This time in RCTF2019, I asked a question about SourceGuardian decryption. And Hook zend_compile_string
Can be solved php_screw
、 php-beast
Like other extensions, there are still general (or more general) cracking schemes for extensions that do not make major changes to the overall execution process of PHP. Among them, SourceGuardian is an example. This article will talk about this kind of encryption cracking scheme from the perspective of Zend virtual machine.
For the title and Writeup of this question, see:
First, we need to be familiar with the process of PHP code execution -- that is, PHP is like