Last active
September 11, 2018 21:35
-
-
Save adsr/781ac60c562cd5c71ccfe27f2aac9d6a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // gcc -g -shared $(php-config --includes) -L$(php-config --prefix)/lib -lphp7 -o reopcode.so -fPIC reopcode.c | |
| // sudo ./inject -p $(pgrep -n php) reopcode.so | |
| #include <php.h> | |
| #include <zend_API.h> | |
| #include <zend_vm.h> | |
| extern ZEND_API void (*zend_execute_ex)(zend_execute_data *execute_data); | |
| static void (*orig_execute_ex)(zend_execute_data *execute_data); | |
| const char *peek_fname = "/tmp/test.php"; | |
| const char *peek_func = "testfn"; | |
| // const char *peek_var = 'y'; | |
| uint32_t peek_lineno = 7; | |
| static void inject_opcode(zend_op_array *op_array) { | |
| int iold; | |
| zend_op *old; | |
| iold = 0; | |
| while (iold < op_array->last) { | |
| old = &op_array->opcodes[iold]; | |
| if (old->lineno == peek_lineno) { | |
| old->opcode = ZEND_EXIT; | |
| zend_vm_set_opcode_handler(old); | |
| break; | |
| } | |
| ++iold; | |
| } | |
| } | |
| static void my_execute_ex(zend_execute_data *execute_data) { | |
| zend_function *zf; | |
| zend_op_array *op_array; | |
| zf = execute_data->func; | |
| op_array = &zf->op_array; | |
| if ( 0 == strcmp(peek_fname, ZSTR_VAL(op_array->filename)) | |
| && zf->common.function_name | |
| && 0 == strcmp(peek_func, ZSTR_VAL(zf->common.function_name)) | |
| ) { | |
| inject_opcode(op_array); | |
| } | |
| orig_execute_ex(execute_data); | |
| } | |
| static void __attribute__((constructor)) loadMsg() { | |
| orig_execute_ex = zend_execute_ex; | |
| zend_execute_ex = my_execute_ex; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment