|
Penetration Testing
mailing list archives
RE: JAVA Classes - Recompilation condition errors!!
From: "V. Poddubnyy" <vpoddubniy () mail ru>
Date: Sat, 4 Dec 2004 10:06:45 +0300
Hello,
If you use decompilation (and it looks so), then this is decompilation
error. We investigated this issue this summer and found that:
- some exception handlers are not decompiled correctly (and this looks like
synchronized statements too - your monitor* and class1);
- some JVM instructions are not decompiled at all (your JVM INSTRs);
- if the code is obfuscated, some of the functions may be overloaded by only
the return value, not a name or arguments (this is prohibited in Java, but
not in bytecode);
- and some other problems.
We wrote a tool, which tries to repair the code, but it is not the best
thing. You should modify the code without any decompilation: just modify
bytecode in *.class files. This really helps.
Also you can try to switch decompiler and file a bug to it... :) But this
won't help if to talk about free decompilers.
Hope this answered your question.
--
Best regards,
Vladimir Poddubnyy
-----Original Message-----
From: George Fekkas [mailto:G.Fekkas () encode-sec com]
Sent: Friday, December 03, 2004 12:01 PM
To: pen-test () securityfocus com; webappsec () securityfocus com
Subject: JAVA Classes - Recompilation condition errors!!
Hi Pen-Testers
I am performing a code injection into JAVA classes. I am
working with the Java Object Inspector Tool (COMPASS). I
injected the desirable code in order to inspect JAVA objects.
However, when I am trying to recompile the classes then the
following errors are occurred. I have already checked all the
"imports" for the right paths and all seems to be correct.
C:\Documents and
Settings\Administrator\Desktop\HackClasses\*****.java:89: ';' expected
JVM INSTR monitorenter ;
^
C:\Documents and
Settings\Administrator\Desktop\HackClasses\*****.java:112:not
a statement
class1;
^
C:\Documents and
Settings\Administrator\Desktop\HackClasses\*****.java:113:
';' expected
JVM INSTR monitorexit ;
^
C:\Documents and
Settings\Administrator\Desktop\HackClasses\*****.java:116:
not a statement exception;
^
C:\Documents and
Settings\Administrator\Desktop\HackClasses\*****.java:87: u ndefined
label: MISSING_BLOCK_LABEL_247
break MISSING_BLOCK_LABEL_247;
^
C:\Documents and
Settings\Administrator\Desktop\HackClasses\*****.java:89: c
annot resolve symbol symbol : class JVM
location: class com.edi.commerce.********
JVM INSTR monitorenter ;
^
C:\Documents and
Settings\Administrator\Desktop\HackClasses\*****.java:91: u ndefined
label: MISSING_BLOCK_LABEL_237
break MISSING_BLOCK_LABEL_237;
^
C:\Documents and
Settings\Administrator\Desktop\HackClasses\*****.java:113:cann
ot resolve symbol
symbol : class JVM
location: class com.edi.commerce.*********
JVM INSTR monitorexit ;
^
C:\Documents and
Settings\Administrator\Desktop\HackClasses\*****.java:114:
undefined label: MISSING_BLOCK_LABEL_247
break MISSING_BLOCK_LABEL_247;
^
However, the recompilation was succeeded by comment out the
lines in the source code (Decompile Java Classes).
//if(_type !=3D null)
// break MISSING_BLOCK_LABEL_247;
//Class class1 =3D org.omg.CORBA.TypeCode.class;
//JVM INSTR monitorenter;
//if(_type !=3D null)
// break MISSING_BLOCK_LABEL_237;
//class1;
//JVM INSTR monitorexit;
//break MISSING_BLOCK_LABEL_247;
Is this a big problem? If it is what can I do in order to
avoid these errors?
Thank you for your time.
******************************************************************
Any views expressed in this message are those of the
individual sender, except where the sender specifically
states them to be the views of ENCODE S.A.
******************************************************************
 By Date 
By Thread
Current thread:
|
Intro
