Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support stripped ZTS binaries #450

Open
sj-i opened this issue Apr 6, 2024 · 0 comments · May be fixed by #451
Open

Support stripped ZTS binaries #450

sj-i opened this issue Apr 6, 2024 · 0 comments · May be fixed by #451
Labels
enhancement New feature or request
Milestone
0.12.0

Comments

@sj-i
Copy link
Member

sj-i commented Apr 6, 2024
edited
Loading

_tsrm_ls_cache is not an exported symbol in the interpreter, so we usually cannot resolve it from the stripped PHP binary, and therefore cannot find globals like EG or CG.

But I recently noticed that the PHP binary has only small size of the PT_TLS segment as a whole, like 0x13c bytes.

This means that we can search the offset of the actual _tsrm_ls_cache without resolving the symbol by brute forcing the PT_TLS segment. By examining each candidate of the offset by actually trying to resolve EG and see the value of uninitialized_zval and error_zval, and also trying to resolve a global constant like PHP_VERSION, we can assume the candidate is really the offset of _tsrm_ls_cache.

The offset is fixed on each PHP binary, so once we cache the offset on a file, we don't have to do the process multiple times on the same binary.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
0.12.0
Development

Successfully merging a pull request may close this issue.

[WIP] Add support for stripped ZTS binaries reliforp/reli-prof
1 participant
@sj-i