Created
October 23, 2018 04:06
-
-
Save adsr/e62d95a033edd9b714e3cf088ee8e897 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| #include <signal.h> | |
| #include <unistd.h> | |
| #include "../phpspy.h" | |
| zend_executor_globals_73 executor_globals = {0}; | |
| sapi_globals_struct_73 sapi_globals = {0}; | |
| php_core_globals_73 core_globals = {0}; | |
| static void wait_for_parent(); | |
| static void init_sapi_globals(sapi_globals_struct_73 *sapi_globals); | |
| static zend_execute_data_73 *alloc_execute_data(int n, zend_execute_data_73 *prev_execute_data); | |
| static zend_array_73 *alloc_array(int n); | |
| static zend_op_73 *alloc_op(int n); | |
| static zend_function_73 *alloc_function(int n); | |
| static zend_string_73 *alloc_string(int n, const char *what); | |
| static zend_class_entry_73 *alloc_class_entry(int n); | |
| int main(int argc, char **argv) { | |
| zend_execute_data_73 *execute_data[3]; | |
| wait_for_parent(); | |
| execute_data[0] = alloc_execute_data(0, NULL); | |
| execute_data[1] = alloc_execute_data(1, execute_data[0]); | |
| execute_data[2] = alloc_execute_data(2, execute_data[1]); | |
| init_sapi_globals(&sapi_globals); | |
| executor_globals.current_execute_data = execute_data[0]; | |
| wait_for_parent(); | |
| executor_globals.current_execute_data = execute_data[1]; | |
| wait_for_parent(); | |
| executor_globals.current_execute_data = execute_data[2]; | |
| wait_for_parent(); | |
| return 0; | |
| } | |
| static void wait_for_parent() { | |
| char buf; | |
| read(STDIN_FILENO, &buf, sizeof(char)); | |
| } | |
| static void init_sapi_globals(sapi_globals_struct_73 *sapi_globals) { | |
| sapi_globals->request_info.query_string = strdup("query_string"); | |
| sapi_globals->request_info.cookie_data = strdup("cookie_data"); | |
| sapi_globals->request_info.path_translated = strdup("path_translated"); | |
| sapi_globals->request_info.request_uri = strdup("request_uri"); | |
| sapi_globals->global_request_time = 1522540800.f; | |
| } | |
| static zend_execute_data_73 *alloc_execute_data(int n, zend_execute_data_73 *prev_execute_data) { | |
| zend_execute_data_73 *execute_data; | |
| zval_73 *zv[4]; | |
| execute_data = calloc(1, sizeof(zend_execute_data_73) + (sizeof(zval_73) * 10)); | |
| execute_data->opline = alloc_op(n); | |
| execute_data->func = alloc_function(n); | |
| execute_data->prev_execute_data = prev_execute_data; | |
| zv[0] = ((zval_73*)execute_data) + 5 + 0; | |
| zv[0]->u1.v.type = IS_STRING; | |
| zv[0]->value.str = alloc_string(n, "a_value"); | |
| zv[1] = ((zval_73*)execute_data) + 5 + 1; | |
| zv[1]->u1.v.type = IS_LONG; | |
| zv[1]->value.lval = 42; | |
| zv[2] = ((zval_73*)execute_data) + 5 + 2; | |
| zv[2]->u1.v.type = IS_DOUBLE; | |
| zv[2]->value.dval = 1337.f; | |
| zv[3] = ((zval_73*)execute_data) + 5 + 3; | |
| zv[3]->u1.v.type = IS_ARRAY; | |
| zv[3]->value.arr = alloc_array(n); | |
| return execute_data; | |
| } | |
| static zend_array_73 *alloc_array(int n) { | |
| zend_array_73 *arr; | |
| Bucket_73 *buckets; | |
| buckets = calloc(2, sizeof(Bucket_73)); | |
| arr = calloc(1, sizeof(zend_array_73)); | |
| buckets[0].val.u1.v.type = IS_STRING; | |
| buckets[0].val.value.str = alloc_string(n, "hi mom"); | |
| buckets[0].key = alloc_string(n, "key-for-a-str"); | |
| buckets[1].val.u1.v.type = IS_LONG; | |
| buckets[1].val.value.lval = 1234; | |
| buckets[1].key = alloc_string(n, "key-for-a-long"); | |
| arr->arData = buckets; | |
| arr->nNumUsed = 2; | |
| arr->nNumOfElements = 2; | |
| arr->nTableSize = 2; | |
| return arr; | |
| } | |
| static zend_op_73 *alloc_op(int n) { | |
| zend_op_73 *opline; | |
| opline = calloc(1, sizeof(zend_op_73)); | |
| opline->lineno = (uint32_t)n; | |
| return opline; | |
| } | |
| static zend_function_73 *alloc_function(int n) { | |
| zend_function_73 *func; | |
| func = calloc(1, sizeof(zend_function_73)); | |
| func->type = 2; | |
| func->common.function_name = alloc_string(n, "test_func"); | |
| func->common.scope = alloc_class_entry(n); | |
| func->op_array.last_var = 4; | |
| func->op_array.vars = calloc(4, sizeof(zend_string_73*)); | |
| func->op_array.vars[0] = alloc_string(n, "a_str"); | |
| func->op_array.vars[1] = alloc_string(n, "b_long"); | |
| func->op_array.vars[2] = alloc_string(n, "c_double"); | |
| func->op_array.vars[3] = alloc_string(n, "d_arr"); | |
| func->op_array.filename = alloc_string(n, "/test/path.php"); | |
| func->op_array.line_start = n; | |
| return func; | |
| } | |
| static zend_string_73 *alloc_string(int n, const char *what) { | |
| zend_string_73 *str; | |
| str = calloc(1, sizeof(zend_string_73) + (strlen(what) + 6)); | |
| snprintf((char*)str->val, strlen(what) + 5, "%s_%03d", what, n); | |
| str->len = strlen(((char*)str->val)); | |
| return str; | |
| } | |
| static zend_class_entry_73 *alloc_class_entry(int n) { | |
| zend_class_entry_73 *ce; | |
| ce = calloc(1, sizeof(zend_class_entry_73)); | |
| ce->name = alloc_string(n, "TestClass"); | |
| return ce; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment