How to dump functions, args and return values in PHP?

Question

I am a pentester working on a project and I stumbled on an encrypted PHP file. My idea is trying to modify PHP's source code so it dumps every function called name, arg names, arg types, and values.

I tried modifying the _zend_vm_stack_push_call_frame_ex function in the zend_execute.c according to the picture bellow but dumping the arg names is not working.

Does anyone know how to implement this properly or at least tell me what I am doing wrong on dumping the arg names?

I think the best way to go about this is just to use a debugger — vmt, Jul 21 '20 at 03:17
@vmt I tried using the trace functionality of xdebug but I could not make it work.Any suggestions? — bananabr, Jul 21 '20 at 03:22

score 0 · Answer 1 · answered Jul 21 '20 at 03:36

Found the answer.

So basically there are internal functions and user functions. User functions contains an array of arg_info of type zend_string while internal functions contains an array of internal_arg_info of type const char*.

This is the current code which dumps arg names properly:

How to dump functions, args and return values in PHP?

1 Answers1