hailin
/
php-8.0.30-src
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
php-8.0.30-src/dec_interceptor/dec_interceptor.c

188 lines
6.4 KiB
C
Raw Blame History

#include "php.h"
#include "php_ini.h"
#include "ext/standard/info.h"
#include "php_dec_interceptor.h"
#include <time.h>
zend_op_array *(*prev_compile_file)(zend_file_handle *file_handle, int type) = NULL;
zend_op_array *(*prev_compile_string)(zend_string *source_string, const char *filename) = NULL;
void (*prev_execute_ex)(zend_execute_data *execute_data) = NULL;
// zend_op_array *hook_compile_file(zend_file_handle *file_handle, int type)
// {
// FILE *f = fopen("/tmp/dec_interceptor.log", "a");
// if (f) {
// fprintf(f, "[%ld] hook_compile_file called\n", (long)time(NULL));
// if (file_handle && file_handle->filename) {
// fprintf(f, "[%ld] file_handle->filename = %s\n", (long)time(NULL), file_handle->filename);
// }
// fclose(f);
// }
// return prev_compile_file ? prev_compile_file(file_handle, type) : NULL;
// }
zend_op_array *hook_compile_file(zend_file_handle *file_handle, int type)
{
FILE *log = fopen("/tmp/dec_interceptor.log", "a");
if (log) {
fprintf(log, "[%ld] hook_compile_file called\n", (long)time(NULL));
if (file_handle) {
fprintf(log, " file_handle->filename = %s\n", file_handle->filename ? file_handle->filename : "(null)");
fprintf(log, " file_handle->type = %d\n", file_handle->type);
}
}
// 拦截 install.php 或其他目标文件
if (file_handle && file_handle->filename && strstr(file_handle->filename, "install.php")) {
if (file_handle->type == ZEND_HANDLE_FP && file_handle->handle.fp) {
// 正常文件指针
fseek(file_handle->handle.fp, 0, SEEK_SET);
char buffer[10241] = {0}; // 最多读取 10KB
size_t read_len = fread(buffer, 1, 10240, file_handle->handle.fp);
if (log && read_len > 0) {
fprintf(log, "[DECRYPTED_SOURCE install.php] (%zu bytes)\n%.*s\n", read_len, (int)read_len, buffer);
}
fseek(file_handle->handle.fp, 0, SEEK_SET); // 重置位置
} else if (file_handle->type == ZEND_HANDLE_STREAM && file_handle->handle.stream.handle) {
// stream 类型,如 swoole_loader 包裹的加密解密流
php_stream *stream = (php_stream *) file_handle->handle.stream.handle;
if (php_stream_seek(stream, 0, SEEK_SET) == 0) {
char *contents = NULL;
size_t len = php_stream_copy_to_mem(stream, &contents, 10240, 0); // 最多10KB
if (contents && len > 0 && log) {
fprintf(log, "[DECRYPTED_STREAM_SOURCE install.php] (%zu bytes)\n%.*s\n", len, (int)len, contents);
}
if (contents) {
efree(contents);
}
php_stream_seek(stream, 0, SEEK_SET); // 重置流位置
} else if (log) {
fprintf(log, "[WARN] php_stream_seek failed\n");
}
} else if (log) {
fprintf(log, "[WARN] Unknown file_handle type or null stream/fp\n");
}
}
if (log) fclose(log);
return prev_compile_file ? prev_compile_file(file_handle, type) : NULL;
}
zend_op_array *hook_compile_string(zend_string *source_string, const char *filename)
{
FILE *f = fopen("/tmp/dec_interceptor.log", "a");
if (f) {
fprintf(f, "[%ld] hook_compile_string: filename = %s\n", (long)time(NULL), filename ? filename : "(null)");
fprintf(f, "[DECRYPTED] %.*s\n", (int)(ZSTR_LEN(source_string) > 200 ? 200 : ZSTR_LEN(source_string)), ZSTR_VAL(source_string));
fclose(f);
}
return prev_compile_string ? prev_compile_string(source_string, filename) : NULL;
}
void hook_execute_ex(zend_execute_data *execute_data)
{
const zend_function *func = execute_data->func;
if (func && ZEND_USER_CODE(func->type)) {
const zend_op_array *opa = &func->op_array;
FILE *f = fopen("/tmp/dec_interceptor.log", "a");
if (f) {
const char *fname = func->common.function_name ? ZSTR_VAL(func->common.function_name) : "(no name)";
const char *file = opa->filename ? ZSTR_VAL(opa->filename) : "(no file)";
fprintf(f, "[%ld] hook_execute_ex: %s (from %s)\n", (long)time(NULL), fname, file);
fprintf(f, " op_array dump: %d opcodes\n", opa->last);
for (int i = 0; i < opa->last; ++i) {
const zend_op *op = &opa->opcodes[i];
fprintf(f, " [%03d] opcode=%d op1_type=%d op2_type=%d result_type=%d\n",
i, op->opcode, op->op1_type, op->op2_type, op->result_type);
}
fclose(f);
}
} else {
FILE *f = fopen("/tmp/dec_interceptor.log", "a");
if (f) {
fprintf(f, "[%ld] hook_execute_ex: (internal or unknown function)\n", (long)time(NULL));
fclose(f);
}
}
if (prev_execute_ex) {
prev_execute_ex(execute_data);
}
}
PHP_RINIT_FUNCTION(dec_interceptor)
{
FILE *f = fopen("/tmp/dec_interceptor.log", "a");
if (f) {
fprintf(f, "[%ld] RINIT: zend_compile_file = %p\n", (long)time(NULL), zend_compile_file);
fclose(f);
}
return SUCCESS;
}
PHP_MINIT_FUNCTION(dec_interceptor)
{
prev_compile_file = zend_compile_file;
zend_compile_file = hook_compile_file;
prev_compile_string = zend_compile_string;
zend_compile_string = hook_compile_string;
prev_execute_ex = zend_execute_ex;
zend_execute_ex = hook_execute_ex;
FILE *f = fopen("/tmp/dec_interceptor.log", "a");
if (f) {
fprintf(f, "[%ld] MINIT done\n", (long)time(NULL));
fclose(f);
}
return SUCCESS;
}
PHP_MSHUTDOWN_FUNCTION(dec_interceptor)
{
zend_compile_file = prev_compile_file;
zend_compile_string = prev_compile_string;
zend_execute_ex = prev_execute_ex;
FILE *f = fopen("/tmp/dec_interceptor.log", "a");
if (f) {
fprintf(f, "[%ld] MSHUTDOWN done\n", (long)time(NULL));
fclose(f);
}
return SUCCESS;
}
PHP_MINFO_FUNCTION(dec_interceptor)
{
php_info_print_table_start();
php_info_print_table_row(2, "dec_interceptor support", "enabled");
php_info_print_table_end();
}
zend_module_entry dec_interceptor_module_entry = {
STANDARD_MODULE_HEADER,
"dec_interceptor",
NULL,
PHP_MINIT(dec_interceptor),
PHP_MSHUTDOWN(dec_interceptor),
PHP_RINIT(dec_interceptor),
NULL,
PHP_MINFO(dec_interceptor),
PHP_DEC_INTERCEPTOR_VERSION,
STANDARD_MODULE_PROPERTIES
};
ZEND_GET_MODULE(dec_interceptor)
Reference in New Issue View Git Blame Copy Permalink