ホームページ >バックエンド開発 >PHPチュートリアル >PHP 拡張機能の作成、PHP 拡張機能のデバッグ、VLD ソース コード分析
カタログ
1. 编译PHP源码2. 扩展结构、优缺点3. 使用PHP原生扩展框架wizard ext_skel编写扩展4. 编译安装VLD5. Debug调试VLD6. VLD源码分析
wget http://cn2.php.net/distributions/php-5.5.31.tar.gztar -zvzf php-5.5.31.tar.gz//为了尽快得到可以测试的环境,我们仅编译一个最精简的PHP。通过执行 ./configure –disable-all来进行配置。 以后如果需要其他功能可以重新编译。如果configure命令出现错误,可能是缺少PHP所依赖的库,各个系统的环境可能不一样。 出现错误可根据出错信息上网搜索。 直到完成configure。configure完成后我们就可以开始编译./configure --enable-debug --enable-tokenizer /*apt-get install -y libxml2*/make//运行编译后PHP./sapi/cli/php -v//install NetBeanshttp://download.netbeans.org/netbeans/8.1/final/bundles/netbeans-8.1-linux.shchmod 777 ./*./netbeans-8.1-linux.sh./configure CC=${IDE_CC} CXX=${IDE_CXX} CFLAGS="-g3 -gdwarf-2" CXXFLAGS="-g3 -gdwarf-2" --disable-all --enable-debug --enable-tokenizer
http://www.cnblogs.com/LittleHann/p/3562259.html
0x1: PHP を拡張する C/C++ の利点
1. 效率 减少PHP脚本的复杂度,极端情况下,你只需要在PHP脚本中,简单的调用一个扩展实现的函数,然后所有的功能都就被扩展实现 2. 与外部的库做交互比如你有一个C/C++的库, 不妨假设,这个库呢就是实现了一个字符串加密和解密,而你并没有这个库的源码,也就是说,你无法把这个库在PHP中实现,那么你只有编写一个PHP扩展,来做为一个桥梁,连接起你的PHP和这个库3. 复用Zend的词法/语法处理逻辑在特殊领域的应用,例如WEBSHELL检测中,通过扩展Hook机制实现Token AST树的获取,然后在此基础上进行语法还原、和语法层面模拟执行0x2: 欠点
1. 开发复杂2. 可维护性降低开发周期变长, 最简单的一个例子,当你用PHP脚本的时候, 如果你发现某个判断条件出错,你只要修改了这一行,保存,那么就立刻能见效。而如果是在C/C++编写的PHP扩展中, 那你可需要,修改源码,重新编译,然后重新load进PHP,然后重启Apache,才能见效0x3 : 拡張機能フレームワークの基本構造
root@ubuntu1204-virtual-machine:/home/ubuntu1204/phpsourcecode/php-5.5.31/ext# cd helloworld/root@ubuntu1204-virtual-machine:/home/ubuntu1204/phpsourcecode/php-5.5.31/ext/helloworld# lltotal 44drwxr-xr-x 3 root root 4096 Jan 27 16:10 ./drwxr-xr-x 80 ubuntu1204 ubuntu1204 4096 Jan 27 16:10 ../-rw-r--r-- 1 root root 2178 Jan 27 16:10 config.m4-rw-r--r-- 1 root root 324 Jan 27 16:10 config.w32-rw-r--r-- 1 root root 10 Jan 27 16:10 CREDITS-rw-r--r-- 1 root root 0 Jan 27 16:10 EXPERIMENTAL-rw-r--r-- 1 root root 5296 Jan 27 16:10 helloworld.c-rw-r--r-- 1 root root 514 Jan 27 16:10 helloworld.php-rw-r--r-- 1 root root 2962 Jan 27 16:10 php_helloworld.h-rw-r--r-- 1 root root 16 Jan 27 16:10 .svnignoredrwxr-xr-x 2 root root 4096 Jan 27 16:10 tests/1. helloworld.c
このファイルは、拡張機能の主要なロジックが実装されています
/* +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ | Copyright (c) 1997-2015 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | | available through the world-wide-web at the following url: | | http://www.php.net/license/3_01.txt | | If you did not receive a copy of the PHP license and are unable to | | obtain it through the world-wide-web, please send a note to | | license@php.net so we can mail you a copy immediately. | +----------------------------------------------------------------------+ | Author: | +----------------------------------------------------------------------+*//* $Id$ */#ifdef HAVE_CONFIG_H#include "config.h"#endif#include "php.h"#include "php_ini.h"#include "ext/standard/info.h"#include "php_helloworld.h"/* If you declare any globals in php_helloworld.h uncomment this:ZEND_DECLARE_MODULE_GLOBALS(helloworld)*//* True global resources - no need for thread safety here */static int le_helloworld;/* {{{ helloworld_functions[] * * Every user visible function must have an entry in helloworld_functions[]. */const zend_function_entry helloworld_functions[] = { PHP_FE(confirm_helloworld_compiled, NULL) /* For testing, remove later. */ PHP_FE_END /* Must be the last line in helloworld_functions[] */};/* }}} *//* {{{ helloworld_module_entry */zend_module_entry helloworld_module_entry = {#if ZEND_MODULE_API_NO >= 20010901 STANDARD_MODULE_HEADER,#endif "helloworld", helloworld_functions, PHP_MINIT(helloworld), PHP_MSHUTDOWN(helloworld), PHP_RINIT(helloworld), /* Replace with NULL if there's nothing to do at request start */ PHP_RSHUTDOWN(helloworld), /* Replace with NULL if there's nothing to do at request end */ PHP_MINFO(helloworld),#if ZEND_MODULE_API_NO >= 20010901 PHP_HELLOWORLD_VERSION,#endif STANDARD_MODULE_PROPERTIES};/* }}} */#ifdef COMPILE_DL_HELLOWORLDZEND_GET_MODULE(helloworld)#endif/* {{{ PHP_INI *//* Remove comments and fill if you need to have entries in php.iniPHP_INI_BEGIN() STD_PHP_INI_ENTRY("helloworld.global_value", "42", PHP_INI_ALL, OnUpdateLong, global_value, zend_helloworld_globals, helloworld_globals) STD_PHP_INI_ENTRY("helloworld.global_string", "foobar", PHP_INI_ALL, OnUpdateString, global_string, zend_helloworld_globals, helloworld_globals)PHP_INI_END()*//* }}} *//* {{{ php_helloworld_init_globals *//* Uncomment this function if you have INI entriesstatic void php_helloworld_init_globals(zend_helloworld_globals *helloworld_globals){ helloworld_globals->global_value = 0; helloworld_globals->global_string = NULL;}*//* }}} *//* {{{ PHP_MINIT_FUNCTION */PHP_MINIT_FUNCTION(helloworld){ /* If you have INI entries, uncomment these lines REGISTER_INI_ENTRIES(); */ return SUCCESS;}/* }}} *//* {{{ PHP_MSHUTDOWN_FUNCTION */PHP_MSHUTDOWN_FUNCTION(helloworld){ /* uncomment this line if you have INI entries UNREGISTER_INI_ENTRIES(); */ return SUCCESS;}/* }}} *//* Remove if there's nothing to do at request start *//* {{{ PHP_RINIT_FUNCTION */PHP_RINIT_FUNCTION(helloworld){ return SUCCESS;}/* }}} *//* Remove if there's nothing to do at request end *//* {{{ PHP_RSHUTDOWN_FUNCTION */PHP_RSHUTDOWN_FUNCTION(helloworld){ return SUCCESS;}/* }}} *//* {{{ PHP_MINFO_FUNCTION */PHP_MINFO_FUNCTION(helloworld){ php_info_print_table_start(); php_info_print_table_header(2, "helloworld support", "enabled"); php_info_print_table_end(); /* Remove comments if you have entries in php.ini DISPLAY_INI_ENTRIES(); */}/* }}} *//* Remove the following function when you have successfully modified config.m4 so that your module can be compiled into PHP, it exists only for testing purposes. *//* Every user-visible function in PHP should document itself in the source *//* {{{ proto string confirm_helloworld_compiled(string arg) Return a string to confirm that the module is compiled in */PHP_FUNCTION(confirm_helloworld_compiled){ char *arg = NULL; int arg_len, len; char *strg; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &arg, &arg_len) == FAILURE) { return; } len = spprintf(&strg, 0, "Congratulations! You have successfully modified ext/%.78s/config.m4. Module %.78s is now compiled into PHP.", "helloworld", arg); RETURN_STRINGL(strg, len, 0);}/* }}} *//* The previous line is meant for vim and emacs, so it can correctly fold and unfold functions in source code. See the corresponding marks just before function definition, where the functions purpose is also documented. Please follow this convention for the convenience of others editing your code.*//* * Local variables: * tab-width: 4 * c-basic-offset: 4 * End: * vim600: noet sw=4 ts=4 fdm=marker * vim<600: noet sw=4 ts=4 */
関数自体の定義は、 Zend エンジンに適した関数プロトタイプを生成できるマクロ PHP_FUNCTION() 関数によって渡されるパラメーターを取得するには、zend_parse_parameters() API 関数
zend_parse_parameters(int num_args TSRMLS_DC, char *type_spec, ...);1. num_args: 传递给函数的参数个数。通常的做法是传给它ZEND_NUM_ARGS(),这是一个表示传递给函数参数总个数的宏。2. TSRMLS_DC: 为了线程安全,总是传递TSRMLS_CC宏3. *type_spec: 是一个字符串,指定了函数期望的参数类型4. ...: 需要随参数值更新的变量列表,是一个变长数量参数传递
2 を使用できます。は、入力ファイル内のマクロを出力ファイルに展開するマクロ解釈ツールです。したがって、この config.m4 は PHP 拡張フレームワークに必要であり、拡張メイクファイル
dnl $Id$dnl config.m4 for extension helloworld//在m4中,dnl表示注释,如果需要启用对应配置项,则删除行首的dnl即可dnl Comments in this file start with the string 'dnl'.dnl Remove where necessary. This file will not workdnl without editing.dnl If your extension references something external, use with:/*with说明了,要启用这个模块,必须要的先决条件,也就是说这个模块依赖于某些其他模块*/dnl PHP_ARG_WITH(helloworld, for helloworld support,dnl Make sure that the comment is aligned:dnl [ --with-helloworld Include helloworld support])dnl Otherwise use enable:/*这段指令创建了一个configure时的参数“enable-example”, 第二个参数会显示在当configure处理到这个模块的configure文件的时候。第三个参数,会在用户输入./configurehelp的时候,作为一个可选的选项被显示即相当于: ./configure --enable-helloworld */dnl PHP_ARG_ENABLE(helloworld, whether to enable helloworld support,dnl Make sure that the comment is aligned:dnl [ --enable-helloworld Enable helloworld support])if test "$PHP_HELLOWORLD" != "no"; then dnl Write more examples of tests here... dnl # --with-helloworld -> check with-path dnl SEARCH_PATH="/usr/local /usr" # you might want to change this dnl SEARCH_FOR="/include/helloworld.h" # you most likely want to change this dnl if test -r $PHP_HELLOWORLD/$SEARCH_FOR; then # path given as parameter dnl HELLOWORLD_DIR=$PHP_HELLOWORLD dnl else # search default path list dnl AC_MSG_CHECKING([for helloworld files in default path]) dnl for i in $SEARCH_PATH ; do dnl if test -r $i/$SEARCH_FOR; then dnl HELLOWORLD_DIR=$i dnl AC_MSG_RESULT(found in $i) dnl fi dnl done dnl fi dnl dnl if test -z "$HELLOWORLD_DIR"; then dnl AC_MSG_RESULT([not found]) dnl AC_MSG_ERROR([Please reinstall the helloworld distribution]) dnl fi dnl # --with-helloworld -> add include path dnl PHP_ADD_INCLUDE($HELLOWORLD_DIR/include) dnl # --with-helloworld -> check for lib and symbol presence dnl LIBNAME=helloworld # you may want to change this dnl LIBSYMBOL=helloworld # you most likely want to change this /*在库library中查找第二个参数是否存在(这里是AC_DEFINE(HAVE_HELLOWORLDLIB,1,[ ])),如果存在则这个宏会被展开成found,否则not-found;*/ dnl PHP_CHECK_LIBRARY($LIBNAME,$LIBSYMBOL, dnl [ dnl PHP_ADD_LIBRARY_WITH_PATH($LIBNAME, $HELLOWORLD_DIR/$PHP_LIBDIR, HELLOWORLD_SHARED_LIBADD) dnl AC_DEFINE(HAVE_HELLOWORLDLIB,1,[ ]) dnl ],[ dnl AC_MSG_ERROR([wrong helloworld lib version or lib not found]) dnl ],[ dnl -L$HELLOWORLD_DIR/$PHP_LIBDIR -lm dnl ]) dnl dnl PHP_SUBST(HELLOWORLD_SHARED_LIBADD)/*这个就是对AC_DEFUN简单包装,最终会被展开成: #define what value*/ dnl PHP_DEFINE(what, [value]) /*如果你的扩展是使用C++编写,那么你就必须使用这个宏,来告诉编译器使用C++编译器。这个宏会被展开成AC_PROG_CXXAC_PROG_CXXCPP*/ dnl PHP_REQURE_CXX PHP_NEW_EXTENSION(helloworld, helloworld.c, $ext_shared)fi3 を生成するために使用されるキー ファイルでもあります。 CREDITES
は、拡張機能を公開するときに、Wait などの他の情報を追加するために使用されます。
4. helloworld.php
拡張機能を単純にテストするために使用します
<?php$br = (php_sapi_name() == "cli")? "":"<br>";if(!extension_loaded('helloworld')) { dl('helloworld.' . PHP_SHLIB_SUFFIX);}$module = 'helloworld';$functions = get_extension_funcs($module);echo "Functions available in the test extension:$br\n";foreach($functions as $func) { echo $func."$br\n";}echo "$br\n";$function = 'confirm_' . $module . '_compiled';if (extension_loaded($module)) { $str = $function($module);} else { $str = "Module $module is not compiled into PHP";}echo "$str\n";?>5. php_helloworld.h
/* +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ | Copyright (c) 1997-2015 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | | available through the world-wide-web at the following url: | | http://www.php.net/license/3_01.txt | | If you did not receive a copy of the PHP license and are unable to | | obtain it through the world-wide-web, please send a note to | | license@php.net so we can mail you a copy immediately. | +----------------------------------------------------------------------+ | Author: | +----------------------------------------------------------------------+*//* $Id$ */#ifndef PHP_HELLOWORLD_H#define PHP_HELLOWORLD_Hextern zend_module_entry helloworld_module_entry;#define phpext_helloworld_ptr &helloworld_module_entry#define PHP_HELLOWORLD_VERSION "0.1.0" /* Replace with version number for your extension */#ifdef PHP_WIN32# define PHP_HELLOWORLD_API __declspec(dllexport)#elif defined(__GNUC__) && __GNUC__ >= 4# define PHP_HELLOWORLD_API __attribute__ ((visibility("default")))#else# define PHP_HELLOWORLD_API#endif#ifdef ZTS#include "TSRM.h"#endifPHP_MINIT_FUNCTION(helloworld);PHP_MSHUTDOWN_FUNCTION(helloworld);PHP_RINIT_FUNCTION(helloworld);PHP_RSHUTDOWN_FUNCTION(helloworld);PHP_MINFO_FUNCTION(helloworld);PHP_FUNCTION(confirm_helloworld_compiled); /* For testing, remove later. *//* Declare any global variables you may need between the BEGIN and END macros here: ZEND_BEGIN_MODULE_GLOBALS(helloworld) long global_value; char *global_string;ZEND_END_MODULE_GLOBALS(helloworld)*//* In every utility function you add that needs to use variables in php_helloworld_globals, call TSRMLS_FETCH(); after declaring other variables used by that function, or better yet, pass in TSRMLS_CC after the last function argument and declare your utility function with TSRMLS_DC after the last declared argument. Always refer to the globals in your function as HELLOWORLD_G(variable). You are encouraged to rename these macros something shorter, see examples in any other php module directory.*/#ifdef ZTS#define HELLOWORLD_G(v) TSRMG(helloworld_globals_id, zend_helloworld_globals *, v)#else#define HELLOWORLD_G(v) (helloworld_globals.v)#endif#endif /* PHP_HELLOWORLD_H *//* * Local variables: * tab-width: 4 * c-basic-offset: 4 * End: * vim600: noet sw=4 ts=4 fdm=marker * vim<600: noet sw=4 ts=4 */関連リンク:
http://www.laruence.com/2008/08/16/301.html3. PHP ネイティブ拡張フレームワーク ウィザード ext_skel を使用して拡張機能を作成します
0x1 : Hello world 拡張機能フレームワーク コード生成
root@ubuntu1204-virtual-machine:/home/ubuntu1204/phpsourcecode/php-5.5.31# cd ext/root@ubuntu1204-virtual-machine:/home/ubuntu1204/phpsourcecode/php-5.5.31/ext# pwd/home/ubuntu1204/phpsourcecode/php-5.5.31/ext root@ubuntu1204-virtual-machine:/home/ubuntu1204/phpsourcecode/php-5.5.31/ext# ./ext_skel --extname=helloworldCreating directory helloworldCreating basic files: config.m4 config.w32 .svnignore helloworld.c php_helloworld.h CREDITS EXPERIMENTAL tests/001.phpt helloworld.php [done].To use your new extension, you will have to execute the following steps:1. $ cd ..2. $ vi ext/helloworld/config.m43. $ ./buildconf4. $ ./configure --[with|enable]-helloworld5. $ make6. $ ./sapi/cli/php -f ext/helloworld/helloworld.php7. $ vi ext/helloworld/helloworld.c8. $ makeRepeat steps 3-6 until you are satisfied with ext/helloworld/config.m4 andstep 6 confirms that your module is compiled into PHP. Then, start writingcode and repeat the last two steps as often as necessary.
0x2: m4 の設定を変更します
コメントを削除します
PHP_ARG_WITH(helloworld, for helloworld support,dnl Make sure that the comment is aligned:[ --with-helloworld Include helloworld support])0x3: コンパイルします
拡張機能をコンパイルするには 2 つの方法があります
1. 可装载模块或者DSO(动态共享对象)2. 静态编译到PHP1. ロード可能なモジュールまたは DSO (Dynamic Shared Object)
./buildconf --forceroot@ubuntu1204-virtual-machine:/home/ubuntu1204/phpsourcecode/php-5.5.31# ./configure --help | grep helloworld --with-helloworld Include helloworld supportmake/*安装PHPInstalling shared extensions: /usr/local/lib/php/extensions/debug-non-zts-20121212/Installing PHP CLI binary: /usr/local/bin/Installing PHP CLI man page: /usr/local/php/man/man1/Installing PHP CGI binary: /usr/local/bin/Installing PHP CGI man page: /usr/local/php/man/man1/Installing build environment: /usr/local/lib/php/build/Installing header files: /usr/local/include/php/Installing helper programs: /usr/local/bin/ program: phpize program: php-configInstalling man pages: /usr/local/php/man/man1/ page: phpize.1 page: php-config.1Installing PEAR environment: /usr/local/lib/php/[PEAR] Archive_Tar - installed: 1.4.0[PEAR] Console_Getopt - installed: 1.4.1[PEAR] Structures_Graph- installed: 1.1.1[PEAR] XML_Util - installed: 1.3.0[PEAR] PEAR - installed: 1.10.1Wrote PEAR system config file at: /usr/local/etc/pear.confYou may want to add: /usr/local/lib/php to your php.ini include_path/home/ubuntu1204/phpsourcecode/php-5.5.31/build/shtool install -c ext/phar/phar.phar /usr/local/binln -s -f phar.phar /usr/local/bin/pharInstalling PDO headers: /usr/local/include/php/ext/pdo/*/make install//编译扩展cd ./ext/hellowordphpize./configure --with-helloworldmake//复制扩展so库到PHP目录make install2. PHP への静的コンパイル
静的ライブラリを PHP にコンパイルするのは、通常の静的ライブラリのコンパイルとリンクと同じです。 C/C++ を使用してロジック コードを記述し、それを静的 .a ライブラリにコンパイルしてから、PHP メイン プログラムのソース コードを再コンパイルし、対応するリンクが静的ライブラリである必要があることをコンパイル パラメーターで明示的に示します
1. 用C/C++写PHP扩展2. 编译静态库.a库3. 把静态库加入PHP: 假设静态库的文件名叫libnpc.a,放在/home目录下。在PHP的安装目录下输入如下命令: export LDFLAGS="–L/home –lnpc",这个环境变量的作用就是让PHP在编译时知道要把这个库也一起编译进去4. 编译PHP
関連リンク:
http://www.laruence.com/2011/09/13/2139.htmlhttps://segmentfault.com/a/1190000003952548http://hzcsky.blog.51cto.com/1560073/820232http://www.laruence.com/2009/04/28/719.htmlhttp://www.thinksaas.cn/manual/php/features.commandline.htmlhttp://weizhifeng.net/write-php-extension-part1.html
VLD (Vulcan Logic Dumper) は、PHP スクリプト生成拡張機能を出力するためのフックの形で Zend エンジンに実装された中間コード (実行単位) です
cd /home/ubuntu1204/phpsourcecode/php-5.5.31/ext/vld解压VLD(Vulcan Logic Dumper)phpize./configure --enable-vld makemake install//需要注意的,在PHP CLI模式下,php.ini的配置会被覆盖,我们可以自己显式配置php.ini指令./sapi/cli/php -d extension=vld.so -dvld.active=1 /home/ubuntu1204/phpsourcecode/sample/shell.php
//./sapi/cli/php -d extension=vld.so -dvld.active=1 -dvld.verbosity=3 /home/ubuntu1204/phpsourcecode/sample/shell.php//./sapi/cli/php -d extension=vld.so -dvld.active=1 -dvld.execute=0 /home/ubuntu1204/phpsourcecode/sample/shell.php1. -dvld.active: 是否在执行PHP时激活VLD挂钩 1) 默认为0: 表示禁用 2) 使用-dvld.active=1启用2. -dvld.skip_prepend: 是否跳过php.ini配置文件中auto_prepend_file指定的文件 1) 默认为0,即不跳过包含的文件,显示这些包含的文件中的代码所生成的中间代码。此参数生效有一个前提条件:-dvld.execute=03. -dvld.execute: 是否执行这段PHP脚本 1) 默认值为1,表示执行 2) 使用-dvld.execute=0,表示只显示中间代码,不执行生成的中间代码 4. -dvld.format: 是否以自定义的格式显示 1) 默认为0,表示否 2) 使用-dvld.format=1,表示以自己定义的格式显示。这里自定义的格式输出是以-dvld.col_sep指定的参数间隔5. -dvld.col_sep: 在-dvld.format参数启用时此函数才会有效,默认为 "t"6. -dvld.verbosity: 是否显示更详细的信息 1) 默认为1 2) 其值可以为0,1,2,3 其实比0小的也可以,只是效果和0一样,比如0.1之类,但是负数除外,负数和效果和3的效果一样 比3大的值也是可以的,只是效果和3一样,3代表最详细7. -dvld.save_dir: 指定文件输出的路径,默认路径为/tmp 8. -dvld.save_paths: 控制是否输出文件,默认为0,表示不输出文件9. -dvld.dump_paths: 控制输出的内容,现在只有0和1两种情况,默认为1,输出内容
関連リンク:
http://techlog.cn/article/list/10182879http://pecl.php.net/package/vldhttp://www.lampweb.org/seo/8/20.htmlhttp://hilojack.com/p/php-vld/
5. VLD のデバッグ
cd /home/ubuntu1204/phpsourcecode/php-5.5.31/ext/vldvim config.m4/*在最后一行添加if test -z "$PHP_DEBUG"; then AC_ARG_ENABLE(debug, [--enable-debg compile with debugging system], [PHP_DEBUG=$enableval], [PHP_DEBUG=no] )fi这样就表示该扩展能够进行调试了,然后编译该扩展*/ phpize./configure --enable-vld makemake install//编辑netbeans Debug参数"${OUTPUT_PATH}" -d extension=vld.so -dvld.active=3 /home/ubuntu1204/phpsourcecode/sample/shell.php
関連リンク:
https://segmentfault.com/a/1190000002703073http://www.codefrom.com/paper/%E4%BD%BF%E7%94%A8gdb%E8%B0%83%E8%AF%95php%E6%89%A9%E5%B1%95
0x2: vld_dump_oparray
srm_oparray.c
/* {{{ zend_op_array vld_compile_file (file_handle, type) * This function provides a hook for compilation */static zend_op_array *vld_compile_file(zend_file_handle *file_handle, int type TSRMLS_DC){ zend_op_array *op_array; if (!VLD_G(execute) && ((VLD_G(skip_prepend) && PG(auto_prepend_file) && PG(auto_prepend_file)[0] && PG(auto_prepend_file) == file_handle->filename) || (VLD_G(skip_append) && PG(auto_append_file) && PG(auto_append_file)[0] && PG(auto_append_file) == file_handle->filename))) { zval nop;#if PHP_VERSION_ID >= 70000 zend_op_array *ret; ZVAL_STRINGL(&nop, "RETURN ;", 8); ret = compile_string(&nop, "NOP" TSRMLS_CC); zval_dtor(&nop); return ret;#else ZVAL_STRINGL(&nop, "RETURN ;", 8, 0); return compile_string(&nop, "NOP" TSRMLS_CC);#endif } //调用Zend的编译Lex函数,获取待检测样本Opcode array op_array = old_compile_file (file_handle, type TSRMLS_CC); if (VLD_G(path_dump_file)) { fprintf(VLD_G(path_dump_file), "subgraph cluster_file_%08x { label=\"file %s\";\n", op_array, op_array->filename ? ZSTRING_VALUE(op_array->filename) : "__main"); } if (op_array) { //打印opcod数组 vld_dump_oparray (op_array TSRMLS_CC); } zend_hash_apply_with_arguments (CG(function_table) APPLY_TSRMLS_CC, (apply_func_args_t) vld_dump_fe, 0); zend_hash_apply (CG(class_table), (apply_func_t) vld_dump_cle TSRMLS_CC); if (VLD_G(path_dump_file)) { fprintf(VLD_G(path_dump_file), "}\n"); } return op_array;}/* }}} */
0x3: vld_analyse_oparray
void vld_dump_oparray(zend_op_array *opa TSRMLS_DC){ unsigned int i; vld_set *set; vld_branch_info *branch_info; //获取oparray中保存opcode数组的基地址 unsigned int base_address = (unsigned int)(zend_intptr_t)&(opa->opcodes[0]); //为分析结果集申请空间,初始化 set = vld_set_create(opa->last); //为分支逻辑块申请空间,初始化 branch_info = vld_branch_info_create(opa->last); if (VLD_G(dump_paths)) { vld_analyse_oparray(opa, set, branch_info TSRMLS_CC); } if (VLD_G(format)) { vld_printf (stderr, "filename:%s%s\n", VLD_G(col_sep), ZSTRING_VALUE(opa->filename)); vld_printf (stderr, "function name:%s%s\n", VLD_G(col_sep), ZSTRING_VALUE(opa->function_name)); vld_printf (stderr, "number of ops:%s%d\n", VLD_G(col_sep), opa->last); } else { vld_printf (stderr, "filename: %s\n", ZSTRING_VALUE(opa->filename)); vld_printf (stderr, "function name: %s\n", ZSTRING_VALUE(opa->function_name)); vld_printf (stderr, "number of ops: %d\n", opa->last); }#ifdef IS_CV /* PHP >= 5.1 */ vld_printf (stderr, "compiled vars: "); for (i = 0; i < opa->last_var; i++) { vld_printf (stderr, "!%d = $%s%s", i, OPARRAY_VAR_NAME(opa->vars[i]), ((i + 1) == opa->last_var) ? "\n" : ", "); } if (!opa->last_var) { vld_printf(stderr, "none\n"); }#endif if (VLD_G(format)) { vld_printf(stderr, "line%s# *%s%s%sop%sfetch%sext%sreturn%soperands\n",VLD_G(col_sep),VLD_G(col_sep),VLD_G(col_sep),VLD_G(col_sep),VLD_G(col_sep),VLD_G(col_sep),VLD_G(col_sep),VLD_G(col_sep)); } else { vld_printf(stderr, "line #* E I O op fetch ext return operands\n"); vld_printf(stderr, "-------------------------------------------------------------------------------------\n"); } for (i = 0; i < opa->last; i++) { vld_dump_op(i, opa->opcodes, base_address, vld_set_in(set, i), vld_set_in(branch_info->entry_points, i), vld_set_in(branch_info->starts, i), vld_set_in(branch_info->ends, i), opa TSRMLS_CC); } vld_printf(stderr, "\n"); if (VLD_G(dump_paths)) { vld_branch_post_process(opa, branch_info); vld_branch_find_paths(branch_info); vld_branch_info_dump(opa, branch_info TSRMLS_CC); } vld_set_free(set); vld_branch_info_free(branch_info);}
0x4: vld_analyse_branch
ご覧のとおり、VLD は、PHP Zend の Branch に従って「ブロックごとに」変換されます関連リンク:
void vld_analyse_oparray(zend_op_array *opa, vld_set *set, vld_branch_info *branch_info TSRMLS_DC){ unsigned int position = 0; VLD_PRINT(1, "Finding entry points\n"); while (position < opa->last) { if (position == 0) { vld_analyse_branch(opa, position, set, branch_info TSRMLS_CC); vld_set_add(branch_info->entry_points, position);#if PHP_MAJOR_VERSION >= 5 } else if (opa->opcodes[position].opcode == ZEND_CATCH) { if (VLD_G(format)) { VLD_PRINT2(1, "Found catch point at position:%s%d\n", VLD_G(col_sep),position); } else { VLD_PRINT1(1, "Found catch point at position: %d\n", position); } vld_analyse_branch(opa, position, set, branch_info TSRMLS_CC); vld_set_add(branch_info->entry_points, position);#endif } position++; } vld_set_add(branch_info->ends, opa->last-1); branch_info->branches[opa->last-1].start_lineno = opa->opcodes[opa->last-1].lineno;}
Copyright (c) 2015 LittleHann All Rights Reserved