How to analyze the priority of pyd and py 01/18 Update SLTechnology News&Howtos

How to analyze the priority of pyd and py

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

How to analyze the priority of pyd and py, I believe that many inexperienced people are at a loss about it. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

Brief introduction

The advent of Cython makes Python code safer and faster. What most people know about Cython is to protect the Python code base, and it does improve the security of Python code. Currently, the resulting pyd files can only be disassembled and take precedence over py files. If its characteristics are combined with supply chain attacks, it may bring security risks.

Priority problem

When pyd and py files with the same filename are in the same directory, the pyd file will be executed first. Pyd files usually receive less attention because they are difficult to read and lack of disassembly skills in research and development. The following tests are performed:

Let's create a new file tmp_debug.py and compile it into a pyd file.

#! / usr/bin/python#-*-coding: utf-8-*-def test (): print ("malicious logic test.") Print ("output test.") If _ _ name__ = "_ _ main__": test ()

Then delete some of the code. Get the tmp_debug.py code as follows:

#! / usr/bin/python#-*-coding: utf-8-*-def test (): print ("output test.") If _ _ name__ = "_ _ main__": test ()

Put its pyd file in the same directory as the py file. Execute the call with the following code:

Import tmp_debugtmp_debug.test ()

The results are obtained:

Malicious logic test. Output test.

If you use PyCharm, hold down Ctrl and click the tmp_debug.test () method with the left mouse button, you will jump to the py file code and pyd will be ignored. You can imagine the consequences if it is used to attack the supply chain.

Repair method

1. If conditions permit, it is best to recompile the PYD file.

2. Compare the verification of the official module.

After reading the above, have you mastered how to analyze the priority issues of pyd and py? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.