Opened 3 years ago

Closed 3 years ago

#259 closed defect (fixed)

Bug in the file "Decompiler.class.php" with the class extends

Reported by: maio Owned by: moo
Priority: critical Milestone:
Component: disassembler Version: 1.3.1
Keywords: Cc:
Application: PHP Version: 5.2.17
Other Exts: SAPI: Others
Probability: Always Blocked By:
Blocking:

Description

Hello,
Wanting to debug the result of a PHP file completely OpenSource?, I realized that "XCache 1.3.1" causes an error when it decompiles a class with extends, if I withdraw it works.

php.exe "phpdc.php" "Currency.php" > "out.php"

<?php

class not found: currencycoreD:\PHP5\Currency.php01BB9BC5

Subsequently I have also some bugs with variable binary characters, plus an application error as "Windows".

Thank you!

Attachments (1)

Currency.php (10.1 KB) - added by maio 3 years ago.
Currency.php

Download all attachments as: .zip

Change History (19)

Changed 3 years ago by maio

Currency.php

comment:1 Changed 3 years ago by moo

thanks for your report. but disassembler is an experimental feature and used for me to read opcode. it's not designed for commercial encoder/obfuscation

comment:2 Changed 3 years ago by maio

I understand your answer, I'll fix that when I have free time.

comment:3 Changed 3 years ago by maio

After a lengthy audit, I concluded that this is not a bug "XCache", much less PHP.
So I replaced the verification of the class by name in lowercase, instead of using the key system, this has also reduced the "xc_dasm" by the fact that this is no longer necessary :

	int bufsize = 2;
	char *buf;
	int keysize;

I also encountered another problem to retrieve an array in the "default_properties" I send you my patch!

!!! Look In The File "Release/ext/xcache/processor_real.c" !!!
 	  	 	void 	xc_dasm_zval(
	{
			do {
		zval_dtor(dst);
		*dst = *src;
		zval_copy_ctor(dst);

!!! Add below : !!!
		switch (src->type) {
			case IS_CONSTANT:
				dst->type = UNISW(IS_STRING, UG(unicode) ? IS_UNICODE : IS_STRING);
				break;
			case IS_CONSTANT_ARRAY:
				dst->type = IS_ARRAY;
				break;
		}

I take this message to congratulate you on your wonderful work !

comment:4 Changed 3 years ago by maio

I come to you for notifying us of another problem this time is confirmed.
This problem is still at the "xc_dasm_zval" which once applied my patch works well but can not retrieve array, for example I insert this as PHP source :

<?php

	class Test {
		private static $var_test = array(
			''''vz' => array('''
				'key01' => 'value01',
				'key02' => 'value01',
				'key03' => 'value01'
				),

				''''key04' => array('''
					'key05' => 'value01',
					'key06' => 'value01',
					'key07' => 'value01'
				),

				''''key08' => array('''
					'key09' => 'value01',
					'key10' => 'value01',
					'key11' => 'value01'
				)
			);
	}

?>

Well I released the code like this :

Array
(
    [test] => Array
        (
            [type] => 2
            [name_length] => 4
            [name] => Test
            [parent] => 
            [refcount] => 1
            [constants_updated] => 
            [ce_flags] => 0
            [default_properties] => Array
                (
                )

            [properties_info] => Array
                (
                    [var_test] => Array
                        (
                            [flags] => 1025
                            [name_length] => 14
                            [name] => Testvar_test
                            [h] => 701449581
                            [doc_comment_len] => 0
                            [doc_comment] => 
                            [ce] => Test
                        )

                )

            [default_static_members] => Array
                (
                    [Testvar_test] => Array
                        (
                            '''[vz] => 0'''
                            '''[key04] => 0'''
                            '''[key08] => 0'''
                        )

                )

            [constants_table] => Array
                (
                )

            [] => 
            [num_interfaces] => 0
            [filename] => 
            [line_start] => 3
            [line_end] => 23
            [doc_comment_len] => 0
            [doc_comment] => 
            [function_table] => Array
                (
                )

        )

)
	class Test {
	}

Instead of the extract myself "array", it puts me in place of "0".
I searched several hours how I can extract them, but then I dry.
A solution?

I know you use this to debug your tests, but it would be nice to have a fix in order to disassemble all the properties of "class".

comment:5 Changed 3 years ago by moo

  • Status changed from new to assigned

processor_real.c is a intermediate file which is not a real source file. see processor/processor.m4

and yes, class data is different from when used in runtime which i didn't take care of. class var $a = array(array()) will issue SEGV (or windows application error APPCRASH) when disassemble

builtin function is dump by disassembler, i'll fix it

comment:6 Changed 3 years ago by maio

Super thank you!
For the problem I spoke earlier I came to your method that you regenerate the key for the class it was just that I delete the last character, which gives this in the file "Decompiler.class.php" :

						if (isset( $op1['u.constant'] )) {
							$class = $this->dc['class_table'];

							if (isset( $class[substr( $op1['u.constant'], 0 ,-1 )] )) {
								$this->dclass( $class, $class[substr( $op1['u.constant'], 0 ,-1 )] );
							} else {
								exit( dez_print( 'Class not found: ' . $op1['u.constant'], true, false ) );
							}
						}

comment:7 Changed 3 years ago by moo

it's a bug for mangled (and delayed binding) classes that there're 1 char (or UChar) off for class_table assoc keys. was fixed in [713] and will be back port to branches/1.3 soon. i need to confirm it still works with older version of PHP

comment:8 Changed 3 years ago by maio

Hello and thank you!
I just tested with a completely original version on "PHP 5.2.17" and it does not work with what version of PHP you have managed to extract the array?
I'll try just now with "PHP 5.3.6".

comment:9 Changed 3 years ago by moo

XCache is decompiling member variables in array fine here against 5.2 and 5.3. u might want to svn up and make clean, make all; I'm still checking the Decompiler

comment:10 Changed 3 years ago by maio

I do not think it matters a difference, but I compiled on the VC6?
I except this course with a thorough cleaning of all files, and reconfigure and recompile "trunk-r723" :

<?php

class Test
{}

return 1;

?>

comment:11 Changed 3 years ago by moo

  • Resolution set to fixed
  • Status changed from assigned to closed

It's mostly fine now, however condition branch is still not decompiled as it was

make sure you remove the processor_real.c file as it's intermediate. or you might want to start a fresh checkout

comment:12 Changed 3 years ago by maio

This is what I do every time :

      ["default_static_members"]=>
      array(1) {
        ["('''NULL BYTE''')Test('''NULL BYTE''')var_test('''NULL BYTE''')"]=>
        UNKNOWN:0
      }

The text "NULL BYTE" is the character that I can not paste, so I replaced it with this comment.

I even delete the folder "Release" which contains all the files compile.
I even also a reconfiguration, but to no avail, I just that with a var_dump.
If you confirm that this works, I want to see Linux.

comment:13 Changed 3 years ago by moo

what code do you reproduce this?
\0*\0name\0 is right mangled

comment:14 Changed 3 years ago by moo

btw, are u using phpdc.phpr? try:

php-cli.exe -c php.ini ./phpdc.phpr file.php

comment:15 Changed 3 years ago by maio

Yes well I use this command from the start:

php.exe "phpdop.phpr" "test.php " > "out.php"

Xcache is compiled into PHP, not extended.
I tried your method and it can not read the index, but with a foreach logically it should do, as what passes for the keys of the class ?
If I use print_r me out a system error, the same problem that I solved by adding the zval type, see above ...

comment:16 Changed 3 years ago by moo

the decompiler works fine with Currency.php you uploaded. i need your test.php. do you use IRC (freenode#lighttpd)? or gmail chat or google talk (i just added you)

comment:17 Changed 3 years ago by maio

  • Resolution fixed deleted
  • Status changed from closed to reopened

I have that "MSN", I can send it privately?
Otherwise the test is that it does not work for me :

<?php

	class Test {
		private static $var_test = array(
			'vz' => array(
				'key01' => 'value01',
				'key02' => 'value01',
				'key03' => 'value01'
			),

			'key04' => array(
				'key05' => 'value01',
				'key06' => 'value01',
				'key07' => 'value01'
			),

			'key08' => array(
				'key09' => 'value01',
				'key10' => 'value01',
				'key11' => 'value01'
			)
		);
	}

?>

comment:18 Changed 3 years ago by moo

  • Resolution set to fixed
  • Status changed from reopened to closed

fixed in [727] for trunk, and [728] for branches/1.3

Note: See TracTickets for help on using tickets.