ansaurus

Question

What's the best way to debug third-party Perl script?

Answer 1

+1 A:

You're going to have to get your hands on the Simfilter module and use it to go back to the original source code. It sounds like the author doesn't want you to get at the source, which isn't surprising if it is for something like encryption or copyright circumvention.

Ether 2009-12-17 18:45:24

He must already have SimFilter or he couldn't run the code. Would `perl -MO=Deparse Foo.pm` be sufficient? (i.e. would Deparse take the results after SimFilter de-obfuscated it?)

Michael Carman 2009-12-17 18:48:00

Answer 2

A:

try using perlide, download from sourceforge.net

ddyer 2009-12-17 18:46:08

Answer 3

+11 A:

Look at Carp::Always to add stacktrace to your errors. See more variants in "How can I replace all ‘die’s with ‘confess’ in a Perl application?" question.

Try B::Deobfuscate to restore source code of obfuscated script

Ivan Nevostruev 2009-12-17 18:48:07

Answer 4

+1 A:

Use $SIG{__DIE__} = \&Carp::confess; instead of overriding die.

Unfortunately the "encryption" is likely to screw up any stack traces. The good news is that you must already have the key (SimFilter) or you wouldn't be able to run the script in the first place. Try deparsing it:

 perl -MO=Deparse scriptname.pl

Michael Carman 2009-12-17 18:49:06

Answer 5

+7 A:

Try Deparse:

 perl -MO=Deparse script.pl

You might also find B::Deobfuscate helpful:

An obfuscated program is already parsed and interpreted correctly by the B::Deparse program. Unfortunately, if the obfuscation involved variable renaming then the resulting program also has obfuscated symbols.

This module takes the last step and fixes names like $z5223ed336 to be a word from a dictionary. While the name still isn't meaningful it is at least easier to distinguish and read. Here are two examples - one from B::Deparse and one from B::Deobfuscate.

Now, for the program to run at all, the SimFilter module must have been included with it as well. In fact, the

use lib dirname($0)."/libperl";

line makes it clear that the SimFilter.pm file is in the libperl subdirectory of the directory where the script lives.

Clearly, it is encoding the source code and you can figure out how to decode it from the SimFilter source code, decode it once and for all and go from there.

For an example from which you can learn, see also Acme::Bleach.

Sinan Ünür 2009-12-17 18:51:48

Answer 6

A:

This may not be relevant but you could also use the "caller" function.

perldoc caller

Logan 2009-12-17 18:53:46

Answer 7

+3 A:

From the name SimFilter and the alphabet soup that follows, I'm guessing that this code is using something like a Filter::Util::Call or Filter::Simple pattern. Maybe SimFilter.pm even imports one of these modules.

Anyway, my guess is that somewhere in SimFilter.pm, there is a line like:

    FILTER { $_ = some_function($_) }

which is where the magic happens. You might be able to view the source if you run the debugger after changing that line to something like

    FILTER { $_ = some_function($_); $DB::single=1; return $_ }

If that works, you can examine $_ at the debugger prompt and you can see the decrypted source code. If SimFilter turns out to be an attempt to further obfuscate the inner workings of Filter::XXX, then it may take even more effort to find where the magic happens. But as I've learned, $DB::single=1 is your friend for debugging modules that get run at compile time.

mobrule 2009-12-17 20:18:49

Answer 8

+1 A:

Here's a trick (For the stack trace part, at least -- I use this quite frequently when troubleshooting others' scripts):

Make a file "ConfessAll.pm", which contains:

use Carp;
BEGIN { $SIG{__DIE__} = \&Carp::confess; }
1;

then run your script:

perl -I <directory of ConfessAll.pm> -MConfessAll <script and arguments>

jsegal 2009-12-17 20:58:03

ansaurus

tags:

views:

answers:

What's the best way to debug third-party Perl script?

related questions