安装vld扩展查看opcode

前言

python 里面有 dis 模块,可以查看 python 源代码编译成的字节码。

而 php 里面要查看 zend 虚拟机中执行的 opcode,则可以使用 vld 扩展。


安装

进入 pecl 上的扩展包界面,找到最新的 0.17.0 版本的扩展包并下载:

1
wget https://pecl.php.net/get/vld-0.17.0.tgz

解压后进入扩展目录进行安装:

1
2
3
../bin/phpize
./configure --with-php-config=/home/aluvion/桌面/php7.4.7/bin/php-config --enable-vld
make && make install

最后修改 php.ini 启用扩展:

1
extension=vld.so

查看 phpinfo:

1
2
3
4
5
6
7
8
9
10
11
12
13
root@Aluvion:/home/aluvion/桌面/php7.4.7/bin# ./php -i | grep vld
vld
vld support => enabled
vld.active => 0 => 0
vld.col_sep => =>
vld.dump_paths => 1 => 1
vld.execute => 1 => 1
vld.format => 0 => 0
vld.save_dir => /tmp => /tmp
vld.save_paths => 0 => 0
vld.skip_append => 0 => 0
vld.skip_prepend => 0 => 0
vld.verbosity => 1 => 1

确认 vld 已经开启。

使用

主要的两个参数,-dvld.active(是否使用扩展)和 -dvld.execute(是否执行脚本),测试脚本:

1
2
3
4
<?php
$y = 3;
$fn1 = fn($x) => $x * $y;
echo $fn1(2);

运行:

1
./php -dvld.active=1 -dvld.execute=0 index.php

结果:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename: /home/aluvion/桌面/php7.4.7/bin/index.php
function name: (null)
number of ops: 9
compiled vars: !0 = $y, !1 = $fn1
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
2 0 E > ASSIGN !0, 3
3 1 DECLARE_LAMBDA_FUNCTION '%00%7Bclosure%7D%2Fhome%2Faluvion%2F%E6%A1%8C%E9%9D%A2%2Fphp7.4.7%2Fbin%2Findex.php%3A3%240'
2 BIND_LEXICAL ~3, !0
3 ASSIGN !1, ~3
4 4 INIT_DYNAMIC_CALL !1
5 SEND_VAL_EX 2
6 DO_FCALL 0 $5
7 ECHO $5
5 8 > RETURN 1

branch: # 0; line: 2- 5; sop: 0; eop: 8; out0: -2
path #1: 0,
Function %00%7Bclosure%7D%2Fhome%2Faluvion%2F%E6%A1%8C%E9%9D%A2%2Fphp7.4.7%2Fbin%2Findex.php%3A3%240:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename: /home/aluvion/桌面/php7.4.7/bin/index.php
function name: {closure}
number of ops: 5
compiled vars: !0 = $x, !1 = $y
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
3 0 E > RECV !0
1 BIND_STATIC !1
2 MUL ~2 !0, !1
3 > RETURN ~2
4* > RETURN null

branch: # 0; line: 3- 3; sop: 0; eop: 4
path #1: 0,
End of function %00%7Bclosure%7D%2Fhome%2Faluvion%2F%E6%A1%8C%E9%9D%A2%2Fphp7.4.7%2Fbin%2Findex.php%3A3%240

上半是主脚本的 opcode,下半是匿名函数的 opcode,还挺好看懂的。


Orz


安装vld扩展查看opcode
http://yoursite.com/2020/06/23/安装vld扩展查看opcode/
作者
Aluvion
发布于
2020年6月23日
许可协议