Analyse Case 01
PHP Source Code
<?php
class A
{
private function foo()
{
echo 'A foo()' . PHP_EOL;
}
public function test()
{
$this->foo();
}
}
class C extends A
{
public function foo()
{
echo 'C foo()' . PHP_EOL;
}
}
$c = new C();
$c->test();
opcode
Finding entry points
Branch analysis from position: 0
Jump found. (Code = 62) Position 1 = -2
filename: /home/minsec/php_demo/a.php
function name: (null)
number of ops: 9
compiled vars: !0 = $c
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
2 0 E > NOP
15 1 NOP
2 NOP
23 3 NEW $4 :-4
4 DO_FCALL 0
5 ASSIGN !0, $4
24 6 INIT_METHOD_CALL !0, 'test'
7 DO_FCALL 0
25 8 > RETURN 1
Class A:
Function foo:
Finding entry points
Branch analysis from position: 0
Jump found. (Code = 62) Position 1 = -2
filename: /home/minsec/php_demo/a.php
function name: foo
number of ops: 2
compiled vars: none
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
6 0 E > ECHO 'A+foo%28%29%0A'
7 1 > RETURN null
End of function foo
Function test:
Finding entry points
Branch analysis from position: 0
Jump found. (Code = 62) Position 1 = -2
filename: /home/minsec/php_demo/a.php
function name: test
number of ops: 3
compiled vars: none
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
11 0 E > INIT_METHOD_CALL 'foo'
1 DO_FCALL 0
12 2 > RETURN null
End of function test
End of class A.
Class C:
Function foo:
Finding entry points
Branch analysis from position: 0
Jump found. (Code = 62) Position 1 = -2
filename: /home/minsec/php_demo/a.php
function name: foo
number of ops: 2
compiled vars: none
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
19 0 E > ECHO 'C+foo%28%29%0A'
20 1 > RETURN null
End of function foo
Function test:
Finding entry points
Branch analysis from position: 0
Jump found. (Code = 62) Position 1 = -2
filename: /home/minsec/php_demo/a.php
function name: test
number of ops: 3
compiled vars: none
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
11 0 E > INIT_METHOD_CALL 'foo'
1 DO_FCALL 0
12 2 > RETURN null
End of function test
End of class C.
Finding entry points
Branch analysis from position: 0
Add 0
Add 1
Add 2
Add 3
Add 4
Add 5
Add 6
Add 7
Add 8
Jump found. (Code = 62) Position 1 = -2
filename: /home/minsec/php_demo/a.php
function name: (null)
number of ops: 9
compiled vars: !0 = $c
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
2 0 E > NOP
15 1 NOP
2 NOP
23 3 NEW RES[ IS_VAR $4 ] OP1[ :-4 ]
4 DO_FCALL 0 RES[ ] OP1[ IS_UNUSED ]
5 ASSIGN RES[ ] OP1[ IS_CV !0 ] OP2[ , IS_VAR $4 ]
24 6 INIT_METHOD_CALL RES[ IS_UNUSED ] OP1[ IS_CV !0 ] OP2[ , IS_CONST (4) 'test' ]
7 DO_FCALL 0 RES[ ] OP1[ IS_UNUSED ]
25 8 > RETURN OP1[ IS_CONST (6) 1 ]
branch: # 0; line: 2- 25; sop: 0; eop: 8; out1: -2
path #1: 0,
Class A:
Function foo:
Finding entry points
Branch analysis from position: 0
Add 0
Add 1
Jump found. (Code = 62) Position 1 = -2
filename: /home/minsec/php_demo/a.php
function name: foo
number of ops: 2
compiled vars: none
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
6 0 E > ECHO OP1[ IS_CONST (0) 'A+foo%28%29%0A' ]
7 1 > RETURN OP1[ IS_CONST (1) null ]
branch: # 0; line: 6- 7; sop: 0; eop: 1; out1: -2
path #1: 0,
End of function foo
Function test:
Finding entry points
Branch analysis from position: 0
Add 0
Add 1
Add 2
Jump found. (Code = 62) Position 1 = -2
filename: /home/minsec/php_demo/a.php
function name: test
number of ops: 3
compiled vars: none
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
11 0 E > INIT_METHOD_CALL RES[ IS_UNUSED ] OP1[ IS_UNUSED ] OP2[ IS_CONST (0) 'foo' ]
1 DO_FCALL 0 RES[ ] OP1[ IS_UNUSED ]
12 2 > RETURN OP1[ IS_CONST (2) null ]
branch: # 0; line: 11- 12; sop: 0; eop: 2; out1: -2
path #1: 0,
End of function test
End of class A.
Class C:
Function foo:
Finding entry points
Branch analysis from position: 0
Add 0
Add 1
Jump found. (Code = 62) Position 1 = -2
filename: /home/minsec/php_demo/a.php
function name: foo
number of ops: 2
compiled vars: none
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
19 0 E > ECHO OP1[ IS_CONST (0) 'C+foo%28%29%0A' ]
20 1 > RETURN OP1[ IS_CONST (1) null ]
branch: # 0; line: 19- 20; sop: 0; eop: 1; out1: -2
path #1: 0,
End of function foo
Function test:
Finding entry points
Branch analysis from position: 0
Add 0
Add 1
Add 2
Jump found. (Code = 62) Position 1 = -2
filename: /home/minsec/php_demo/a.php
function name: test
number of ops: 3
compiled vars: none
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
11 0 E > INIT_METHOD_CALL RES[ IS_UNUSED ] OP1[ IS_UNUSED ] OP2[ IS_CONST (0) 'foo' ]
1 DO_FCALL 0 RES[ ] OP1[ IS_UNUSED ]
12 2 > RETURN OP1[ IS_CONST (2) null ]
branch: # 0; line: 11- 12; sop: 0; eop: 2; out1: -2
path #1: 0,
End of function test
End of class C.
A foo()
static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
{
USE_OPLINE
zval *function_name;
zval *object;
zend_function *fbc;
zend_class_entry *called_scope;
zend_object *obj;
zend_execute_data *call;
uint32_t call_info;
SAVE_OPLINE();
object = _get_zval_ptr_cv_undef(opline->op1.var EXECUTE_DATA_CC);
if (IS_CV == IS_UNUSED && UNEXPECTED(Z_TYPE_P(object) == IS_UNDEF)) {
ZEND_VM_TAIL_CALL(zend_this_not_in_object_context_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU));
}
function_name = EX_CONSTANT(opline->op2);
if (IS_CONST != IS_CONST &&
UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) {
do {
if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(function_name)) {
function_name = Z_REFVAL_P(function_name);
if (EXPECTED(Z_TYPE_P(function_name) == IS_STRING)) {
break;
}
} else if (IS_CONST == IS_CV && UNEXPECTED(Z_TYPE_P(function_name) == IS_UNDEF)) {
GET_OP2_UNDEF_CV(function_name, BP_VAR_R);
if (UNEXPECTED(EG(exception) != NULL)) {
HANDLE_EXCEPTION();
}
}
zend_throw_error(NULL, "Method name must be a string");
HANDLE_EXCEPTION();
} while (0);
}
if (IS_CV != IS_UNUSED) {
do {
if (IS_CV == IS_CONST || UNEXPECTED(Z_TYPE_P(object) != IS_OBJECT)) {
if ((IS_CV & (IS_VAR|IS_CV)) && EXPECTED(Z_ISREF_P(object))) {
object = Z_REFVAL_P(object);
if (EXPECTED(Z_TYPE_P(object) == IS_OBJECT)) {
break;
}
}
if (IS_CV == IS_CV && UNEXPECTED(Z_TYPE_P(object) == IS_UNDEF)) {
object = GET_OP1_UNDEF_CV(object, BP_VAR_R);
if (UNEXPECTED(EG(exception) != NULL)) {
HANDLE_EXCEPTION();
}
}
zend_throw_error(NULL, "Call to a member function %s() on %s", Z_STRVAL_P(function_name), zend_get_type_by_const(Z_TYPE_P(object)));
HANDLE_EXCEPTION();
}
} while (0);
}
obj = Z_OBJ_P(object);
called_scope = obj->ce;
if (IS_CONST == IS_CONST &&
EXPECTED(CACHED_PTR(Z_CACHE_SLOT_P(function_name)) == called_scope)) {
fbc = CACHED_PTR(Z_CACHE_SLOT_P(function_name) + sizeof(void*));
} else {
zend_object *orig_obj = obj;
if (UNEXPECTED(obj->handlers->get_method == NULL)) {
zend_throw_error(NULL, "Object does not support method calls");
HANDLE_EXCEPTION();
}
/* First, locate the function. */
fbc = obj->handlers->get_method(&obj, Z_STR_P(function_name), ((IS_CONST == IS_CONST) ? (EX_CONSTANT(opline->op2) + 1) : NULL));
if (UNEXPECTED(fbc == NULL)) {
if (EXPECTED(!EG(exception))) {
zend_throw_error(NULL, "Call to undefined method %s::%s()", ZSTR_VAL(obj->ce->name), Z_STRVAL_P(function_name));
}
HANDLE_EXCEPTION();
}
if (IS_CONST == IS_CONST &&
EXPECTED(fbc->type <= ZEND_USER_FUNCTION) &&
EXPECTED(!(fbc->common.fn_flags & (ZEND_ACC_CALL_VIA_TRAMPOLINE|ZEND_ACC_NEVER_CACHE))) &&
EXPECTED(obj == orig_obj)) {
CACHE_POLYMORPHIC_PTR(Z_CACHE_SLOT_P(function_name), called_scope, fbc);
}
if (EXPECTED(fbc->type == ZEND_USER_FUNCTION) && UNEXPECTED(!fbc->op_array.run_time_cache)) {
init_func_run_time_cache(&fbc->op_array);
}
}
call_info = ZEND_CALL_NESTED_FUNCTION;
if (UNEXPECTED((fbc->common.fn_flags & ZEND_ACC_STATIC) != 0)) {
obj = NULL;
} else if (IS_CV & (IS_VAR|IS_TMP_VAR|IS_CV)) {
/* CV may be changed indirectly (e.g. when it's a reference) */
call_info = ZEND_CALL_NESTED_FUNCTION | ZEND_CALL_RELEASE_THIS;
GC_REFCOUNT(obj)++; /* For $this pointer */
}
if ((IS_CV & (IS_VAR|IS_TMP_VAR)) && UNEXPECTED(EG(exception))) {
HANDLE_EXCEPTION();
}
call = zend_vm_stack_push_call_frame(call_info,
fbc, opline->extended_value, called_scope, obj);
call->prev_execute_data = EX(call);
EX(call) = call;
ZEND_VM_NEXT_OPCODE();
}
相關文章
- 1. op analyse
- 2. 【轉】Android Adb Analyse
- 3. jhat命令(Java Heap Analyse Tool)
- 4. How to analyse slow boot in RHEL7?
- 5. SQL --case裏面嵌套case
- 6. Android Studio逆向分析APK(Analyse APK)
- 7. easyExcel出現 Analyse excel occur file error fileType XLS
- 8. NotePad++ debug插件Analyse Dialog使用
- 9. case判斷
- 10. Verilog中的 full case 與 parallel case
- 更多相關文章...
- • XSL-FO multi-case 對象 - XSL-FO 教程
- • Swift switch 語句 - Swift 教程
- • JDK13 GA發佈:5大特性解讀
- • Git五分鐘教程
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. CVPR 2020 論文大盤點-光流篇
- 2. Photoshop教程_ps中怎麼載入圖案?PS圖案如何導入?
- 3. org.pentaho.di.core.exception.KettleDatabaseException:Error occurred while trying to connect to the
- 4. SonarQube Scanner execution execution Error --- Failed to upload report - 500: An error has occurred
- 5. idea 導入源碼包
- 6. python學習 day2——基礎學習
- 7. 3D將是頁遊市場新賽道?
- 8. osg--交互
- 9. OSG-交互
- 10. Idea、spring boot 圖片(pgn顯示、jpg不顯示)解決方案
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. op analyse
- 2. 【轉】Android Adb Analyse
- 3. jhat命令(Java Heap Analyse Tool)
- 4. How to analyse slow boot in RHEL7?
- 5. SQL --case裏面嵌套case
- 6. Android Studio逆向分析APK(Analyse APK)
- 7. easyExcel出現 Analyse excel occur file error fileType XLS
- 8. NotePad++ debug插件Analyse Dialog使用
- 9. case判斷
- 10. Verilog中的 full case 與 parallel case