The php language has become so important that millions of sites are made based on LAMP that is linux , mysql,php,apache all are open source and makes very good combination. PhP languages uses zend engine to optimize the and various encoder to encode and Obfucation of variable class , function which makes the code unreadable. Some time loss of licence or unavability of coder/company makes it essential that source code be seen and changes are made/upgrade etc.
There are various techniques to do it . Mostly based on dezener type or similar software. Encoding is a short of compiling also so decompiler can do this decoding work.
DOWNLOAD THE DEZENDER HERE
(on opening the vld.h file will look like this )
(Do/* $Id: vld.c,v 1.18 2005/01/19 14:36:00 derick Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "php.h"
#include "php_ini.h"
#include "ext/standard/info.h"
#include "php_vld.h"
#include "srm_oparray.h"
static zend_op_array* (*old_compile_file)(zend_file_handle* file_handle, int type TSRMLS_DC);
static zend_op_array* vld_compile_file(zend_file_handle*, int TSRMLS_DC);
static void (*old_execute)(zend_op_array *op_array TSRMLS_DC);
static void vld_execute(zend_op_array *op_array TSRMLS_DC);
function_entry vld_functions[] = {
{NULL, NULL, NULL}
};
zend_module_entry vld_module_entry = {
#if ZEND_MODULE_API_NO >= 20010901
STANDARD_MODULE_HEADER,
#endif
"vld",
vld_functions,
PHP_MINIT(vld),
PHP_MSHUTDOWN(vld),
PHP_RINIT(vld),
PHP_RSHUTDOWN(vld),
PHP_MINFO(vld),
#if ZEND_MODULE_API_NO >= 20010901
"0.8.0",
#endif
STANDARD_MODULE_PROPERTIES
};
#ifdef COMPILE_DL_VLD
ZEND_GET_MODULE(vld)
#endif
ZEND_BEGIN_MODULE_GLOBALS(vld)
int active;
int skip_prepend;
int skip_append;
int execute;
ZEND_END_MODULE_GLOBALS(vld)
ZEND_DECLARE_MODULE_GLOBALS(vld)
#ifdef ZTS
#define VLD_G(v) TSRMG(vld_globals_id, zend_vld_globals *, v)
#else
#define VLD_G(v) (vld_globals.v)
#endif
PHP_INI_BEGIN()
STD_PHP_INI_ENTRY("vld.active", "0", PHP_INI_SYSTEM, OnUpdateBool, active, zend_vld_globals, vld_globals)
STD_PHP_INI_ENTRY("vld.skip_prepend", "0", PHP_INI_SYSTEM, OnUpdateBool, skip_prepend, zend_vld_globals, vld_globals)
STD_PHP_INI_ENTRY("vld.skip_append", "0", PHP_INI_SYSTEM, OnUpdateBool, skip_append, zend_vld_globals, vld_globals)
STD_PHP_INI_ENTRY("vld.execute", "1", PHP_INI_SYSTEM, OnUpdateBool, execute, zend_vld_globals, vld_globals)
PHP_INI_END()
static void vld_init_globals(zend_vld_globals *vld_globals)
{
vld_globals->active = 0;
vld_globals->skip_prepend = 0;
vld_globals->skip_append = 0;
vld_globals->execute = 1;
}
PHP_MINIT_FUNCTION(vld)
{
ZEND_INIT_MODULE_GLOBALS(vld, vld_init_globals, NULL);
REGISTER_INI_ENTRIES();
old_compile_file = zend_compile_file;
old_execute = zend_execute;
return SUCCESS;
}
PHP_MSHUTDOWN_FUNCTION(vld)
{
UNREGISTER_INI_ENTRIES();
zend_compile_file = old_compile_file;
zend_execute = old_execute;
return SUCCESS;
}
PHP_RINIT_FUNCTION(vld)
{
if (VLD_G(active)) {
zend_compile_file = vld_compile_file;
if (!VLD_G(execute)) {
zend_execute = vld_execute;
}
}
return SUCCESS;
}
PHP_RSHUTDOWN_FUNCTION(vld)
{
zend_compile_file = old_compile_file;
zend_execute = old_execute;
return SUCCESS;
}
PHP_MINFO_FUNCTION(vld)
{
php_info_print_table_start();
php_info_print_table_header(2, "vld support", "enabled");
php_info_print_table_end();
}
static int vld_check_fe (zend_op_array *fe, zend_bool *have_fe TSRMLS_DC)
{
if (fe->type == ZEND_USER_FUNCTION) {
*have_fe = 1;
}
return 0;
}
static int vld_dump_fe (zend_op_array *fe TSRMLS_DC)
{
if (fe->type == ZEND_USER_FUNCTION) {
fprintf(stderr, "Function %s:\n", fe->function_name);
vld_dump_oparray(fe);
fprintf(stderr, "End of function %s.\n\n", fe->function_name);
}
return ZEND_HASH_APPLY_KEEP;
}
#ifdef ZEND_ENGINE_2
static int vld_dump_cle (zend_class_entry **class_entry TSRMLS_DC)
#else
static int vld_dump_cle (zend_class_entry *class_entry TSRMLS_DC)
#endif
{
zend_class_entry *ce;
zend_bool have_fe = 0;
#ifdef ZEND_ENGINE_2
ce = *class_entry;
#else
ce = class_entry;
#endif
if (ce->type != ZEND_INTERNAL_CLASS) {
zend_hash_apply_with_argument(&ce->function_table, (apply_func_arg_t) vld_check_fe, (void *)&have_fe TSRMLS_CC);
if (have_fe) {
fprintf(stderr, "Class %s:\n", ce->name);
zend_hash_apply(&ce->function_table, (apply_func_t) vld_dump_fe TSRMLS_CC);
fprintf(stderr, "End of class %s.\n\n", ce->name);
} else {
fprintf(stderr, "Class %s: [no user functions]\n", ce->name);
}
}
return ZEND_HASH_APPLY_KEEP;
}
/* {{{ zend_op_array vld_compile_file (file_handle, type)
* This function provides a hook for compilation */
static zend_op_array *vld_compile_file(zend_file_handle *file_handle, int type TSRMLS_DC)
{
zend_op_array *op_array;
if (!VLD_G(execute) &&
((VLD_G(skip_prepend) && PG(auto_prepend_file) && PG(auto_prepend_file)[0] && PG(auto_prepend_file) == file_handle->filename) ||
(VLD_G(skip_append) && PG(auto_append_file) && PG(auto_append_file)[0] && PG(auto_append_file) == file_handle->filename)))
{
zval nop;
ZVAL_STRINGL(&nop, "RETURN ;", 8, 0);
return compile_string(&nop, "NOP" TSRMLS_CC);;
}
op_array = old_compile_file (file_handle, type TSRMLS_CC);
if (op_array) {
vld_dump_oparray (op_array);
}
zend_hash_apply (CG(function_table), (apply_func_t) vld_dump_fe TSRMLS_CC);
zend_hash_apply (CG(class_table), (apply_func_t) vld_dump_cle TSRMLS_CC);
return op_array;
}
/* }}} */
/* {{{ void vld_execute(zend_op_array *op_array TSRMLS_DC)
* This function provides a hook for execution */
static void vld_execute(zend_op_array *op_array TSRMLS_DC)
{
// nothing to do
}
/* }}} */)
Dwnload the dezender
1. Now several dezend production systems are based on VLD
#tar -xzf vld-0.8.0.tgz # Tar-xzf vld - 0.8.0.tgz
#mv vld-0.8.0 vld # Mv vld - 0.8.0 vld
#cd -R vld ../php-4.3.8/ext //copy vld directory to the php source code in the ext
#cd php-4.3.8
# Rm configure
#./buildconf
#./configure –with-mysql –with-apxs2=/usr/www/bin/apxs –enable-vld
#make
#make install
(It is said that the paper had run zend check source code can be seen)
2.Vulcan Logic Disassembler
http://derickrethans.nl/vld.php
The Vulcan Logic Disassembler hooks into the Zend Engine and dumps all the opcodes (execution units) of a script. It was written as as a beginning of an encoder, but I never got the time for that. It can be used to see what is going on in the Zend Engine. The Vulcan Logic Disassembler hooks into the Zend Engine and dumps all the opcodes (execution units) of a script. It was written as as a beginning of an encoder, but I never got the time for that. It can be used to see what is going on in the Zend Engine.
It's not hard to use this extension, but it might not work with all PHP versions. Here are the instructions to get it to work: It's not hard to use this extension, but it might not work with all PHP versions. Here are the instructions to get it to work:
1. Unpack the tarball: tar -xzf vld-0.8.0.tgz.
2. cd into the newly created directory.
3. Create the configure script: phpize 3. Create the configure script: phpize
4. Now run "./configure" followed by "make install".
That's it, if you now run PHP from the command line and add the -dvld.active=1 parameter VLD will spit out the opcodes: That's it, if you now run PHP from the command line and add the-dvld.active = 1 parameter VLD will spit out the opcodes:
php -dvld.active=1 program.php Php - dvld.active = 1 program.php
Note:
1)debian under To install php4-dev or php5-dev have phpize
2)PHP 5.1 has a macro definition is canceled, to its commented out, the Internet has patches
Here is my revised
Diff-u srm_oparray.c vld-0.8.0/srm_oparray.c
--- srm_oparray.c 2005-01-19 19:59:54.000000000 +0800
--- Srm_oparray.c 2005-01-19 19:59:54.000000000 +0800
+++ vld-0.8.0/srm_oparray.c 2006-10-29 09:47:04.000000000 +0800
@@ -351,6 +351,7 @@
op->op2.op_type = VLD_IS_OPLINE;
Break;
+#ifdef ZEND_JMP_NO_CTOR
case ZEND_JMP_NO_CTOR: Case ZEND_JMP_NO_CTOR:
Flags = OP2_USED;
if (op->op1.op_type != IS_UNUSED)(
@@ -361,6 +362,7 @@
# Endif
Op-> op2.op_type = VLD_IS_OPLINE;
Break;
# Endif
# Ifdef ZEND_ENGINE_2
Case ZEND_FETCH_CLASS:
3. Documents and intercepted PHP read cache to the process of loading
zend/zend_ini_scanner.c Zend / zend_ini_scanner.c
4. Xfocus.net 2006 General Assembly
First, a section of digression
website should be the first comprehensive domestic master the technical people
Http://www.qinvent.com/ (check the forum pl)
===============================
Airsupply / segfault.cn
Https: / / 0x557.org
Members of the security focus of the 2006 General Assembly of the report done dezend
He should be inspired by the qinvent only started doing this matter
===============================
Three dot
Http://3.999ye.com/
He also believes/modified that can be done based on vld
===============================
Please note that a high programming skilled is required to do the dezending /decoding so a labour cost is involved always. Error messages gives clue to the dezending process.
www.php.net has the source code required to be compiled.
to run the encoded files php.ini is modified and the decoder the company gives free of cost. like ioncube, sourcegardian,sourcecop etc
