命令执行底层原理探究-PHP(一)
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/62c8c4f7ffa944d2ad5a505b238289ba~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1729839789&x-signature=%2BV%2F9%2BJUyakJfNVuiGtteRAiH9Ys%3D" style="width: 50%; margin-bottom: 20px;"></div>
<h1 style="color: black; text-align: left; margin-bottom: 10px;">前言</h1>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">针对<span style="color: black;">区别</span>平台/语言下的命令执行是不相同的,存在很大的差异性。<span style="color: black;">因此呢</span>,<span style="color: black;">这儿</span>对<span style="color: black;">区别</span>平台/语言下的命令执行函数进行深入的探究分析。</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">文案</span>开头会对<span style="color: black;">区别</span>平台(Linux、Windows)下:终端的指令执行、语言(PHP、Java、Python)的命令执行进行介绍分析。后面,<span style="color: black;">重点</span>以PHP语言为对象,针对<span style="color: black;">区别</span>平台,对命令执行函数进行底层深入分析,这个过程<span style="color: black;">包含</span>:PHP内核源码的编译、运行、调试、审计等,其它语言分析原理思路类似。19</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">该系列分析<span style="color: black;">文案</span><span style="color: black;">重点</span>分为四部分,如下:</span></p><span style="color: black;"><span style="color: black;">第1</span>部分:命令执行底层原理探究-PHP (一)</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">针对<span style="color: black;">区别</span>平台(Linux、Windows)下:终端的指令执行、语言(PHP、Java、Python)的命令执行进行介绍分析。</span></p><span style="color: black;">第二部分:命令执行底层原理探究-PHP (二)</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">重点</span>以PHP语言为对象,针对<span style="color: black;">区别</span>平台,进行环境准备、PHP内核源码的编译、运行、调试等。</span></p><span style="color: black;">第三部分:命令执行底层原理探究-PHP (三)</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">针对Windows平台下,PHP命令执行函数的底层原理分析。</span></p><span style="color: black;">第四部分:命令执行底层原理探究-PHP (四)</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">针对Linux平台下,PHP命令执行函数的底层原理分析。</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">本文</span><strong style="color: blue;"><span style="color: black;">《 命令执行底层原理探究-PHP (一) 》</span></strong><span style="color: black;"><span style="color: black;">重点</span>讲述的是<span style="color: black;">第1</span>部分:针对<span style="color: black;">区别</span>平台(Linux、Windows)下:终端的指令执行、语言(PHP、Java、Python)的命令执行进行介绍分析。</span></p>
<h1 style="color: black; text-align: left; margin-bottom: 10px;">平台语言</h1>
<h1 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;">区别</span>平台终端指令执行</h1>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">区别</span>平台终端中执行的命令方式<span style="color: black;">通常</span>有两种:<span style="color: black;">自己</span>终端封装的指令(内置)、终端下调用其它目录下的可执行程序(<span style="color: black;">外边</span>)。</span></p>
<h1 style="color: black; text-align: left; margin-bottom: 10px;">Linux</h1>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">Linux下终端<span style="color: black;">通常</span>为</span><span style="color: black;">/bin/bash</span><span style="color: black;">、</span><span style="color: black;">/bin/sh</span><span style="color: black;">、</span><span style="color: black;">/bin/zsh</span><span style="color: black;">等,<span style="color: black;">这儿</span>以</span><span style="color: black;">bash</span><span style="color: black;">终端为例测试。</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">以Linux为例【Windows等平台原理同Linux类似】,Linux下终端内建(内置)的指令类型为:</span><span style="color: black;">shell built-in command</span><span style="color: black;">。</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">所说</span></span><span style="color: black;">shell built-in command</span><span style="color: black;">,<span style="color: black;">便是</span><span style="color: black;">哪些</span>内建在</span><span style="color: black;">linux shell</span><span style="color: black;">里面的</span><span style="color: black;">command</span><span style="color: black;">指令。</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">一般</span><span style="color: black;">状况</span>下,在</span><span style="color: black;">linux shell</span><span style="color: black;">下面执行一个</span><span style="color: black;">command</span><span style="color: black;">指令,shell会<span style="color: black;">查询</span></span><span style="color: black;">command</span><span style="color: black;"><span style="color: black;">是不是</span>为</span><span style="color: black;">built-in command</span><span style="color: black;">类型,<span style="color: black;">针对</span></span><span style="color: black;">built-in command</span><span style="color: black;">指令类型,shell会自己解释执行,而无需fork一个</span><span style="color: black;">child process</span><span style="color: black;">子进程来执行该</span><span style="color: black;">command</span><span style="color: black;">指令;<span style="color: black;">针对</span>,不是</span><span style="color: black;">built-in command</span><span style="color: black;">指令类型,shell会从环境变量中按<span style="color: black;">次序</span>搜索该</span><span style="color: black;">command</span><span style="color: black;">指令,<span style="color: black;">倘若</span>能查到则会fork一个</span><span style="color: black;">child process</span><span style="color: black;">子进程来执行该</span><span style="color: black;">command</span><span style="color: black;">指令;然而,<span style="color: black;">针对</span>找不到的</span><span style="color: black;">command</span><span style="color: black;">指令,<span style="color: black;">通常</span>为:执行的指令不存在、指令未加入到环境变量中。</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">那样</span><span style="color: black;">怎样</span>进行终端内建指令的判断与查看呢,<span style="color: black;">针对</span>内建指令<span style="color: black;">能够</span><span style="color: black;">运用</span></span><span style="color: black;">type</span><span style="color: black;">指令去判断</span></p>┌──(roottoor)-[~/桌面]
└─<span style="color: black;"># type echo</span>
<span style="color: black;">echo</span> is a shell <span style="color: black;">builtin</span>
┌──(roottoor)-[~/桌面]
└─<span style="color: black;"># type whoami</span>
whoami is /usr/bin/whoami
┌──(roottoor)-[~/桌面]
└─<span style="color: black;">#</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">或着</span><span style="color: black;"><span style="color: black;">亦</span><span style="color: black;">能够</span><span style="color: black;">运用</span>其它指令进行<span style="color: black;">查询</span>判断:</span><span style="color: black;">which、where</span></p>┌──(roottoor)-[~/桌面]
└─<span style="color: black;"># which echo</span>
<span style="color: black;">echo</span>: shell built-in <span style="color: black;">command</span>
┌──(roottoor)-[~/桌面]
└─<span style="color: black;"># which whoami</span>/usr/bin/whoami
┌──(roottoor)-[~/桌面]
└─<span style="color: black;"># </span>
┌──(roottoor)-[~/桌面]
└─<span style="color: black;"># where echo </span>
<span style="color: black;">echo</span>: shell built-in <span style="color: black;">command</span>
<span style="color: black;">echo</span>
/bin/<span style="color: black;">echo</span>
┌──(roottoor)-[~/桌面]
└─<span style="color: black;"># where whoami</span>/usr/bin/whoami
/bin/whoami
┌──(roottoor)-[~/桌面]
└─<span style="color: black;">#</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">重视</span>:在Linux平台,有些命令虽然为内建命令,<span style="color: black;">然则</span>系统关键目录<span style="color: black;">亦</span>存在其可执行文件。</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">这儿</span><span style="color: black;">亦</span><span style="color: black;">能够</span><span style="color: black;">运用</span></span><span style="color: black;">enable</span><span style="color: black;">或</span><span style="color: black;">help</span><span style="color: black;">指令,查看终端内建的所有指令</span></p><span style="color: black;"><span style="color: black;">第1</span>种:</span><span style="color: black;">enable</span><span style="color: black;">指令</span>┌──(roottoor)-[~/桌面]
└─<span style="color: black;"># enable</span>
-
.
:
[
<span style="color: black;">alias</span>
<span style="color: black;">autoload</span>
<span style="color: black;">bg</span>
<span style="color: black;">bindkey</span>
<span style="color: black;">break</span>
<span style="color: black;">builtin</span>
<span style="color: black;">bye</span>
<span style="color: black;">cd</span>
<span style="color: black;">chdir</span>
<span style="color: black;">command</span>
compadd
<span style="color: black;">comparguments</span>
<span style="color: black;">compcall</span>
<span style="color: black;">compctl</span>
<span style="color: black;">compdescribe</span>
<span style="color: black;">compfiles</span>
<span style="color: black;">compgroups</span>
<span style="color: black;">compquote</span>
compset
<span style="color: black;">comptags</span>
<span style="color: black;">comptry</span>
<span style="color: black;">compvalues</span>
<span style="color: black;">continue</span>
<span style="color: black;">declare</span>
<span style="color: black;">dirs</span>
<span style="color: black;">disable</span>
<span style="color: black;">disown</span>
<span style="color: black;">echo</span>
<span style="color: black;">echotc</span>
<span style="color: black;">echoti</span>
<span style="color: black;">emulate</span>
<span style="color: black;">enable</span>
<span style="color: black;">eval</span>
<span style="color: black;">exec</span>
<span style="color: black;">exit</span>
<span style="color: black;">export</span>
<span style="color: black;">false</span>
<span style="color: black;">fc</span>
<span style="color: black;">fg</span>
<span style="color: black;">float</span>
<span style="color: black;">functions</span>
<span style="color: black;">getln</span>
<span style="color: black;">getopts</span>
<span style="color: black;">hash</span>
<span style="color: black;">history</span>
<span style="color: black;">integer</span>
<span style="color: black;">jobs</span>
<span style="color: black;">kill</span>
<span style="color: black;">let</span>
<span style="color: black;">limit</span>
<span style="color: black;">local</span>
<span style="color: black;">log</span>
<span style="color: black;">logout</span>
<span style="color: black;">noglob</span>
<span style="color: black;">popd</span>
<span style="color: black;">print</span>
<span style="color: black;">printf</span>
private
<span style="color: black;">pushd</span>
<span style="color: black;">pushln</span>
<span style="color: black;">pwd</span>
r
<span style="color: black;">read</span>
<span style="color: black;">readonly</span>
<span style="color: black;">rehash</span>
<span style="color: black;">return</span>
<span style="color: black;">sched</span>
<span style="color: black;">set</span>
<span style="color: black;">setopt</span>
<span style="color: black;">shift</span>
<span style="color: black;">source</span>
<span style="color: black;">suspend</span>
<span style="color: black;">test</span>
<span style="color: black;">times</span>
<span style="color: black;">trap</span>
<span style="color: black;">true</span>
<span style="color: black;">ttyctl</span>
<span style="color: black;">type</span>
<span style="color: black;">typeset</span>
<span style="color: black;">ulimit</span>
<span style="color: black;">umask</span>
<span style="color: black;">unalias</span>
<span style="color: black;">unfunction</span>
<span style="color: black;">unhash</span>
<span style="color: black;">unlimit</span>
<span style="color: black;">unset</span>
<span style="color: black;">unsetopt</span>
<span style="color: black;">vared</span>
<span style="color: black;">wait</span>
<span style="color: black;">whence</span>
<span style="color: black;">where</span>
<span style="color: black;">which</span>
<span style="color: black;">zcompile</span>
<span style="color: black;">zformat</span>
<span style="color: black;">zle</span>
<span style="color: black;">zmodload</span>
<span style="color: black;">zparseopts</span>
<span style="color: black;">zregexparse</span>
zstat
<span style="color: black;">zstyle</span>
┌──(roottoor)-[~/桌面]
└─<span style="color: black;">#</span>
<span style="color: black;">第二种:</span><span style="color: black;">help</span><span style="color: black;">指令</span>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/5ef3efa076d84ba0a554b721312d4ad3~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1729839789&x-signature=ltnd0jCAGr5KUo%2Fux4FhLOl%2B6ok%3D" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">接着对终端(内置|外置)命令进行测试,测试终端</span><span style="color: black;">/bin/zsh</span><span style="color: black;">:</span></p><span style="color: black;">测试:</span><span style="color: black;">whoami</span><span style="color: black;">指令</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">先对</span><span style="color: black;">whoami</span><span style="color: black;">指令进行类型探测与指令定位<span style="color: black;">查找</span></span></p># 指令探测:非内置指令
┌──(roottoor)<span style="color: black;">-</span><span style="color: black;">[~/桌面]</span>
└─# <span style="color: black;">type</span> <span style="color: black;">whoami</span>
<span style="color: black;">whoami</span> <span style="color: black;">is</span> /<span style="color: black;">usr</span>/<span style="color: black;">bin</span>/<span style="color: black;">whoami</span>
┌──(roottoor)<span style="color: black;">-</span><span style="color: black;">[~/桌面]</span>
└─#
# 指令定位<span style="color: black;">查找</span>:搜索<span style="color: black;">发掘</span>系统特殊目录存在`<span style="color: black;">whoami</span>`可执行程序
┌──(roottoor)<span style="color: black;">-</span><span style="color: black;">[~/桌面]</span>
└─# <span style="color: black;">where</span> <span style="color: black;">whoami</span>
/<span style="color: black;">usr</span>/<span style="color: black;">bin</span>/<span style="color: black;">whoami</span>
/<span style="color: black;">bin</span>/<span style="color: black;">whoami</span>
┌──(roottoor)<span style="color: black;">-</span><span style="color: black;">[~/桌面]</span>
└─#
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">重视</span>:</span><span style="color: black;">/bin</span><span style="color: black;">目录为</span><span style="color: black;">/usr/bin</span><span style="color: black;">目录的链接</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">而后</span>,在</span><span style="color: black;">zsh</span><span style="color: black;">终端写入</span><span style="color: black;">For循环</span><span style="color: black;">执行</span><span style="color: black;">whoami</span><span style="color: black;">指令查看<span style="color: black;">是不是</span>为内部执行或<span style="color: black;">外边</span>调用</span></p><span style="color: black;">for</span> n <span style="color: black;">in</span> {0..10000000}; <span style="color: black;">do</span> whoami ; <span style="color: black;">done</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">另<span style="color: black;">一边</span>,<span style="color: black;">运用</span></span><span style="color: black;">htop</span><span style="color: black;">动态进程监控程序对该终端进行监控,可<span style="color: black;">发掘</span></span><span style="color: black;">whoami</span><span style="color: black;">指令并非</span><span style="color: black;">zsh</span><span style="color: black;">终端内置封装的指令</span></p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/300025a781b6498581051f012cc9cbe3~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1729839789&x-signature=A0xeyX2FILrmigjqli7ZOei0llI%3D" style="width: 50%; margin-bottom: 20px;"></div><span style="color: black;">测试:</span><span style="color: black;">echo</span><span style="color: black;">指令</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">一样</span>,对</span><span style="color: black;">echo</span><span style="color: black;">指令进行类型探测与指令定位<span style="color: black;">查找</span></span></p><span style="color: black;"># 指令探测:内置指令</span>
┌──(roottoor)-[~/桌面]
└─<span style="color: black;"># type echo </span>
<span style="color: black;">echo</span> is a shell <span style="color: black;">builtin</span>
┌──(roottoor)-[~/桌面]
└─<span style="color: black;">#</span>
<span style="color: black;"># 指令定位<span style="color: black;">查找</span>:搜索<span style="color: black;">发掘</span>系统特殊目录存在`echo`可执行程序,<span style="color: black;">同期</span>还<span style="color: black;">发掘</span>存在`echo: shell built-in command`【终端内置指令】</span>
┌──(roottoor)-[~/桌面]
└─<span style="color: black;"># where echo </span>
<span style="color: black;">echo</span>: shell built-in<span style="color: black;">command</span>
/usr/bin/<span style="color: black;">echo</span>
/bin/<span style="color: black;">echo</span>
┌──(roottoor)-[~/桌面]
└─<span style="color: black;">#</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">而后</span>,在</span><span style="color: black;">zsh</span><span style="color: black;">终端写入</span><span style="color: black;">For循环</span><span style="color: black;">执行</span><span style="color: black;">echo</span><span style="color: black;">指令查看<span style="color: black;">是不是</span>为内部执行或<span style="color: black;">外边</span>调用</span></p><span style="color: black;">for</span> n <span style="color: black;">in</span> {0..10000000}; <span style="color: black;">do</span> <span style="color: black;">echo</span> 1 ; <span style="color: black;">done</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">另<span style="color: black;">一边</span>,<span style="color: black;">运用</span></span><span style="color: black;">htop</span><span style="color: black;">动态进程监控程序对该终端进行监控,<span style="color: black;">能够</span><span style="color: black;">发掘</span></span><span style="color: black;">echo</span><span style="color: black;">指令为</span><span style="color: black;">zsh</span><span style="color: black;">终端内置封装的指令,并未<span style="color: black;">显现</span><span style="color: black;">外边</span>调用</span></p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p26-sign.toutiaoimg.com/pgc-image/a3323729bf204908b8c54bd0e6961cb3~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1729839789&x-signature=9rpOzVb9hnZ4Me66Rf1CRtWLpoQ%3D" style="width: 50%; margin-bottom: 20px;"></div>
<h1 style="color: black; text-align: left; margin-bottom: 10px;">Windows</h1>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">Windows下终端<span style="color: black;">通常</span>为</span><span style="color: black;">cmd.exe</span><span style="color: black;">、</span><span style="color: black;">powershell.exe</span><span style="color: black;">等,<span style="color: black;">这儿</span>以</span><span style="color: black;">cmd</span><span style="color: black;">来测试。终端指令执行原理同<span style="color: black;">以上</span>Linux讲解原理相同,分为终端内置指令与<span style="color: black;">外边</span>调用指令。</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">那样</span>,针对Windows平台可执行终端,<span style="color: black;">怎样</span>进行终端内建指令的判断与查看呢。可惜Windows平台终端不像Linux终端存在相应的</span><span style="color: black;">type</span><span style="color: black;">指令进行判断与</span><span style="color: black;">enable</span><span style="color: black;">、</span><span style="color: black;">help</span><span style="color: black;">指令查看所有内建指令。<span style="color: black;">不外</span>在Windows终端里<span style="color: black;">能够</span>借助</span><span style="color: black;">where</span><span style="color: black;">或</span><span style="color: black;">set PATH</span><span style="color: black;">指令进行指令判断。</span></p><span style="color: black;"><span style="color: black;">第1</span>种:</span><span style="color: black;">where</span><span style="color: black;">指令【不太友好】</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">从系统环境变量</span><span style="color: black;">PATH</span><span style="color: black;">里面定位<span style="color: black;">查找</span>(<span style="color: black;">重视</span>人为增添的环境变量的影响),<span style="color: black;">倘若</span>能查到<span style="color: black;">通常</span><span style="color: black;">来讲</span><span style="color: black;">能够</span>判定为<span style="color: black;">外边</span>调用指令(排除非系统特殊目录),否则为内部调用指令(排除不存在指令)</span></p><span style="color: black;"># <span style="color: black;">外边</span>调用指令</span>
<span style="color: black;">C:\Users\Qftm>where whoami</span>
<span style="color: black;">C:\Windows\System32\whoami.exe</span>
<span style="color: black;">C:\Users\Qftm></span>
<span style="color: black;"># 内部调用指令</span>
<span style="color: black;">C:\Users\Qftm>where cd</span>
<span style="color: black;">INFO: Could not find files for the given pattern(s).</span>
<span style="color: black;">C:\Users\Qftm></span>
<span style="color: black;"># 不存在指令</span>
<span style="color: black;">C:\Users\Qftm>where qftm</span>
<span style="color: black;">INFO: Could not find files for the given pattern(s).</span>
<span style="color: black;">C:\Users\Qftm></span>
<span style="color: black;"># 内部调用指令(排除人为增添的环境变量的影响)(排除非系统特殊目录)</span>
<span style="color: black;">C:\Users\Qftm>where echo</span>
<span style="color: black;">D:\QSoftware\W3Server\phpstudy2019\Extensions\MySQL5.7.26\bin\echo.exe</span>
<span style="color: black;">C:\Users\Qftm></span>
<span style="color: black;">第二种:</span><span style="color: black;">set path</span><span style="color: black;">指令【友好】</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">将系统环境变量临时设置为</span><span style="color: black;">null</span><span style="color: black;">,<span style="color: black;">而后</span>对指令进行<span style="color: black;">帮忙</span><span style="color: black;">查找</span>,<span style="color: black;">倘若</span>能查到则判定为内置指令,否则为<span style="color: black;">外边</span>调用。</span></p><span style="color: black;"># path置空</span>C:\Users\Qftm>set path=
C:\Users\Qftm>path
PATH=(null)
C:\Users\Qftm><span style="color: black;"># 内部调用指令</span>C:\Users\Qftm>cd /?
Displays the name of or changes the current directory.
CHDIR [<span style="color: black;">/D</span>] [<span style="color: black;">drive:</span>][<span style="color: black;">path</span>]
CHDIR [..]
CD [<span style="color: black;">/D</span>] [<span style="color: black;">drive:</span>][<span style="color: black;">path</span>]
CD [..]
.. Specifies that you want to change to the parent directory.
Type CD drive: to display the current directory in the specified drive.
Type CD without parameters to display the current drive and directory.
Use the /D switch to change current drive in addition to changing current
directory for a drive.
If Command Extensions are enabled CHDIR changes as follows:
The current directory string is converted to use the same case as
the on disk names. So CD C:\TEMP would actually set the current
directory to C:\Temp if that is the case on disk.
CHDIR command does not treat spaces as delimiters, so it is possible to
CD into a subdirectory name that contains a space without surrounding
the name with quotes. For example:<span style="color: black;"> cd \winnt\profiles\username\programs\start menu</span>is the same as:<span style="color: black;"> cd "\winnt\profiles\username\programs\start menu"</span>
which is what you would have to type if extensions were disabled.
C:\Users\Qftm>
<span style="color: black;"># <span style="color: black;">外边</span>调用指令</span>
C:\Users\Qftm>whoami /?
whoami is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Qftm>
<span style="color: black;"># 不存在指令</span>
C:\Users\Qftm>qftm /?
qftm is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Qftm>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">重视</span>:Windows下终端</span><span style="color: black;">help</span><span style="color: black;">指令并<span style="color: black;">不可</span>够<span style="color: black;">查找</span>终端内建指令:<span style="color: black;">首要</span></span><span style="color: black;">help</span><span style="color: black;">指令为<span style="color: black;">外边</span>调用指令,<span style="color: black;">而后</span></span><span style="color: black;">help</span><span style="color: black;">指令<span style="color: black;">查找</span>出的所有指令=(内建指令+<span style="color: black;">外边</span>指令)</span></p><span style="color: black;"># help:属于<span style="color: black;">外边</span>指令</span>
<span style="color: black;">C</span>:<span style="color: black;">\Users\Qftm>where help</span>
<span style="color: black;">C</span>:<span style="color: black;">\Windows\System32\help.exe</span>
<span style="color: black;">C</span>:<span style="color: black;">\Users\Qftm></span>
<span style="color: black;"># help:内建指令+<span style="color: black;">外边</span>指令(<span style="color: black;">区别</span>于Linux下bash等终端)</span>
<span style="color: black;">C</span>:<span style="color: black;">\Users\Qftm>help</span>
<span style="color: black;">For</span> <span style="color: black;">more information on a specific command, type HELP command-name</span>
<span style="color: black;">ASSOC</span> <span style="color: black;">Displays or modifies file extension associations.</span>
<span style="color: black;">ATTRIB</span> <span style="color: black;">Displays or changes file attributes.</span>
<span style="color: black;">BREAK</span> <span style="color: black;">Sets or clears extended CTRL+C checking.</span>
<span style="color: black;">BCDEDIT</span> <span style="color: black;">Sets properties in boot database to control boot loading.</span>
<span style="color: black;">CACLS</span> <span style="color: black;">Displays or modifies access control lists (ACLs) of files.</span>
<span style="color: black;">CALL</span> <span style="color: black;">Calls one batch program from another.</span>
<span style="color: black;">CD</span> <span style="color: black;">Displays the name of or changes the current directory.</span>
<span style="color: black;">CHCP</span> <span style="color: black;">Displays or sets the active code page number.</span>
<span style="color: black;">CHDIR</span> <span style="color: black;">Displays the name of or changes the current directory.</span>
<span style="color: black;">CHKDSK</span> <span style="color: black;">Checks a disk and displays a status report.</span>
<span style="color: black;">CHKNTFS</span> <span style="color: black;">Displays or modifies the checking of disk at boot time.</span>
<span style="color: black;">CLS</span> <span style="color: black;">Clears the screen.</span>
<span style="color: black;">CMD</span> <span style="color: black;">Starts a new instance of the Windows command interpreter.</span>
<span style="color: black;">COLOR</span> <span style="color: black;">Sets the default console foreground and bac<span style="color: black;">公斤</span>round colors.</span>
<span style="color: black;">COMP</span> <span style="color: black;">Compares the contents of two files or sets of files.</span>
<span style="color: black;">COMPACT</span> <span style="color: black;">Displays or alters the compression of files on NTFS partitions.</span>
<span style="color: black;">CONVERT</span> <span style="color: black;">Converts FAT volumes to NTFS. You cannot convert the</span>
<span style="color: black;">current</span> <span style="color: black;">drive.</span>
<span style="color: black;">COPY</span> <span style="color: black;">Copies one or more files to another location.</span>
<span style="color: black;">DATE</span> <span style="color: black;">Displays or sets the date.</span>
<span style="color: black;">DEL</span> <span style="color: black;">Deletes one or more files.</span>
<span style="color: black;">DIR</span> <span style="color: black;">Displays a list of files and subdirectories in a directory.</span>
<span style="color: black;">DISKPART</span> <span style="color: black;">Displays or configures Disk Partition properties.</span>
<span style="color: black;">DOSKEY</span> <span style="color: black;">Edits command lines, recalls Windows commands, and</span>
<span style="color: black;">creates</span> <span style="color: black;">macros.</span>
<span style="color: black;">DRIVERQUERY</span> <span style="color: black;">Displays current device driver status and properties.</span>
<span style="color: black;">ECHO</span> <span style="color: black;">Displays messages, or turns command echoing on or off.</span>
<span style="color: black;">ENDLOCAL</span> <span style="color: black;">Ends localization of environment changes in a batch file.</span>
<span style="color: black;">ERASE</span> <span style="color: black;">Deletes one or more files.</span>
<span style="color: black;">EXIT</span> <span style="color: black;">Quits the CMD.EXE program (command interpreter).</span>
<span style="color: black;">FC</span> <span style="color: black;">Compares two files or sets of files, and displays the</span>
<span style="color: black;">differences</span> <span style="color: black;">between them.</span>
<span style="color: black;">FIND</span> <span style="color: black;">Searches for a text string in a file or files.</span>
<span style="color: black;">FINDSTR</span> <span style="color: black;">Searches for strings in files.</span>
<span style="color: black;">FOR</span> <span style="color: black;">Runs a specified command for each file in a set of files.</span>
<span style="color: black;">FORMAT</span> <span style="color: black;">Formats a disk for use with Windows.</span>
<span style="color: black;">FSUTIL</span> <span style="color: black;">Displays or configures the file system properties.</span>
<span style="color: black;">FTYPE</span> <span style="color: black;">Displays or modifies file types used in file extension</span>
<span style="color: black;">associations.</span>
<span style="color: black;">GOTO</span> <span style="color: black;">Directs the Windows command interpreter to a labeled line in</span>
<span style="color: black;">a</span> <span style="color: black;">batch program.</span>
<span style="color: black;">GPRESULT</span> <span style="color: black;">Displays Group Policy information for machine or user.</span>
<span style="color: black;">GRAFTABL</span> <span style="color: black;">Enables Windows to display an extended character set in</span>
<span style="color: black;">graphics</span> <span style="color: black;">mode.</span>
<span style="color: black;">HELP</span> <span style="color: black;">Provides Help information for Windows commands.</span>
<span style="color: black;">ICACLS</span> <span style="color: black;">Display, modify, backup, or restore ACLs for files and</span>
<span style="color: black;">directories.</span>
<span style="color: black;">IF</span> <span style="color: black;">Performs conditional processing in batch programs.</span>
<span style="color: black;">LABEL</span> <span style="color: black;">Creates, changes, or deletes the volume label of a disk.</span>
<span style="color: black;">MD</span> <span style="color: black;">Creates a directory.</span>
<span style="color: black;">MKDIR</span> <span style="color: black;">Creates a directory.</span>
<span style="color: black;">MKLINK</span> <span style="color: black;">Creates Symbolic Links and Hard Links</span>
<span style="color: black;">MODE</span> <span style="color: black;">Configures a system device.</span>
<span style="color: black;">MORE</span> <span style="color: black;">Displays output one screen at a time.</span>
<span style="color: black;">MOVE</span> <span style="color: black;">Moves one or more files from one directory to another</span>
<span style="color: black;">directory.</span>
<span style="color: black;">OPENFILES</span> <span style="color: black;">Displays files opened by remote users for a file share.</span>
<span style="color: black;">PATH</span> <span style="color: black;">Displays or sets a search path for executable files.</span>
<span style="color: black;">PAUSE</span> <span style="color: black;">Suspends processing of a batch file and displays a message.</span>
<span style="color: black;">POPD</span> <span style="color: black;">Restores the previous value of the current directory saved by</span>
<span style="color: black;">PUSHD.</span>
<span style="color: black;">PRINT</span> <span style="color: black;">Prints a text file.</span>
<span style="color: black;">PROMPT</span> <span style="color: black;">Changes the Windows command prompt.</span>
<span style="color: black;">PUSHD</span> <span style="color: black;">Saves the current directory then changes it.</span>
<span style="color: black;">RD</span> <span style="color: black;">Removes a directory.</span>
<span style="color: black;">RECOVER</span> <span style="color: black;">Recovers readable information from a bad or defective disk.</span>
<span style="color: black;">REM</span> <span style="color: black;">Records comments (remarks) in batch files or CONFIG.SYS.</span>
<span style="color: black;">REN</span> <span style="color: black;">Renames a file or files.</span>
<span style="color: black;">RENAME</span> <span style="color: black;">Renames a file or files.</span>
<span style="color: black;">REPLACE</span> <span style="color: black;">Replaces files.</span>
<span style="color: black;">RMDIR</span> <span style="color: black;">Removes a directory.</span>
<span style="color: black;">ROBOCOPY</span> <span style="color: black;">Advanced utility to copy files and directory trees</span>
<span style="color: black;">SET</span> <span style="color: black;">Displays, sets, or removes Windows environment variables.</span>
<span style="color: black;">SETLOCAL</span> <span style="color: black;">Begins localization of environment changes in a batch file.</span>
<span style="color: black;">SC</span> <span style="color: black;">Displays or configures services (bac<span style="color: black;">公斤</span>round processes).</span>
<span style="color: black;">SCHTASKS</span> <span style="color: black;">Schedules commands and programs to run on a computer.</span>
<span style="color: black;">SHIFT</span> <span style="color: black;">Shifts the position of replaceable parameters in batch files.</span>
<span style="color: black;">SHUTDOWN</span> <span style="color: black;">Allows proper local or remote shutdown of machine.</span>
<span style="color: black;">SORT</span> <span style="color: black;">Sorts input.</span>
<span style="color: black;">START</span> <span style="color: black;">Starts a separate window to run a specified program or command.</span>
<span style="color: black;">SUBST</span> <span style="color: black;">Associates a path with a drive letter.</span>
<span style="color: black;">SYSTEMINFO</span> <span style="color: black;">Displays machine specific properties and configuration.</span>
<span style="color: black;">TASKLIST</span> <span style="color: black;">Displays all currently running tasks including services.</span>
<span style="color: black;">TASKKILL</span> <span style="color: black;">Kill or stop a running process or application.</span>
<span style="color: black;">TIME</span> <span style="color: black;">Displays or sets the system time.</span>
<span style="color: black;">TITLE</span> <span style="color: black;">Sets the window title for a CMD.EXE session.</span>
<span style="color: black;">TREE</span> <span style="color: black;">Graphically displays the directory structure of a drive or</span>
<span style="color: black;">path.</span>
<span style="color: black;">TYPE</span> <span style="color: black;">Displays the contents of a text file.</span>
<span style="color: black;">VER</span> <span style="color: black;">Displays the Windows version.</span>
<span style="color: black;">VERIFY</span> <span style="color: black;">Tells Windows whether to verify that your files are written</span>
<span style="color: black;">correctly</span> <span style="color: black;">to a disk.</span>
<span style="color: black;">VOL</span> <span style="color: black;">Displays a disk volume label and serial number.</span>
<span style="color: black;">XCOPY</span> <span style="color: black;">Copies files and directory trees.</span>
<span style="color: black;">WMIC</span> <span style="color: black;">Displays WMI information inside interactive command shell.</span>
<span style="color: black;">For</span> <span style="color: black;">more information on tools see the command-line reference in the online help.</span>
<span style="color: black;">C</span>:<span style="color: black;">\Users\Qftm></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">接着对终端(内置|外置)命令进行测试,测试终端</span><span style="color: black;">cmd.exe</span><span style="color: black;">:</span></p><span style="color: black;">测试:</span><span style="color: black;">whoami</span><span style="color: black;">指令</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">先对</span><span style="color: black;">whoami</span><span style="color: black;">指令进行类型探测与指令定位<span style="color: black;">查找</span></span></p><span style="color: black;"># 类型探测:<span style="color: black;">外边</span>调用指令</span>
<span style="color: black;"># 定位<span style="color: black;">查找</span>:系统可执行程序</span>
<span style="color: black;">C:\Users\Qftm>where whoami</span>
<span style="color: black;">C:\Windows\System32\whoami.exe</span>
<span style="color: black;">C:\Users\Qftm></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">而后</span>,在</span><span style="color: black;">cmd</span><span style="color: black;">终端写入</span><span style="color: black;">For</span><span style="color: black;">循环执行</span><span style="color: black;">whoami</span><span style="color: black;">指令查看<span style="color: black;">是不是</span>为内部执行或<span style="color: black;">外边</span>调用</span></p>C:\Users\Qftm><span style="color: black;">for</span> /l %i in (<span style="color: black;">1</span>,<span style="color: black;">1</span>,<span style="color: black;">1000000</span>) <span style="color: black;">do</span> whoami
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">另<span style="color: black;">一边</span>,打开任务管理进行</span><span style="color: black;">cmd</span><span style="color: black;">终端的监控,可<span style="color: black;">发掘</span></span><span style="color: black;">whoami</span><span style="color: black;">指令并非</span><span style="color: black;">cmd.exe</span><span style="color: black;">终端内置封装的指令</span></p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/0e491eedf3a547a09d3f52e9ea072adf~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1729839789&x-signature=yHsMyhI%2FN87e0HGFLzHFY3Uap%2F4%3D" style="width: 50%; margin-bottom: 20px;"></div><span style="color: black;">测试:</span><span style="color: black;">echo</span><span style="color: black;">指令</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">一样</span>,对</span><span style="color: black;">echo</span><span style="color: black;">指令进行类型探测与指令定位<span style="color: black;">查找</span></span></p><span style="color: black;"># 类型探测:内部调用指令</span>
<span style="color: black;"># 定位<span style="color: black;">查找</span>:非系统可执行程序</span>
<span style="color: black;">C:\Users\Qftm>where echo</span>
<span style="color: black;">D:\QSoftware\W3Server\phpstudy2019\Extensions\MySQL5.7.26\bin\echo.exe</span>
<span style="color: black;">C:\Users\Qftm></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">而后</span>,在</span><span style="color: black;">cmd</span><span style="color: black;">终端写入</span><span style="color: black;">For</span><span style="color: black;">循环执行</span><span style="color: black;">echo</span><span style="color: black;">指令查看<span style="color: black;">是不是</span>为内部执行或<span style="color: black;">外边</span>调用</span></p><span style="color: black;">for</span> /l %i <span style="color: black;">in</span> (1,1,1000000) <span style="color: black;">do</span> <span style="color: black;">echo</span> 1
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">另<span style="color: black;">一边</span>,打开任务管理进行</span><span style="color: black;">cmd</span><span style="color: black;">终端的监控,<span style="color: black;">能够</span><span style="color: black;">发掘</span></span><span style="color: black;">echo</span><span style="color: black;">指令为终端内置封装的指令,并未<span style="color: black;">显现</span><span style="color: black;">外边</span>调用</span></p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/aa0da3d67863446c8f4c15c26b17fc96~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1729839789&x-signature=JAPiAfInu8FNxcF6yEp2w64uJjE%3D" style="width: 50%; margin-bottom: 20px;"></div>
<h1 style="color: black; text-align: left; margin-bottom: 10px;">语言差异</h1>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">针对命令执行函数,底层实现上<span style="color: black;">是不是</span>存在命令执行程序 </span><span style="color: black;">cmd.exe</span><span style="color: black;">、</span><span style="color: black;">/bin/sh</span><span style="color: black;">、</span><span style="color: black;">/bin/bash</span><span style="color: black;">等,去执行命令执行函数传入的参数【系统命令】。这个过程相当于底层<span style="color: black;">是不是</span>引入第三方可执行终端去执行相应命令。</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">例如</span>:</span><span style="color: black;">可执行函数(系统命令)</span></p>CommandExecFunc(<span style="color: black;">echo</span> 111 > shell.txt); //<span style="color: black;">echo</span>是一个可执行程序
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">以上</span>命令执行函数模型在【Linux平台/windows平台】<span style="color: black;">区别</span>语言下面执行效果<span style="color: black;">区别</span>。</span></p>
<h1 style="color: black; text-align: left; margin-bottom: 10px;">PHP</h1><span style="color: black;">PHP</span> - 底层调用系统终端,执行命令 <span style="color: black;">Mode</span> => <span style="color: black;">Window</span>:cmd.exe /<span style="color: black;">c</span> <span style="color: black;">Command</span> || <span style="color: black;">Linux</span>:sh -<span style="color: black;">c</span> <span style="color: black;">Command</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">在</span><span style="color: black;">PHP</span><span style="color: black;">语言里面,针对Linux平台,系统命令</span><span style="color: black;">echo 111 > shell.txt</span><span style="color: black;">传入</span><span style="color: black;">CommandExecFunc</span><span style="color: black;">函数,<span style="color: black;">最后</span>在底层相当于执行</span><span style="color: black;">/bin/sh -c echo 111 > shell.txt</span><span style="color: black;">。成功创建文件</span><span style="color: black;">shell.txt</span><span style="color: black;">【执行过程相当于:在</span><span style="color: black;">/bin/sh</span><span style="color: black;">终端下执行命令</span><span style="color: black;">echo 111</span><span style="color: black;">,并将echo结果<span style="color: black;">经过</span>重定向符写入文件</span><span style="color: black;">shell.txt</span><span style="color: black;">中。<span style="color: black;">这儿</span>的重定向符不是echo中的参数或字符串,而是在</span><span style="color: black;">/bin/sh</span><span style="color: black;">下面起特殊<span style="color: black;">功效</span>。<span style="color: black;">这儿</span>的echo并不是可执行程序</span><span style="color: black;">/bin/echo</span><span style="color: black;">,而是</span><span style="color: black;">/bin/sh</span><span style="color: black;">执行终端中的内建命令】【进程<span style="color: black;">关联</span>:一个进程</span><span style="color: black;">/bin/sh</span><span style="color: black;">,在</span><span style="color: black;">/bin/sh</span><span style="color: black;">进程中执行系统命令,而不是执行系统程序】</span></p><span style="color: black;">跟踪一下程序执行流程:</span><span style="color: black;">For Linux</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">利用</span><span style="color: black;">strace</span><span style="color: black;">程序执行<span style="color: black;">监测</span>可知,底层<span style="color: black;">经过</span></span><span style="color: black;">execve</span><span style="color: black;">系统调用来<span style="color: black;">起步</span><span style="color: black;">关联</span>进程、<span style="color: black;">而后</span><span style="color: black;">经过</span></span><span style="color: black;">/bin/sh</span><span style="color: black;">进程来执行<span style="color: black;">关联</span>指令(此处</span><span style="color: black;">echo</span><span style="color: black;">为</span><span style="color: black;">sh</span><span style="color: black;">内置指令)。</span></p>┌──(roottoor)-[~<span style="color: black;">/桌面/</span>CodeDebug/php]
└─# strace -f -e execve php -r <span style="color: black;">"system(echo 111 > shell.txt);"</span>
execve(<span style="color: black;">"/usr/bin/php"</span>, [<span style="color: black;">"php"</span>, <span style="color: black;">"-r"</span>, <span style="color: black;">"system(echo 111 > shell.txt);"</span>], <span style="color: black;">0x7ffd51277198</span> <span style="color: black;">/* 53 vars */</span>) = <span style="color: black;">0</span>
strace: Process <span style="color: black;">3436</span> attached
execve(<span style="color: black;">"/bin/sh"</span>, [<span style="color: black;">"sh"</span>, <span style="color: black;">"-c"</span>, <span style="color: black;">"echo 111 > shell.txt"</span>], <span style="color: black;">0x562c96ef1eb0</span> <span style="color: black;">/* 53 vars */</span>) = <span style="color: black;">0</span>
+++ exited <span style="color: black;">with</span> <span style="color: black;">0</span> +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=<span style="color: black;">3436</span>, si_uid=<span style="color: black;">0</span>, si_status=<span style="color: black;">0</span>, si_utime=<span style="color: black;">0</span>, si_stime=<span style="color: black;">0</span>} ---
+++ exited <span style="color: black;">with</span> <span style="color: black;">0</span> +++
┌──(roottoor)-[~<span style="color: black;">/桌面/</span>CodeDebug/php]
└─# ls
shell.txt
┌──(roottoor)-[~<span style="color: black;">/桌面/</span>CodeDebug/php]
└─#
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">同理,针对Windows平台:系统命令</span><span style="color: black;">echo 111 > shell.txt</span><span style="color: black;">传入</span><span style="color: black;">CommandExecFunc</span><span style="color: black;">函数,<span style="color: black;">最后</span>在底层相当于执行</span><span style="color: black;">cmd.exe /c echo 111 > shell.txt</span><span style="color: black;">。成功创建文件</span><span style="color: black;">shell.txt</span><span style="color: black;">【执行过程相当于:在</span><span style="color: black;">cmd</span><span style="color: black;">终端下执行命令</span><span style="color: black;">echo 111</span><span style="color: black;">,并将echo结果<span style="color: black;">经过</span>重定向符写入文件</span><span style="color: black;">shell.txt</span><span style="color: black;">中。【进程<span style="color: black;">关联</span>:一个进程</span><span style="color: black;">cmd.exe</span><span style="color: black;">,在</span><span style="color: black;">cmd.exe</span><span style="color: black;">进程中执行系统命令,而不是执行系统程序】</span></p><span style="color: black;">跟踪一下程序执行流程:</span><span style="color: black;">For Windows</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">运用</span>OD动态调试,加载</span><span style="color: black;">php.exe</span><span style="color: black;">程序,对<span style="color: black;">关联</span>创建进程的系统API下断点(<span style="color: black;">倘若</span>不<span style="color: black;">晓得</span>是那个</span><span style="color: black;">CreateProcess API</span><span style="color: black;"><span style="color: black;">能够</span>把<span style="color: black;">查找</span>到的都进行断点<span style="color: black;">就可</span>)</span></p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/28a72c5041164ad1939bafe8976d75a8~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1729839789&x-signature=VUW17Z5GLKcm29x1ojP0zU3pYPo%3D" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">断点之后,F9使程序运行至用户交互处,<span style="color: black;">而后</span>输入PHP执行指令</span><span style="color: black;">system(echo 111 > shell.txt);</span></p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/157c1a9483df497cb097cf0106892e91~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1729839789&x-signature=%2Fo%2F2C%2FblLEPz9lYTzbLGawH64GE%3D" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">运行PHP执行指令后,程序可到断点处,<span style="color: black;">而后</span><span style="color: black;">经过</span>调用栈可知:底层<span style="color: black;">经过</span></span><span style="color: black;">CreateProcessW</span><span style="color: black;">系统API调用来<span style="color: black;">起步</span><span style="color: black;">关联</span>进程、<span style="color: black;">而后</span><span style="color: black;">经过</span></span><span style="color: black;">cmd</span><span style="color: black;">进程来执行<span style="color: black;">关联</span>指令(此处</span><span style="color: black;">echo</span><span style="color: black;">为</span><span style="color: black;">cmd</span><span style="color: black;">内置指令)(<span style="color: black;">重视</span>:<span style="color: black;">这儿</span><span style="color: black;">亦</span>可查看到PHP程序的完整调用链)</span></p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/d2534602ae7f486cbdeeb2bc00d25bac~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1729839789&x-signature=VFLiDEsfyMKjp5tR6oKiPeLNz3U%3D" style="width: 50%; margin-bottom: 20px;"></div>
<h1 style="color: black; text-align: left; margin-bottom: 10px;">Java</h1>Java - 底层不调用系统终端,自己<span style="color: black;">起步</span>传入的可执行程序 Mode => Window:Command || Linux:Command<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">然则</span>在</span><span style="color: black;">Java</span><span style="color: black;">语言里面,针对Linux平台,系统命令</span><span style="color: black;">echo 111 > shell.txt</span><span style="color: black;">传入</span><span style="color: black;">CommandExecFunc</span><span style="color: black;">函数,<span style="color: black;">最后</span>在底层相当于执行</span><span style="color: black;">/bin/echo 111 > shell.txt</span><span style="color: black;">成功打印一个字符串</span><span style="color: black;">"111 > shell.txt"</span><span style="color: black;">并<span style="color: black;">无</span>创建文件</span><span style="color: black;">shell.txt</span><span style="color: black;">。【执行过程相当于:运行可执行程序</span><span style="color: black;">/bin/echo</span><span style="color: black;">并传入参数</span><span style="color: black;">111 > shell.txt</span><span style="color: black;">进行打印输出,<span style="color: black;">这儿</span>的特殊字符</span><span style="color: black;">></span><span style="color: black;">被当作普通字符串被echo程序打印。<span style="color: black;">这儿</span>的</span><span style="color: black;">echo</span><span style="color: black;"><span style="color: black;">做为</span>可执行程序<span style="color: black;">显现</span>,而不是终端中的命令】【进程<span style="color: black;">关联</span>:一个进程</span><span style="color: black;">/bin/echo</span><span style="color: black;">,在</span><span style="color: black;">/bin/echo</span><span style="color: black;">进程中传入字符串参数</span><span style="color: black;">111 > shell.txt</span><span style="color: black;">进行打印输出】【<span style="color: black;">相关</span>可执行程序怎么<span style="color: black;">查找</span>:从环境变量中进行<span style="color: black;">查找</span>】</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">测试代码如下</span></p><span style="color: black;">import</span> org.apache.commons.io.IOUtils;
<span style="color: black;">import</span> java.lang.Runtime;
<span style="color: black;">public</span> <span style="color: black;"><span style="color: black;">class</span> <span style="color: black;">CommandExec1</span> </span>{
<span style="color: black;">public</span> <span style="color: black;">static</span> void main(<span style="color: black;">String</span>[] args) {
<span style="color: black;">try</span>{
<span style="color: black;">String</span> str = <span style="color: black;">IOUtils</span>.<span style="color: black;">toString</span>(<span style="color: black;">Runtime</span>.getRuntime().exec(<span style="color: black;">"whoami"</span>).getInputStream());
<span style="color: black;">System</span>.out.<span style="color: black;">println</span>(str);
}
<span style="color: black;">catch</span>(<span style="color: black;">Exception</span> a){
<span style="color: black;">System</span>.out.<span style="color: black;">println</span>(a);
}
}
}
<span style="color: black;">跟踪一下程序执行流程:</span><span style="color: black;">For Linux</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">程序执行<span style="color: black;">监测</span><span style="color: black;">状况</span>:从系统环境变量中<span style="color: black;">查询</span>输入的指令可执行程序位置,<span style="color: black;">而后</span>由</span><span style="color: black;">execve</span><span style="color: black;">系统调用来<span style="color: black;">起步</span><span style="color: black;">关联</span>程序进程(并未<span style="color: black;">触及</span>系统终端调用)。</span></p><span style="color: black;">┌──(roottoor)-[~/桌面/CodeDebug/java]</span>
<span style="color: black;">└─#</span> <span style="color: black;">strace</span> <span style="color: black;">-f</span> <span style="color: black;">-e</span> <span style="color: black;">execve</span> <span style="color: black;">java</span> <span style="color: black;">CommandExec1</span>
<span style="color: black;">execve("/usr/bin/java",</span> <span style="color: black;">["java",</span> <span style="color: black;">"CommandExec1"</span><span style="color: black;">],</span> <span style="color: black;">0x7ffdb259ee90</span> <span style="color: black;">/*</span> <span style="color: black;">53</span> <span style="color: black;">vars</span> <span style="color: black;">*/)</span> <span style="color: black;">=</span> <span style="color: black;">0</span>
<span style="color: black;">strace:</span> <span style="color: black;">Process</span> <span style="color: black;">3923</span> <span style="color: black;">attached</span>
<span style="color: black;">Picked up _JAVA_OPTIONS:</span> <span style="color: black;">-Dawt.useSystemAAFontSettings=on</span> <span style="color: black;">-Dswing.aatext=true</span>
<span style="color: black;"></span> <span style="color: black;">---</span> <span style="color: black;">SIGSEGV</span> <span style="color: black;">{si_signo=SIGSEGV,</span> <span style="color: black;">si_code=SEGV_MAPERR,</span> <span style="color: black;">si_addr=NULL}</span> <span style="color: black;">---</span>
<span style="color: black;">strace:</span> <span style="color: black;">Process</span> <span style="color: black;">3924</span> <span style="color: black;">attached</span>
<span style="color: black;">strace:</span> <span style="color: black;">Process</span> <span style="color: black;">3925</span> <span style="color: black;">attached</span>
<span style="color: black;">strace:</span> <span style="color: black;">Process</span> <span style="color: black;">3926</span> <span style="color: black;">attached</span>
<span style="color: black;">strace:</span> <span style="color: black;">Process</span> <span style="color: black;">3927</span> <span style="color: black;">attached</span>
<span style="color: black;">strace:</span> <span style="color: black;">Process</span> <span style="color: black;">3928</span> <span style="color: black;">attached</span>
<span style="color: black;">strace:</span> <span style="color: black;">Process</span> <span style="color: black;">3929</span> <span style="color: black;">attached</span>
<span style="color: black;">strace:</span> <span style="color: black;">Process</span> <span style="color: black;">3930</span> <span style="color: black;">attached</span>
<span style="color: black;">strace:</span> <span style="color: black;">Process</span> <span style="color: black;">3931</span> <span style="color: black;">attached</span>
<span style="color: black;">strace:</span> <span style="color: black;">Process</span> <span style="color: black;">3932</span> <span style="color: black;">attached</span>
<span style="color: black;"></span> <span style="color: black;">execve("/mnt/hgfs/QSec/Pentest/Red-Team/\347\245\236\345\205\265\345\210\251\345\231\250/Windows/VSCode/VSCode-linux-x64/whoami",</span> <span style="color: black;">["whoami"],</span> <span style="color: black;">0x7ffd28368b80</span> <span style="color: black;">/*</span> <span style="color: black;">53</span> <span style="color: black;">vars</span> <span style="color: black;">*/)</span> <span style="color: black;">=</span> <span style="color: black;">-1</span> <span style="color: black;">ENOENT</span> <span style="color: black;">(<span style="color: black;">无</span>那个文件或目录)</span>
<span style="color: black;"></span> <span style="color: black;">execve("/usr/local/sbin/whoami",</span> <span style="color: black;">["whoami"],</span> <span style="color: black;">0x7ffd28368b80</span> <span style="color: black;">/*</span> <span style="color: black;">53</span> <span style="color: black;">vars</span> <span style="color: black;">*/)</span> <span style="color: black;">=</span> <span style="color: black;">-1</span> <span style="color: black;">ENOENT</span> <span style="color: black;">(<span style="color: black;">无</span>那个文件或目录)</span>
<span style="color: black;"></span> <span style="color: black;">execve("/usr/local/bin/whoami",</span> <span style="color: black;">["whoami"],</span> <span style="color: black;">0x7ffd28368b80</span> <span style="color: black;">/*</span> <span style="color: black;">53</span> <span style="color: black;">vars</span> <span style="color: black;">*/)</span> <span style="color: black;">=</span> <span style="color: black;">-1</span> <span style="color: black;">ENOENT</span> <span style="color: black;">(<span style="color: black;">无</span>那个文件或目录)</span>
<span style="color: black;"></span> <span style="color: black;">execve("/usr/sbin/whoami",</span> <span style="color: black;">["whoami"],</span> <span style="color: black;">0x7ffd28368b80</span> <span style="color: black;">/*</span> <span style="color: black;">53</span> <span style="color: black;">vars</span> <span style="color: black;">*/)</span> <span style="color: black;">=</span> <span style="color: black;">-1</span> <span style="color: black;">ENOENT</span> <span style="color: black;">(<span style="color: black;">无</span>那个文件或目录)</span>
<span style="color: black;"></span> <span style="color: black;">execve("/usr/bin/whoami",</span> <span style="color: black;">["whoami"],</span> <span style="color: black;">0x7ffd28368b80</span> <span style="color: black;">/*</span> <span style="color: black;">53</span> <span style="color: black;">vars</span> <span style="color: black;">*/)</span> <span style="color: black;">=</span> <span style="color: black;">0</span>
<span style="color: black;"></span> <span style="color: black;">+++</span> <span style="color: black;">exited</span> <span style="color: black;">with</span> <span style="color: black;">0</span> <span style="color: black;">+++</span>
<span style="color: black;"></span> <span style="color: black;">---</span> <span style="color: black;">SIGCHLD</span> <span style="color: black;">{si_signo=SIGCHLD,</span> <span style="color: black;">si_code=CLD_EXITED,</span> <span style="color: black;">si_pid=3932,</span> <span style="color: black;">si_uid=0,</span> <span style="color: black;">si_status=0,</span> <span style="color: black;">si_utime=0,</span> <span style="color: black;">si_stime=0}</span> <span style="color: black;">---</span>
<span style="color: black;">strace:</span> <span style="color: black;">Process</span> <span style="color: black;">3933</span> <span style="color: black;">attached</span>
<span style="color: black;">root</span>
<span style="color: black;"></span> <span style="color: black;">+++</span> <span style="color: black;">exited</span> <span style="color: black;">with</span> <span style="color: black;">0</span> <span style="color: black;">+++</span>
<span style="color: black;"></span> <span style="color: black;">+++</span> <span style="color: black;">exited</span> <span style="color: black;">with</span> <span style="color: black;">0</span> <span style="color: black;">+++</span>
<span style="color: black;"></span> <span style="color: black;">+++</span> <span style="color: black;">exited</span> <span style="color: black;">with</span> <span style="color: black;">0</span> <span style="color: black;">+++</span>
<span style="color: black;"></span> <span style="color: black;">+++</span> <span style="color: black;">exited</span> <span style="color: black;">with</span> <span style="color: black;">0</span> <span style="color: black;">+++</span>
<span style="color: black;"></span> <span style="color: black;">+++</span> <span style="color: black;">exited</span> <span style="color: black;">with</span> <span style="color: black;">0</span> <span style="color: black;">+++</span>
<span style="color: black;"></span> <span style="color: black;">+++</span> <span style="color: black;">exited</span> <span style="color: black;">with</span> <span style="color: black;">0</span> <span style="color: black;">+++</span>
<span style="color: black;"></span> <span style="color: black;">+++</span> <span style="color: black;">exited</span> <span style="color: black;">with</span> <span style="color: black;">0</span> <span style="color: black;">+++</span>
<span style="color: black;"></span> <span style="color: black;">+++</span> <span style="color: black;">exited</span> <span style="color: black;">with</span> <span style="color: black;">0</span> <span style="color: black;">+++</span>
<span style="color: black;"></span> <span style="color: black;">+++</span> <span style="color: black;">exited</span> <span style="color: black;">with</span> <span style="color: black;">0</span> <span style="color: black;">+++</span>
<span style="color: black;"></span> <span style="color: black;">+++</span> <span style="color: black;">exited</span> <span style="color: black;">with</span> <span style="color: black;">0</span> <span style="color: black;">+++</span>
<span style="color: black;">+++</span> <span style="color: black;">exited</span> <span style="color: black;">with</span> <span style="color: black;">0</span> <span style="color: black;">+++</span>
<span style="color: black;">┌──(roottoor)-[~/桌面/CodeDebug/java]</span>
<span style="color: black;">└─#</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">同理,针对Windows平台,系统命令</span><span style="color: black;">echo 111 > shell.txt</span><span style="color: black;">传入</span><span style="color: black;">CommandExecFunc</span><span style="color: black;">函数,<span style="color: black;">最后</span>在底层相当于执行</span><span style="color: black;">系统环境变量/echo.exe 111 > shell.txt</span><span style="color: black;">成功打印一个字符串</span><span style="color: black;">"111 > shell.txt"</span><span style="color: black;">并<span style="color: black;">无</span>创建文件</span><span style="color: black;">shell.txt</span><span style="color: black;">。</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">然则</span>,正常<span style="color: black;">状况</span>下,<span style="color: black;">这儿</span>执行<span style="color: black;">以上</span>指令会报错,<span style="color: black;">由于</span>Windows平台,默认<span style="color: black;">状况</span>下系统环境变量中不存在</span><span style="color: black;">echo.exe</span><span style="color: black;">可执行程序,<span style="color: black;">引起</span>指令<span style="color: black;">没法</span>正常执行</span></p><span style="color: black;"># <span style="color: black;">没法</span>定位echo可执行程序</span>
<span style="color: black;">D:\QSec\Code-Audit\Tools\Java\Kits\RCE>where echo</span>
<span style="color: black;">INFO: Could not find files for the given pattern(s).</span>
<span style="color: black;">D:\QSec\Code-Audit\Tools\Java\Kits\RCE>where whoami</span>
<span style="color: black;">C:\Windows\System32\whoami.exe</span>
<span style="color: black;">D:\QSec\Code-Audit\Tools\Java\Kits\RCE></span>
<span style="color: black;"># 执行报错</span>
<span style="color: black;">D:\QSec\Code-Audit\Tools\Java\Kits\RCE>javac RuntimeRCE.java</span>
<span style="color: black;">D:\QSec\Code-Audit\Tools\Java\Kits\RCE>java RuntimeRCE</span>
<span style="color: black;">java.io.IOException: Cannot run program "echo": CreateProcess error=2, The system cannot find the file specified</span>
<span style="color: black;">D:\QSec\Code-Audit\Tools\Java\Kits\RCE></span>
<h1 style="color: black; text-align: left; margin-bottom: 10px;">Python</h1><span style="color: black;">Python</span> - 底层调用系统终端,执行命令 <span style="color: black;">Mode</span> => <span style="color: black;">Window</span>:cmd.exe /<span style="color: black;">c</span> <span style="color: black;">Command</span> || <span style="color: black;">Linux</span>:sh -<span style="color: black;">c</span> <span style="color: black;">Command</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">而</span><span style="color: black;">Python</span><span style="color: black;">语言,命令执行函数底层原理实现同</span><span style="color: black;">PHP</span><span style="color: black;">语言。</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">总结起来,<span style="color: black;">亦</span><span style="color: black;">便是</span>,命令执行函数执行分为两类,一类:传入的命令仅仅<span style="color: black;">做为</span>可执行终端中的命令执行;另一类:传入的命令仅仅是运行传入的命令中的可执行程序。对象<span style="color: black;">区别</span>,一类:是底层语言系统终端帮<span style="color: black;">咱们</span>执行传入的命令;另一类:是自己<span style="color: black;">起步</span>传入的可执行程序。</span></p>
<h1 style="color: black; text-align: left; margin-bottom: 10px;">参考链接</h1><span style="color: black;">Build your own PHP on Windows</span><span style="color: black;">Visual Studio docs</span><span style="color: black;">Visual Studio Code docs</span><span style="color: black;">《PHP 7底层设计与源码实现+PHP7内核剖析》</span><span style="color: black;">深入理解 PHP 内核</span><span style="color: black;">WINDOWS下用VSCODE调试PHP7源代码</span><span style="color: black;">调式PHP源码</span><span style="color: black;">用vscode调试php源码</span><span style="color: black;">GDB: The GNU Project Debugger</span><span style="color: black;">CreateProcessW function</span><span style="color: black;">命令注入成因小谈</span><span style="color: black;">浅谈从PHP内核层面防范PHP WebShell</span><span style="color: black;">Program execution Functions</span><span style="color: black;">linux系统调用</span><span style="color: black;">system calls</span>
页:
[1]