对Go的复盘计划
距离上一次的go工作已经过去差不多一年半了,最近一年半PHP为主了,对go又生疏了。
接下来开始重新学习go,放下的再捡起来吧
分类: Code
通过hook eval解密混淆的PHP文件文件
PHP混淆原理
一般来讲,混淆分为两种
利用拓展进行加密
比如 SG11、Swoole Compiler 等
不需要拓展,单文件加密
本文主要针对第二种,而单文件加密的一般都是对源码进行字符串操作,比如对字符串移位、拼接,或者重新定义变量,重新赋值数组,总之就是尽可能减少程序可读性。但是所有加密过的代码都会经过多次eval来重新还原为php代码执行,所以我们可以hook PHP中的eval函数来输出经过eval函数的参数,参数就是源码。
hook eval
PHP中的eval函数在Zend里需要调用zend_compile_string函数,我们写一个拓展直接hook这个函数就行了。不过我不会写c代码,所以参考网上的文章,在GitHub中找到了现成的一个拓展库。
https://github.com/bizonix/evalhook/tree/master
安装扩展之后终端执行
php xxx.php即可打印出解析后的PHP代码 注意变量名无法被还原
参考链接 https://y4er.com/posts/hook-eval/
goutil/dump – 打印漂亮易读的go数据
gookit/goutil/dump - 是一个golang数据打印工具包,可以打印出漂亮易读的go slice, map, struct数据。
主要功能:
使用简单,直接调用 dump.P(vars...) 即可
支持所有的基础数据类型
支持slice, map, struct数据结构
支持传入打印多个变量
默认输出调用位置,方便使用
支持自定义部分能力,如 缩进,色彩主题等
打印基础类型
package main
import "github.com/gookit/goutil/dump"
// rum demo:
// go run ./dump/_examples/basic_types.go
func main() {
dump.P(
nil, true,
12, int8(12), int16(12), int32(12), int64(12),
uint(22), uint8(22), uint16(22), uint32(22), uint64(22),
float32(23.78), float64(56.45),
'c', byte('d'),
"string",
)
}打印slice
打印 array, slice 都会一行一个元素输出,同时会在最后输出长度。
package main
import "github.com/gookit/goutil/dump"
// rum demo:
// go run ./dump/_examples/slice.go
func main() {
dump.P(
[]byte("abc"),
[]int{1, 2, 3},
[]string{"ab", "cd"},
[]interface{}{
"ab",
234,
[]int{1, 3},
[]string{"ab", "cd"},
},
)
}打印map
打印map数据结构,会一行一个元素输出,同时会在最后输出map长度。
package main
import "github.com/gookit/goutil/dump"
// rum demo:
// go run ./map.go
// go run ./dump/_examples/map.go
func main() {
dump.P(
map[string]interface{}{
"key0": 123,
"key1": "value1",
"key2": []int{1, 2, 3},
"key3": map[string]string{
"k0": "v0",
"k1": "v1",
},
},
)
}打印struct
打印struct数据,指针类型会自动打印底层真实数据
package main
import (
"fmt"
"github.com/gookit/color"
"github.com/gookit/goutil/dump"
)
// rum demo:
// go run ./struct.go
// go run ./dump/_examples/struct.go
func main() {
s1 := &struct {
cannotExport map[string]interface{}
}{
cannotExport: map[string]interface{}{
"key1": 12,
"key2": "abcd123",
},
}
s2 := struct {
ab string
Cd int
}{
"ab", 23,
}
color.Infoln("- Use fmt.Println:")
fmt.Println(s1, s2)
color.Infoln("\n- Use dump.Println:")
dump.P(
s1,
s2,
)
}自定义dumper
支持自定义dumper一些选项。如 缩进,色彩主题等
// Options for dump vars
type Options struct {
// Output the output writer
Output io.Writer
// NoType dont show data type TODO
NoType bool
// NoColor don't with color
NoColor bool
// IndentLen width. default is 2
IndentLen int
// IndentChar default is one space
IndentChar byte
// MaxDepth for nested print
MaxDepth int
// ShowFlag for display caller position
ShowFlag int
// MoreLenNL array/slice elements length > MoreLenNL, will wrap new line
// MoreLenNL int
// CallerSkip skip for call runtime.Caller()
CallerSkip int
// ColorTheme for print result.
ColorTheme Theme
}Mac下PHP编译安装Swoole
该文章记录mac下编译安装swoole步骤
老生常谈
第一步下载swoole源码,解压,进入源码目录执行 phpize 。注意多个php版本别搞错了
iuu@iuudeMac-Studio swoole-src-5.1.1 % /opt/homebrew/opt/php@8.2/bin/phpize
Configuring for:
PHP Api Version: 20220829
Zend Module Api No: 20220829
Zend Extension Api No: 420220829
config.m4:359: warning: The macro 'AC_PROG_CC_C99' is obsolete.
config.m4:359: You should run autoupdate.
./lib/autoconf/c.m4:1662: AC_PROG_CC_C99 is expanded from...
config.m4:359: the top level
然后配置编译参数
./configure --with-php-config=/opt/homebrew/opt/php@8.2/bin/php-config --enable-openssl --with-openssl-dir=/opt/homebrew/Cellar/openssl@3/3.2.0_1 --enable-swoole-curl然后配置编译
make && make install M1 下会产生这个错误
/opt/homebrew/Cellar/php@8.2/8.2.15/include/php/ext/pcre/php_pcre.h:23:10: fatal error: 'pcre2.h' file not found
#include "pcre2.h"
^~~~~~~~~
1 error generated.
make: *** [ext-src/php_swoole.lo] Error 1解决方式 (注意版本路径) 两个文件任选其一
ln -s /opt/homebrew/Cellar/pcre2/10.36/include/pcre2.h /opt/homebrew/Cellar/php@7.4/7.4.16/include/php/ext/pcre/pcre2.h
ln -s /opt/homebrew/include/pcre2.h /opt/homebrew/Cellar/php@7.4/7.4.16/include/php/ext/pcre/pcre2.h清理make 缓存
make clean然后配置编译
make && make install 成功之后,将swoole.so加入到php.ini中
# 找到自己的当前php版本的所在ini
php --ini
# 修改加入
[swoole]
extension = swoole.so
swoole.use_shortname = Off
# 查看是否安装成功
php -m
php --ri swoole苹果Mac下搭建PHP与Nginx的开发环境
记录一下mac搭建php环境的步骤,支持多站点不同PHP版本,终端切换PHP版本
首先介绍一下本文所依赖的目录
站点存放目录
/Users/iuu/Sites/目录结构如下
Sites
├── php74.test.com # php7.4环境网站
│ ├── 404.html
│ ├── 50x.html
│ ├── index.html
│ ├── index.php
│ └── log # 网站日志存放目录
│ ├── access.log
│ └── error.log
└── php82.test.com # php8.2环境网站
├── 404.html
├── 50x.html
├── index.html
├── index.php
└── log # 网站日志存放目录
├── access.log
└── error.logbrew services 常用命令
# 启动
brew services start xx
# 停止
brew services stop xx
# 状态
brew services info xx
# 服务列表
brew services list网站目录配置
在站点目录创建站点文件夹
/Users/iuu/Sites/php70.test.com在站点目录创建站点日志文件夹
/Users/iuu/Sites/php70.test.com/log/php安装与配置
添加 shivammathur/php 仓库源
github https://github.com/shivammathur/homebrew-php
brew tap shivammathur/php搜索可安装的 PHP 版本
brew search shivammathur/php比如你要这些 PHP 版本就这样操作:
brew install shivammathur/php/php@8.1
brew install shivammathur/php/php@8.2
brew install shivammathur/php/php@8.3查看php安装信息:
brew info php@7.4php安装目录为:
/opt/homebrew/opt/php@你的版本/php-fpm 配置文件为:
/opt/homebrew/etc/php/你的版本/配置php-fpm:
# 修改/opt/homebrew/etc/php/你的版本/php-fpm.conf 中 error_log 配置:
error_log = log/php-fpm-82.log
# 修改/opt/homebrew/etc/php/你的版本/php-fpm.d/www.conf 中 user 配置:
user = _www
group = _www
# 改为:
; eg ; user = _www
; eg ; group = _www
# 修改同文件中的 listen 这里端口我为了统一PHP版本我改的是 90[PHP版本]
listen = 127.0.0.1:9082php-fpm的启动与停止
# 启动
brew services start shivammathur/php/php@8.2
# 停止
brew services stop shivammathur/php/php@8.2
# 状态
brew services info shivammathur/php/php@8.2 终端切换php版本
# 8.2 切 8.3
brew unlink php
brew link --overwrite --force shivammathur/php/php@8.3
# 8.3 切 8.2
brew unlink php
brew link --overwrite --force shivammathur/php/php@8.2
brew unlink php@8.2 && brew link --force php@8.2
# 8.2切 7.4
brew unlink php@8.2
brew link --overwrite --force shivammathur/php/php@7.4
# 7.4 切 8.3
brew unlink php@7.4
brew link --overwrite --force shivammathur/php/php@8.3nginx安装与配置
安装 nginx :
brew install nginx 安装完nginx后 查看配置文件信息:
brew info nginx默认 nginx 站点目录为 :
/opt/homebrew/var/www默认nginx 端口与配置文件为:
8080
/opt/homebrew/etc/nginx/nginx.conf 默认nginx会加载该目录的所有配置文件:
(注意为了统一网站配置文件以后新建站点,站点的配置文件我都放在这里了)
/opt/homebrew/etc/nginx/servers/贴一下我的nginx 主配置文件
# /opt/homebrew/etc/nginx/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 8080;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.php index.html index.htm;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
try_files $uri =404;
root html;
fastcgi_pass 127.0.0.1:9082;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
access_log /opt/homebrew/var/www/log/access.log;
error_log /opt/homebrew/var/www/log/error.log;
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
include servers/*;
}
接下来创建一个站点:
在 /opt/homebrew/etc/nginx/servers/ 目录下创建一个名称为 php74.test.com.conf 配置文件,内容为:
server {
listen 80; # 端口
server_name php74.test.com; # 站点名称
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /Users/iuu/Sites/php74.test.com;
index index.php index.html index.htm;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
try_files $uri =404;
root /Users/iuu/Sites/php74.test.com;
fastcgi_pass 127.0.0.1:9074;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
access_log /Users/iuu/Sites/php74.test.com/log/access.log;
error_log /Users/iuu/Sites/php74.test.com/log/error.log;
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
不同人配置不同 视情况修改
nginx 校验配置文件是否有效
nginx -tnginx 启动 与停止
# 启动
brew services start nginx
# 停止
brew services stop nginx
# 重启
brew services restart nginx
# 状态
brew services info nginx重新加载配置文件
nginx -s reload修改hosts 文件实现域名访问
# 新增hosts 记录
127.0.0.1 php70.test.com启动nginx 启动对应版本的 php-fpm 即可访问对于网址
# nginx 程序日志位置
/opt/homebrew/var/log/nginx
# php-fpm 日志位置
/opt/homebrew/var/log (为什么指定了php-fpm日志名称还会出现php-fpm.log文件?)
答:因为brew services 启动 php-fpm 的时候带了一个 StandardErrorPath 字段指定了日志
# 当启动php-fpm 或nginx 可以进这个目录看 brew services 的启动文件
~/Library/LaunchAgents