Penetration Testing mailing list archives
RE: JAVA Classes - Recompilation condition errors!!
From: "V. Poddubnyy" <vpoddubniy () mail ru>
Date: Sat, 4 Dec 2004 10:06:45 +0300
Hello, If you use decompilation (and it looks so), then this is decompilation error. We investigated this issue this summer and found that: - some exception handlers are not decompiled correctly (and this looks like synchronized statements too - your monitor* and class1); - some JVM instructions are not decompiled at all (your JVM INSTRs); - if the code is obfuscated, some of the functions may be overloaded by only the return value, not a name or arguments (this is prohibited in Java, but not in bytecode); - and some other problems. We wrote a tool, which tries to repair the code, but it is not the best thing. You should modify the code without any decompilation: just modify bytecode in *.class files. This really helps. Also you can try to switch decompiler and file a bug to it... :) But this won't help if to talk about free decompilers. Hope this answered your question. -- Best regards, Vladimir Poddubnyy
-----Original Message----- From: George Fekkas [mailto:G.Fekkas () encode-sec com] Sent: Friday, December 03, 2004 12:01 PM To: pen-test () securityfocus com; webappsec () securityfocus com Subject: JAVA Classes - Recompilation condition errors!! Hi Pen-Testers I am performing a code injection into JAVA classes. I am working with the Java Object Inspector Tool (COMPASS). I injected the desirable code in order to inspect JAVA objects. However, when I am trying to recompile the classes then the following errors are occurred. I have already checked all the "imports" for the right paths and all seems to be correct. C:\Documents and Settings\Administrator\Desktop\HackClasses\*****.java:89: ';' expected JVM INSTR monitorenter ; ^ C:\Documents and Settings\Administrator\Desktop\HackClasses\*****.java:112:not a statement class1; ^ C:\Documents and Settings\Administrator\Desktop\HackClasses\*****.java:113: ';' expected JVM INSTR monitorexit ; ^ C:\Documents and Settings\Administrator\Desktop\HackClasses\*****.java:116: not a statement exception; ^ C:\Documents and Settings\Administrator\Desktop\HackClasses\*****.java:87: u ndefined label: MISSING_BLOCK_LABEL_247 break MISSING_BLOCK_LABEL_247; ^ C:\Documents and Settings\Administrator\Desktop\HackClasses\*****.java:89: c annot resolve symbol symbol : class JVM location: class com.edi.commerce.******** JVM INSTR monitorenter ; ^ C:\Documents and Settings\Administrator\Desktop\HackClasses\*****.java:91: u ndefined label: MISSING_BLOCK_LABEL_237 break MISSING_BLOCK_LABEL_237; ^ C:\Documents and Settings\Administrator\Desktop\HackClasses\*****.java:113:cann ot resolve symbol symbol : class JVM location: class com.edi.commerce.********* JVM INSTR monitorexit ; ^ C:\Documents and Settings\Administrator\Desktop\HackClasses\*****.java:114: undefined label: MISSING_BLOCK_LABEL_247 break MISSING_BLOCK_LABEL_247; ^ However, the recompilation was succeeded by comment out the lines in the source code (Decompile Java Classes). //if(_type !=3D null) // break MISSING_BLOCK_LABEL_247; //Class class1 =3D org.omg.CORBA.TypeCode.class; //JVM INSTR monitorenter; //if(_type !=3D null) // break MISSING_BLOCK_LABEL_237; //class1; //JVM INSTR monitorexit; //break MISSING_BLOCK_LABEL_247; Is this a big problem? If it is what can I do in order to avoid these errors? Thank you for your time. ****************************************************************** Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of ENCODE S.A. ******************************************************************
Current thread:
- JAVA Classes - Recompilation condition errors!! George Fekkas (Dec 03)
- RE: JAVA Classes - Recompilation condition errors!! V. Poddubnyy (Dec 06)
- Re: JAVA Classes - Recompilation condition errors!! Stephen de Vries (Dec 07)