key_php tutorial for GDB traversal of an eg (symbol_table) hash table

Source: Internet
Author: User
Sara Golemon wrote an article that said, "Is there a special place where you can find globals arrays?" The answer is "exist", that is, eg (symbol_table)-executor globals structure, she also gives a specific example of the search, as follows

Php_function (confirm_getglobal_compiled) {

Char *varname;

int Varname_len;

Zval **varvalue;

if (Zend_parse_parameters (Zend_num_args () tsrmls_cc, "s", &varname, &varname_len) = = FAILURE) {

Return_null ();

}

if (Zend_hash_find (&eg (symbol_table), varname, Varname_len + 1, (void**) &varvalue) = = FAILURE) {

Php_error_docref (NULL tsrmls_cc, E_notice, "Undefined variable:%s", varname);

Return_null ();

}

*return_value = **varvalue;

Zval_copy_ctor (Return_value);

}

After compiling to so load, write PHP test code

$ABC = ' string ';

$def = ' string2 ';

Var_dump (confirm_getglobal_compiled (' abc '));

Execution results

String (6) "string"

People may feel strange, why write a def variable, this is the following to take a look at the eg this Hashtable

GDB--args bin/php-c php.ini a.php

The debug code is as follows

(GDB) B renzhi.c:301//Add breakpoints to the written extension place

No source file named Renzhi.c.

Make breakpoint pending on the future shared library load? (Y or [n]) y

Breakpoint 1 (renzhi.c:301) pending.

(GDB) R//run to break point

Starting program:/root/php-src-5.3/bin/php-c php.ini ceshi.php

Warning:. Dynamic section for "/lib/libc.so.6" isn't at the expected address

Warning:difference appears to being caused by prelink, adjusting expectations

[Thread debugging using libthread_db enabled]

Breakpoint 1, zif_confirm_getglobal_compiled (Ht=1, return_value=0x837a43c, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)

at/root/php-src-5.3/ext/renzhi/renzhi.c:305

305 if (Zend_parse_parameters (Zend_num_args () tsrmls_cc, "s", &varname, &varname_len) = = FAILURE) {

(GDB) n

309 if (Zend_hash_find (&eg (symbol_table), varname, Varname_len + 1, (void**) &varvalue) = = FAILURE) {

(GDB) Step//Enter Zend_hash_find Hash lookup function

Zend_hash_find (ht=0x82e3250, arkey=0x837a42c "abc", NKEYLENGTH=4, pdata=0xbfffc484) at/root/php-src-5.3/zend/zend_ hash.c:872

Let's see the key.

(GDB) P *HT

$9 = {ntablesize = 0, Ntablemask =, nnumofelements = ten, nnextfreeelement =, Pinternalpointer = 0x83edc98, PListHead = 0x83edc98,

Plisttail = 0x837a3fc, arbuckets = 0x83705a8, pdestructor = 0x81923b0 <_zval_ptr_dtor>, persistent = 0 ' \000 ', nAppl Ycount = 0 ' \000 ',

bapplyprotection = 1 ' \001 '}

(GDB) P *ht.plisthead

$ = {h = 2572561225, Nkeylength = 8, PData = 0x83edca4, pdataptr = 0x83edc7c, Plistnext = 0x8378c4c, Plistlast = 0x0, pNe XT = 0x0, PLast = 0x0,

Arkey = "G"}

(GDB) P *ht.plisthead.plistnext

$ $ = {h = 253399445, Nkeylength = 5, PData = 0x8378c58, pdataptr = 0x8378b60, Plistnext = 0x8378c7c, Plistlast = 0x83edc98 , Pnext = 0x0, PLast = 0x0,

Arkey = "A"}

(GDB) P *ht.plisthead.plistnext.plistnext

$4 = {h = 253398818, Nkeylength = 5, PData = 0x8378c88, pdataptr = 0x8378c30, Plistnext = 0x8378d20, Plistlast = 0x8378c4c , Pnext = 0x0, PLast = 0x0,

Arkey = "A"}

(GDB) P *ht.plisthead.plistnext.plistnext.plistnext

$ $ = {h = 3947724458, nkeylength = 6, PData = 0x8378d2c, pdataptr = 0X8378CAC, Plistnext = 0x8378d54, Plistlast = 0x8378c7 C, Pnext = 0x0, PLast = 0x0,

Arkey = "_"}

(GDB) P *ht.plisthead.plistnext.plistnext.plistnext.plistnext

$6 = {h = 249444164, Nkeylength = 5, PData = 0x8378d60, pdataptr = 0x83edd1c, Plistnext = 0x8378d84, Plistlast = 0X8378D20 , Pnext = 0x0, PLast = 0x0,

Arkey = "_"}

(GDB) P *ht.plisthead.plistnext.plistnext.plistnext.plistnext.plistnext

$7 = {h = 195471710, Nkeylength = 8, PData = 0x8378d90, pdataptr = 0x83edd38, Plistnext = 0x8378e2c, Plistlast = 0x8378d54 , Pnext = 0x0, PLast = 0x0,

Arkey = "_"}

(GDB) P *ht.plisthead.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext

$8 = {h = 1027153623, nkeylength = 7, PData = 0x8378e38, pdataptr = 0x8378db8, Plistnext = 0x8379e8c, Plistlast = 0x8378d8 4, Pnext = 0x0, PLast = 0x0,

Arkey = "_"}

(GDB) P *ht.plisthead.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext

$9 = {h = 3291685243, Nkeylength = 8, PData = 0x8379e98, pdataptr = 0x8378e88, Plistnext = 0x837a3cc, Plistlast = 0x8378e2 C, Pnext = 0x0, PLast = 0x0,

Arkey = "_"}

(GDB) P *ht.plisthead.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext

$ $ = {h = 2090069483, nkeylength = 4, PData = 0x837a3d8, pdataptr = 0x8379ef8, Plistnext = 0x837a3fc, Plistlast = 0x8379e 8c, Pnext = 0x0, PLast = 0x0,

Arkey = "A"}

(GDB) P *ht.plisthead.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext

$11 = {h = 2090180660, nkeylength = 4, PData = 0x837a408, pdataptr = 0x8379edc, Plistnext = 0x0, Plistlast = 0x837a3cc, PN ext = 0x0, PLast = 0x0,

Arkey = "D"}

It's a little messy, and the first one here is reality. Eg this hash table has nnumofelements = 10 elements

Here's

(GDB) P *ht.plisthead.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext

$ $ = {h = 2090069483, nkeylength = 4, PData = 0x837a3d8, pdataptr = 0x8379ef8, Plistnext = 0x837a3fc, Plistlast = 0x8379e 8c, Pnext = 0x0, PLast = 0x0,

Arkey = "A"}

(GDB) P *ht.plisthead.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext

$11 = {h = 2090180660, nkeylength = 4, PData = 0x837a408, pdataptr = 0x8379edc, Plistnext = 0x0, Plistlast = 0x837a3cc, PN ext = 0x0, PLast = 0x0,

Arkey = "D"}

is to test the PHP code.

$ABC = ' string ';

$def = ' string2 ';

These two variables name the concrete hash of the bucket up

(GDB) P *ht.plisthead.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext

$ $ = {h = 2090069483, nkeylength = 4, PData = 0x837a3d8, pdataptr = 0x8379ef8, Plistnext = 0x837a3fc, Plistlast = 0x8379e 8c, Pnext = 0x0, PLast = 0x0,

Arkey = "A"}

The first character Arkey is a, with nkeylength = 44 character length

(GDB) P ht.plisthead.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.arkey[0]

$ = $ ' a '

(GDB) P ht.plisthead.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.arkey[1]

$11 = 98 ' B '

(GDB) P ht.plisthead.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.arkey[2]

$ = "C"

(GDB) P ht.plisthead.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.arkey[3]

$13 = 0 ' \000 '

How to get the pointer in the GDB mode, see the corresponding execution of the content of the Zval?

Already know that the pdata in the bucket structure executes the content.

(GDB) P Ht.pListHead.pListNext.pListNext.pListNext.pListNext.pListNext.pListNext.pListNext.pListNext.pData

$19 = (void *) 0x837a3d8

But the return of this, still do not know how to obtain, please master Help

I got it.

(GDB) P *ht.plisthead.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext.plistnext

$29 = {h = 2090069483, nkeylength = 4, PData = 0x839fe28, pdataptr = 0x839f948, Plistnext = 0x839fe4c, Plistlast = 0x839f8 DC, Pnext = 0x0, PLast = 0x0,

Arkey = "A"}

(GDB) p * (Zval *) $29->pdataptr

$ = {Value = {lval = 138024112, dval = 1.2800167717828578e-313, str = {val = 0x83a14b0 "string", Len = 6}, HT = 0x83a14b 0, obj = {handle = 138024112,

handlers = 0x6}}, refcount__gc = 1, type = 6 ' \006 ', is_ref__gc = 0 ' \000 '}

Haha, you can see the exact value of the hash point.

But a little bit confused, what does pdata and pdataptr have to do with the matter?

(GDB) P &$29->pdataptr

$46 = (void * *) 0x839fe28

(GDB) P $29->pdata

$47 = (void *) 0x839fe28

Which is the address of pdataptr in pdata.

Excerpt from xiaoq3406 's column

http://www.bkjia.com/PHPjc/478497.html www.bkjia.com true http://www.bkjia.com/PHPjc/478497.html techarticle Sara Golemon wrote an article that said, "Is there a special place where you can find globals arrays?" The answer is that there is an eg (symbol_table)-executor globals structure that she also gives ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.