API tools faq
paste
Guest User

FIX

a guest
Feb 10th, 2020
26
12 days
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 7.37 KB
raw download clone embed print report
  1. #include "php.h"
  2. #include "SAPI.h"
  3.  
  4. #include <stdio.h>
  5. #include "zend.h"
  6. #include "php_main.h"
  7. #include "ext/standard/php_standard.h"
  8. #include "EnigneFunction.h"
  9.  
  10. size_t Engineub_write(const char *str, size_t str_length)
  11. {
  12.     if (str_length > 0) printf(str);
  13.     return str_length;
  14. }
  15.  
  16.  
  17. void IniSet2(HashTable *hash, const char *name, const char *value) {
  18.     zval tmp;
  19.     ZVAL_NEW_STR(&tmp, zend_string_init(value, strlen(value), 1));
  20.     zend_hash_str_update(hash, name, strlen(name), &tmp);
  21. }
  22.  
  23. void IniSet(const char *name, const char *value) {
  24.     IniSet2(php_ini_get_configuration_hash(), name, value);
  25. }
  26.  
  27.  
  28. void Engineini_defaults(HashTable *configuration_hash)
  29. {
  30.     IniSet2(configuration_hash, "report_zend_debug", "0");
  31.     IniSet2(configuration_hash, "display_errors", "1");
  32.     IniSet2(configuration_hash, "html_errors", "0");
  33.     IniSet2(configuration_hash, "max_execution_time", "0");
  34.     IniSet2(configuration_hash, "memory_limit", "-1");
  35. }
  36.  
  37. static int php_cli_startup(sapi_module_struct *sapi_module) { return php_module_startup(sapi_module, NULL, 0); }   
  38. static int sapi_cli_deactivate(void) { fflush(stdout); return SUCCESS; }
  39. static void sapi_cli_flush(void *server_context) { if (fflush(stdout)==EOF && errno!=EBADF) { } }
  40. static int sapi_cli_header_handler(sapi_header_struct *h, sapi_header_op_enum op, sapi_headers_struct *s){ return 0; }
  41. static int sapi_cli_send_headers(sapi_headers_struct *sapi_headers) { return SAPI_HEADER_SENT_SUCCESSFULLY; }
  42. static void sapi_cli_send_header(sapi_header_struct *sapi_header, void *server_context) { }
  43. static char* sapi_cli_read_cookies(void){ return NULL; }
  44. static void sapi_cli_register_variables(zval *track_vars_array) { }
  45. static void sapi_cli_log_message(char *message, int syslog_type_int) { fprintf(stderr, "%s\n", message); fflush(stderr); }
  46.  
  47.  
  48.  
  49. //**********************************************************************************
  50.  
  51. sapi_module_struct sapi_module;
  52. int SessionInit = 0;
  53. int SessionInit2 = 0;
  54.  
  55. void evalCode(const char *str, zval *retval_ptr, char *string_name, int handle_exceptions) {
  56.     EG(exit_status) = 0;
  57.  
  58.     zend_bool in_compilation = CG(in_compilation);
  59.     CG(in_compilation) = 0;
  60.  
  61.     zend_bool during_request_startup = PG(during_request_startup);
  62.     PG(during_request_startup) = 0;
  63.  
  64.     zend_string *new_compiled_filename = zend_string_init(string_name, strlen(string_name), 0);
  65.     zend_set_compiled_filename(new_compiled_filename);
  66.  
  67.     zend_try {
  68.         zend_eval_string_ex((char *)str, retval_ptr, string_name, handle_exceptions);
  69.     } zend_end_try();
  70.  
  71.     zend_string_release_ex(new_compiled_filename, 0);
  72.  
  73.     PG(during_request_startup) = during_request_startup;
  74.  
  75.     CG(in_compilation) = in_compilation;
  76.  
  77. }
  78.  
  79. // Let's create our class initialization, the standard one does not work
  80. void *RegisterPHPCLASS(const char *ClassName) {
  81.     zend_class_entry *ce = malloc(sizeof(zend_class_entry));
  82.     memset(ce, 0, sizeof(zend_class_entry));
  83.  
  84.     ce->name = zend_string_init_interned(ClassName, strlen(ClassName), 1);
  85.     ce->type = ZEND_INTERNAL_CLASS;
  86.     zend_initialize_class_data(ce, 1);
  87.     ce->ce_flags =  ZEND_ACC_CONSTANTS_UPDATED | ZEND_ACC_LINKED | ZEND_ACC_RESOLVED_PARENT | ZEND_ACC_RESOLVED_INTERFACES;
  88.     ce->info.internal.module = EG(current_module);
  89.  
  90.  
  91.     zend_string *lowercase_name = zend_string_tolower_ex(ce->name, 0);
  92.     lowercase_name = zend_new_interned_string(lowercase_name);
  93.     zend_hash_update_ptr(CG(class_table), lowercase_name, ce);
  94.     zend_string_release_ex(lowercase_name, 1);
  95.    
  96.     return ce;
  97. }
  98.  
  99.  
  100. void Test() {
  101.     evalCode("function pinfo() { ob_start(); phpinfo(); $data = ob_get_contents(); ob_clean(); return $data; } file_put_contents('IsRun.txt', pinfo()); ", NULL, "Test Eval", 1);
  102.    
  103.     zend_class_entry *register_class_entry;
  104.  
  105.     // ERROR register class :
  106.    
  107.     // INIT_CLASS_ENTRY(class_entry, "TestClass", NULL);
  108.     // register_class_entry = zend_register_internal_class(&class_entry);
  109.    
  110.     // Project .exe raised exception class $C0000005 with message 'access violation at 0x682dc627: read of address 0x0000004c'.
  111.     // - 682DC61E 8B84012C030000   mov eax,[ecx+eax+$032c]
  112.     // - 682DC625 33C9             xor ecx,ecx
  113.     // LINE Error - 682DC627 80784C01         cmp byte ptr [eax+$4c],$01
  114.    
  115.     // New function Register
  116.     register_class_entry = RegisterPHPCLASS("TestClass");
  117.    
  118.     // Class creation went well
  119.     evalCode(" file_put_contents('NewClass.txt', print_r(new TestClass, true)); ", NULL, "Test Eval", 1);
  120.    
  121.     // Okay! Call
  122.     // zend_declare_property_null(register_class_entry, "line", sizeof("line")-1, ZEND_ACC_PROTECTED);
  123.     // ERROR!!!
  124.     // Project Project1.exe raised exception class $C0000005 with message 'access violation at 0x682d7e47: read of address 0x0000004c'.
  125.     // php7ts.zend_declare_property:
  126.     // 682D7E30 53               push ebx
  127.     // 682D7E31 8B5C2408         mov ebx,[esp+$08]
  128.     // 682D7E35 55               push ebp
  129.     // 682D7E36 8B6C2414         mov ebp,[esp+$14]
  130.     // 682D7E3A 56               push esi
  131.     // 682D7E3B F60301           test byte ptr [ebx],$01
  132.     // 682D7E3E 57               push edi
  133.     // 682D7E3F 7413             jz $682d7e54
  134.     // 682D7E41 8B8318010000     mov eax,[ebx+$00000118]
  135.     // 682D7E47 80784C01         cmp byte ptr [eax+$4c],$01 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  136.    
  137.    
  138.     // Set the fix for the is_persistent_class function and everything works
  139.    
  140.     zend_declare_property_null(register_class_entry, "line", sizeof("line")-1, ZEND_ACC_PROTECTED);
  141.    
  142.     evalCode(" file_put_contents('NewClass2.txt', print_r(new TestClass, true)); ", NULL, "Test Eval", 1);
  143.     /*
  144.    
  145.    
  146.     TestClass Object
  147.     (
  148.         [line:protected] =>
  149.     )
  150.  
  151.  
  152.     FIX FUNCTION
  153.    
  154.         static zend_always_inline zend_bool is_persistent_class(zend_class_entry *ce) {
  155.             return (ce->type & ZEND_INTERNAL_CLASS)
  156.                 && (!ce->info.internal.module || ce->info.internal.module->type == MODULE_PERSISTENT);
  157.         }  
  158.     */
  159.  
  160. }
  161.  
  162.  
  163.  
  164.  
  165. void destructor() {
  166.     if(SessionInit2) {
  167.         sapi_deactivate();
  168.         zend_ini_deactivate();
  169.     }
  170.     php_request_shutdown((void *) 0);
  171.  
  172.     if(SessionInit)
  173.         php_module_shutdown();
  174.  
  175.     sapi_shutdown();
  176.     tsrm_shutdown();
  177.    
  178.     memset(&sapi_module, 0, sizeof(sapi_module_struct));
  179. }
  180.  
  181.  
  182. SAPI_API void PHPInit(char * name, char * pretty_name)
  183. {
  184.     memset(&sapi_module, 0, sizeof(sapi_module_struct));
  185.  
  186.     sapi_module.name = strdup(name);
  187.     sapi_module.pretty_name = strdup(pretty_name);
  188.     sapi_module.startup = php_cli_startup;
  189.     sapi_module.shutdown = php_module_shutdown_wrapper;
  190.     sapi_module.deactivate = sapi_cli_deactivate;
  191.     sapi_module.ub_write = Engineub_write;
  192.     sapi_module.flush = sapi_cli_flush;
  193.     sapi_module.sapi_error = php_error;
  194.     sapi_module.header_handler = sapi_cli_header_handler;
  195.     sapi_module.send_headers = sapi_cli_send_headers;
  196.     sapi_module.send_header = sapi_cli_send_header;
  197.     sapi_module.read_cookies = sapi_cli_read_cookies;
  198.     sapi_module.register_server_variables = sapi_cli_register_variables;
  199.     sapi_module.log_message = sapi_cli_log_message;
  200.    
  201.    
  202.     php_tsrm_startup();
  203.     ZEND_TSRMLS_CACHE_UPDATE();
  204.     zend_signal_startup();
  205.    
  206.    
  207.     sapi_module.ini_defaults = Engineini_defaults;
  208.     sapi_module.phpinfo_as_text = 1;
  209.     sapi_module.php_ini_ignore_cwd = 1;
  210.    
  211.     sapi_startup(&sapi_module);
  212.    
  213.    
  214.     if (sapi_module.startup(&sapi_module) != FAILURE) {
  215.         SessionInit2 = php_request_startup()!=FAILURE;
  216.    
  217.         if(SessionInit2) Test();
  218.     }
  219. }
RAW Paste Data
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!