What is it?

Before we start , Must first introduce Opcode What is it? .

as everyone knows , Java At the time of execution , Will .java The suffix file is precompiled as .class Bytecode file , JVM Load the bytecode file for interpretation and execution . And the meaning of bytecode file , To speed up execution .

that PHP Of Opcode similarly , Also from the .php From file to execution , The generated precompiled intermediate file .

Or it can be so rude to understand , PHP The procedure is made by C Written binary program , Opcode Will be .php The document is translated into c Code results .

Opcode What's the use? Let's talk about it finally , First let's see what it looks like

get

How to get php Of documents opcode Well ? stay PHP In the source code , Can pass c function zend_compile_string obtain PHP After code parsing Opcode. But if we want to get Opcode Must go deep into c, Is that some gains outweigh the losses . Fortunately , There are extensions made by predecessors that can be obtained directly . Both : vld.

vld Expand

Install the extension :

#  Install the extension 
pecl install https://pecl.php.net/get/vld
#  Enable extensions .  If it is not  docker,  take "extension=vld.so"  write in  php.ini  that will do 
docker-php-ext-enable vld
#  Command line view ,  Ensure that the extension is installed successfully 
php -m | grep vld

Let's look at this little code opcode:

<?php
require 't.php';
$a = 1;
$b = $a;
echo $a;
var_dump($b);
exit(0);

Execute the following command to view :

php -d vld.active=1 -d vld.execute=0 test.php

about vld Output result of , Here is an illustrative article by the author : https://derickrethans.nl/more-source-analysis-with-vld.html

vld Extended supported configurations . php The extended configuration of can be used when running scripts , adopt -d Parameters are temporarily modified , It can also be modified directly php.ini file . It is suggested to modify it temporarily , After all, not all scripts have to output opcode.

• vld.active: Whether the output opcode. The default is 0
• vld.execute: Whether to run code . The default is 1
  • When it comes to 0 when , No output require Contents of other documents .
• vld.verbosity: Show more details . The default is 0, It may be worth 0123
• Wait , There are other configuration items , But I don't think it's of any use . By order php -r 'phpinfo();' | grep vld View all supported configurations .

phpdbg

Logically speaking , Such a common operation , It should be with official tools . Ah , This is coming . phpdbg yes php Program debugger ( so far , I've never used . I haven't even used break debugging ). But it can also be used to generate opcode.

command : phpdbg -p test.php

Generate results and vld The extension is basically consistent .

You can also use opcache To generate , But it's a bit of a detour , Not here . Just briefly introduce these two methods .

phpdbg If generated , It seems that only single file generation is supported ( Or maybe I didn't find a way to use it ), vld You can print it with the imported file .

But for our analysis program , phpdbg Generally enough .

Use

Then the above generated opcode What does that mean ? unfortunately , Official website opcode The explanation of has been lost , however zend opcode document Search for keywords , You can still find a lot of them . I will not repeat the meaning here .

Let me simply say what it does . You can't let us toss about for a long time , Got it opcode And then there's no then .

opcode yes php Intermediate code after document translation , Through it , We can roughly know php The execution of documents .

Again because php It's through c Level to analyze , Every one of them opcode Will be resolved into a c Function to execute . For analyzing source code 、 Find problems, etc , Can be directly located to php Code in c Source level execution , It's very convenient . ( I have encountered similar needs many times before , Search for example sort And so on )

All opcodes are defined in the source file zend_vm_opcodes.h in . since php According to different operation codes , Perform different actions . that , Can we use the opcode , To restore php The operations performed by the bottom layer ? sorry , Yes, but it's hard . php By function zend_vm_get_opcode_handler To get the corresponding handle function . however , After reading the source code , I'm disappointed , function zend_vm_get_opcode_handler The acquisition process is a dynamic parsing process . in other words , The same opcode , After parsing, it may be different functions . Ah, this is embarrassing .

therefore , I don't believe in evil , It was decided to amend PHP Source code to achieve . For ease of use , I encapsulated it into a docker Mirror image , Interested in implementation , Please move to Dockerfile. Use as follows ( See : Debug image ):

docker run --rm -it -v `pwd`:`pwd` -w `pwd` hujingnb/php_opcode:8.1.7 php test.php

Output the results as follows :

At the same time, it will generate... In the current directory opcode.log file , The contents are as follows :

You can see opcode And the specific execution of each operation code c Which function is .

among require The corresponding opcode by INCLUDE_OR_EVAL, Executed c Function is ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER.

summary

thus , opcode We have seen , Also can be php The file is converted to opcode 了 . But to be honest , This gadget can not be said to be useless in ordinary development , It can be said that there is no use at all .

I think its role is still in the analysis of the source code . You can easily see php Every step of the code , The corresponding source code executes .

Study the source code later , Or yes php When the behavior is confused , With this tool, you can speed up the process of solving puzzles .

Debug image

Introduce

This image is for easy viewing php Of opcode And the operation code c function . For the convenience of php Source code analysis . Pass the result , It can be done by php The file is directly located in php Source code c function .

This mirror is in vld On the basis of expansion , Extra output :

• The operation code corresponds to c perform handle function

This image is based on php Branch php-8.1.7, commitId by d35e577a1bd0b35b9386cea97cddc73fd98eed6d.

Mirror address . It doesn't explain how I did it , If you are interested, please check Dockerfile

Use

A simple way to get the opcode through this image :

docker run --rm -it -v `pwd`:`pwd` -w `pwd` hujingnb/php_opcode:8.1.7 php test.php

This command produces the following results :

1. obtain php Of documents opcode
2. obtain opcode The execution corresponding to the opcode c function . Output the results to... In the current directory opcode.log In file

senior

If you need to install extensions , You can perform the following operations after entering the image :

• from php Source code compilation and installation gd Expand : docker-php-ext-configure gd
• from php Source code installation gd Expand : docker-php-ext-install gd
• Enable gd Expand : docker-php-ext-enable gd
• Install the extension through the official library : pecl install redis && docker-php-ext-enable redis

environment variable :

• PHP_SRC_DIR: Source location
• PHP_INI_DIR: Profile location
• PHP_INSTALL_DIR: The installation path

If you need to add additional operations , Can operate based on this image , Please according to Dockerfile Modify yourself .

If you want to modify php Source code , You can execute the command to reinstall after modification : docker-php-install

Original address : https://hujingnb.com/archives/836