a High-Level Bytecode DecompilerSo,who am I?https:/ Asi����a 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSome Open Source So?ware that Includes My Code:B�����lackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Lev
7、el Bytecode DecompilerBackgroundMalware is on the rise BlackHat Asia 2024/rockygnu.org-uncomp�������yle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBackgroundMalware is on the rise Decompilers are not new,but.BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read an
8、d Write a High-Level Bytecode DecompilerBackgroundMalware is on the rise Decompiler�����s are not new,but.Ideas presented here are new.Blac��������kHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBackgroundMalware is on the rise Decompilers are not new,b
9、ut.Ideas presented here are new.General-purpose DecompilersBlackHat Asia 2024/rockygnu.org-uncompyl������e6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBackgroundMalware is on the rise Decompilers are not new,but.Ideas presented here are new.General-purpose DecompilersBytecode Dec
10、ompilers(Special Purpose)BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerTheory and books������ on making compilers:.(40 others)BlackHat Asia 2024/rockygnu.org-uncompyle6 and deco������mpyle3:How to Read and Write a High-Level Bytecode DecompilerBo
11、oks on making dec���ompilers:BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBooks on maki��������ng decompilers:BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerCan AI Save the Day?Bl
12、ackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle����3:How to Read and Write a High-Level Bytecode DecompilerCan AI Save the Day?Not yet.BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBlackHat Asia 2024/rockygnu.org-uncompyle6 and dec
13、ompyle3:How to Read and Write a High-Level Bytecode DecompilerDecompilation in the World of High-Level BytecodeBlackHat As�����ia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerDecompilation in the World of High-Level BytecodeRaise awareness of the diffe
14、rences betweenGeneral Purpose decompiling and High-levelBytecode Decompi����lingBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerDecompilation in the World of High-Level BytecodeRaise awareness of the differences betweenGeneral Purpose decom
15、piling and High-levelBytecode DecompilingIntroduce Decompilation as a Language-Translationproblem.BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level ������Bytecode DecompilerDecompilation in the World ������of High-Level BytecodeRaise awareness of the differences betwee
16、nGeneral Purpose decompiling and High-levelBytecode Dec�����ompilingIntroduce Decompilation as a Language-Translationproblem.Introduce ������Decompilation as a Compilation Process.BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerKey TakeawaysUnders
17、tand more about what is wrong whensomething goes wrong with decompilation.Understand the difference between disassembly anddecompi��������lation.Begin to see the difference between machine codeand high-level bytecode.Understand the some limits of Pythondecompilation and decompilation in general.BlackHat Asi
18、a 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSimple Python ProgramIn file five.py:BlackHat Asia Exampledef five():Returns the string five return 5#Call the function we just defined.print(five()BlackHat Asia 2024/rockygnu.o������rg-uncompyle6 and decom
19、pyle3:How���� to Read and Write a High-Level Bytecode DecompilerSimple Python ProgramIn file five.py:BlackHat Asia Exampledef five():Returns the string five return 5#Call the function we just defined.print(five()Now run the code:$python five.py 5BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:
20、How to Read and Write a High-Level Bytecode DecompilerSimple Python ProgramIn file five.py:BlackHat Asia Exampledef five():Returns the string five return 5#Call the function we just defined.print(five()Now run the code:$python f�������ive.py 5Instruction bytecode of main program:0|64 00 5a 00 64 01 64 02|8
21、|84 00 5a 01 65 02 65 00|16|83 00 83 01 01 00 64 03|24|53 00|BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode ������DecompilerByte-Compiling PythonBlackHat Asia Exampledef five():Returns the string five return 5#Call the function we just defined.print(f
22、ive()BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerByte-Compiling PythonBlackHat Asia ������Exampledef five():Returns the string five return 5#Call the function we just defined.print(five()Byte compile this program:BlackHat Asia 2024/rockyg
23、nu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerByte-Compiling PythonBlackHat As��������ia Exampledef five():Returns the string five return 5#Call the function we just defined.print(five()Byte compile this program:$python-m compileall five.py1Compiling five.py.2$ls-l _
24、pycache_/five.cpython-38.pyc3-rw-rw-r-1 rocky rocky 301 Feb 17 10:16 _pycache_/five.cpython-38.pyc4BlackHat Asia 2024/rockygnu.org-uncompyle6 and������ decompyle3:How to Read and Write a High-Level Bytecode DecompilerByte-Compiling PythonBlackHat Asia Exampledef five():Returns the string five return 5#Cal
25、l the function we just defined.print(five()Byte compile this program:$python-m compileall five.py1Compiling five.py.2$ls-l _������pycache_/five.cpython-38.pyc3-rw-rw-r-1 rocky rocky 301 Feb 17 10:16 _pycache_/five.cpython-38.pyc4$python-m compileall five.pyCompiling five.py.$ls-l _pycache_/five.cpython-38
26、.pyc-rw-rw-r-1 rocky rocky 301 Feb 17 10:16 _pycache_/five.cpython-38.pyc1234BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode Dec�����ompilerByte-Compiling PythonBlackHat������ Asia Exampledef five():Returns the string five return 5#Call the function we just
27、 defined.print(five()Byte compile this program:$python-m compileall five.py1Compiling five.py.2$ls-l _pycache_/five.cpython-38.pyc3-rw-rw-r-1 rocky rocky 301 Feb 17 10:16 _pycache_/five.cpython-38.pyc4$python-m compileall five.pyCompiling five.py.$ls-l _pycache_/five.cpython-38.pyc-r������w-rw-r-1 rocky r
28、ocky 301 Feb 17 10:16 _pycache_/five.cpython-38.pyc1234I run the bytecode:and again I get 5.$python/tmp/five-moved.pyc5BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerPython Bytecode Decompilation Example$unc������ompyle6/tmp/five-moved.pyc�����1#
29、uncompyle6 version 3.9.12#Python bytecode version base 3.8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled at:2024-02-17 10:16:086#Size of s������ource mod 2*32����:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 r
30、eturn 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18BlackHat Asia 2024/rockygnu.org-uncompyle6 an������d decompyle3:How to Read and Write a High-Level By����tecode DecompilerPython Bytecode Decompilation Example$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.12#Python bytecode version ba
31、se 3.8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 re������turn 514 15 16print(five()17#okay decompiling/tmp/f
32、ive-moved.pyc18$uncompyle6/tmp/five-moved.pyc#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embed�����ded file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytesBlackHat Asia Example def fiv
33、e():Returns the string five return 5 print(five()#okay decompiling/tmp/five-moved.pyc61718BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerPython Bytecode Decompilation Example$uncompyle6/tmp/five�����-moved.pyc1#uncompy
34、le6 version 3.9.12#Python bytecode version base 3.8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded������ file name:five.py5#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32:153 bytes78BlackHat Asia Example910 11def five��������():12 Returns the string five13 return 5
35、14 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18$uncompyle6/tmp/five-move��������d.pyc#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mo
36、d 2*32:153 bytesBlackHat Asia Example def five():Returns the string five return 5 print(five()#okay decompiling/tmp/five-moved.pyc61718#uncompyle6 version 3.9.1#Python byte�����code version base 3.8.0(3413)#Decompiled from:Pyth�������on 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded
37、file name��������������:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytes#okay decompiling/tmp/five-moved.pyc$uncompyle6/tmp/five-moved.pyc12345678BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()1718BlackHat Asia 2024/rockygnu.org-uncompyle6 a
38、nd decompyle3:How to Read and Write a High-Level Bytecode DecompilerPython �����Bytecode Decompilation Example$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.12#Python bytecode version base 3.8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5
39、#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32:153 bytes78BlackHat Asia Example9�������10 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18$uncompyle6/tmp/five-moved.pyc#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)
40、#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytesBlackHat Asia Example def five():Returns the string five return 5 print(fiv����e()#okay decompiling/tmp/five-moved.pyc6171
41、8#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded f�����ile name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytes#okay decompiling/tmp/five-moved.pyc$uncompyle6/tmp/five-moved.pyc1234567
42、8B��������lackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()1718#Python bytecode version base 3.8.0(3413)$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.123#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Comp
43、iled at:2024-02-17 10:16:086#Size of source��� mod 2*32:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode
44、 De���compilerPython Bytecode Decompilation Example$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.12#Python bytecode version base 3.8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32
������������45、:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18$uncompyle6/tmp/five-moved.pyc#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)
46、GCC 13.2.0#Embedded file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytesBlackHat Asia Example def five():Returns the string five return 5 print(five()#o�������kay decompiling/tmp/five-moved.pyc61718#uncompyle6 version 3.9.1#Python bytecode version base 3
47、.8.0(3413)#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytes#�������okay decompiling/tmp/five-moved.pyc$uncompyle6/tmp/five-moved.pyc12345678BlackHat Asia Example910 11def five():12 Returns the str
48、ing five13 return 514 15 16print(five()1718#Python bytecode version base 3.8.0(3413)$uncompyle6/tmp/five-moved.pyc1#uncompyle6 versio�����n 3.9.123#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32:153
49、bytes78BlackHat Asia Example910 11def five():12�������� Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18$uncompyle6/tmp/five-moved.pyc#Embedded file name:five.py1#uncompyle6 version 3.9.12#Python bytecode version base ������3.8.0(3413)3#Decompiled from:Python 3.12.2(m
50、ain,Feb 14 2024,04:48:40)GCC 13.2.045#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved������.pyc18BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:H
51、ow to Read and Wr���ite a High-Level Bytecode DecompilerPython Bytecode Decompilation Example$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.12#Python bytecode version base 3.8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled at:20
52、24-02-17 10:16:086#S�������ize of source mod 2*32:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18$uncompyle6/tmp/five-moved.pyc#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)#Decompiled fro
53、m:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded file name:f���ive.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytesBlackHat Asia Example def five���():Returns the string five return 5 print(five()#okay decompiling/tmp/five-moved.pyc61718#uncompyle6 ve
54、rsion 3.9.1#Python bytecode version base 3.8.0(3������413)#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.0#Embedded file name:five.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytes#okay decompiling/tmp/five-moved.pyc$uncompyle6/tmp/five-moved.pyc12345678BlackHat Asia
55、Example910 11def five():12 Returns the string five13 return 514 15 16print(five()1718#Python bytecode version base 3.8.0(3413)$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.123#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled a�������t:2024-02
56、-17 10:16:086#Size of source mod 2*3�����2:153 bytes78BlackHat Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-moved.pyc18$uncompyle6/tmp/five-moved.pyc#Embedded file name:five.py1��������#uncompyle6 version 3.9.12#Python bytecode version base 3.
57、8.0(3413)3#Decompiled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.045#Compiled at:2024-02-17 10:16:086#Size of source mod 2*32:153 bytes78BlackHat������� Asia Example910 11def five():12 Returns the string five13 return 514 15 16print(five()17#okay decompiling/tmp/five-mo������ved.pyc18BlackHat Asia Exa
58、mple def five():Returns the string five return 5 print(five()$uncompyle6/tmp/five-moved.pyc1#uncompyle6 version 3.9.12#Python bytecode version base 3.8.0(3413)3#Decomp������iled from:Python 3.12.2(main,Feb 14 2024,04:48:40)GCC 13.2.04#Embedded file name:five.py5#Compiled at:2024-02-17 10:16:086#Size of so
59、urce mod 2*32:153 bytes78951617#okay decompiling/tmp/five-moved.pyc18BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSou������rce code:Decompiled code:Source Code Differences BlackHat Asia Example def five():Returns the string five
60、 return 5print(five()12345678 9 10#Call the function we just defined.1112BlackHat Asia Example def five():Returns the string five return 5 print(five()#uncompyl������e6 version 3.9.11#Python bytecode version base 3.8.0(3413)2#Decompiled from:�������Python 3.12.2(main,Feb 14 2024,3#Embedded file name:five.py4#Com
61、piled at:2024-02-17 10:16:085#Size of source mod 2*32:153 bytes6789516 17#okay decompiling/tmp/five-moved.pyc18BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecod�����e DecompilerSource code:Decompiled code:Source Code Differences BlackHat Asia
62、Example def���� five():Returns the string five return 5print(five()12345678 9 10#Call the function we just defined.1112#Call the function we just defined.1BlackHat Asia Example23 4 5def five():6 Returns the string five7 return 58 9 1011print(five()12BlackHat Asia Example def five():Returns the string fi
63、ve return 5 print(five()#uncompyle6 vers����ion 3.9.11#Python bytecode version base 3.8.0(3413)2#Decompiled from:Python 3.12.2(main,Feb 14 2024,3#Embedded file name:five.py4#Compil�����ed at:2024-02-17 10:16:085#Size of source mod 2*32:153 bytes6789516 17#okay decompiling/tmp/five-moved.pyc18Black
64、Hat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSource code:Decompiled code:Source Code Diff����erences BlackH������at Asia Example def five():Returns the string five return 5print(five()12345678 9 10#Call the function we just defined.1112#Call the fu
65、nction we just defined.1BlackHat Asia Example23 4 5def five():6 Returns the string five7 return 5������8 9 1011print(five()12BlackHat Asia Example def five():Returns the string five return 5 print(five()#uncompyle6 version 3.9.11#Python bytecode version base 3.8.0(3413)2#Decompiled from:Python 3.12.2(main
66、,Feb 14 2024,3#�������Embedded file name:five.py4#Compiled at:2024-02-17 10:16:085#Size �������of source mod 2*32:153 bytes6789516 17#okay decompiling/tmp/five-moved.pyc18#uncompyle6 version 3.9.1#Python bytecode version base 3.8.0(3413)#Decompiled from:Python 3.12.2(main,Feb 14#Embedded file name:five
67、.py#Compiled at:2024-02-17 10:16:08#Size of source mod 2*32:153 bytes#okay decompiling/tmp/five-moved.��������pyc1234567BlackHat Asia Example89 10def five():11 Returns the string five12 return 513 14 15print(five()16 1718BlackHat As��������ia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-
68、Level Bytecode DecompilerHow T������hese Decompilers WorkBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerHow These Decompilers WorkDecompilation processed in a pipeline of these phases:BlackHat Asia 2024/rockygnu.org-uncompyle����6 and decompyle3
69、:How to Read and Write a High-Level Bytecode DecompilerHow These Decompilers WorkDecompilation processed in a pipeline of these phases������:1.Get bytecod������e disassembly via xdisBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerHow These Decompil
70、ers WorkDecompilation processed in a pipeline of these phases:1.Get bytec���ode disassembly via xdis2.Tokenize or li?the disassemblyBlackHat Asia 2024/rockygnu.or�����g-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerHow These Decompilers WorkDecompilation processed in a pipe
71��������、line of these phases:1.Get bytecode disassembly via xdis2.Tokenize or li?the disassembl�������y3.Parse tokens into a Parse TreeBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerHow These Decompilers WorkDecompilation processed in a pipeline of t
72、hese phases:1.Get bytecode disassembly via xdis2.Tokenize or li?the disassembly3.Parse���� tokens into a Parse Tree4.Abstract the Parse Tree into an Abstract Syntax TreeBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerHow These Decompilers W
73、orkDecompilation processed in a pipeline of these phases:1.Get bytecode disassembly via xdis2.Tokenize or li?the disassembly3.Parse tokens into a Parse Tree4.Abstract the Parse Tree into an Abstract Syntax Tree5.Produce Source from������� the Abstract Syntax TreeBlackHat Asia 2024/rockygnu.org-uncompyle6 a
74、nd decompyle3:How to Read and W����rite a Hi�����gh-Level Bytecode DecompilerDisassembly using pydisasm from$pydisasm/tmp/five_moved.pycxdisBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerDisassembly using pydisasm from$pydisasm/tmp/five_moved.p
75、ycxdis#pydisasm version 6.1.0#Python bytecode 3.8.0(3413)#Disassembled from Python 3.8.18(default,Sep 4 2023,13:19:52)#GCC 12.3.0#Timestamp in code:1������708217267(2024-02-17 19:47:47)#Source code size mod 2*32:148 bytes#Method Name:#Filename:five.py#Argument count:0#Position-only argument count:0#Keywor
76、d-only arguments:0#Number of locals:0#Stack size:2#Flags:0 x00000040(NOFREE)#First Line:01112131415BlackHat �����Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerDisassembly using pydisasm from$pydisasm/tmp/five_move�������d.pycxdis#pydisasm versi
77、on 6.1.0#Python bytecode 3.8.0(3413)#Disassembled from Python 3.8.18(default,Sep 4 2023,13�������:19:52)#GCC 12.3.0#Timestamp in code:1708217267(2024-02-17 19:47:47)#Source code size mod 2*32:148 bytes#Method Name:#Filename:five.py#Argument count:0#Position-only argument count:0#Keyword-only arguments:0#Nu
78、mber of locals:0#Stack size:2#Flags:0 x00000040(NOFREE)#�����First Line:01112131415#Python bytecode���� 3.8.0(3413)#Disassembled from Python 3.8.18(default,Sep 4 2023,13:19:52)#GCC 12.3.0#Timestamp in code:1708217267(2024-02-17 19:47:47)#Source code size mod 2*32:148 bytes#pydisasm version 6.1.012
7�����9、3456#Method Name:7#Filename:five.py8#Argument count:09#Position-only argument count:010#Keyword-only arguments:011#Number of locals:012#Stack size:213#Flags:0 x00000040(NOFREE)14#First Line:115BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode Decom
80、pilerDisassembly using pydisasm from$pydisasm/tmp/five_moved.pycxdis#pydisasm version 6.1.�����0#Python bytecode 3.8.0(3413)#Disassembled from Python 3.8.18(defaul������t,Sep 4 2023,13:19:52)#GCC 12.3.0#Timestamp in code:1708217267(2024-02-17 19:47:47)#Source code size mod 2*32:148 bytes#Method Name:#Filename:
81、five.py#Argument count:0#Position-only argument count:0#Keyword-only arguments:0#Number of locals:0#Stack size:2#Flags:0 �����x00000040(NOFREE)#First Line:01112131415#Python bytecode 3.8.0(3413)#Disassembled from Python 3.8.18(default,Sep 4 2023,1�����3:19:52)#GCC 12.3.0#Timestamp in code:170821726
82、7(2024-������02-17 19:47:47)#Source code size mod 2*32:148 bytes#pydisasm���� version 6.1.0123456#Method Name:7#Filename:five.py8#Argument count:09#Position-only argument count:010#Keyword-only arguments:011#Number of locals:012#Stack size:213#Flags:0 x00000040(NOFREE)14#First Line:115 1:0 LOAD_CONST (nBlackH
83、at Asia Examplen)2 STORE_NAME (_doc_)#2:five19#3:None20#Names:21#0:_doc_22#1:fi������ve23#2:print24252627 6:4 LOAD_CONST (code object five at 0 x7f3f4c3d17c0,file five.py,28 6 LOAD_CONST (five)29 8 MAKE_FUNCTION (Neither defaults,keyword-only args,annotations,nor 30 10 STORE_NAME (five)31 32 12:12 LOAD_NA
84、ME (print)33BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read an�����d Write a High-Level Bytecode DecompilerBytecode Disassembly:Parser Input Tokens:Phases 1 and 2:Bytecode to Tokens 1:0 LOAD_CONST (nBlackHat Asia Examplen)2 STORE_NAME (_doc_)6:4 LOAD_CONST 6 LOAD_CONST (five)8 MAKE_
85、FUNCTION (No parameters)10 STORE_NAME (five)1234567 1:0 LOAD_STR (nBlackHat Asia Examplen)2 STORE_NAME (_doc_)6:4 LOAD_CODE 6 LOAD_STR (five)8 MAKE_FUNCTION_0 (No������ parameters)10 STORE_NAME (five)1234567BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Byteco
86、de DecompilerByteco�����de Disassembly:Parser Input Tokens:Phases 1 and 2:Bytecode to Tokens 1:0 LOAD_CONST (nBlackHat Asia Examplen)2 STORE_NAME (_doc_)6:4 LOAD_CONST 6 LOAD_CONST (five)8 MAKE_FUNCTION (No parameters)10 STORE_NAME (five)1234567 1:0 LOAD_CONST (nBlackHat Asia Examplen)6 LOAD_CONST (five)
87、8 MAKE_FUNCTION (No parameters)1 2 STORE_NAME (_doc_)2 3 6:4 LOAD_CONST 456 10 STORE_NAME (five)7 1:0 LOAD_STR (nBlackHat Asia Examplen)2 STORE_NAME (_doc_)6:4 LOAD_CODE 6 LOAD_STR (five)8 MAKE_FUNCTION_0 (No parameters)10 STORE_NAME (five)1234567BlackHat Asia 2024/rockygnu.org-unc��������ompyle6 and decomp
88、yle3:How to Read and Write a High-Level Bytecode Decomp�������ilerBytecode Disassembly:Parser Input Tokens:Phases 1 and 2:Bytecode to Tokens 1:0 LOAD_CONST (nBlackHat Asia Examplen)2 STORE_NAME (_doc_)6:4 LOAD_CONST 6 LOAD_CONST (five)8 MAKE_FUNCTION (No parameters)10 STORE_NAME (five)1234567 1:0 LOAD_CONS
89、T (nBlackHat Asia Examplen)6 LOAD_CONST (five)8 MAKE_FUNCTION (No parameters)1 2 STORE_NAME (_doc_)2 3 6:4 LOAD_CONST 456 10 STORE_NAME (five)7 1:0 LOAD_STR (�����nBlackHat Asia Examplen)2 STORE_NAME (_doc_)6:4 LOAD_CODE 6 LOAD_STR (five)8 MAKE_FUNCTION_0������ (No parameters)10 STORE_NAME (five)1234567 1:0 LO
90、AD_ST�����R (nBlackHat Asia Examplen)6 LOAD_STR (five)8 MAKE_FUNCTION_0 (No parameters)1 2 STORE_NAME (_doc_)2 3 6:4 LOAD_CODE 456 10 STORE_NAME (five)7BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerPhase 3:Parsing Tokens into a Parse TreeC
91、onstructing Parse Tree from Tokens:BlackHat Asia Exampl�����e LOAD_STR nBlackH�����at Asia Examplen STORE_NAME _doc_BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerPhase 3:Parsing Tokens into a Parse TreeConstructing Parse Tree from Tokens:BlackH
92、at Asia Example LOAD_STR nBlackHat Asia Examplen STORE_NAME _doc_Is parsed:BlackHat Asia 2024/rocky������gnu.org-uncompyle6 and deco�����mpyle3:How to Read and Write a High-Level Bytecode DecompilerPhase 3:Parsing Tokens into a Parse TreeConstructing Parse Tree from Tokens:BlackHat Asia Example LOAD_STR nBlack
93、Hat Asia Examplen STORE_NAME _doc_Is parsed:LOAD_STRBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read an�������d Write a High-Level Bytecode DecompilerPhase 3:Parsing Tokens into a Parse TreeConstructing Parse Tree from Tokens:BlackHat Asia ������Example LOAD_STR nBlackHat Asia Examplen STORE
94、_NAME _doc_Is parsed:LOAD_STR expr :=LOAD_STRBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerPhase 3:Parsing Tokens into a Parse TreeConstructing Parse Tree from Tokens:BlackHat Asia Examp��������le LOAD_STR nBlackHat Asia Examplen STORE_NAME _
95、doc_Is parsed:LOAD_STR expr :=LOAD_STRBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Leve�����l Bytecode DecompilerParsing Tokens into a Parse Tree(Part 2)Constructing Parse Tree from Tokens:LOAD_STR expr :=LOAD_STRBlackHat Asia 2024/rockygnu.org-uncompyle6 and dec
96、ompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Toke�������ns into a Parse Tree(Part 2)Constructing Parse Tree from Tokens:LOAD_STR expr :=LOAD_STR STORE_NAMEBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Tokens
97、into a Parse Tree(Part 2)Construc��������ting Parse Tree from Tokens:LOAD_STR expr :=LOAD_STR STORE_NAME store :=STORE_NAMEBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Tokens into a Parse Tree(Part 2)Constructi���������ng Parse Tree from Toke
98、ns:LOAD_STR expr :=LOAD_STR STORE_NAME store :=STORE_NA������MEBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Tokens into a Parse Tree(Part 3)LOAD_STR expr :=LOAD_STR STORE_NAME store :=STORE_NAMEBlackHat Asia 2024/rockygnu.org-uncom
99、pyle6 and decompyl�������e3:How to Read and Write a High-Level Bytecode DecompilerParsing Tokens into a Parse Tree(Part 3)LOAD_STR expr :=LOAD_STR STORE_NAME store :=STORE_NAME assign :=expr storeBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and �������Write a High-Level Bytecode Decompile
100、rParsing Tokens into a Parse Tree(Part 3)LOAD_STR expr :=LOAD_STR STORE_NAME stor�����e :=STORE_NAME assign :=expr storeBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Le������vel Bytecode DecompilerParsing Tokens into a Parse Tree(Part 4)LOAD_STR expr :=LOAD_STR STORE_NA
101、ME store :=STORE_NAME assign :=expr storeBlackHat Asia 2024/ro������ckygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Tokens into a Parse Tree(Part 4)LOAD_STR expr :=LOAD_STR STORE_NAME store :=STORE_NAME assign :=expr store stmts :=assignBlackHat Asia 2024
������102、/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerParsing Token�������s into a Parse Tree(Part 4)LOAD_STR expr :=LOAD_STR STORE_NAME store :=STORE_NAME assign :=expr store stmts :=assignBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Wri
103、te a High-Level Bytecode DecompilerPhases 3-5:Final Parse Tree to Source TextPhase 3.Parse Tree in ASCII Format(First Line):stmts 0.assign 0.expr L.1 0 LOAD_STR nBlackHat Asia Examplen 1.store 2 STORE_NAME _doc_ Blac��������kHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-L
104、evel Bytecode DecompilerPhases 3-5:Final Parse Tree to Source TextPhase 3.Parse Tree in ASCII �������Format(First Line):stmts 0.assign 0.expr L.1 0 LOAD_STR nBlackHat Asia Examplen 1.store 2 STORE_NAME _doc_ Ph������ase 4.Abstract Syntax Tree(First Line)stmts 0.docstring 0 LOAD_STR nBlackHat Asia Examplen 2 STOR
105、E_NAME _doc_BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Le�������vel Bytecode DecompilerPhases 3-5:Final Parse Tree to Source TextPhase 3.Parse Tree in ASCII Format(First Line):stmts 0.assign 0.expr L.1 0 LOAD_STR nBlackHat Asia Examplen 1.store 2 STORE_NAME _doc_
106、 Phase 4.Abstract Syntax Tree(First Line)stmts 0.docstring 0 LOAD_STR nBlackHat Asia Examplen 2 STORE_NAME _doc_Phase 5.Printing the Abstract Syntax Tree(First line)BlackHa�����t Asia ExampleBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level By����tecode DecompilerBl
107、ackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBytecode Disassembly 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|16|83 00 83 01 01 00 64 03|24|53 00|BlackHat Asia 2024/rockygnu.org-uncompyle6 and ������decompyle3:How to Read and Write a
108、 High-Level Bytecode DecompilerBytecode Disassembly 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|16|83 00 83 01 01 00 64 03|24|53 00|Disassembly �����using pydisasm from xdis:BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBytecode Di
109、sassembly 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|16|83 00 83 01 01 00 64 03|24|53 00|Disassembly using pydisasm from xdis:$pydisasm-F extended-bytes-S _pycache_/five�������.cpyth������on-38.pycBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode Decom
110、pilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|6������4 00 5a 00 64 01 64 02�������|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83 01 01 00 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Examplen#1:#2:five#3:None#Names:#0:_doc_#1:five#2:print#nBl
111、ackHat Asia Examplen1������1 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02����|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(
112、.):.19 20i(fi()21BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpyth������on-38.pyc 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83 0
113、1 01 00 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Examplen#1:#�����2:five#3:None#Names:#0:_doc_#1:five#2:print#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|
114、64 02|LOAD_CONST (five)17 8|84 00|MAKE_FU����NCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#.123#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asi
115、a Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No ���arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21BlackHat Asia 2024/rockygnu.org-uncompyle
116、6 and dec���ompyle3:How to Read and Write a High-Level Bytecode DecompilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83 01 01 00 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Exam
117、plen#1:#2:five#3:None#Names:#0:_doc_#1:five#2:print#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackH�����at Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No argume
118、nts);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#.123#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBla����ckHat Asia Exa�������mplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat A
119、sia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examp�����len#Names:#0:_d������oc_#nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (
120、nBlackHat Asia Examplen)2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.12�����3#1:4#2:five5#3:None678#1:five9#2:print10111213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five
121、(.):.19 20i(fi()21BlackHat Asia 2024/rockygnu.org-u�������nc����ompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83
122、01 01 00 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Examplen#1:#2:five#3:None#Names:#0:_doc_#1:five#2:print#nBlackHat Asi�����a Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 ������6:4|64 01|LOAD_CONST ()16 6
123、|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=de����f five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#.123#1:4#2:five5#3:��������None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat As
124、ia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia ������Examplen#Na
125、mes:#0:_doc_#nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.123#1:4#2:five5#3:None678#1:five9#2:print10111213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (f�������ive)17 8|84 00|MAKE_FUNCTION (No arguments);T
126、������OS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#nBlackHat Asia Examplen#.1#Constants:2#0:nBl������ackHat Asia Examplen3#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print1011 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Ex
127、amplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (�������No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20#print(five()21BlackHat Asia 2024/rockygnu.org-uncomp��������yle6 and decompyle3:How to Read and Write a High-Level Bytec
128、ode DecompilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83 01 01 00 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Examplen#1:#2:five#�������3:None#Names:#0:_doc_#1:five#2:print12345��������6
129、78910#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=�������def five(.):.18 10|5a 01|STORE_NAME (five);five=
130、def five(.):.19 20i(fi()21#Constants������:#0:nBlackHat A�����sia Examplen#.123#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16
131、 6|64 02������|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#Names:#0:_doc_#nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)2|5a 00�������|STORE_NAME (_doc_);_doc_=
132、nBlackHat Asia Examplen#.123#1:4#2:five5#3:None678#1:five9#2:print10111213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=����def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#nBlackHat Asia Examplen#.1#Constants:2
133、#0:nBlackHat Asia Examplen3#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print1011 1:0|64 ���������00|LOAD_CONST (nBlackHat Asia Examplen)�������12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments)
134、;TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia �����Examplen)#.1#Constants:23#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen1112 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia
135、Examplen13 14#def five(�����):15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21BlackHat Asia 2024/rockygnu.org-uncompyle6����� and decompyle3:How to Read and Write a High-Level Bytecode D
136、ecompilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|64 00 5a 00 64 01 64 02|������8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83 01 01 00 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Examplen#1:#2:five#3:None#Names:#0:_doc_#1:five#2:print
137、#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01����|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def f
138、ive(.):.19 20i(fi()����21#Constants:#0:nBlackHat Asia Examplen#.123#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64
139、 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments�����);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#Names:#0:_doc_#nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)2|5a 00|STORE_NAM���E (_doc_);_doc_=nBlac
140、kHat A������sia Examplen#.123#1:4#2:five5#3:None678#1:five9#2:print10111213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#nBlackHat Asia Examplen#.1#Constants:2#0:������nB
141、lackHat Asia Examplen3#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print1011 1:0|64 00|LOAD_CONST �����(nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=
142、def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)#.1#Constants:23#1:4#2:five5#3:None6#�����Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen1112 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examp
143、len13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CO������NST (five)17 8|84 00|MAKE_FUNCTION������� (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:_doc_ 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.1#Constants:2#0:nBlackHat Asia Examplen3#
144、1:4#2:five5#3:None6#Names:78#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)1213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNC����TION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19
145、20i(fi()21BlackHat Asia 2024/rockygnu.org-uncompyle6 and����� decompyle3:How to Read and Write a High-Level Bytecode DecompilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|64 00 5a 00 64 01 64 0����2|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83 01 01 00
146、 64 03|24|53 00|#.#Constants:#0:nBlackHat Asia Examplen#1:#2:five#3:None#Names:#0:_doc_#1:five�����#2:print#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|L
147、OAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No argumen�������ts);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat �������Asia Examplen#.123#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examp
148、len)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTIO������N (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#Names:#0:_
����149、doc_#nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.123#1:4#2:five5#3:None678#1:five9#2:print10111213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def f
150、ive(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(f������i()21#nBlackHat Asia Examplen#.1#Constants:2#0:nBlackHat Asia Examplen3#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print1011 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13
151、 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:nBlackH�����at Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)#.1#Constants:23#1:4#2:five5#3:None6#Nam
152、es:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen1112 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONS�����T ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);������TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(f
153、i()21#0:_doc_ 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.1#Con�����stants:2#0:nBlackHat Asia Examplen3#1:4#2:five5#3:None6#Names:78#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12�������13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (
154、five)17 8��������|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:_doc_ 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.1#Constants:2#0:nBlackHat Asia Examplen3#1:4#2:five5#3:None6#Nam
155、es:78#1:five9#2:print10#nBlackHat Asia Examplen111213 14#�������def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:Ho
156、w to Read and Write a High-Level Bytecode DecompilerBytecode Disassembly$pydisasm-F extended-bytes-S _pycache_/five.cpython-38.pyc 0|64 00 5a 00 64 01 64 02|8|84 00 5a 01 65 02 65 00|12|65 02 65 01 83 01 01 00|16|83 00 83 01 01 00 64 03|24|53 00|#.#Constants:#0:nBlac�����kHat Asia Examplen#1:#2:five#3:No
157、ne#Names:#0:_doc_#1:five#2:print#nBlack�����Hat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|S�����TORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.
158、):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#.123#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:f������ive9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#d
159、ef five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#Constants:#0:nBlackHat Asia Examplen#Names:#0:_doc_#nBlackHat Asi������a Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Exam
160、plen)2|5a 00|STORE_NAME (_doc_);_doc_=������nBlackHat Asia Examplen#.123#1:4#2:five5#3:None678#1:five9#2:print10111213 14#def five():15 6:4|64 01|LOAD_CONST ()�����16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#
161、nBlackHat Asia Examplen#.1#Constants:2#0:nBlackHat Asia Example�����n3#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print1011 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)12 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (fiv��e)1
�����162、7 8|84 00|MAKE_FUNCTION (No ar������guments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:nBlackHat Asia Examplen 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)#.1#Constants:23#1:4#2:five5#3:None6#Names:7#0:_doc_8#1:five9#2:print10#nBlackHat Asia Examplen1112 2|5a 00|ST
163、ORE_N��������AME (_doc_);_doc_=nBlackHat Asia Exa��������mplen13 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:_doc_ 2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen
164、#.1#Constants:2#0:nBlackHat Asia Examplen3#1:4#2:five5#3:None6#Names:78#1:five9#2:print10#nBlackHat Asia Examplen11 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)1213 14#def five():15 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.��������):.18 10|5a
165、 01|STORE_NAME (five);five=def five(.):.19 20i(fi()21#0:_doc_ 1:0|64 00|LOAD_CONST (nBlackHat Asia Examplen)2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen#.1#Consta�����nts:2#0:nBlackHat Asia Examplen3#1:4#2:five5#3:None6#Names:78#1:five9#2:print10#nBlackHat Asia Examplen1112������13 14#def five():15
166、 6:4|64 01|LOAD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (f���ive);five=def five(.):.19 20i(fi()21#print(five()12:12|65 02|LOAD_NAME (p�������rint)14|65 01|LOAD_NAME (five)16|83 00|CALL_FUNCTION (0 positional arguments);TOS=five()18|83
167、 01|CALL_FUNCTION (1 positional argument);T�����OS=print(five()2|5a 00|STORE_NAME (_doc_);_doc_=nBlackHat Asia Examplen13 14#def five():15 6:4|64 01|LO�������AD_CONST ()16 6|64 02|LOAD_CONST (five)17 8|84 00|MAKE_FUNCTION (No arguments);TOS=def five(.):.18 10|5a 01|STORE_NAME (five);five=def five(.):.19 2021222
168、32425 20|01 00|POP_TOP26 22|64 03|LO�������AD_CONST (None)27 24|53 00|RETURN_VALUE return None28 29 30#Method Name:five31#Filename:five.py32#Argument count:033BlackHat Asia 2024/rockygnu.org-uncompyle6 �����and decompyle3:How to Read and Write a High-Level Bytecode DecompilerChained Compare BytecodePython Expre
169、ssion:a=_file_=b 1:0|64 00|LOAD_CONST (a)2|65 00|LOAD_NAME (_file_)4|04 00|DUP_TOP 6|03 00|ROT_THR������EE 8|6b 01|COMPARE_OP (=)10|6f 12|JUMP_IF_FALSE_OR_POP(to 18)12|64 01|LOAD_CONST (b)14|6b 01|COMPARE_OP (=);TOS=(to 18)18|02 00|ROT_TWO 2����0|01 00|POP_TOP 22|01 00|POP_TOP 24|64 02|LOAD_CONST (None)26|53
170、00|RETURN����_VALUE return None11121314BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerChained Compare BytecodePython Expression:a=_file_=b 1:0|64 00|LOAD_CONST (a)2|65 00|LOAD_NAME (_file_)4|04 00|DUP_TOP 6|03 00|ROT_THREE 8|6b
171、01|COMPARE_OP (=)10|6f 12|JUMP_IF_FALSE_OR_POP(to 18)12|64 01|LOAD_CONST (b)14|6b 01|COMPARE_OP (=);TOS=(to 18)18�����|02 00|ROT_TWO 20|01 00|POP_TOP 22|01 00|POP_TOP 24|64 02|LOAD_CONST (None)26|53 00|RETURN_VALUE return None11121314 10|6f 12|JUMP_IF_FALSE_������OR_POP(to 18)16|6e 04|JUMP_FORWARD (
172、to 22)1:0|64 00|LOAD_CONST (a)1 2|65 00|LOAD_NAME (_file_)2 4|04 00|DUP_TOP3 6|03 00|ROT_THREE4 8|��6b 01|COMPARE_OP (=)56 12|64 01|LOAD_CONST (b)7 14|6b 01|���������COMPARE_OP (=);TOS=(to 18)18|02 00|ROT_TWO10 20|01 00|POP_TOP11 22|01 00|POP_TOP12 24|64 02|LOAD_CONST (None)13 26|53 00|RETURN_VALUE return None
173、14BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a �����High-Level Bytecode DecompilerChained Compare Parse Tree(new code)Python Expression:a=_file_=bBB_START 1 Basic Block 1compare_chained 0.expr pare_chained_middle .4.jifop 0.10 JUMP_IF_FALSE_OR_POP 18 to 18nnn 1.10 BB_
174、END 1 Basic Block 1 5.12 BB_START 2 Basic Block 2 pare_chained_right .2.16 JUMP_FORWARD 22 to 22 3.16 BB_END 2 Basic Block 2 2.18 BB_START 3 �������Basic Block 3 3.18 SIBLING_BLOCK 4.18 ROT_TWO 5.20 POP_TOP 6.20 BB_END 3 Ba������sic Block 3 7.20 BLOCK_END_JOIN 3 Basic Block DominatorSet6171
175、81920BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerChained Com������pare Parse Tree(new code)Python Expression:a=_file_=bBB_START 1 Basic Block 1compare_chained 0.expr pare_chained_middle .4.jifop 0.10 JUMP_IF_FALSE_OR_POP 18 to 18nnn 1.10
176、BB_E�����ND 1 Basic Block 1 5.12 BB_START 2 Basic Block 2 pare_chained_right .2.16 JUMP_FORWARD 22 to 22 3.16 BB_END 2 Basic Block 2 2.18 BB_START 3 Basic Block 3 3.18 SIBLING_BLOCK 4.18 ROT_TWO 5.20 POP_TOP 6.20 BB_END 3 Basic Block 3 7.20 BLOCK_END_JOIN 3 Basic Block DominatorSet6
177、17181920BB_START 1 Basic Block 1nnn 1.10 BB_END 1 Basic Block 1 5.12 BB_START 2 Basic Block 2 3.16 BB_END 2 Basic Block 2 2.18 BB_START 3 Basic Block 3 3.18 SIBLING_BLOCK 6.20 BB_END 3 Basic Block 3 7.20 BLOCK_END_JOIN 3 Basic Block DominatorSet1compare_chained2 0.expr3 .4 pare������_chained_middle5 .6 4.
178、jifop7 0.10 JUMP_IF_FALSE_OR_POP 18 to 188910 pare_chained_right11 .12 2.16 JUMP_FORWARD 22 to 2213141516 4.18 ROT_TWO17 5.20 POP_TOP181920B�����lackHat Asia 2024/rockygnu.�����org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerClassifying Scopes and Important Control-FlowPoin
179、ts i:int=6 zero_bits=0 one_bits=0#loop dominator while i 0:#if dominator if i%0:#first sibling one_bits+=1 else:#second sibling zero_bits+=1#join point i 0:#if dominator if i%0:#first sibling one_bits+=1 else:#second sibling zero_bits+=1#jo������in point i 0:#if dominator if i%0:#firs�����t sibling one_bits+=1
180、 else:#second sibling zero_bits+=1#join po������int i 0:#if dominator if i%0:#first sibling one_bits+=1 else:#second sibling zero_bits+=1#join point i 0:#if dominator if i%0:#first sibling one_bits+=1 else:#second sibling zero_bits+=1#join point i 0:5678910111213 i 0:#if dominator if i%0:#first sibli�������ng on
181、e_bits+=1 else:#second sibling zero_bits+=1#join point i 0:#if dominator if i%0:#first sibling one_bits+=1 else:#second sibling zero_bits+=1#join point i 0:5678910111213����� i 0:5#if do�������minator6 if i%0:789 else:101112#join point13 i 0:56 if i%0:78 one_bits+=19 else:1011 zero_bits+=11213 i 11415 print(one
182、_bits,zero_bits)16BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode D������ecompilerControl Flow Produced from control_flowBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerDominator Regions a
183、nd DominatorsBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerGeneral RemarksBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a �������High-Level Bytecode DecompilerGeneral RemarksOther Python decompilersBlackHat
184、Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level By����tecode DecompilerGeneral RemarksOther Python decompilersGeneral-Purpose������ DecompilersBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerGeneral RemarksOthe
185、r Python decompilersGeneral-Purpose Decomp�����ilersHow Control Flow DiffersBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompy������le3:How to Read and Write a High-Level Bytecode DecompilerGeneral RemarksOther Python decompilersGeneral-Purpose DecompilersHow Control Flow DiffersChoice of Intermediate Lang
186、uageBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerWrappin�����g Up1.Understand,pinpoint,report,and even���� fix problems.2.Understand how Python text code is related to its bytecode.3.Extend this code for newer Python Bytecode.4.Use these tech
187、niques in other High-level Bytecode Languages:BlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerThanksJohn Aycott and Hartmut GoebelBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a Hi�����gh-Level Bytecode Deco
188、mpilerThanksJohn Aycott and Hartmut GoebelBlackHat 2024 Asia Reviewers and OrganizersBlackHat Asia 2024/roc��������kygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerThanksJohn Aycott and Hartmut GoebelBlackHat 2024 Asia Reviewers and OrganizersPhil Young and Speaker-C
189、oaching ProgramBlackHat Asia��� 2024/rockygnu.or��������g-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerThanksJohn Aycott and Hartmut GoebelBlackHat 2024 Asia Reviewers and OrganizersPhil Young and Speaker-Coaching ProgramStuart FrankelBlackHat Asia 2024/rockygnu.org-uncompyle
190、6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerThanksJohn Aycott and Hartmut GoebelBlackHat 2024 Asia Reviewers a�������nd OrganizersPhil Young and Speaker-Coaching ProgramStuart FrankelYouBlackH�������at Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level B
191、ytecode DecompilerAdditional InformationPython Decompilers:,andCross-Version Python Disassembler:Python Control Flow:Older Decompiler Paper:PyCon Columbia 2018 talk slides:PyCon Columbia 2018 talk video:Additional Slides:Slide Text:https:/pypi.org/project/uncompyle6https:/pypi.org/project/decompyle3/https:/pypi.org/project/xdishttps:/ Asia 2024/rockygnu�����.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode Decompiler
sgpjbg002
工作日 8:30 - 17:30
会员动态:
报告分类
新质生产力
ChatGPT
新能源汽车
大模型
Sora
机器人
微短剧
芯片
薪酬
白皮书
低空经济
数据要素
创新药
人工智能
AI产业
信息科技
互联网
消费经济
汽车交通
电商零售
传媒娱乐
医药健康
投资金融
能源环境
地产建筑
传统产业
英文报告
其它
扫码登录
手机快捷登录
账号登录
