├── .gitignore
├── CREDITS
├── LICENSE
├── README.md
├── config.m4
├── php_phpjiami_decode.h
└── phpjiami_decode.c


/.gitignore:
--------------------------------------------------------------------------------
 1 | # Prerequisites
 2 | *.d
 3 | 
 4 | # Object files
 5 | *.o
 6 | *.ko
 7 | *.obj
 8 | *.elf
 9 | 
10 | # Linker output
11 | *.ilk
12 | *.map
13 | *.exp
14 | 
15 | # Precompiled Headers
16 | *.gch
17 | *.pch
18 | 
19 | # Libraries
20 | *.lib
21 | *.a
22 | *.la
23 | *.lo
24 | 
25 | # Shared objects (inc. Windows DLLs)
26 | *.dll
27 | *.so
28 | *.so.*
29 | *.dylib
30 | 
31 | # Executables
32 | *.exe
33 | *.out
34 | *.app
35 | *.i*86
36 | *.x86_64
37 | *.hex
38 | 
39 | # Debug files
40 | *.dSYM/
41 | *.su
42 | *.idb
43 | *.pdb
44 | 
45 | # Kernel Module Compile Results
46 | *.mod*
47 | *.cmd
48 | .tmp_versions/
49 | modules.order
50 | Module.symvers
51 | Mkfile.old
52 | dkms.conf
53 | 


--------------------------------------------------------------------------------
/CREDITS:
--------------------------------------------------------------------------------
1 | phpjiami_decode
2 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2017 Virink
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # phpjiami_decode
 2 | 
 3 | An extension for php to decode some phpjiami and extcrypt
 4 | 
 5 | - [x] phpjiami
 6 | - [x] extcrypt
 7 | - [ ] OPCode
 8 | 
 9 | ## Support version
10 | 
11 | **PHP 5.6**(just test myself)
12 | 
13 | ## Download
14 | 
15 |     cd /path/to/php-src/ext/
16 |     git clone https://github.com/virink/phpext_phpjiami_decode.git ./phpjiami_decode
17 |     cd phpjiami_decode
18 | 
19 | ## Install
20 | 
21 |     phpize
22 |     ./configure
23 |     make
24 |     make install
25 | 
26 | ## Config
27 | 
28 |     echo "" >> /etc/php.ini
29 |     echo "[phpjiami_decode]" >> /etc/php.ini
30 |     echo "extension=phpjiami_decode.so" >> /etc/php.ini
31 | 
32 |     最好是最优先加载，也就是放在ini最前面。。。(这个是经验，但是不能保证一定)
33 | 
34 | ## Usage
35 | 
36 |     cd /path/to/your/web/
37 |     php -S localhost:8000
38 | 
39 | Then, when you request _http://localhost:8000/xxx.php_
40 | 
41 | If `eval` in the `xxx.php` and it ran, the eval's parameter will save to `/path/for/your/dir/xxx.eval.php`.
42 | 
43 | ### e.g:
44 | 
45 |     /var/www/html/index.php
46 |     /var/www/html/index.eval.php or /tmp/index.php.crypt.php
47 | 
48 | ## LICENSE
49 | 
50 | [MIT](LICENSE)
51 | 
52 | ## Thanks
53 | 
54 | > [evalhook](https://github.com/bizonix/evalhook)


--------------------------------------------------------------------------------
/config.m4:
--------------------------------------------------------------------------------
 1 | dnl $Id$
 2 | dnl config.m4 for extension phpjiami_decode
 3 | 
 4 | dnl Comments in this file start with the string 'dnl'.
 5 | dnl Remove where necessary. This file will not work
 6 | dnl without editing.
 7 | 
 8 | dnl If your extension references something external, use with:
 9 | 
10 | dnl PHP_ARG_WITH(phpjiami_decode, for phpjiami_decode support,
11 | dnl Make sure that the comment is aligned:
12 | dnl [  --with-phpjiami_decode             Include phpjiami_decode support])
13 | 
14 | dnl Otherwise use enable:
15 | 
16 | PHP_ARG_ENABLE(phpjiami_decode, whether to enable phpjiami_decode support,
17 | dnl Make sure that the comment is aligned:
18 | [  --enable-phpjiami_decode           Enable phpjiami_decode support])
19 | 
20 | if test "$PHP_PHPJIAMI_DECODE" != "no"; then
21 |   dnl Write more examples of tests here...
22 | 
23 |   dnl # --with-phpjiami_decode -> check with-path
24 |   dnl SEARCH_PATH="/usr/local /usr"     # you might want to change this
25 |   dnl SEARCH_FOR="/include/phpjiami_decode.h"  # you most likely want to change this
26 |   dnl if test -r $PHP_PHPJIAMI_DECODE/$SEARCH_FOR; then # path given as parameter
27 |   dnl   PHPJIAMI_DECODE_DIR=$PHP_PHPJIAMI_DECODE
28 |   dnl else # search default path list
29 |   dnl   AC_MSG_CHECKING([for phpjiami_decode files in default path])
30 |   dnl   for i in $SEARCH_PATH ; do
31 |   dnl     if test -r $i/$SEARCH_FOR; then
32 |   dnl       PHPJIAMI_DECODE_DIR=$i
33 |   dnl       AC_MSG_RESULT(found in $i)
34 |   dnl     fi
35 |   dnl   done
36 |   dnl fi
37 |   dnl
38 |   dnl if test -z "$PHPJIAMI_DECODE_DIR"; then
39 |   dnl   AC_MSG_RESULT([not found])
40 |   dnl   AC_MSG_ERROR([Please reinstall the phpjiami_decode distribution])
41 |   dnl fi
42 | 
43 |   dnl # --with-phpjiami_decode -> add include path
44 |   dnl PHP_ADD_INCLUDE($PHPJIAMI_DECODE_DIR/include)
45 | 
46 |   dnl # --with-phpjiami_decode -> check for lib and symbol presence
47 |   dnl LIBNAME=phpjiami_decode # you may want to change this
48 |   dnl LIBSYMBOL=phpjiami_decode # you most likely want to change this 
49 | 
50 |   dnl PHP_CHECK_LIBRARY($LIBNAME,$LIBSYMBOL,
51 |   dnl [
52 |   dnl   PHP_ADD_LIBRARY_WITH_PATH($LIBNAME, $PHPJIAMI_DECODE_DIR/$PHP_LIBDIR, PHPJIAMI_DECODE_SHARED_LIBADD)
53 |   dnl   AC_DEFINE(HAVE_PHPJIAMI_DECODELIB,1,[ ])
54 |   dnl ],[
55 |   dnl   AC_MSG_ERROR([wrong phpjiami_decode lib version or lib not found])
56 |   dnl ],[
57 |   dnl   -L$PHPJIAMI_DECODE_DIR/$PHP_LIBDIR -lm
58 |   dnl ])
59 |   dnl
60 |   dnl PHP_SUBST(PHPJIAMI_DECODE_SHARED_LIBADD)
61 | 
62 |   PHP_NEW_EXTENSION(phpjiami_decode, phpjiami_decode.c, $ext_shared)
63 | fi
64 | 


--------------------------------------------------------------------------------
/php_phpjiami_decode.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |   +----------------------------------------------------------------------+
 3 |   | PHP Version 5                                                        |
 4 |   +----------------------------------------------------------------------+
 5 |   | Copyright (c) 1997-2016 The PHP Group                                |
 6 |   +----------------------------------------------------------------------+
 7 |   | This source file is subject to version 3.01 of the PHP license,      |
 8 |   | that is bundled with this package in the file LICENSE, and is        |
 9 |   | available through the world-wide-web at the following url:           |
10 |   | http://www.php.net/license/3_01.txt                                  |
11 |   | If you did not receive a copy of the PHP license and are unable to   |
12 |   | obtain it through the world-wide-web, please send a note to          |
13 |   | license@php.net so we can mail you a copy immediately.               |
14 |   +----------------------------------------------------------------------+
15 |   | Author: Virink <virink@outlook.com>                                  |
16 |   +----------------------------------------------------------------------+
17 | */
18 | 
19 | #ifndef PHP_PHPJIAMI_DECODE_H
20 | #define PHP_PHPJIAMI_DECODE_H
21 | 
22 | extern zend_module_entry phpjiami_decode_module_entry;
23 | #define phpext_phpjiami_decode_ptr &phpjiami_decode_module_entry
24 | 
25 | #define PHP_PHPJIAMI_DECODE_VERSION "0.2.0"
26 | #define PHP_PHPJIAMI_DECODE_AUTHOR "Virink <virink@outlook.com>"
27 | 
28 | #ifdef PHP_WIN32
29 | #	define PHP_PHPJIAMI_DECODE_API __declspec(dllexport)
30 | #elif defined(__GNUC__) && __GNUC__ >= 4
31 | #	define PHP_PHPJIAMI_DECODE_API __attribute__ ((visibility("default")))
32 | #else
33 | #	define PHP_PHPJIAMI_DECODE_API
34 | #endif
35 | 
36 | #define PEX(element) execute_data->element
37 | 
38 | #ifdef ZTS
39 | #include "TSRM.h"
40 | #endif
41 | 
42 | #ifdef ZTS
43 | #define PHPJIAMI_DECODE_G(v) TSRMG(phpjiami_decode_globals_id, zend_phpjiami_decode_globals *, v)
44 | #else
45 | #define PHPJIAMI_DECODE_G(v) (phpjiami_decode_globals.v)
46 | #endif
47 | 
48 | #endif
49 | 


--------------------------------------------------------------------------------
/phpjiami_decode.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |   +----------------------------------------------------------------------+
  3 |   | PHP Version 5                                                        |
  4 |   +----------------------------------------------------------------------+
  5 |   | Copyright (c) 1997-2016 The PHP Group                                |
  6 |   +----------------------------------------------------------------------+
  7 |   | This source file is subject to version 3.01 of the PHP license,      |
  8 |   | that is bundled with this package in the file LICENSE, and is        |
  9 |   | available through the world-wide-web at the following url:           |
 10 |   | http://www.php.net/license/3_01.txt                                  |
 11 |   | If you did not receive a copy of the PHP license and are unable to   |
 12 |   | obtain it through the world-wide-web, please send a note to          |
 13 |   | license@php.net so we can mail you a copy immediately.               |
 14 |   +----------------------------------------------------------------------+
 15 |   | Author: Virink <virink@outlook.com>                                  |
 16 |   +----------------------------------------------------------------------+
 17 | */
 18 | 
 19 | #ifdef HAVE_CONFIG_H
 20 | #include "config.h"
 21 | #endif
 22 | 
 23 | #include <stdio.h>
 24 | #include "php.h"
 25 | #include "php_ini.h"
 26 | #include "ext/standard/info.h"
 27 | #include "php_phpjiami_decode.h"
 28 | 
 29 | static zend_op_array *(*orig_compile_string)(zval *source_string, char *filename TSRMLS_DC);
 30 | static zend_op_array *(*orig_compile_file)(zend_file_handle *file_handle, int type TSRMLS_DC);
 31 | 
 32 | static zend_op_array *phpjiami_decode_compile_string(zval *source_string, char *filename TSRMLS_DC)
 33 | {
 34 |     int i, len, yes;
 35 |     char *buf;
 36 |     FILE *fp = NULL;
 37 |     char fn[512];
 38 |     if (Z_TYPE_P(source_string) == IS_STRING) {
 39 |         len  = Z_STRLEN_P(source_string);
 40 |         buf = estrndup(Z_STRVAL_P(source_string), len);
 41 |         sprintf(fn, "%s", filename);
 42 |         fn[strlen(fn)-strlen(strstr(fn, ".php"))] = '\0';
 43 |         strcat(fn,".eval.php");
 44 |         fp = fopen(fn,"a+");
 45 |         if (fp!=NULL && len >= strlen(buf)){
 46 |             fprintf(fp, "<?php\n");
 47 |             for(i = 0; i <= len; i++)
 48 |                 fprintf(fp, "%c", buf[i]);
 49 |             fprintf(fp, "\n?>\n\n");
 50 |         }
 51 |         fclose(fp);
 52 |     }
 53 |     return orig_compile_string(source_string, filename TSRMLS_CC);
 54 | }
 55 | 
 56 | 
 57 | static zend_op_array *phpjiami_decode_compile_file(zend_file_handle *file_handle, int type TSRMLS_DC){
 58 |     char *buf;
 59 |     size_t size;
 60 |     if (zend_stream_fixup(file_handle, &buf, &size TSRMLS_CC) == SUCCESS) {
 61 |         FILE *fp = NULL;
 62 |         int i=0;
 63 |         char fn[512];
 64 |         printf("code size :\n%zu\n\n", size);
 65 |         sprintf(fn, "/tmp/%s.crypt.php", file_handle->filename);
 66 |         fp = fopen(fn,"a+");
 67 |         if (fp!=NULL)
 68 |             for(i = 0; i <= size; i++)
 69 |                 fprintf(fp, "%c", buf[i]);
 70 |         fclose(fp);
 71 |     }
 72 |     return orig_compile_file(file_handle,type TSRMLS_DC);
 73 | }
 74 | 
 75 | PHP_MINIT_FUNCTION(phpjiami_decode)
 76 | {
 77 |     orig_compile_string = zend_compile_string;
 78 |     zend_compile_string = phpjiami_decode_compile_string;
 79 |     orig_compile_file = zend_compile_file;
 80 |     zend_compile_file = phpjiami_decode_compile_file;
 81 |     return SUCCESS;
 82 | }
 83 | 
 84 | PHP_MSHUTDOWN_FUNCTION(phpjiami_decode)
 85 | {
 86 |     zend_compile_string = orig_compile_string;
 87 |     zend_compile_file = orig_compile_file;
 88 |     return SUCCESS;
 89 | }
 90 | 
 91 | PHP_RINIT_FUNCTION(phpjiami_decode)
 92 | {
 93 |     return SUCCESS;
 94 | }
 95 | 
 96 | PHP_RSHUTDOWN_FUNCTION(phpjiami_decode)
 97 | {
 98 | 	return SUCCESS;
 99 | }
100 | 
101 | PHP_MINFO_FUNCTION(phpjiami_decode)
102 | {
103 |     php_info_print_table_start();
104 |     php_info_print_table_header(2, "phpjiami_decode support", "enabled");
105 |     php_info_print_table_row( 2, "Version", PHP_PHPJIAMI_DECODE_VERSION);
106 |     php_info_print_table_row( 2, "Author", PHP_PHPJIAMI_DECODE_AUTHOR);
107 |     php_info_print_table_end();
108 | }
109 | 
110 | const zend_function_entry phpjiami_decode_functions[] = {
111 | 	PHP_FE_END
112 | };
113 | 
114 | zend_module_entry phpjiami_decode_module_entry = {
115 | 	STANDARD_MODULE_HEADER,
116 | 	"phpjiami_decode",
117 | 	phpjiami_decode_functions,
118 | 	PHP_MINIT(phpjiami_decode),
119 | 	PHP_MSHUTDOWN(phpjiami_decode),
120 | 	PHP_RINIT(phpjiami_decode),
121 | 	PHP_RSHUTDOWN(phpjiami_decode),
122 | 	PHP_MINFO(phpjiami_decode),
123 | 	PHP_PHPJIAMI_DECODE_VERSION,
124 | 	STANDARD_MODULE_PROPERTIES
125 | };
126 | 
127 | #ifdef COMPILE_DL_PHPJIAMI_DECODE
128 | ZEND_GET_MODULE(phpjiami_decode)
129 | #endif
130 | 


--------------------------------------------------------------------------------