Support stripped ZTS binaries

[sj-i]

_tsrm_ls_cache is not an exported symbol in the interpreter, so we usually cannot resolve it from the stripped PHP binary, and therefore cannot find globals like EG or CG.

But I recently noticed that the PHP binary has only small size of the PT_TLS segment as a whole, like 0x13c bytes.

This means that we can search the offset of the actual _tsrm_ls_cache without resolving the symbol by brute forcing the PT_TLS segment. By examining each candidate of the offset by actually trying to resolve EG and see the value of uninitialized_zval and error_zval, and also trying to resolve a global constant like PHP_VERSION, we can assume the candidate is really the offset of _tsrm_ls_cache.

The offset is fixed on each PHP binary, so once we cache the offset on a file, we don't have to do the process multiple times on the same binary.