JAVA 逆向工程技术研究日志

最近碰到了没有代码需要了解客户的业务流程的项目，没办法，看来看去，只能求助于我们的逆向工程技术了；

 

依照基于芯片的汇编逆向工程技术的经验，不难看出我们也需要从如下几方面来对JAVA技术进行详尽的研究：

1. 基于字节码的反编译工具；

2. 字节码调试工具；

3. 字节码编辑工具；

 

本篇幅中后续将介绍一下ClassFile的文件结构，后续日志中将继续介绍所有的工具系列。

 

ClassFile: A class or an interface (or more) (big-endian order, means high bytes come first)

ClassFile {

      u4   magic;

      u2   minor_version;

      u2   major_version;

      u2   constant_pool_count;

      cp_info   constant_pool[constant_pool_count-1];

      u2   access_flags;

      u2   this_class;

      u2   super_class;

      u2   interfaces_count;

      u2   interfaces[interfaces_count];

      u2   fields_count;

      field_info   fields[fields_count];

      u2   methods_count;

      method_info   methods[methods_count];

      u2   attributes_count;

      attribute_info   attributes[attributes_count];

    }

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

magic  
     The magic item supplies the magic number identifying the class file format; it has the value 0xCAFEBABE.

minor_version, major_version 
     The values of the minor_version and major_version items are the minor and major version numbers of this class file.Together, a major and a minor version number determine the version of the class file format. If a class file has major version number M and minor version number m, we denote the version of its class file format as M.m. Thus, class file format versions may be ordered lexicographically, for example, 1.5 < 2.0 < 2.1.
 A Java virtual machine implementation can support a class file format of version v if and only if v lies in some contiguous range Mi.0  v  Mj.m. Only Sun can specify what range of versions a Java virtual machine implementation conforming to a certain release level of the Java platform may support.1

constant_pool_count 
    The value of the constant_pool_count item is equal to the number of entries in the constant_pool table plus one. A constant_pool index is considered valid if it is greater than zero and less than constant_pool_count, with the exception for constants of type long and double noted in §4.4.5.

constant_pool[] 
     The constant_pool is a table of structures (§4.4) representing various string constants, class and interface names, field names, and other constants that are referred to within the ClassFile structure and its substructures. The format of each constant_pool table entry is indicated by its first "tag" byte.
 The constant_pool table is indexed from 1 to constant_pool_count-1.

access_flags  
      The value of the access_flags item is a mask of flags used to denote access permissions to and properties of this class or interface. The interpretation of each flag, when set, is as shown in Table 4.1. 

Flag Name

Value

Interpretation

ACC_PUBLIC

0x0001

Declared public; may be accessed from outside its package.

ACC_FINAL

0x0010

Declared final; no subclasses allowed.

ACC_SUPER

0x0020

Treat superclass methods specially when invoked by the invokespecial instruction.

ACC_INTERFACE

0x0200

Is an interface, not a class.

ACC_ABSTRACT

0x0400

Declared abstract; may not be instantiated.

 

super_class 
    For a class, the value of the super_class item either must be zero or must be a valid index into the constant_pool table. If the value of the super_class item is nonzero, the constant_pool entry at that index must be a CONSTANT_Class_info (§4.4.1) structure representing the direct superclass of the class defined by this class file. Neither the direct superclass nor any of its superclasses may be a final class.
 If the value of the super_class item is zero, then this class file must represent the class Object, the only class or interface without a direct superclass.
 For an interface, the value of the super_class item must always be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Class_info structure representing the class Object.

interfaces_count 
   The value of the interfaces_count item gives the number of direct superinterfaces of this class or interface type.

interfaces[] 
    Each value in the interfaces array must be a valid index into the constant_pool table. The constant_pool entry at each value of interfaces[i], where 0  i < interfaces_count, must be a CONSTANT_Class_info (§4.4.1) structure representing an interface that is a direct superinterface of this class or interface type, in the left-to-right order given in the source for the type.

fields_count 
    The value of the fields_count item gives the number of field_info structures in the fields table. The field_info (§4.5) structures represent all fields, both class variables and instance variables, declared by this class or interface type.

fields[] 
    Each value in the fields table must be a field_info (§4.5) structure giving a complete description of a field in this class or interface. The fields table includes only those fields that are declared by this class or interface. It does not include items representing fields that are inherited from superclasses or superinterfaces.

methods_count 
 The value of the methods_count item gives the number of method_info structures in the methods table.

methods[] 
   Each value in the methods table must be a method_info (§4.6) structure giving a complete description of a method in this class or interface. If the method is not native or abstract, the Java virtual machine instructions implementing the method are also supplied.
 The method_info structures represent all methods declared by this class or interface type, including instance methods, class (static) methods, instance initialization methods (§3.9), and any class or interface initialization method (§3.9). The methods table does not include items representing methods that are inherited from superclasses or superinterfaces.

attributes_count 
   The value of the attributes_count item gives the number of attributes (§4.7) in the attributes table of this class.

attributes[] 
   Each value of the attributes table must be an attribute structure (§4.7).
   The only attributes defined by this specification as appearing in the attributes table of a ClassFile structure are the SourceFile attribute (§4.7.7) and the Deprecated (§4.7.10) attribute.