forked from GoSecure/php7-opcache-override
-
Notifications
You must be signed in to change notification settings - Fork 0
/
OPCACHE_x86_64.bt
331 lines (262 loc) · 6.67 KB
/
OPCACHE_x86_64.bt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
//------------------------------------------------
//--- 010 Editor v7.0 Binary Template
//
// File: OPCACHE_x86_64.bt
// Authors: Ian Bouchard
// License: MIT
// Version: 0.1
// Purpose: Parse cache files generated by OPcache on a x86_64 platform.
// Category: Cache
// File Mask: *.php.bin
// ID Bytes: 4F 50 43 41 43 48 45 // OPCACHE
// History:
//------------------------------------------------
// Structs //
typedef struct {
char magic[8];
char system_id[32];
int64 mem_size;
int64 str_size;
int64 script_offset;
int64 timestamp;
int64 checksum;
} _meta;
typedef struct zend_string {
unsigned int64 gc;
unsigned int64 h;
unsigned int64 len;
char val[len];
} _string <read=_string_read>;
string _string_read(_string &s)
{
if (s.len == 0) return "[EMPTY]";
return s.val;
}
typedef struct zval_struct {
int value;
int value2;
union {
struct {
unsigned char type;
unsigned char type_flags;
unsigned char const_flag;
unsigned char reserved;
} v;
int type_info;
} u1;
unsigned int flags;
if (u1.v.type == 6) {
local int curr_pos = FTell();
FSeek(value + sizeof(_meta));
_string real_value;
FSeek(curr_pos);
}
} _zval;
typedef struct zend_try_catch_element {
unsigned int try_op;
unsigned int catch_op;
unsigned int finally_op;
unsigned int finally_end;
} _try_catch_element;
typedef struct zend_live_range {
unsigned int var;
unsigned int start;
unsigned int end;
} _live_range;
typedef union node_op {
unsigned int constant;
unsigned int var;
unsigned int num;
unsigned int opline_num;
} _node_op<read=show_val_node_op>;
string show_val_node_op(_node_op &n) {
if (n.num >= 0) {
int string_pos = ReadInt(n.num + sizeof(_meta));
string s = ReadString(string_pos + 16 + sizeof(_meta));
if (Strlen(s) == 0)
return "[N/A]";
return s;
}
else return "void";
}
typedef struct zend_arg_info {
// Name pos
int name_pos<hidden=true>;
// Name
if (name_pos != 0) {
local int curr_pos = FTell();
FSeek(name_pos + sizeof(_meta));
_string name;
FSeek(curr_pos);
}
// Class name pos
int class_name_pos<hidden=true>;
// Class name
if (name_pos != 0) {
curr_pos = FTell();
FSeek(class_name_pos + sizeof(_meta));
_string class_name;
FSeek(curr_pos);
}
unsigned char type_hint;
unsigned char pass_by_reference;
unsigned char allow_null;
unsigned char is_variadic;
} _arg_info;
typedef struct zend_op {
unsigned int64 handler;
_node_op op1;
_node_op op2;
_node_op result;
unsigned int extended_value;
unsigned int lineno;
unsigned char opcode;
unsigned char op1_type;
unsigned char op2_type;
unsigned char result_type;
} _op<read=show_pseudo_op>;
string show_pseudo_op(_op &o)
{
string s;
SPrintf(s, "(%d)%s = %d((%d)%s, (%d)%s)", o.result_type, show_val_node_op(o.result),
o.opcode, o.op1_type, show_val_node_op(o.op1), o.op2_type, show_val_node_op(o.op2));
return s;
}
typedef struct zend_op_array {
byte type;
byte arg_flags[3];
int fn_flags;
// Function name pos
int64 function_name_pos;
// Function name
if (function_name_pos != 0) {
local int curr_pos = FTell();
FSeek(function_name_pos + sizeof(_meta));
_string function_name;
FSeek(curr_pos);
}
// Scope pos
int64 scope_pos;
// Prototype pos
int64 prototype_pos;
int num_args;
int required_num_args;
// Args Info pos
int64 arg_info_pos;
curr_pos = FTell();
FSeek(arg_info_pos + sizeof(_meta));
_arg_info arg_infos[num_args];
FSeek(curr_pos);
int64 refcount;
int this_var;
int last;
// Opcodes pos
int64 opcodes_pos;
curr_pos = FTell();
FSeek(opcodes_pos + sizeof(_meta));
_op opcodes[last];
FSeek(curr_pos);
int last_var;
int T;
// Vars
int64 vars_pos;
curr_pos = FTell();
FSeek(vars_pos + sizeof(_meta));
int64 var_pos[last_var];
local int i;
for (i = 0; i < last_var; i++ )
{
FSeek(var_pos[i] + sizeof(_meta));
_string vars;
}
FSeek(curr_pos);
int last_live_range;
int last_try_catch;
// Live range
int64 live_range_pos;
curr_pos = FTell();
FSeek(live_range_pos + sizeof(_meta));
_live_range live_range[last_live_range];
FSeek(curr_pos);
// Try catch array
int64 try_catch_array_pos;
curr_pos = FTell();
FSeek(try_catch_array_pos + sizeof(_meta));
_try_catch_element try_catch_array[last_try_catch];
FSeek(curr_pos);
// Static variables pos
int64 static_variables_pos;
// Filename pos
int64 filename_pos;
// Filename
curr_pos = FTell();
FSeek(filename_pos + sizeof(_meta));
_string filename ;
FSeek(curr_pos);
int line_start;
int line_end;
// Doc comments pos
int64 doc_comments_pos;
// Doc comments
curr_pos = FTell();
FSeek(doc_comments_pos + sizeof(_meta));
_string doc_comments ;
FSeek(curr_pos);
int early_binding;
int last_literals;
// Literals pos
int64 literals_pos;
int64 cache_size;
int64 runtime_cache;
int64 reserved[4];
// Literals
curr_pos = FTell();
FSeek(literals_pos + sizeof(_meta));
for (i = 0; i < last_literals; ++i)
_zval literals;
FSeek(curr_pos);
} _op_array;
typedef struct _Bucket {
_zval val;
unsigned int64 h;
int64 key_pos;
local int curr_pos = FTell();
FSeek(key_pos + sizeof(_meta));
_string key;
FSeek(val.value + sizeof(_meta));
_op_array op_array;
FSeek(curr_pos);
} Bucket;
typedef struct _HashTable {
int64 gc;
int flags;
unsigned int nTableMask;
unsigned int64 bucket_pos;
unsigned int nNumUsed;
unsigned int nNumOfElements;
unsigned int nTableSize;
unsigned int nInternalPointer;
unsigned int64 nNextFreeElement;
unsigned int64 pDestructor;
curr_pos = FTell();
FSeek(bucket_pos + sizeof(_meta));
Bucket buckets[nNumUsed];
FSeek(curr_pos);
} HashTable;
typedef struct script {
local int curr_pos;
// Filename pos
int64 filename_pos<hidden=true>;
// Filename
curr_pos = FTell();
FSeek(filename_pos + sizeof(_meta));
_string filename ;
FSeek(curr_pos);
// Main Op Array
_op_array main_op_array;
// Function table
HashTable function_table;
HashTable class_table;
} _script;
_meta meta;
_script cached_script;