All geek questions in one place

Extract Java classes from AWT executable

I have an application running the JVM, it looks like it uses the Abstract Windowing ToolKit (AWT) , I found that after doing some research, since the main application window is MSAWT_Comp_Class , doing some analysis in the EXE application, I found that what looked like links to import Java classes (I'm not sure):

enter image description here

So, I think Java classes exist, but are not available, all I could find in the application was the contents of RC_DATA, which has the above links, also found that the application is a Java application converted to EXE using Jexegen . since Jexegen and some SDK links can be found using hexadecimal lookups.

My question is, is there a way to extract Java classes or read them from this application? perhaps knowing the structure of the Annotation Windowing ToolKit (AWT) or Swing or Jexegen or how Java files are included in a C # application after compilation.

Hope I could clearly ask my question, I tried my best with my little knowledge.

+2
source share
1 answer

My question is, is there a way to extract Java classes or read them from this application?

As you already found out, the .exe contains resources like RC_DATA . There are two entries of this type. The smaller (with the name "1001") contains only a string with the name of the class (this may be the name of the main class), and the larger (with the name "1000", about 600 Kb) contains the actual classes. You can extract this resource using any resource extraction tool such as a "Resource Hacker".

Each *.class file starts with 4 bytes 0xCA 0xFE 0xBA 0xBE , so you can 0xCA 0xFE 0xBA 0xBE over the contents of the extracted "1000" and save each class in a separate *.class file. Each 0xCA 0xFE 0xBA 0xBE will mark the launch of a new file. And, obviously, the end of the previous one.

Then the classes can be decompiled.

possibly knowing the structure of the abstract WindowKit tool (AWT) or Swing

AWT and Swing are standard user interface libraries. So it doesn’t matter here.

+4
source

Source: https://habr.com/ru/post/1272342/

More articles:


All Articles