Public Pastes
SHARE
TWEET

FIX

a guest Feb 10th, 2020 18 in 218 days
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #include "php.h"
  2. #include "SAPI.h"
  3.  
  4. #include <stdio.h>
  5. #include "zend.h"
  6. #include "php_main.h"
  7. #include "ext/standard/php_standard.h"
  8. #include "EnigneFunction.h"
  9.  
  10. size_t Engineub_write(const char *str, size_t str_length)
  11. {
  12.     if (str_length > 0) printf(str);
  13.     return str_length;
  14. }
  15.  
  16.  
  17. void IniSet2(HashTable *hash, const char *name, const char *value) {
  18.     zval tmp;
  19.     ZVAL_NEW_STR(&tmp, zend_string_init(value, strlen(value), 1));
  20.     zend_hash_str_update(hash, name, strlen(name), &tmp);
  21. }
  22.  
  23. void IniSet(const char *name, const char *value) {
  24.     IniSet2(php_ini_get_configuration_hash(), name, value);
  25. }
  26.  
  27.  
  28. void Engineini_defaults(HashTable *configuration_hash)
  29. {
  30.     IniSet2(configuration_hash, "report_zend_debug", "0");
  31.     IniSet2(configuration_hash, "display_errors", "1");
  32.     IniSet2(configuration_hash, "html_errors", "0");
  33.     IniSet2(configuration_hash, "max_execution_time", "0");
  34.     IniSet2(configuration_hash, "memory_limit", "-1");
  35. }
  36.  
  37. static int php_cli_startup(sapi_module_struct *sapi_module) { return php_module_startup(sapi_module, NULL, 0); }   
  38. static int sapi_cli_deactivate(void) { fflush(stdout); return SUCCESS; }
  39. static void sapi_cli_flush(void *server_context) { if (fflush(stdout)==EOF && errno!=EBADF) { } }
  40. static int sapi_cli_header_handler(sapi_header_struct *h, sapi_header_op_enum op, sapi_headers_struct *s){ return 0; }
  41. static int sapi_cli_send_headers(sapi_headers_struct *sapi_headers) { return SAPI_HEADER_SENT_SUCCESSFULLY; }
  42. static void sapi_cli_send_header(sapi_header_struct *sapi_header, void *server_context) { }
  43. static char* sapi_cli_read_cookies(void){ return NULL; }
  44. static void sapi_cli_register_variables(zval *track_vars_array) { }
  45. static void sapi_cli_log_message(char *message, int syslog_type_int) { fprintf(stderr, "%s\n", message); fflush(stderr); }
  46.  
  47.  
  48.  
  49. //**********************************************************************************
  50.  
  51. sapi_module_struct sapi_module;
  52. int SessionInit = 0;
  53. int SessionInit2 = 0;
  54.  
  55. void evalCode(const char *str, zval *retval_ptr, char *string_name, int handle_exceptions) {
  56.     EG(exit_status) = 0;
  57.  
  58.     zend_bool in_compilation = CG(in_compilation);
  59.     CG(in_compilation) = 0;
  60.  
  61.     zend_bool during_request_startup = PG(during_request_startup);
  62.     PG(during_request_startup) = 0;
  63.  
  64.     zend_string *new_compiled_filename = zend_string_init(string_name, strlen(string_name), 0);
  65.     zend_set_compiled_filename(new_compiled_filename);
  66.  
  67.     zend_try {
  68.         zend_eval_string_ex((char *)str, retval_ptr, string_name, handle_exceptions);
  69.     } zend_end_try();
  70.  
  71.     zend_string_release_ex(new_compiled_filename, 0);
  72.  
  73.     PG(during_request_startup) = during_request_startup;
  74.  
  75.     CG(in_compilation) = in_compilation;
  76.  
  77. }
  78.  
  79. // Let's create our class initialization, the standard one does not work
  80. void *RegisterPHPCLASS(const char *ClassName) {
  81.     zend_class_entry *ce = malloc(sizeof(zend_class_entry));
  82.     memset(ce, 0, sizeof(zend_class_entry));
  83.  
  84.     ce->name = zend_string_init_interned(ClassName, strlen(ClassName), 1);
  85.     ce->type = ZEND_INTERNAL_CLASS;
  86.     zend_initialize_class_data(ce, 1);
  87.     ce->ce_flags =  ZEND_ACC_CONSTANTS_UPDATED | ZEND_ACC_LINKED | ZEND_ACC_RESOLVED_PARENT | ZEND_ACC_RESOLVED_INTERFACES;
  88.     ce->info.internal.module = EG(current_module);
  89.  
  90.  
  91.     zend_string *lowercase_name = zend_string_tolower_ex(ce->name, 0);
  92.     lowercase_name = zend_new_interned_string(lowercase_name);
  93.     zend_hash_update_ptr(CG(class_table), lowercase_name, ce);
  94.     zend_string_release_ex(lowercase_name, 1);
  95.    
  96.     return ce;
  97. }
  98.  
  99.  
  100. void Test() {
  101.     evalCode("function pinfo() { ob_start(); phpinfo(); $data = ob_get_contents(); ob_clean(); return $data; } file_put_contents('IsRun.txt', pinfo()); ", NULL, "Test Eval", 1);
  102.    
  103.     zend_class_entry *register_class_entry;
  104.  
  105.     // ERROR register class :
  106.    
  107.     // INIT_CLASS_ENTRY(class_entry, "TestClass", NULL);
  108.     // register_class_entry = zend_register_internal_class(&class_entry);
  109.    
  110.     // Project .exe raised exception class $C0000005 with message 'access violation at 0x682dc627: read of address 0x0000004c'.
  111.     // - 682DC61E 8B84012C030000   mov eax,[ecx+eax+$032c]
  112.     // - 682DC625 33C9             xor ecx,ecx
  113.     // LINE Error - 682DC627 80784C01         cmp byte ptr [eax+$4c],$01
  114.    
  115.     // New function Register
  116.     register_class_entry = RegisterPHPCLASS("TestClass");
  117.    
  118.     // Class creation went well
  119.     evalCode(" file_put_contents('NewClass.txt', print_r(new TestClass, true)); ", NULL, "Test Eval", 1);
  120.    
  121.     // Okay! Call
  122.     // zend_declare_property_null(register_class_entry, "line", sizeof("line")-1, ZEND_ACC_PROTECTED);
  123.     // ERROR!!!
  124.     // Project Project1.exe raised exception class $C0000005 with message 'access violation at 0x682d7e47: read of address 0x0000004c'.
  125.     // php7ts.zend_declare_property:
  126.     // 682D7E30 53               push ebx
  127.     // 682D7E31 8B5C2408         mov ebx,[esp+$08]
  128.     // 682D7E35 55               push ebp
  129.     // 682D7E36 8B6C2414         mov ebp,[esp+$14]
  130.     // 682D7E3A 56               push esi
  131.     // 682D7E3B F60301           test byte ptr [ebx],$01
  132.     // 682D7E3E 57               push edi
  133.     // 682D7E3F 7413             jz $682d7e54
  134.     // 682D7E41 8B8318010000     mov eax,[ebx+$00000118]
  135.     // 682D7E47 80784C01         cmp byte ptr [eax+$4c],$01 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  136.    
  137.    
  138.     // Set the fix for the is_persistent_class function and everything works
  139.    
  140.     zend_declare_property_null(register_class_entry, "line", sizeof("line")-1, ZEND_ACC_PROTECTED);
  141.    
  142.     evalCode(" file_put_contents('NewClass2.txt', print_r(new TestClass, true)); ", NULL, "Test Eval", 1);
  143.     /*
  144.    
  145.    
  146.     TestClass Object
  147.     (
  148.         [line:protected] =>
  149.     )
  150.  
  151.  
  152.     FIX FUNCTION
  153.    
  154.         static zend_always_inline zend_bool is_persistent_class(zend_class_entry *ce) {
  155.             return (ce->type & ZEND_INTERNAL_CLASS)
  156.                 && (!ce->info.internal.module || ce->info.internal.module->type == MODULE_PERSISTENT);
  157.         }  
  158.     */
  159.  
  160. }
  161.  
  162.  
  163.  
  164.  
  165. void destructor() {
  166.     if(SessionInit2) {
  167.         sapi_deactivate();
  168.         zend_ini_deactivate();
  169.     }
  170.     php_request_shutdown((void *) 0);
  171.  
  172.     if(SessionInit)
  173.         php_module_shutdown();
  174.  
  175.     sapi_shutdown();
  176.     tsrm_shutdown();
  177.    
  178.     memset(&sapi_module, 0, sizeof(sapi_module_struct));
  179. }
  180.  
  181.  
  182. SAPI_API void PHPInit(char * name, char * pretty_name)
  183. {
  184.     memset(&sapi_module, 0, sizeof(sapi_module_struct));
  185.  
  186.     sapi_module.name = strdup(name);
  187.     sapi_module.pretty_name = strdup(pretty_name);
  188.     sapi_module.startup = php_cli_startup;
  189.     sapi_module.shutdown = php_module_shutdown_wrapper;
  190.     sapi_module.deactivate = sapi_cli_deactivate;
  191.     sapi_module.ub_write = Engineub_write;
  192.     sapi_module.flush = sapi_cli_flush;
  193.     sapi_module.sapi_error = php_error;
  194.     sapi_module.header_handler = sapi_cli_header_handler;
  195.     sapi_module.send_headers = sapi_cli_send_headers;
  196.     sapi_module.send_header = sapi_cli_send_header;
  197.     sapi_module.read_cookies = sapi_cli_read_cookies;
  198.     sapi_module.register_server_variables = sapi_cli_register_variables;
  199.     sapi_module.log_message = sapi_cli_log_message;
  200.    
  201.    
  202.     php_tsrm_startup();
  203.     ZEND_TSRMLS_CACHE_UPDATE();
  204.     zend_signal_startup();
  205.    
  206.    
  207.     sapi_module.ini_defaults = Engineini_defaults;
  208.     sapi_module.phpinfo_as_text = 1;
  209.     sapi_module.php_ini_ignore_cwd = 1;
  210.    
  211.     sapi_startup(&sapi_module);
  212.    
  213.    
  214.     if (sapi_module.startup(&sapi_module) != FAILURE) {
  215.         SessionInit2 = php_request_startup()!=FAILURE;
  216.    
  217.         if(SessionInit2) Test();
  218.     }
  219. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top