This is a modified PHP binary.
For the upstream PHP interpreter, see php/php-src.
This fork adds a source/bytecode inspector that dumps the PHP source — or
decoded opcode listing — of every file the interpreter executes.
Output goes to per-script files in a configurable directory
(inspector.output_dir), making the binary a transparent drop-in, or to
stderr when no directory is set. It is designed for reverse-engineering PHP
applications, particularly those protected by commercial loaders (IonCube,
Zend Guard, SourceGuardian, etc.) or OPcache file-cache-only deployments
where no .php source files are present.
Three hook points together cover every code path:
| Hook | What it catches |
|---|---|
zend_compile_file |
Normal require/include/autoload without OPcache |
zend_accel_load_script (OPcache internals) |
Every OPcache path: SHM cache hits, file-cache hits (file_cache_only=1), newly compiled scripts, preloaded scripts |
zend_compile_string |
eval(), assert(string), runtime-decrypted payloads |
For each compiled unit the inspector decides what to output:
Source file readable on disk?
YES → /* ===[ PHP SOURCE: filename ]=== */
<verbatim source>
/* ===[ END SOURCE: filename ]=== */
NO → /* ===[ BYTECODE: filename ]=== */
<opcode listing>
/* ===[ END BYTECODE: filename ]=== */
/* ===[ DECOMPILED: filename ]=== */
<best-effort PHP reconstruction>
/* ===[ END DECOMPILED: filename ]=== */
eval() always outputs:
/* ===[ EVAL SOURCE: filename(line) : eval()'d code ]=== */
<the string passed to eval — the runtime-decrypted payload>
/* ===[ END EVAL SOURCE: ... ]=== */
+ bytecode and decompiled as above
Each filename is output at most once per process, so cache hits, repeated includes, and the dual-hook OPcache path produce no duplicate output.
Prebuilt binaries for Linux x86_64 and Windows x64 are attached to every release.
| Setting | Default | Description |
|---|---|---|
inspector.output_dir |
(unset) | Directory to write per-script .inspector files. When set, stderr is silent and PHP runs as a transparent drop-in. |
Set via -d flag or php.ini:
; php.ini
inspector.output_dir = /var/log/php-inspector# per-invocation
./php -d inspector.output_dir=/tmp/out script.phpEach intercepted script produces one file named after the sanitised script
path, e.g. /tmp/out/var_www_app_index.php.inspector. The normal PHP stdout
stream is untouched.
mkdir /tmp/inspector_out
./php -d inspector.output_dir=/tmp/inspector_out /path/to/app/entry.php
ls /tmp/inspector_out/ # one .inspector file per loaded script# Source is printed, then the script runs normally
./php /path/to/script.php 2>source.txt# Point OPcache at the .bin cache directory; source files need not exist
PHP_INI_SCAN_DIR= ./php \
-d opcache.enable_cli=1 \
-d opcache.file_cache=/path/to/bin-cache \
-d opcache.file_cache_only=1 \
-d inspector.output_dir=/tmp/decoded \
/path/to/entry.phpThe inspector will dump the decoded op_array for every cached script.
# The loader extension decrypts before returning the op_array;
# our hook sees the plaintext opcodes.
./php \
-d extension=/path/to/ioncube_loader.so \
-d inspector.output_dir=/tmp/decoded \
app.php# Anything eval()'d — including multi-layer nested evals — is captured.
./php -d inspector.output_dir=/tmp/decoded obfuscated.php
grep -rl "EVAL SOURCE" /tmp/decoded/./php app.php 2>inspector.txt 1>app_output.txtsudo apt-get install -y build-essential autoconf bison re2c \
libxml2-dev libsqlite3-dev
./buildconf --force
./configure --disable-all --enable-cli --enable-opcache --with-phar
make -j$(nproc)
# binary is at sapi/cli/phpSee Build your own PHP on Windows.
Use the same configure flags as above with nmake instead of make.
| Scenario | Covered |
|---|---|
Normal .php files |
Yes — source verbatim |
| OPcache shared-memory cache hits | Yes — via zend_accel_load_script patch |
OPcache file cache (file_cache_only=1) |
Yes — via zend_accel_load_script patch |
Preloaded scripts (opcache.preload) |
Yes — patch fires at preload time |
| Commercial loaders (IonCube, Zend Guard, etc.) | Yes — hook sees decrypted op_array |
eval() payloads (all nesting levels) |
Yes — zend_compile_string hook |
| Phar archives | Yes — source not on disk → bytecode dump |
| Native-code-only execution (no Zend VM) | No — no op_array exists |
PHP is a popular general-purpose scripting language that is especially suited to web development. Fast, flexible and pragmatic, PHP powers everything from your blog to the most popular websites in the world.
PHP is distributed under the Modified BSD License
(SPDX-License-Identifier: BSD-3-Clause).
The PHP manual is available at php.net/docs.
Prebuilt packages and binaries can be used to get up and running fast with PHP.
For Windows, the PHP binaries can be obtained from
windows.php.net. After extracting the archive the
*.exe files are ready to use.
For other systems, see the installation chapter.
For Windows, see Build your own PHP on Windows.
For a minimal PHP build from Git, you will need autoconf, bison, and re2c. For a default build, you will additionally need libxml2 and libsqlite3.
On Ubuntu, you can install these using:
sudo apt install -y pkg-config build-essential autoconf bison re2c libxml2-dev libsqlite3-devOn Fedora, you can install these using:
sudo dnf install re2c bison autoconf make ccache libxml2-devel sqlite-develOn MacOS, you can install these using brew:
brew install autoconf bison re2c libiconv libxml2 sqliteor with MacPorts:
sudo port install autoconf bison re2c libiconv libxml2 sqlite3Generate configure:
./buildconfConfigure your build. --enable-debug is recommended for development, see
./configure --help for a full list of options.
# For development
./configure --enable-debug
# For production
./configureBuild PHP. To speed up the build, specify the maximum number of jobs using the
-j argument:
make -j4The number of jobs should usually match the number of available cores, which
can be determined using nproc.
PHP ships with an extensive test suite, the command make test is used after
successful compilation of the sources to run this test suite.
It is possible to run tests using multiple cores by setting -jN in
TEST_PHP_ARGS or TESTS:
make TEST_PHP_ARGS=-j4 testShall run make test with a maximum of 4 concurrent jobs: Generally the maximum
number of jobs should not exceed the number of cores available.
Use the TEST_PHP_ARGS or TESTS variable to test only specific directories:
make TESTS=tests/lang/ testThe qa.php.net site provides more detailed info about testing and quality assurance.
After a successful build (and test), PHP may be installed with:
make installDepending on your permissions and prefix, make install may need superuser
permissions.
Extensions provide additional functionality on top of PHP. PHP consists of many essential bundled extensions. Additional extensions can be found in the PHP Extension Community Library - PECL.
The PHP source code is located in the Git repository at github.com/php/php-src. Contributions are most welcome by forking the repository and sending a pull request.
Discussions are done on GitHub, but depending on the topic can also be relayed to the official PHP developer mailing list internals@lists.php.net.
New features require an RFC and must be accepted by the developers. See Request for comments - RFC and Voting on PHP features for more information on the process.
Bug fixes don't require an RFC. If the bug has a GitHub issue, reference it in
the commit message using GH-NNNNNN. Use #NNNNNN for tickets in the old
bugs.php.net bug tracker.
Fix GH-7815: php_uname doesn't recognise latest Windows versions
Fix #55371: get_magic_quotes_gpc() throws deprecation warning
See Git workflow for details on how pull requests are merged.
See further documents in the repository for more information on how to contribute:
- Contributing to PHP
- PHP coding standards
- Internal documentation
- Mailing list rules
- PHP release process
For the list of people who've put work into PHP, please see the PHP credits page.