How to get a function name when I hooked it in a php extension












1















I tried to write a PHP module which is used to detect zend internal function which is called in a php cgi file. Liked code shown below,I want get its name -- 'printf' in my code.



<?php printf("Hello SO!");?>


Now I hooked this function with a function named 'zend_set_user_opcode_handler'.However,I am not able to get the function name which was hooked.(It is 'printf' in this example.) So, what should I do if I want achieve that 'printf' in Function hook_handler()?



Codes here.



int shellhook_handler(ZEND_OPCODE_HANDLER_ARGS){

/* What should I do to catch function name here*/

return ZEND_USER_OPCODE_DISPATCH;
}


PHP_MINIT_FUNCTION(shellhook)
{

REGISTER_INI_ENTRIES();
zend_set_user_opcode_handler(ZEND_DO_FCALL, hook_handler);
return SUCCESS;
}









share|improve this question





























    1















    I tried to write a PHP module which is used to detect zend internal function which is called in a php cgi file. Liked code shown below,I want get its name -- 'printf' in my code.



    <?php printf("Hello SO!");?>


    Now I hooked this function with a function named 'zend_set_user_opcode_handler'.However,I am not able to get the function name which was hooked.(It is 'printf' in this example.) So, what should I do if I want achieve that 'printf' in Function hook_handler()?



    Codes here.



    int shellhook_handler(ZEND_OPCODE_HANDLER_ARGS){

    /* What should I do to catch function name here*/

    return ZEND_USER_OPCODE_DISPATCH;
    }


    PHP_MINIT_FUNCTION(shellhook)
    {

    REGISTER_INI_ENTRIES();
    zend_set_user_opcode_handler(ZEND_DO_FCALL, hook_handler);
    return SUCCESS;
    }









    share|improve this question



























      1












      1








      1


      1






      I tried to write a PHP module which is used to detect zend internal function which is called in a php cgi file. Liked code shown below,I want get its name -- 'printf' in my code.



      <?php printf("Hello SO!");?>


      Now I hooked this function with a function named 'zend_set_user_opcode_handler'.However,I am not able to get the function name which was hooked.(It is 'printf' in this example.) So, what should I do if I want achieve that 'printf' in Function hook_handler()?



      Codes here.



      int shellhook_handler(ZEND_OPCODE_HANDLER_ARGS){

      /* What should I do to catch function name here*/

      return ZEND_USER_OPCODE_DISPATCH;
      }


      PHP_MINIT_FUNCTION(shellhook)
      {

      REGISTER_INI_ENTRIES();
      zend_set_user_opcode_handler(ZEND_DO_FCALL, hook_handler);
      return SUCCESS;
      }









      share|improve this question
















      I tried to write a PHP module which is used to detect zend internal function which is called in a php cgi file. Liked code shown below,I want get its name -- 'printf' in my code.



      <?php printf("Hello SO!");?>


      Now I hooked this function with a function named 'zend_set_user_opcode_handler'.However,I am not able to get the function name which was hooked.(It is 'printf' in this example.) So, what should I do if I want achieve that 'printf' in Function hook_handler()?



      Codes here.



      int shellhook_handler(ZEND_OPCODE_HANDLER_ARGS){

      /* What should I do to catch function name here*/

      return ZEND_USER_OPCODE_DISPATCH;
      }


      PHP_MINIT_FUNCTION(shellhook)
      {

      REGISTER_INI_ENTRIES();
      zend_set_user_opcode_handler(ZEND_DO_FCALL, hook_handler);
      return SUCCESS;
      }






      php php-internals






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Aug 7 '17 at 14:33









      Naktibalda

      9,92632443




      9,92632443










      asked Aug 7 '17 at 14:28









      SolomonSolomon

      61




      61
























          1 Answer
          1






          active

          oldest

          votes


















          0














          Hey guys I have got the answer. There are two different methods to achieve hooked function's name.



          First, if PHP5 is used, a defining of macro is necessary,because the method depend on the PHP minor version(less than 4 or not).



          #if (PHP_MAJOR_VERSION == 5) && (PHP_MINOR_VERSION < 4) 
          # define OP1_CONSTANT_PTR(n) (&(n)->op1.u.constant)
          #else
          # define OP1_CONSTANT_PTR(n) ((n)->op1.zv)
          #endif

          zend_op *opline = execute_data->opline;
          zval *fname = OP1_CONSTANT_PTR(opline);
          php_printf("FunctionName:%sn",Z_STRVAL_P(fname));


          Second, if PHP7 is used, parameters of shellhook() are not ZEND_OPCODE_HANDLER_ARGS any more. It is replaced by zend_execute_data *execute_data.



              zend_execute_data *call = execute_data->call;
          zend_function *fbc = call->func;
          zend_string *fname = fbc->common.function_name;
          php_printf("FunctionName:%sn",ZSTR_VAL(fname));





          share|improve this answer
























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f45549366%2fhow-to-get-a-function-name-when-i-hooked-it-in-a-php-extension%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Hey guys I have got the answer. There are two different methods to achieve hooked function's name.



            First, if PHP5 is used, a defining of macro is necessary,because the method depend on the PHP minor version(less than 4 or not).



            #if (PHP_MAJOR_VERSION == 5) && (PHP_MINOR_VERSION < 4) 
            # define OP1_CONSTANT_PTR(n) (&(n)->op1.u.constant)
            #else
            # define OP1_CONSTANT_PTR(n) ((n)->op1.zv)
            #endif

            zend_op *opline = execute_data->opline;
            zval *fname = OP1_CONSTANT_PTR(opline);
            php_printf("FunctionName:%sn",Z_STRVAL_P(fname));


            Second, if PHP7 is used, parameters of shellhook() are not ZEND_OPCODE_HANDLER_ARGS any more. It is replaced by zend_execute_data *execute_data.



                zend_execute_data *call = execute_data->call;
            zend_function *fbc = call->func;
            zend_string *fname = fbc->common.function_name;
            php_printf("FunctionName:%sn",ZSTR_VAL(fname));





            share|improve this answer




























              0














              Hey guys I have got the answer. There are two different methods to achieve hooked function's name.



              First, if PHP5 is used, a defining of macro is necessary,because the method depend on the PHP minor version(less than 4 or not).



              #if (PHP_MAJOR_VERSION == 5) && (PHP_MINOR_VERSION < 4) 
              # define OP1_CONSTANT_PTR(n) (&(n)->op1.u.constant)
              #else
              # define OP1_CONSTANT_PTR(n) ((n)->op1.zv)
              #endif

              zend_op *opline = execute_data->opline;
              zval *fname = OP1_CONSTANT_PTR(opline);
              php_printf("FunctionName:%sn",Z_STRVAL_P(fname));


              Second, if PHP7 is used, parameters of shellhook() are not ZEND_OPCODE_HANDLER_ARGS any more. It is replaced by zend_execute_data *execute_data.



                  zend_execute_data *call = execute_data->call;
              zend_function *fbc = call->func;
              zend_string *fname = fbc->common.function_name;
              php_printf("FunctionName:%sn",ZSTR_VAL(fname));





              share|improve this answer


























                0












                0








                0







                Hey guys I have got the answer. There are two different methods to achieve hooked function's name.



                First, if PHP5 is used, a defining of macro is necessary,because the method depend on the PHP minor version(less than 4 or not).



                #if (PHP_MAJOR_VERSION == 5) && (PHP_MINOR_VERSION < 4) 
                # define OP1_CONSTANT_PTR(n) (&(n)->op1.u.constant)
                #else
                # define OP1_CONSTANT_PTR(n) ((n)->op1.zv)
                #endif

                zend_op *opline = execute_data->opline;
                zval *fname = OP1_CONSTANT_PTR(opline);
                php_printf("FunctionName:%sn",Z_STRVAL_P(fname));


                Second, if PHP7 is used, parameters of shellhook() are not ZEND_OPCODE_HANDLER_ARGS any more. It is replaced by zend_execute_data *execute_data.



                    zend_execute_data *call = execute_data->call;
                zend_function *fbc = call->func;
                zend_string *fname = fbc->common.function_name;
                php_printf("FunctionName:%sn",ZSTR_VAL(fname));





                share|improve this answer













                Hey guys I have got the answer. There are two different methods to achieve hooked function's name.



                First, if PHP5 is used, a defining of macro is necessary,because the method depend on the PHP minor version(less than 4 or not).



                #if (PHP_MAJOR_VERSION == 5) && (PHP_MINOR_VERSION < 4) 
                # define OP1_CONSTANT_PTR(n) (&(n)->op1.u.constant)
                #else
                # define OP1_CONSTANT_PTR(n) ((n)->op1.zv)
                #endif

                zend_op *opline = execute_data->opline;
                zval *fname = OP1_CONSTANT_PTR(opline);
                php_printf("FunctionName:%sn",Z_STRVAL_P(fname));


                Second, if PHP7 is used, parameters of shellhook() are not ZEND_OPCODE_HANDLER_ARGS any more. It is replaced by zend_execute_data *execute_data.



                    zend_execute_data *call = execute_data->call;
                zend_function *fbc = call->func;
                zend_string *fname = fbc->common.function_name;
                php_printf("FunctionName:%sn",ZSTR_VAL(fname));






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Aug 14 '17 at 3:01









                SolomonSolomon

                61




                61
































                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f45549366%2fhow-to-get-a-function-name-when-i-hooked-it-in-a-php-extension%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    這個網誌中的熱門文章

                    Xamarin.form Move up view when keyboard appear

                    Post-Redirect-Get with Spring WebFlux and Thymeleaf

                    Anylogic : not able to use stopDelay()