1

I am new to python and I have never compiled python code to an executable file before. The languages I am well familiar with are C, C++, and Java and I have never come across a language that lets you modify the code from within itself, like Python which uses has the method exec.

For the following code,

a = 500
code  = raw_input() 
exec (code)

When I give the input as, print (a) the program displays the value in a. So this means the variable a comes within the scope of the code.

I don't understand what would happen if we try to convert the python code to an executable using a program like py2exe. Will the method exec still work? If it does work, does py2exe bring the entire Python compiler and interpreter with it when the program gets compiled?

Sreram
  • 491
  • 1
  • 9
  • 22
  • 1
    py2exe **always** embeds a full Python interpreter into the generated binary, 100% of the time. That's how it works. – Charles Duffy Nov 16 '16 at 19:11
  • You might want to read something like [this](http://stackoverflow.com/questions/3265357/compiled-vs-interpreted-languages) to learn about compiling and interpreting... (just don't worry about Java for now, it's complicated). – Lunaweaver Nov 16 '16 at 19:13
  • 1
    Nuitka http://nuitka.net/pages/overview.html is probably closer to creating an executable from Python in the way that you mean. It generates C++ which is then compiled and linked. The source for handling `eval` is here: http://pydoc.net/Python/Nuitka/0.5.14.2/nuitka.nodes.ExecEvalNodes/ – cdarke Nov 16 '16 at 19:20

1 Answers1

6

py2exe never compiles Python code into native executables; it bundles up a Python interpreter into an executable, always. This is likewise true of freeze, cx_Freeze and every other tool offering similar functionality while supporting the full Python language rather than a limited subset thereof.

Thus, exec, eval and similar constructs are available without needing additional facilities.

Charles Duffy
  • 280,126
  • 43
  • 390
  • 441
  • Does this mean it is possible to obtain the python script from the executable easily? – Sreram Nov 16 '16 at 19:15
  • Yes. If you're using these tools as obfuscators... well, they never claimed to be good for the purpose, and aren't. (Or, rather, you can obtain Python bytecode easily, and Python bytecode dissassembles very cleanly). – Charles Duffy Nov 16 '16 at 19:16
  • 1
    See also http://stackoverflow.com/questions/261638/how-do-i-protect-python-code, and https://pypi.python.org/pypi/mangler/. – Charles Duffy Nov 16 '16 at 19:18
  • 1
    Basically it is not possible to compile a python script to a native executable. You could do something like compiling using Cython (http://cython.org/ and https://github.com/cython/cython/wiki/FAQ#how-can-i-make-a-standalone-binary-from-a-python-program-using-cython) but that's not really a beginner path :-/ – Stephane Martin Nov 16 '16 at 19:20
  • @StephaneMartin, indeed, hence the "full Python language" caveat. :) – Charles Duffy Nov 16 '16 at 19:21
  • I don't know if it would work well, but one could try it. We can replace all the object names, method names and class names with randomly generated values and remove all the comments. Don't you think this will be enough to hide the code? – Sreram Nov 16 '16 at 21:06
  • @HelloWorld, ...comments don't make it into bytecode anyhow, and existing obfuscator tools will do much of that for you. But against an opponent hiring competent and experienced reverse engineers, no, it won't do much good. – Charles Duffy Nov 16 '16 at 21:15
  • 1
    @HelloWorld, ...really, you can't make reverse engineering impossible; all you can do is make it more difficult. Perhaps you make it difficult enough that you couldn't or wouldn't do it yourself, or that your opposition would rather bribe (or spearphish) one of your employees instead, but none of those are the same thing as "impossible" at all. The place to start is figuring out what your threat model is, how much money/time/resources your opponents are willing to spend and how much money/time/resources it's worth *you* spending to stop them. Often, opposing RE is simply not worth the effort. – Charles Duffy Nov 16 '16 at 21:17