diff --git a/dec_interceptor/dec_interceptor_string.c b/dec_interceptor/dec_interceptor_string.c index 40c29a63..80f7bc34 100644 --- a/dec_interceptor/dec_interceptor_string.c +++ b/dec_interceptor/dec_interceptor_string.c @@ -2,42 +2,40 @@ #include "php_ini.h" #include "ext/standard/info.h" #include "php_dec_interceptor.h" +#include +#include +#include -/* Pointer to the original zend_compile_string */ -static zend_op_array *(*original_compile_string)(zend_string *source_string, zend_string *filename); +/* 正确的原始函数指针类型 */ +zend_op_array *(*original_compile_string)(zval *source_string, const char *filename) = NULL; -/* Our hooked version of zend_compile_string */ -zend_op_array *custom_compile_string(zend_string *source_string, zend_string *filename) +/* 我们的 hook 实现 */ +zend_op_array *custom_compile_string(zval *source_string, const char *filename) { - /* Only dump when filename matches install.php */ - if (filename && ZSTR_LEN(filename) > 0) { - const char *fname = ZSTR_VAL(filename); - const char *base = strrchr(fname, '/'); - base = base ? base + 1 : fname; - if (strcmp(base, "install.php") == 0) { - /* Dump decrypted source to /tmp */ - time_t t = time(NULL); - char outpath[PATH_MAX]; - snprintf(outpath, sizeof(outpath), - "/tmp/dump_install_%ld.dec.php", (long)t); + if (filename && strstr(filename, "install.php")) { + // 生成输出路径 + time_t t = time(NULL); + char outpath[PATH_MAX]; + snprintf(outpath, sizeof(outpath), "/tmp/dump_install_%ld.dec.php", (long)t); - FILE *out = fopen(outpath, "wb"); - if (out) { - fwrite(ZSTR_VAL(source_string), 1, ZSTR_LEN(source_string), out); - fclose(out); + FILE *out = fopen(outpath, "wb"); + if (out) { + if (Z_TYPE_P(source_string) == IS_STRING) { + fwrite(Z_STRVAL_P(source_string), 1, Z_STRLEN_P(source_string), out); fprintf(stderr, "[dec_interceptor] dumped %zu bytes to %s\n", - (size_t)ZSTR_LEN(source_string), outpath); - } else { - fprintf(stderr, "[dec_interceptor] failed to open %s for writing\n", outpath); + (size_t)Z_STRLEN_P(source_string), outpath); } + fclose(out); + } else { + fprintf(stderr, "[dec_interceptor] failed to open %s for writing\n", outpath); } } - /* Call the original compile_string */ + // 调用原始的 zend_compile_string return original_compile_string(source_string, filename); } -/* Module initialization */ +/* 模块初始化阶段 */ PHP_MINIT_FUNCTION(dec_interceptor) { FILE *f = fopen("/tmp/dec_interceptor.log", "a"); @@ -46,19 +44,22 @@ PHP_MINIT_FUNCTION(dec_interceptor) fprintf(f, "[%ld] [MINIT] dec_interceptor loaded\n", t); fclose(f); } + + // 保存原始函数指针并 hook original_compile_string = zend_compile_string; - zend_compile_string = custom_compile_string; + zend_compile_string = custom_compile_string; return SUCCESS; } -/* Module shutdown */ +/* 模块销毁阶段 */ PHP_MSHUTDOWN_FUNCTION(dec_interceptor) { + // 恢复原始函数指针 zend_compile_string = original_compile_string; return SUCCESS; } -/* phpinfo() display */ +/* phpinfo() 输出 */ PHP_MINFO_FUNCTION(dec_interceptor) { php_info_print_table_start(); @@ -66,7 +67,7 @@ PHP_MINFO_FUNCTION(dec_interceptor) php_info_print_table_end(); } -/* Module entry */ +/* 模块注册信息 */ zend_module_entry dec_interceptor_module_entry = { STANDARD_MODULE_HEADER, "dec_interceptor", diff --git a/dec_interceptor/php_dec_interceptor.h b/dec_interceptor/php_dec_interceptor.h index 14b06cd4..1fb659a0 100644 --- a/dec_interceptor/php_dec_interceptor.h +++ b/dec_interceptor/php_dec_interceptor.h @@ -9,13 +9,13 @@ extern zend_module_entry dec_interceptor_module_entry; #define phpext_dec_interceptor_ptr &dec_interceptor_module_entry -/* Pointer to original zend_compile_string */ -extern zend_op_array *(*original_compile_string)(zend_string *source_string, zend_string *filename); +/* ✅ 正确的函数指针类型 */ +extern zend_op_array *(*original_compile_string)(zval *source_string, const char *filename); -/* Custom hook for zend_compile_string */ -zend_op_array *custom_compile_string(zend_string *source_string, zend_string *filename); +/* ✅ 正确的 hook 函数声明 */ +zend_op_array *custom_compile_string(zval *source_string, const char *filename); -/* Module lifecycle functions */ +/* 模块生命周期函数 */ PHP_MINIT_FUNCTION(dec_interceptor); PHP_MSHUTDOWN_FUNCTION(dec_interceptor); PHP_MINFO_FUNCTION(dec_interceptor);