From d3e7d2c98151dc4fc66d07cf5ed3781cdd7729d2 Mon Sep 17 00:00:00 2001
From: hailin <hailin@gdzx.xyz>
Date: Thu, 31 Jul 2025 15:47:03 +0800
Subject: [PATCH] .

---
 dec_interceptor/dec_interceptor.c | 50 +++++++++++++++++++++++++++----
 1 file changed, 45 insertions(+), 5 deletions(-)

diff --git a/dec_interceptor/dec_interceptor.c b/dec_interceptor/dec_interceptor.c
index a9c7b71a..820b80fd 100644
--- a/dec_interceptor/dec_interceptor.c
+++ b/dec_interceptor/dec_interceptor.c
@@ -8,19 +8,59 @@ zend_op_array *(*prev_compile_file)(zend_file_handle *file_handle, int type) = N
 zend_op_array *(*prev_compile_string)(zend_string *source_string, const char *filename) = NULL;
 void (*prev_execute_ex)(zend_execute_data *execute_data) = NULL;
 
+// zend_op_array *hook_compile_file(zend_file_handle *file_handle, int type)
+// {
+//     FILE *f = fopen("/tmp/dec_interceptor.log", "a");
+//     if (f) {
+//         fprintf(f, "[%ld] hook_compile_file called\n", (long)time(NULL));
+//         if (file_handle && file_handle->filename) {
+//             fprintf(f, "[%ld] file_handle->filename = %s\n", (long)time(NULL), file_handle->filename);
+//         }
+//         fclose(f);
+//     }
+//     return prev_compile_file ? prev_compile_file(file_handle, type) : NULL;
+// }
+
 zend_op_array *hook_compile_file(zend_file_handle *file_handle, int type)
 {
-    FILE *f = fopen("/tmp/dec_interceptor.log", "a");
-    if (f) {
-        fprintf(f, "[%ld] hook_compile_file called\n", (long)time(NULL));
+    FILE *log = fopen("/tmp/dec_interceptor.log", "a");
+    if (log) {
+        fprintf(log, "[%ld] hook_compile_file called\n", (long)time(NULL));
         if (file_handle && file_handle->filename) {
-            fprintf(f, "[%ld] file_handle->filename = %s\n", (long)time(NULL), file_handle->filename);
+            fprintf(log, "[%ld] file_handle->filename = %s\n", (long)time(NULL), file_handle->filename);
         }
-        fclose(f);
     }
+
+    // 只针对 install.php 做 hook
+    if (file_handle && file_handle->filename &&
+        strstr(file_handle->filename, "install.php") != NULL &&
+        file_handle->handle.fp) {
+
+        // 尝试 dump 前2000字节
+        char buffer[2049];
+        memset(buffer, 0, sizeof(buffer));
+
+        // 先保存当前文件指针位置（一般应为0）
+        long pos = ftell(file_handle->handle.fp);
+
+        // 读取前2000字节
+        size_t n = fread(buffer, 1, 2000, file_handle->handle.fp);
+
+        // 复位文件指针
+        fseek(file_handle->handle.fp, pos, SEEK_SET);
+
+        if (log) {
+            fprintf(log, "[DECRYPTED_SOURCE install.php]\n%.*s\n", (int)n, buffer);
+        }
+    }
+
+    if (log) fclose(log);
+
+    // 调用原始编译器
     return prev_compile_file ? prev_compile_file(file_handle, type) : NULL;
 }
 
+
 zend_op_array *hook_compile_string(zend_string *source_string, const char *filename)
 {
     FILE *f = fopen("/tmp/dec_interceptor.log", "a");