Reversing Java: Part II

2

In the previous post, I’ve described the main structure of Java class file bytes. In this part, I’ll continue decompiling the HelloWorld example.

Again the bytes of compiled class files is inserted:

HelloWorld ByteCode

We have analyzed till constant pool. Each constant pool entry has the following structure:

cp_info {
u1 tag;
u1 info[];
}

The tag indicates what type of constant is the following constant and the info (length of info) depends of the tag type. List of allowed tags are:

 

Constant Type Value
CONSTANT_Class 7
CONSTANT_Fieldref 9
CONSTANT_Methodref 10
CONSTANT_InterfaceMethodref 11
CONSTANT_String 8
CONSTANT_Integer 3
CONSTANT_Float 4
CONSTANT_Long 5
CONSTANT_Double 6
CONSTANT_NameAndType 12
CONSTANT_Utf8 1

 

 

Constant Pool (from [1] to [28]):

Constant Pool = cp

cp[1]: {tag = 0a} =>  CONSTANT_Methodref

The info[] of method ref contains four bytes for the method. Two bytes for class name and two bytes for name and type => class name: 00 06 (cp[6]), name and type: 00 0f (cp[15])

cp[2]: {tag = 09} => CONSTANT_Fieldref

info[] part is just like class ref => class name: 00 10 (cp[16]), name and type: 00 11 (cp[17])

cp[3]: {tag = 08} => CONSTANT_String

info[] part has reference for string itself (two bytes). 00 12 means that the real string is in cp[18].

cp[4]: {tag = 0a} => CONSTANT_Methodref

class name: 00 13 (cp[19]), name and type: 00 14 (cp[20])

cp[5]: {tag = 07} => CONSTANT_Class

info[] part has two bytes indicating the class. 00 15 (cp[21])

cp[6]: {tag = 07} => CONSTANT_Class

00 16 (cp[22])

cp[7]: {tag = 01} => CONSTANT_Utf8

info[] part has two bytes indicating string length and the remaining length bytes is string itself encoded in UTF8. 00 06 => String has 6 bytes.

(next 6 bytes): 3c 69 6e 69 74 3e  => <init>

cp[8]: {tag = 01} => CONSTANT_Utf8

length: 00 03 (3)

String: 28 29 56 => ()V

cp[9]: {tag = 01} => CONSTANT_Utf8

length: 00 04 (4)

String: 43 6f 64 65 => Code

cp[10]: {tag = 01} => CONSTANT_Utf8

length: 00 0f (15)

String: 4c 69 6e 65 4e 75 6d 62 65 72 54 61 62 6c 65  => LineNumberTable

cp[11]: {tag = 01} => CONSTANT_Utf8

length: 00 04 (4)

String: 6d 61 69 6e => main

cp[12]: {tag = 01} => CONSTANT_Utf8

length: 00 16 (22)

String: 28 5b 4c 6a 61 76 61 2f 6c 61 6e 67 2f 53 74 72 69 6e 67 3b 29 56  => ([Ljava/lang/String;)V

cp[13]: {tag = 01} => CONSTANT_Utf8

length: 00 0a (10)

String: 53 6f 75 72 63 65 46 69 6c 65  => SourceFile

cp[14]: {tag = 01} => CONSTANT_Utf8

length: 00 0f (15)

String: 48 65 6c 6c 6f 57 6f 72 6c 64 2e 6a 61 76 61 => HelloWorld.java

cp[15]: {tag = 0c} => CONSTANT_NameAndType

info[] has four bytes, two for name two for descriptor:

name: 00 07 (cp[07]), descriptor: 00 08 (cp[08])

cp[16]: {tag = 07} => CONSTANT_ClassInfo

class name: 00 17 (cp[23])

cp[17]: {tag = 0c} => CONSTANT_NameAndType

name: 00 18 (cp[24]), descriptor: 00 19 (cp[25])

cp[18]: {tag = 01} => CONSTANT_Utf8

length: 00 0c (12)

String: 48 65 6c 6c 6f 20 57 6f 72 6c 64 21  => Hello World!

cp[19]: {tag = 07} => CONSTANT_ClassInfo

class name: 00 1a (cp[26])

cp[20]: {tag = 0c} => CONSTANT_NameAndType

name: 00 1b (cp[27]), descriptor: 00 1c (cp[28])

cp[21]: {tag = 01} => CONSTANT_Utf8

length: 00 0a (10)

String: 48 65 6c 6c 6f 57 6f 72 6c 64  => HelloWorld

cp[22]: {tag = 01} => CONSTANT_Utf8

length: 00 10 (16)

String: 01 20 10 6a 61 76 61 2f 6c 61 6e 67 2f 53 79 73 => java/lang/Object

cp[23]: {tag = 01} => CONSTANT_Utf8

length: 00 10 (16)

String: 6a 61 76 61 2f 6c 61 6e 67 2f 53 79 73 74 65 6d  => java/lang/System

cp[24]: {tag = 01} => CONSTANT_Utf8

length: 00 03 (03)

String: 6f 75 74  => out

cp[25]: {tag = 01} => CONSTANT_Utf8

length: 00 15 (21)

String: 4c 6a 61 76 61 2f 69 6f 2f 50 72 69 6e 74 53 74 72 65 61 6d 3b  => Ljava/io/PrintStream;

cp[26]: {tag = 01} => CONSTANT_Utf8

length: 00 13 (19)

String: 6a 61 76 61 2f 69 6f 2f 50 72 69 6e 74 53 74 72 65 61 6d => java/io/PrintStream;

cp[27]: {tag = 01} => CONSTANT_Utf8

length: 00 07 (07)

String: 70 72 69 6e 74 6c 6e  => println

cp[28]: {tag = 01} => CONSTANT_Utf8

length: 00 15 (21)

String: 28 4c 6a 61 76 61 2f 6c 61 6e 67 2f 53 74 72 69 6e 67 3b 29 56  => (Ljava/lang/String;)V

 

The above fields were constant fields in a simple java class. The remaining bytes will be discussed in the next tutorial.

For more information you may refer to:

[1] https://docs.oracle.com/javase/specs/jvms/se8/jvms8.pdf

[2] https://docs.oracle.com/javase/specs/jvms/se7/jvms7.pdf

[3] http://se.inf.ethz.ch/old/teaching/ss2007/0284/Slides/Lect9-2.pdf

Your email address will not be published. Required fields are marked *

*

LinkedIn Auto Publish Powered By : XYZScripts.com