diff --git a/dev-php/evalhook/Manifest b/dev-php/evalhook/Manifest
new file mode 100644
index 000000000..2dd3374d8
--- /dev/null
+++ b/dev-php/evalhook/Manifest
@@ -0,0 +1 @@
+DIST evalhook-0.1.tar.gz 2133 SHA256 799db3b179558a5eb9239d7f23d15802d575c87713b6cfadb0b80c3f2ecd73ef SHA512 1d982dbe0503f2e0574606a632b4f2b880598667d2854421781fc3d9a7e58be7f187000db6b2405bcf12557badda947314378ddebc89676829904923613990ff WHIRLPOOL 73a653d0c2ccaef88bb8b0abfd60db657667dd6096394c9b77335da394b42b001a7b597c47b885660fa98ef40e4a671807c5817f95c6a790bf2b75dc90c1df6b
diff --git a/dev-php/evalhook/evalhook-0.1.ebuild b/dev-php/evalhook/evalhook-0.1.ebuild
new file mode 100644
index 000000000..b61b42b76
--- /dev/null
+++ b/dev-php/evalhook/evalhook-0.1.ebuild
@@ -0,0 +1,43 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+PHP_EXT_NAME=evalhook
+USE_PHP="php5-6"
+PHP_EXT_S="${PN}"
+inherit php-ext-source-r3
+
+DESCRIPTION="Decode/Deobfuscate PHP Scripts"
+HOMEPAGE="http://php-security.org/2010/05/13/article-decoding-a-user-space-encoded-php-script/"
+SRC_URI="http://php-security.org/downloads/${P}.tar.gz"
+
+LICENSE="Unknown"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE=""
+
+RDEPEND=""
+DEPEND="${RDEPEND}"
+
+S="${WORKDIR}/${PN}"
+
+src_prepare() {
+	local slot orig_s="${PHP_EXT_S}"
+	for slot in $(php_get_slots); do
+		php_init_slot_env ${slot}
+		eapply_user
+		php-ext-source-r3_phpize
+	done
+}
+
+src_configure() {
+	local PHP_EXT_EXTRA_ECONF="--enable-evalhook=yes"
+	php-ext-source-r3_src_configure
+}
+
+pkg_postinst() {
+	ewarn "This extention hooks PHP calls and requires user's interaction"
+	ewarn "Do not use in production env"
+}