Zend®Guard enables you to encode and obfuscate your code to help protect against reverse engineering. It’s understandable that someone would want to help protect their hard work by encoding it, but in order to execute this encoded source on a server it is necessary to enable an extension to decode the source prior to execution.
Getting Started with ZendGuard
Using ZendGuard is out of the scope of this article, as there is plenty of documentation around the process on the Zend Guard User Guide. If you’d like to get the quick overview, watch this video below:
ZendGuard Setup in Web Sites (default runtime)
In order to enable ZendGuard in Windows Azure Web Sites you will need to acquire
ZendLoader.dll from the ZendGuard Download page. The remaining steps we will configure php which is built into the Windows Azure Web Sites environment.
Installing a Zend Extension in Windows Azure Web Sites
Now that we have the ZendLoader assembly let’s make sure that it’s loaded into the extensions list in the default php.ini file. We can do this by selecting the configure tab in your Web Site and adding an App Setting.
There are a number of reserved App Settings in Windows Azure Web Sites to configure a number of different parts of the default runtime experience, in this particular case we’re going to use
PHP_ZendExtensions to load
ZendLoader.dll into the default PHP Runtime Zend Extension list.
Ensure you download the proper ZendLoader.dll for your PHP Version.
As you can see in the image below, the an app setting is created with the key
PHP_ZendExtensions and the value
bin\ZendLoader.dll, which is a semi-colon delimited list of relative paths in this case the
ZendLoader.dll will need to be placed in a
bin directory off the root of the Web Site.
You can upload the DLL file via FTP, or download it directly to the bin directory in your Windows Azure Web Site by using KuduExec, which I’ll use to download the
.user.ini file later in this article.
With the assembly in the PHP pipeline, we still need to do some custom configuration to the
php.ini via the
.user.ini file. I have created a
.user.ini which captures all of the configuration settings available to ZendGuard as well as a command to turn off WinCache file caching which is required in order for ZendGuard to operate.
To demonstrate another feature of Windows Azure Web Sites, let’s use KuduExec to download the
.user.ini file into our Windows Azure Web Site using
KuduExec – The Windows Azure Web Sites Command Line
First things first, in order to use KuduExec you need to have it available on your local machine. KuduExec is written in Node.js which you will need installed and configured on your machine. To download KuduExec, use the following command to install it globally on your system.
npm install kuduexec -g
Now let’s look at how to connect to our command line in Windows Azure Web Sites:
Enter your Deployment Password to login to the Windows Azure Web Sites command line. You can download the
.user.ini file from a Gist the following
curl -O https://gist.github.com/SyntaxC4/6084034/raw/cd8e1e27cbaa45db25f94be51968960bf71276bf/.user.ini
Depending on your ZendGuard configuration, you may need to change some of the
Exit KuduExec by typing
Refresh the PHP Configuration
By default, PHP is configured to refresh it’s settings from the
php.inifile every 300 seconds (5 minutes), you can force this to refresh immediately by doing a Web Site reset.
You can confirm ZendGuard is configured by looking at the following sections of the phpinfo output:
Deploying your ZendGuard Encoded Application
There are many ways to upload content in Windows Azure Web Sites as described in this list of PHP Tutorials. After ZendGuard encodes the application code, the index.php file in my example looks like this:
The actual file is a simple echo of
In this example, I demonstrated how to configure ZendGuard with the built in PHP runtime in Windows Azure Web Sites. This will allow you to run your ZendGuard Encoded and Obfuscated code in a highly scalable hosting environment. It is also possible to set up ZendGuard using the Bring Your Own Runtime functionality, which I will explain in a future blog post upon request in the comments below.