hailin
/
php-8.0.30-src
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

.

This commit is contained in:
hailin 2025-07-31 16:06:38 +08:00
parent a86c3ad859
commit a691c52d88
2 changed files with 34 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,6 @@
{
"files.associations": {
"*.md": "markdown",
"php_dec_interceptor.h": "c"
}
}

51
dec_interceptor/dec_interceptor.c
View File

@ -3,6 +3,8 @@
#include "ext/standard/info.h" #include "ext/standard/info.h"
#include "php_dec_interceptor.h" #include "php_dec_interceptor.h"
#include <time.h> #include <time.h>
#include "main/php_streams.h"
#include "ext/standard/php_smart_string.h"
zend_op_array *(*prev_compile_file)(zend_file_handle *file_handle, int type) = NULL; zend_op_array *(*prev_compile_file)(zend_file_handle *file_handle, int type) = NULL;
zend_op_array *(*prev_compile_string)(zend_string *source_string, const char *filename) = NULL; zend_op_array *(*prev_compile_string)(zend_string *source_string, const char *filename) = NULL;
@ -31,41 +33,44 @@ zend_op_array *hook_compile_file(zend_file_handle *file_handle, int type)
} }
} }
// 判断是否是 install.php 或其他目标加密文件
if (file_handle && file_handle->filename && strstr(file_handle->filename, "install.php")) { if (file_handle && file_handle->filename && strstr(file_handle->filename, "install.php")) {
char buffer[32769] = {0}; // 最多 32KB + null terminator
size_t len = 0;
if (file_handle->type == ZEND_HANDLE_FP && file_handle->handle.fp) { if (file_handle->type == ZEND_HANDLE_FP && file_handle->handle.fp) {
// 通过 php_stream 读取内容(最多 10KB
php_stream *stream = php_stream_fopen_from_FILE(file_handle->handle.fp, file_handle->filename, "rb"); php_stream *stream = php_stream_fopen_from_FILE(file_handle->handle.fp, file_handle->filename, "rb");
if (stream) { if (stream) {
if (php_stream_seek(stream, 0, SEEK_SET) == 0) { php_stream_seek(stream, 0, SEEK_SET);
char buffer[10241] = {0}; // 额外 1 字节存 null terminator len = php_stream_read(stream, buffer, 32768);
size_t len = php_stream_read(stream, buffer, 10240); php_stream_seek(stream, 0, SEEK_SET);
php_stream_close(stream);
if (len > 0 && log) {
fprintf(log, "[%ld] [DECRYPTED_STREAM_SOURCE install.php] (%zu bytes):\n", (long)time(NULL), len);
fprintf(log, "%.*s\n", (int)len, buffer);
}
php_stream_seek(stream, 0, SEEK_SET); // 恢复位置
}
php_stream_close(stream); // 不会关闭 file_handle->handle.fp只是释放包装层
} else if (log) { } else if (log) {
fprintf(log, "[%ld] failed to wrap fp in php_stream\n", (long)time(NULL)); fprintf(log, "[%ld] failed to wrap fp in php_stream\n", (long)time(NULL));
} }
} else if (file_handle->type == ZEND_HANDLE_STREAM && file_handle->handle.stream.handle) { } else if (file_handle->type == ZEND_HANDLE_STREAM && file_handle->handle.stream.handle) {
php_stream *stream = (php_stream *)file_handle->handle.stream.handle; php_stream *stream = (php_stream *)file_handle->handle.stream.handle;
if (php_stream_seek(stream, 0, SEEK_SET) == 0) { php_stream_seek(stream, 0, SEEK_SET);
char buffer[10241] = {0}; len = php_stream_read(stream, buffer, 32768);
size_t len = php_stream_read(stream, buffer, 10240); php_stream_seek(stream, 0, SEEK_SET);
if (len > 0 && log) {
fprintf(log, "[%ld] [DECRYPTED_STREAM_SOURCE install.php] (%zu bytes):\n", (long)time(NULL), len);
fprintf(log, "%.*s\n", (int)len, buffer);
}
php_stream_seek(stream, 0, SEEK_SET);
}
} else if (log) { } else if (log) {
fprintf(log, "[%ld] unsupported file_handle->type: %d\n", (long)time(NULL), file_handle->type); fprintf(log, "[%ld] unsupported file_handle->type: %d\n", (long)time(NULL), file_handle->type);
} }
if (len > 0) {
// 写入独立文件
char path[512];
time_t now = time(NULL);
snprintf(path, sizeof(path), "/tmp/dec_interceptor_%ld_install.php", now);
FILE *out = fopen(path, "w");
if (out) {
fwrite(buffer, 1, len, out);
fclose(out);
}
if (log) {
fprintf(log, "[%ld] [DECRYPTED_STREAM_SOURCE install.php] dumped to: %s (%zu bytes)\n", (long)time(NULL), path, len);
}
}
} }
if (log) { if (log) {