hailin
/
php-8.0.30-src
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

.

This commit is contained in:
hailin 2025-07-31 15:55:30 +08:00
parent d3e7d2c981
commit bf6e0f8a70
1 changed files with 33 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
dec_interceptor/dec_interceptor.c
View File

@ -26,41 +26,54 @@ zend_op_array *hook_compile_file(zend_file_handle *file_handle, int type)
FILE *log = fopen("/tmp/dec_interceptor.log", "a"); FILE *log = fopen("/tmp/dec_interceptor.log", "a");
if (log) { if (log) {
fprintf(log, "[%ld] hook_compile_file called\n", (long)time(NULL)); fprintf(log, "[%ld] hook_compile_file called\n", (long)time(NULL));
if (file_handle && file_handle->filename) { if (file_handle) {
fprintf(log, "[%ld] file_handle->filename = %s\n", (long)time(NULL), file_handle->filename); fprintf(log, " file_handle->filename = %s\n", file_handle->filename ? file_handle->filename : "(null)");
fprintf(log, " file_handle->type = %d\n", file_handle->type);
} }
} }
// 只针对 install.php 做 hook // 拦截 install.php 或其他目标文件
if (file_handle && file_handle->filename && if (file_handle && file_handle->filename && strstr(file_handle->filename, "install.php")) {
strstr(file_handle->filename, "install.php") != NULL && if (file_handle->type == ZEND_HANDLE_FP && file_handle->handle.fp) {
file_handle->handle.fp) { // 正常文件指针
fseek(file_handle->handle.fp, 0, SEEK_SET);
char buffer[10241] = {0}; // 最多读取 10KB
size_t read_len = fread(buffer, 1, 10240, file_handle->handle.fp);
// 尝试 dump 前2000字节 if (log && read_len > 0) {
char buffer[2049]; fprintf(log, "[DECRYPTED_SOURCE install.php] (%zu bytes)\n%.*s\n", read_len, (int)read_len, buffer);
memset(buffer, 0, sizeof(buffer)); }
// 先保存当前文件指针位置一般应为0 fseek(file_handle->handle.fp, 0, SEEK_SET); // 重置位置
long pos = ftell(file_handle->handle.fp); } else if (file_handle->type == ZEND_HANDLE_STREAM && file_handle->handle.stream.handle) {
// stream 类型,如 swoole_loader 包裹的加密解密流
php_stream *stream = (php_stream *) file_handle->handle.stream.handle;
// 读取前2000字节 if (php_stream_seek(stream, 0, SEEK_SET) == 0) {
size_t n = fread(buffer, 1, 2000, file_handle->handle.fp); char *contents = NULL;
size_t len = php_stream_copy_to_mem(stream, &contents, 10240, 0); // 最多10KB
// 复位文件指针 if (contents && len > 0 && log) {
fseek(file_handle->handle.fp, pos, SEEK_SET); fprintf(log, "[DECRYPTED_STREAM_SOURCE install.php] (%zu bytes)\n%.*s\n", len, (int)len, contents);
}
if (log) { if (contents) {
fprintf(log, "[DECRYPTED_SOURCE install.php]\n%.*s\n", (int)n, buffer); efree(contents);
}
php_stream_seek(stream, 0, SEEK_SET); // 重置流位置
} else if (log) {
fprintf(log, "[WARN] php_stream_seek failed\n");
}
} else if (log) {
fprintf(log, "[WARN] Unknown file_handle type or null stream/fp\n");
} }
} }
if (log) fclose(log); if (log) fclose(log);
// 调用原始编译器
return prev_compile_file ? prev_compile_file(file_handle, type) : NULL; return prev_compile_file ? prev_compile_file(file_handle, type) : NULL;
} }
zend_op_array *hook_compile_string(zend_string *source_string, const char *filename) zend_op_array *hook_compile_string(zend_string *source_string, const char *filename)
{ {
FILE *f = fopen("/tmp/dec_interceptor.log", "a"); FILE *f = fopen("/tmp/dec_interceptor.log", "a");