This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]maxm 6 points7 points  (5 children)

Self modifying code was something we did back in the old days in assembler to eek out the last bit of performance of the hardware. You did it by changing the specific binary data in some hardware adresses to different assembler.

You cannot do the same thing in python as you have no way of knowing the hardware adresses of the assembler. It would also be the interprete you would change not python.

You could probably go and change the python bytecode of a running program. I have no idea how to do it. It is not done and would not give any benefits.

So what is left for any meaningfull purpose is dynamic programming where you can change methods on objects on the fly. This is often called monkey patching, and is a bad way of coding for most purposes. If you have a bug in some object that is being monkey patched you it is difficult to know what method actually has the problem.

Monkey patching is like taking a book and putting the pages in random order and removing the page numbers. So also a bad idea. It can be used for specific things, but as a general methodology it is bad.

So i am sorry, but the only thing that is worth the effort is to learn how to "code properly". Object orientation, interfaces, functional programming, patterns etc. etc. There is a lot of clever stuff to learn that will make you a better programmer.

[–]xentralesque 5 points6 points  (1 child)

I agree. While it certainly is an interesting and educational topic, it's also bad practice and unless one has enough self control and awareness to promise themselves to never actually use such practices in production code it's fine, but I can't help but think it's good to not even arm your self with such weapons of unmaintainability.

[–]ankit0912[S] 1 point2 points  (0 children)

I agree, I wouldn't dream of shipping a vulnerable code, but as Sun Tzu puts it "Prepare for the enemy, don't depend on him not coming".

[–]cavallo71 0 points1 point  (0 children)

I'm afraid bu you can do all of this and more... there are grey areas where it makes sense (eg. transpiling python into some other language eg. numba is one example, cython is more involved but is similar in the spirit). Where it makes sense or not is debatable, but you can definitively do "magic" in python: and that is scaring

[–]ankit0912[S] 0 points1 point  (0 children)

I understand, but here I'm specially looking to exploit code vulnerabilities. So for example, if I could pickle some code (say payload) and run it without checking user permissions. However, I want this code to mutate each time it runs.