Cython基础逆向分析教学文档<\/h1>

1. Cython编译基础<\/h2>

1.1 编译流程<\/h3>
创建.pyx<\/code>文件：Python扩展模块的源代码文件<\/p>
def<\/span> test<\/span>(a, b):
<\/span><\/span>    c =<\/span> a +<\/span> b
<\/span><\/span>    print(c)
<\/span><\/span><\/code><\/pre><\/li>

创建setup.py<\/code>文件：<\/p>
from<\/span> distutils.core import<\/span> setup
<\/span><\/span>from<\/span> Cython.Build import<\/span> cythonize
<\/span><\/span>setup(ext_modules=<\/span>cythonize("test.pyx"<\/span>))  # test.pyx是创建的pyx文件名<\/span>
<\/span><\/span><\/code><\/pre><\/li>

编译方法：<\/p>

使用cython模块编译：cython test.pyx<\/code><\/li>
使用cythonize模块编译：cythonize -a -i test.pyx<\/code><\/li>
使用setup.py编译：python setup.py build_ext --inplace<\/code><\/li>
<\/ul>
<\/li>

输出文件：<\/p>

.c<\/code>文件：生成的C源代码<\/li>
.pyd<\/code>文件：目标分析文件（Windows平台）<\/li>
<\/ul>
<\/li>
<\/ol>
1.2 平台差异<\/h3>

Windows和Linux平台生成代码架构可能有区别<\/li>
Windows使用MSVC编译器，Linux使用GCC<\/li>
<\/ul>
2. 比较指令分析<\/h2>
2.1 比较操作符映射<\/h3>
Python比较操作符在Cython中对应的C函数和常量：<\/p>



Python操作符<\/th>
C函数<\/th>
常量值<\/th>
常量名<\/th>
<\/tr>
<\/thead>


==<\/td>
PyObject_RichCompare<\/td>
2<\/td>
Py_EQ<\/td>
<\/tr>

>=<\/td>
PyObject_RichCompare<\/td>
5<\/td>
Py_GE<\/td>
<\/tr>

<=<\/td>
PyObject_RichCompare<\/td>
1<\/td>
Py_LE<\/td>
<\/tr>

!=<\/td>
PyObject_RichCompare<\/td>
3<\/td>
Py_NE<\/td>
<\/tr>

><\/td>
PyObject_RichCompare<\/td>
4<\/td>
Py_GT<\/td>
<\/tr>

<<\/td>
PyObject_RichCompare<\/td>
0<\/td>
Py_LT<\/td>
<\/tr>
<\/tbody>
<\/table>
2.2 代码示例<\/h3>
Python代码：<\/p>
def<\/span> test<\/span>(flag):
<\/span><\/span>    enc =<\/span> 19<\/span>
<\/span><\/span>    if<\/span> flag ==<\/span> enc: pass<\/span>
<\/span><\/span>    if<\/span> flag >=<\/span> enc: pass<\/span>
<\/span><\/span>    if<\/span> flag <=<\/span> enc: pass<\/span>
<\/span><\/span>    if<\/span> flag !=<\/span> enc: pass<\/span>
<\/span><\/span>    if<\/span> flag ><\/span> enc: pass<\/span>
<\/span><\/span>    if<\/span> flag <<\/span> enc: pass<\/span>
<\/span><\/span><\/code><\/pre>对应的C代码关键部分：<\/p>
\/\/ == 比较
<\/span><\/span><\/span><\/span>__pyx_t_1 =<\/span> __Pyx_PyInt_From_long(__pyx_v_enc);
<\/span><\/span>__pyx_t_2 =<\/span> PyObject_RichCompare(__pyx_v_flag, __pyx_t_1, Py_EQ);  \/\/ Py_EQ=2
<\/span><\/span><\/span><\/span>__pyx_t_3 =<\/span> __Pyx_PyObject_IsTrue(__pyx_t_2);
<\/span><\/span>if<\/span> (__pyx_t_3) { }
<\/span><\/span>
<\/span><\/span>\/\/ >= 比较
<\/span><\/span><\/span><\/span>__pyx_t_2 =<\/span> PyObject_RichCompare(__pyx_v_flag, __pyx_t_1, Py_GE);  \/\/ Py_GE=5
<\/span><\/span><\/span><\/span>
<\/span><\/span>\/\/ <= 比较
<\/span><\/span><\/span><\/span>__pyx_t_2 =<\/span> PyObject_RichCompare(__pyx_v_flag, __pyx_t_1, Py_LE);  \/\/ Py_LE=1
<\/span><\/span><\/span><\/span>
<\/span><\/span>\/\/ != 比较
<\/span><\/span><\/span><\/span>__pyx_t_2 =<\/span> PyObject_RichCompare(__pyx_v_flag, __pyx_t_1, Py_NE);  \/\/ Py_NE=3
<\/span><\/span><\/span><\/span>
<\/span><\/span>\/\/ > 比较
<\/span><\/span><\/span><\/span>__pyx_t_2 =<\/span> PyObject_RichCompare(__pyx_v_flag, __pyx_t_1, Py_GT);  \/\/ Py_GT=4
<\/span><\/span><\/span><\/span>
<\/span><\/span>\/\/ < 比较
<\/span><\/span><\/span><\/span>__pyx_t_2 =<\/span> PyObject_RichCompare(__pyx_v_flag, __pyx_t_1, Py_LT);  \/\/ Py_LT=0
<\/span><\/span><\/span><\/code><\/pre>3. 变量类型分析<\/h2>
3.1 变量类型映射<\/h3>
Python变量类型在Cython中的表示：<\/p>



Python类型<\/th>
Cython\/C类型<\/th>
初始化函数<\/th>
<\/tr>
<\/thead>


普通整数<\/td>
long<\/td>
PyInt_FromLong<\/td>
<\/tr>

小数<\/td>
double<\/td>
PyFloat_FromDouble<\/td>
<\/tr>

长整数<\/td>
PyObject*<\/td>
PyInt_FromString<\/td>
<\/tr>

字符串<\/td>
PyObject*<\/td>
全局字符串变量<\/td>
<\/tr>

布尔值<\/td>
int<\/td>
直接赋值(1\/0)<\/td>
<\/tr>

列表<\/td>
PyObject*<\/td>
PyList_New<\/td>
<\/tr>

元组<\/td>
PyObject*<\/td>
全局元组变量<\/td>
<\/tr>

字典<\/td>
PyObject*<\/td>
PyDict_New\/PyDict_SetItem<\/td>
<\/tr>
<\/tbody>
<\/table>
3.2 代码示例<\/h3>
Python代码：<\/p>
def<\/span> test<\/span>(flag):
<\/span><\/span>    tmp =<\/span> 19<\/span>                  # 普通整数<\/span>
<\/span><\/span>    tmp1 =<\/span> 21.3<\/span>               # 小数<\/span>
<\/span><\/span>    tmp2 =<\/span> 437593479587349875983475987349587324895<\/span>  # 长整数<\/span>
<\/span><\/span>    tmp3 =<\/span> "tmp1"<\/span>             # 字符串<\/span>
<\/span><\/span>    tmp4 =<\/span> True<\/span>               # 布尔值<\/span>
<\/span><\/span>    tmp5 =<\/span> False<\/span>              # 布尔值<\/span>
<\/span><\/span>    tmp6 =<\/span> [45<\/span>, -<\/span>67<\/span>, 21.4<\/span>, 23.7<\/span>, -<\/span>437593479587349875983475987349587324895<\/span>, 
<\/span><\/span>            340759348759834759853842759<\/span>, "hello"<\/span>, "guheng"<\/span>, True<\/span>, False<\/span>, tmp]  # 列表<\/span>
<\/span><\/span>    tmp7 =<\/span> []                 # 空列表<\/span>
<\/span><\/span>    tmp8 =<\/span> (1<\/span>, 3<\/span>, 99<\/span>)         # 元组<\/span>
<\/span><\/span>    tmp9 =<\/span> {"key"<\/span>: "key"<\/span>, "value"<\/span>: "value"<\/span>}  # 字典<\/span>
<\/span><\/span><\/code><\/pre>对应的C代码关键部分：<\/p>

普通整数：<\/li>
<\/ol>
__pyx_v_tmp =<\/span> 19<\/span>;
<\/span><\/span>\/\/ IDA中显示为：
<\/span><\/span><\/span><\/span>v3 =<\/span> PyLong_FromLong(19LL<\/span>);
<\/span><\/span><\/code><\/pre>
小数：<\/li>
<\/ol>
__pyx_v_tmp1 =<\/span> 21.3<\/span>;
<\/span><\/span>\/\/ IDA中显示为浮点数加载到xmm寄存器
<\/span><\/span><\/span><\/code><\/pre>
长整数：<\/li>
<\/ol>
__Pyx_INCREF(__pyx_int_0x149357046d142e1e6e1948884dc976fdf);
<\/span><\/span>__pyx_v_tmp2 =<\/span> __pyx_int_0x149357046d142e1e6e1948884dc976fdf;
<\/span><\/span>\/\/ IDA中显示为：
<\/span><\/span><\/span><\/span>v4 =<\/span> PyLong_FromString("-437593479587349875983475987349587324895"<\/span>, 0LL<\/span>, 0LL<\/span>);
<\/span><\/span><\/code><\/pre>
字符串：<\/li>
<\/ol>
__Pyx_INCREF(__pyx_n_s_tmp1);
<\/span><\/span>__pyx_v_tmp3 =<\/span> __pyx_n_s_tmp1;
<\/span><\/span>\/\/ 使用预定义的全局字符串变量
<\/span><\/span><\/span><\/code><\/pre>
布尔值：<\/li>
<\/ol>
__pyx_v_tmp4 =<\/span> 1<\/span>;  \/\/ True
<\/span><\/span><\/span><\/span>__pyx_v_tmp5 =<\/span> 0<\/span>;  \/\/ False
<\/span><\/span><\/span><\/code><\/pre>
列表：<\/li>
<\/ol>
__pyx_t_2 =<\/span> PyList_New(11<\/span>);  \/\/ 创建11个元素的列表
<\/span><\/span><\/span>\/\/ 逐个设置元素
<\/span><\/span><\/span><\/span>__Pyx_INCREF(__pyx_int_45);
<\/span><\/span>__Pyx_GIVEREF(__pyx_int_45);
<\/span><\/span>__Pyx_PyList_SET_ITEM(__pyx_t_2, 0<\/span>, __pyx_int_45);
<\/span><\/span>\/\/ ... 其他元素类似
<\/span><\/span><\/span><\/code><\/pre>
元组：<\/li>
<\/ol>
__Pyx_INCREF(__pyx_tuple__3);
<\/span><\/span>__pyx_v_tmp8 =<\/span> __pyx_tuple__3;
<\/span><\/span>\/\/ 使用预定义的全局元组变量
<\/span><\/span><\/span><\/code><\/pre>
字典：<\/li>
<\/ol>
__pyx_t_2 =<\/span> __Pyx_PyDict_NewPresized(2<\/span>);
<\/span><\/span>PyDict_SetItem(__pyx_t_2, __pyx_n_s_key, __pyx_n_s_key);
<\/span><\/span>PyDict_SetItem(__pyx_t_2, __pyx_n_s_value, __pyx_n_s_value);
<\/span><\/span><\/code><\/pre>3.3 变量初始化<\/h3>
Cython会在__Pyx_InitConstants<\/code>函数中初始化所有常量：<\/p>
static<\/span> CYTHON_SMALL_CODE int<\/span> __Pyx_InitConstants<\/span>(void<\/span>) {
<\/span><\/span>    __pyx_float_21_4 =<\/span> PyFloat_FromDouble(21.4<\/span>);
<\/span><\/span>    __pyx_float_23_7 =<\/span> PyFloat_FromDouble(23.7<\/span>);
<\/span><\/span>    __pyx_int_45 =<\/span> PyInt_FromLong(45<\/span>);
<\/span><\/span>    __pyx_int_neg_67 =<\/span> PyInt_FromLong(-<\/span>67<\/span>);
<\/span><\/span>    __pyx_int_large_neg_43759347958734... =<\/span> PyInt_FromString("-437593..."<\/span>, 0<\/span>, 0<\/span>);
<\/span><\/span>    \/\/ ... 其他初始化
<\/span><\/span><\/span><\/span>    return<\/span> 0<\/span>;
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>在IDA中，这些初始化后的值会被放入off_1800095B8<\/code>数据块中统一管理。<\/p>
4. 运算符分析<\/h2>
4.1 运算符映射<\/h3>
Python运算符在Cython中对应的C函数：<\/p>



Python运算符<\/th>
C函数名<\/th>
<\/tr>
<\/thead>


+<\/td>
PyNumber_Add<\/td>
<\/tr>

-<\/td>
PyNumber_Subtract<\/td>
<\/tr>

*<\/td>
PyNumber_Multiply<\/td>
<\/tr>

\/<\/td>
PyNumber_TrueDivide<\/td>
<\/tr>

\/\/<\/td>
PyNumber_FloorDivide<\/td>
<\/tr>

^<\/td>
PyNumber_Xor<\/td>
<\/tr>

&<\/td>
PyNumber_And<\/td>
<\/tr>

|<\/td>
PyNumber_Or<\/td>
<\/tr>

%<\/td>
PyNumber_Remainder<\/td>
<\/tr>

**<\/td>
PyNumber_Power<\/td>
<\/tr>

~<\/td>
PyNumber_Invert<\/td>
<\/tr>

>><\/td>
PyNumber_Rshift<\/td>
<\/tr>

<<<\/td>
PyNumber_Lshift<\/td>
<\/tr>
<\/tbody>
<\/table>
4.2 代码示例<\/h3>
Python代码：<\/p>
def<\/span> test<\/span>(x, y):
<\/span><\/span>    a =<\/span> x +<\/span> y
<\/span><\/span>    b =<\/span> x -<\/span> y
<\/span><\/span>    c =<\/span> x *<\/span> y
<\/span><\/span>    d =<\/span> x \/<\/span> y
<\/span><\/span>    e =<\/span> x \/\/<\/span> y
<\/span><\/span>    f =<\/span> x ^<\/span> y
<\/span><\/span>    g =<\/span> x &<\/span> y
<\/span><\/span>    h =<\/span> x |<\/span> y
<\/span><\/span>    i =<\/span> x %<\/span> y
<\/span><\/span>    j =<\/span> x **<\/span> y
<\/span><\/span>    k =<\/span> ~<\/span>x
<\/span><\/span>    l =<\/span> x >><\/span> 4<\/span>
<\/span><\/span>    n =<\/span> y <<<\/span> 2<\/span>
<\/span><\/span><\/code><\/pre>对应的C代码关键部分：<\/p>

加法：<\/li>
<\/ol>
__pyx_t_1 =<\/span> PyNumber_Add(__pyx_v_x, __pyx_v_y);
<\/span><\/span><\/code><\/pre>
减法：<\/li>
<\/ol>
__pyx_t_1 =<\/span> PyNumber_Subtract(__pyx_v_x, __pyx_v_y);
<\/span><\/span><\/code><\/pre>
乘法：<\/li>
<\/ol>
__pyx_t_1 =<\/span> PyNumber_Multiply(__pyx_v_x, __pyx_v_y);
<\/span><\/span><\/code><\/pre>
除法：<\/li>
<\/ol>
__pyx_t_1 =<\/span> __Pyx_PyNumber_Divide(__pyx_v_x, __pyx_v_y);
<\/span><\/span><\/code><\/pre>
整除：<\/li>
<\/ol>
__pyx_t_1 =<\/span> PyNumber_FloorDivide(__pyx_v_x, __pyx_v_y);
<\/span><\/span><\/code><\/pre>
异或：<\/li>
<\/ol>
__pyx_t_1 =<\/span> PyNumber_Xor(__pyx_v_x, __pyx_v_y);
<\/span><\/span><\/code><\/pre>
按位与：<\/li>
<\/ol>
__pyx_t_1 =<\/span> PyNumber_And(__pyx_v_x, __pyx_v_y);
<\/span><\/span><\/code><\/pre>
按位或：<\/li>
<\/ol>
__pyx_t_1 =<\/span> PyNumber_Or(__pyx_v_x, __pyx_v_y);
<\/span><\/span><\/code><\/pre>
求模：<\/li>
<\/ol>
__pyx_t_1 =<\/span> PyNumber_Remainder(__pyx_v_x, __pyx_v_y);
<\/span><\/span><\/code><\/pre>
幂运算：<\/li>
<\/ol>
__pyx_t_1 =<\/span> PyNumber_Power(__pyx_v_x, __pyx_v_y, Py_None);
<\/span><\/span><\/code><\/pre>
取反：<\/li>
<\/ol>
__pyx_t_1 =<\/span> PyNumber_Invert(__pyx_v_x);
<\/span><\/span><\/code><\/pre>
右移：<\/li>
<\/ol>
__pyx_t_1 =<\/span> __Pyx_PyInt_RshiftObjC(__pyx_v_x, __pyx_int_4, 4<\/span>, 0<\/span>, 0<\/span>);
<\/span><\/span>\/\/ IDA中可能显示为：
<\/span><\/span><\/span><\/span>v27 =<\/span> PyLong_FromLongLong(*<\/span>(int<\/span> *<\/span>)(v4 +<\/span> 24<\/span>) >><\/span> 4<\/span>, ...);
<\/span><\/span><\/code><\/pre>
左移：<\/li>
<\/ol>
__pyx_t_1 =<\/span> __Pyx_PyInt_LshiftObjC(__pyx_v_y, __pyx_int_2, 2<\/span>, 0<\/span>, 0<\/span>);
<\/span><\/span>\/\/ IDA中可能显示为：
<\/span><\/span><\/span><\/span>v32 =<\/span> PyLong_FromLongLong(4<\/span> *<\/span> v31, ...);
<\/span><\/span><\/code><\/pre>5. 条件语句和其他运算符<\/h2>
5.1 特殊运算符<\/h3>



Python运算符<\/th>
C函数\/实现方式<\/th>
<\/tr>
<\/thead>


in<\/td>
PySequence_Contains + Py_EQ判断<\/td>
<\/tr>

not in<\/td>
PySequence_Contains + Py_NE判断<\/td>
<\/tr>

and<\/td>
两个if嵌套<\/td>
<\/tr>

or<\/td>
第一个条件为真则跳过第二个条件判断<\/td>
<\/tr>

not<\/td>
PyObject_IsTrue + 取反<\/td>
<\/tr>

is<\/td>
直接指针比较(==)<\/td>
<\/tr>

is not<\/td>
直接指针比较(!=)<\/td>
<\/tr>

None<\/td>
与Py_NoneStruct比较<\/td>
<\/tr>
<\/tbody>
<\/table>
5.2 代码示例<\/h3>
Python代码：<\/p>
def<\/span> test<\/span>(x, y):
<\/span><\/span>    if<\/span> x in<\/span> y: x =<\/span> y
<\/span><\/span>    elif<\/span> x not<\/span> in<\/span> y: y =<\/span> x
<\/span><\/span>    else<\/span>: x =<\/span> 999999<\/span>
<\/span><\/span>    
<\/span><\/span>    if<\/span> x ==<\/span> 0<\/span> and<\/span> y ==<\/span> 0<\/span>: x =<\/span> 1<\/span>
<\/span><\/span>    if<\/span> y ==<\/span> 0<\/span> or<\/span> x ==<\/span> 0<\/span>: y =<\/span> 1<\/span>
<\/span><\/span>    
<\/span><\/span>    if<\/span> not<\/span> x: x =<\/span> 0<\/span>
<\/span><\/span>    if<\/span> x is<\/span> y: x =<\/span> 9<\/span>
<\/span><\/span>    if<\/span> y is<\/span> not<\/span> None<\/span>: y =<\/span> 8<\/span>
<\/span><\/span><\/code><\/pre>对应的C代码关键部分：<\/p>

in运算：<\/li>
<\/ol>
__pyx_t_1 =<\/span> (__Pyx_PySequence_ContainsTF(__pyx_v_x, __pyx_v_y, Py_EQ));
<\/span><\/span>if<\/span> (__pyx_t_1) {  \/\/ in
<\/span><\/span><\/span><\/span>    __Pyx_INCREF(__pyx_v_y);
<\/span><\/span>    __Pyx_DECREF_SET(__pyx_v_x, __pyx_v_y);
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>
not in运算：<\/li>
<\/ol>
__pyx_t_1 =<\/span> (__Pyx_PySequence_ContainsTF(__pyx_v_x, __pyx_v_y, Py_NE));
<\/span><\/span>if<\/span> (__pyx_t_1) {  \/\/ not in
<\/span><\/span><\/span><\/span>    __Pyx_INCREF(__pyx_v_x);
<\/span><\/span>    __Pyx_DECREF_SET(__pyx_v_y, __pyx_v_x);
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>
and运算：<\/li>
<\/ol>
__pyx_t_2 =<\/span> (__Pyx_PyInt_BoolEqObjC(__pyx_v_x, __pyx_int_0, 0<\/span>, 0<\/span>));
<\/span><\/span>if<\/span> (__pyx_t_2) {
<\/span><\/span>    __pyx_t_2 =<\/span> (__Pyx_PyInt_BoolEqObjC(__pyx_v_y, __pyx_int_0, 0<\/span>, 0<\/span>));
<\/span><\/span>    if<\/span> (__pyx_t_2) {  \/\/ and
<\/span><\/span><\/span><\/span>        __Pyx_INCREF(__pyx_int_1);
<\/span><\/span>        __Pyx_DECREF_SET(__pyx_v_x, __pyx_int_1);
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>
or运算：<\/li>
<\/ol>
__pyx_t_2 =<\/span> (__Pyx_PyInt_BoolEqObjC(__pyx_v_y, __pyx_int_0, 0<\/span>, 0<\/span>));
<\/span><\/span>if<\/span> (!<\/span>__pyx_t_2) {
<\/span><\/span>    __pyx_t_2 =<\/span> (__Pyx_PyInt_BoolEqObjC(__pyx_v_x, __pyx_int_0, 0<\/span>, 0<\/span>));
<\/span><\/span>}
<\/span><\/span>if<\/span> (__pyx_t_2) {  \/\/ or
<\/span><\/span><\/span><\/span>    __Pyx_INCREF(__pyx_int_1);
<\/span><\/span>    __Pyx_DECREF_SET(__pyx_v_y, __pyx_int_1);
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>
not运算：<\/li>
<\/ol>
__pyx_t_1 =<\/span> __Pyx_PyObject_IsTrue(__pyx_v_x);
<\/span><\/span>__pyx_t_2 =<\/span> (!<\/span>__pyx_t_1);
<\/span><\/span>if<\/span> (__pyx_t_2) {  \/\/ not
<\/span><\/span><\/span><\/span>    __Pyx_INCREF(__pyx_int_0);
<\/span><\/span>    __Pyx_DECREF_SET(__pyx_v_x, __pyx_int_0);
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>
is运算：<\/li>
<\/ol>
__pyx_t_2 =<\/span> (__pyx_v_x ==<\/span> __pyx_v_y);  \/\/ is
<\/span><\/span><\/span><\/span>if<\/span> (__pyx_t_2) {
<\/span><\/span>    __Pyx_INCREF(__pyx_int_9);
<\/span><\/span>    __Pyx_DECREF_SET(__pyx_v_x, __pyx_int_9);
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>
is not和None判断：<\/li>
<\/ol>
__pyx_t_2 =<\/span> (__pyx_v_y !=<\/span> Py_None);  \/\/ is not
<\/span><\/span><\/span><\/span>if<\/span> (__pyx_t_2) {
<\/span><\/span>    __Pyx_INCREF(__pyx_int_8);
<\/span><\/span>    __Pyx_DECREF_SET(__pyx_v_y, __pyx_int_8);
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>5.3 条件语句结构<\/h3>
在IDA中，条件语句的表现形式：<\/p>

if-elif-else结构：<\/li>
<\/ol>
v5 =<\/span> PySequence_Contains(a3, a2);
<\/span><\/span>if<\/span> (v5 ==<\/span> 1<\/span>) {  \/\/ if
<\/span><\/span><\/span><\/span>    \/\/ if块内容
<\/span><\/span><\/span><\/span>} else<\/span> {
<\/span><\/span>    v8 =<\/span> PySequence_Contains(v3, v4);
<\/span><\/span>    if<\/span> (v8) {  \/\/ elif
<\/span><\/span><\/span><\/span>        \/\/ elif块内容
<\/span><\/span><\/span><\/span>    } else<\/span> {  \/\/ else
<\/span><\/span><\/span><\/span>        \/\/ else块内容
<\/span><\/span><\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>
简单if结构：<\/li>
<\/ol>
if<\/span> (condition) {
<\/span><\/span>    \/\/ if块内容
<\/span><\/span><\/span><\/span>}
<\/span><\/span><\/code><\/pre>6. 总结<\/h2>
关键点回顾<\/h3>


编译产物分析<\/strong>：<\/p>

Cython会生成.c文件和.pyd\/.so文件<\/li>
不同平台生成的代码可能有差异<\/li>
<\/ul>
<\/li>

比较操作<\/strong>：<\/p>

使用PyObject_RichCompare函数<\/li>
通过第三个参数区分比较类型(Py_EQ\/Py_NE等)<\/li>
<\/ul>
<\/li>

变量类型<\/strong>：<\/p>

普通数字直接使用原生类型<\/li>
大数字、字符串、容器类型使用PyObject*<\/li>
常量会在初始化函数中预先创建<\/li>
<\/ul>
<\/li>

运算符<\/strong>：<\/p>

每种运算符对应特定的PyNumber_*函数<\/li>
位运算和算术运算使用不同函数<\/li>
<\/ul>
<\/li>

条件语句<\/strong>：<\/p>

in\/not in使用PySequence_Contains<\/li>
and\/or通过嵌套if实现<\/li>
is\/is not直接比较指针<\/li>
<\/ul>
<\/li>

逆向特征<\/strong>：<\/p>

大量使用Python C API函数(PyNumber_, PySequence_<\/em>等)<\/li>
常量数据集中管理<\/li>
类型转换和引用计数操作明显<\/li>
<\/ul>
<\/li>
<\/ol>
逆向技巧<\/h3>

识别Python C API函数调用<\/li>
跟踪常量数据块的引用<\/li>
注意PyObject*类型的传递和转换<\/li>
关注引用计数操作(INCREF\/DECREF)<\/li>
分析初始化函数中的常量创建过程<\/li>
<\/ol>
通过理解这些Cython的编译特征和代码模式，可以更有效地分析由Cython编译生成的二进制文件。<\/p>