API tools faq
paste
Guest User

Untitled

a guest
Aug 25th, 2018
489
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.27 KB | None | 0 0
raw download clone embed print report
  1. #include "oploader.h"
  2. #include "php.h"
  3. #include "zend_execute.h"
  4. #include <stdio.h>
  5.  
  6. static intptr_t handlers_base_address = 0;
  7.  
  8. void load_oparray(FILE* fp, zend_op_array* oparray)
  9. {
  10. fload(&(oparray->type), sizeof(oparray->type), 1, fp);
  11. fload(&(oparray->arg_flags), sizeof(oparray->arg_flags[0]), 3, fp);
  12. fload(&(oparray->fn_flags), sizeof(oparray->fn_flags), 1, fp);
  13. load_zend_string(fp, &(oparray->function_name));
  14. load_class_entry(fp, &(oparray->scope));
  15. load_zend_function(fp, &(oparray->prototype));
  16. fload(&(oparray->num_args), sizeof(oparray->num_args), 1, fp);
  17. fload(&(oparray->required_num_args), sizeof(oparray->required_num_args), 1, fp);
  18. load_arg_info(fp, &(oparray->arg_info));
  19. fload(&(oparray->this_var), sizeof(oparray->this_var), 1, fp);
  20. fload(&(oparray->last), sizeof(oparray->last), 1, fp);
  21. load_opcodes(fp, &(oparray->opcodes), oparray->last);
  22. fload(&(oparray->last_var), sizeof(oparray->last_var), 1, fp);
  23. fload(&(oparray->T), sizeof(oparray->T), 1, fp);
  24. load_vars(fp, &(oparray->vars), oparray->last_var);
  25. fload(&(oparray->last_brk_cont), sizeof(oparray->last_brk_cont), 1, fp);
  26. fload(&(oparray->last_try_catch), sizeof(oparray->last_try_catch), 1, fp);
  27. load_brk_cont_array(fp, &(oparray->brk_cont_array), oparray->last_brk_cont);
  28. load_try_catch_array(fp, &(oparray->try_catch_array), oparray->last_try_catch);
  29. load_hashtable(fp, &(oparray->static_variables));
  30. load_zend_string(fp, &(oparray->filename));
  31. fload(&(oparray->line_start), sizeof(oparray->line_start), 1, fp);
  32. fload(&(oparray->line_end), sizeof(oparray->line_end), 1, fp);
  33. load_zend_string(fp, &(oparray->doc_comment));
  34. fload(&(oparray->early_binding), sizeof(oparray->early_binding), 1, fp);
  35. fload(&(oparray->last_literal), sizeof(oparray->last_literal), 1, fp);
  36. load_literals(fp, &(oparray->literals), oparray->last_literal);
  37. fload(&(oparray->cache_size), sizeof(oparray->cache_size), 1, fp);
  38. load_runtime_cache(fp, &(oparray->run_time_cache), oparray->cache_size);
  39. }
  40.  
  41. void load_opcodes(FILE* fp, zend_op** opcodes, uint32_t count)
  42. {
  43. uint32_t i;
  44. void* addr;
  45.  
  46. fload(&addr, sizeof(addr), 1, fp);
  47. if (addr != NULL) {
  48. *opcodes = malloc(sizeof(zend_op)*count);
  49. for (i = 0; i < count; i++) {
  50. load_zend_op(fp, &((*opcodes)[i]));
  51. }
  52. } else {
  53. *opcodes = NULL;
  54. }
  55. }
  56.  
  57. void load_zend_op(FILE* fp, zend_op* op)
  58. {
  59. intptr_t offset;
  60.  
  61. fload(&offset, sizeof(offset), 1, fp);
  62. op->handler = get_handler_by_offset(offset);
  63. load_znode_op(fp, &(op->op1), &(op->op1_type));
  64. load_znode_op(fp, &(op->op2), &(op->op2_type));
  65. load_znode_op(fp, &(op->result), &(op->result_type));
  66. fload(&(op->extended_value), sizeof(op->extended_value), 1, fp);
  67. fload(&(op->lineno), sizeof(op->lineno), 1, fp);
  68. fload(&(op->opcode), sizeof(op->opcode), 1, fp);
  69. }
  70.  
  71. void load_znode_op(FILE* fp, znode_op* node, zend_uchar* type)
  72. {
  73. fload(type, sizeof(*type), 1, fp);
  74. switch(*type) {
  75. case IS_UNDEF:
  76. case IS_UNUSED:
  77. break;
  78. case IS_CONST:
  79. case IS_VAR:
  80. case IS_TMP_VAR:
  81. case IS_CV:
  82. case 36:
  83. fload(&(node->var), sizeof(node->var), 1, fp);
  84. break;
  85. default:
  86. debug("ERROR: %d\n", type);
  87. }
  88. }
  89.  
  90. void load_literals(FILE* fp, zval** literals, int count)
  91. {
  92. void* addr;
  93. int i;
  94.  
  95. fload(&addr, sizeof(addr), 1, fp);
  96. if (addr != NULL) {
  97. *literals = malloc(sizeof(zval) * count);
  98. for (i = 0; i < count; i++) {
  99. load_zval(fp, &((*literals)[i]));
  100. }
  101. } else {
  102. *literals = NULL;
  103. }
  104. }
  105.  
  106. void load_zval(FILE* fp, zval* val)
  107. {
  108. fload(&(val->u1), sizeof(val->u1), 1, fp);
  109. fload(&(val->u2), sizeof(val->u2), 1, fp);
  110. switch(Z_TYPE_P(val)) {
  111. case IS_NULL:
  112. case IS_TRUE:
  113. case IS_FALSE:
  114. break;
  115. case IS_LONG:
  116. fload(&(val->value.lval), sizeof(val->value.lval), 1, fp);
  117. break;
  118. case IS_DOUBLE:
  119. fload(&(val->value.dval), sizeof(val->value.dval), 1, fp);
  120. break;
  121. case IS_STRING:
  122. load_zend_string(fp, &(val->value.str));
  123. break;
  124. default:
  125. debug("ZVAL type not implemented yet: %d\n.", Z_TYPE_P(val));
  126. }
  127. }
  128.  
  129. void load_vars(FILE* fp, zend_string*** vars, int count)
  130. {
  131. void* addr;
  132. int i;
  133.  
  134. fload(&addr, sizeof(addr), 1, fp);
  135. if (addr != NULL) {
  136. *vars = malloc(sizeof(zend_string*) * count);
  137. for (i = 0; i < count; i++) {
  138. load_zend_string(fp, &((*vars)[i]));
  139. }
  140. } else {
  141. *vars = NULL;
  142. }
  143. }
  144.  
  145. void load_zend_string(FILE* fp, zend_string** str)
  146. {
  147. void* addr = NULL;
  148. size_t len;
  149. char* buffer;
  150.  
  151. fload(&addr, sizeof(addr), 1, fp);
  152. if (addr != NULL) {
  153. fload(&len, sizeof(len), 1, fp);
  154. buffer = malloc(sizeof(char)*len);
  155. fload(buffer, sizeof(char), len, fp);
  156. *str = zend_string_init(buffer, len, 0);
  157. free(buffer);
  158. } else {
  159. *str = NULL;
  160. }
  161. }
  162.  
  163. void load_class_entry(FILE* fp, zend_class_entry** ce)
  164. {
  165. void* addr = NULL;
  166.  
  167. fload(&addr, sizeof(addr), 1, fp);
  168. if (addr != NULL) {
  169. debug("NON-NULL class entry!");
  170. } else {
  171. *ce = NULL;
  172. }
  173. }
  174.  
  175. void load_zend_function(FILE* fp, zend_function** func)
  176. {
  177. void* addr = NULL;
  178.  
  179. fload(&addr, sizeof(addr), 1, fp);
  180. if (addr != NULL) {
  181. debug("NON-NULL zend_function!\n");
  182. } else {
  183. *func = NULL;
  184. }
  185. }
  186.  
  187. void load_arg_info(FILE* fp, zend_arg_info** info)
  188. {
  189. void* addr = NULL;
  190.  
  191. fload(&addr, sizeof(addr), 1, fp);
  192. if (addr != NULL) {
  193. debug("NON_NULL ZEND_ARG_INFO\n");
  194. } else {
  195. *info = NULL;
  196. }
  197. }
  198.  
  199. void load_brk_cont_array(FILE* fp, zend_brk_cont_element** array, int count)
  200. {
  201. void* addr = NULL;
  202. int i;
  203.  
  204. fload(&addr, sizeof(addr), 1, fp);
  205. if (addr != NULL) {
  206. *array = malloc(sizeof(zend_brk_cont_element) * count);
  207. for (i = 0; i < count; i++) {
  208. load_brk_cont_element(fp, &((*array)[i]));
  209. }
  210. } else {
  211. *array = NULL;
  212. }
  213. }
  214.  
  215. void load_brk_cont_element(FILE* fp, zend_brk_cont_element* elem)
  216. {
  217. debug("load_brk_cont_element NOT IMPLEMENTED yet.\n");
  218. }
  219.  
  220. void load_try_catch_array(FILE* fp, zend_try_catch_element** array, int count)
  221. {
  222. void* addr = NULL;
  223. int i;
  224.  
  225. fload(&(addr), sizeof(addr), 1, fp);
  226. if (addr != NULL) {
  227. *array = malloc(sizeof(zend_try_catch_element) * count);
  228. for (i = 0; i < count; i++) {
  229. load_try_catch_element(fp, &((*array)[i]));
  230. }
  231. } else {
  232. *array = NULL;
  233. }
  234. }
  235.  
  236. void load_try_catch_element(FILE* fp, zend_try_catch_element* elem)
  237. {
  238. debug("load_try_catch_element NOT IMPLEMENTED yet.\n");
  239. }
  240.  
  241. void load_hashtable(FILE* fp, HashTable** table)
  242. {
  243. void* addr = NULL;
  244.  
  245. fload(&addr, sizeof(addr), 1, fp);
  246. if (addr != NULL) {
  247. debug("load_hashtable NOT IMPLEMENTED yet.\n");
  248. } else {
  249. *table = NULL;
  250. }
  251. }
  252.  
  253. void load_runtime_cache(FILE* fp, void*** cache, int count)
  254. {
  255. void* addr = NULL;
  256. fload(&addr, sizeof(addr), 1, fp);
  257. if (addr != NULL) {
  258. debug("load_runtime_cache NOT DONE: %d.\n", count);
  259. } else {
  260. *cache = NULL;
  261. }
  262. }
  263.  
  264. void* get_handler_by_offset(intptr_t offset)
  265. {
  266. const void* base_handler;
  267. zval str;
  268.  
  269. if (handlers_base_address == 0) {
  270. ZVAL_STRING(&str, "echo 1;");
  271. base_handler = zend_compile_string(&str, "")->opcodes[0].handler;
  272. handlers_base_address = (intptr_t)base_handler;
  273. }
  274.  
  275. return (void*)(handlers_base_address + offset);
  276. }
  277.  
  278. void fload(void* dest, size_t size, size_t n, FILE* fp)
  279. {
  280. size_t result = fread(dest, size, n, fp);
  281. if (result != n) {
  282. debug("fload error\n");
  283. }
  284. }
  285.  
  286. void debug(const char* fmt, ...)
  287. {
  288. FILE* debug = fopen("/home/jfgauron/tmp/debug2.txt", "a");
  289. if (debug != NULL) {
  290. va_list args;
  291. va_start(args, fmt);
  292. vfprintf(debug, fmt, args);
  293. va_end(args);
  294.  
  295. fflush(debug);
  296. fclose(debug);
  297. }
  298. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!