Jump to content
  • Advertisement
Sign in to follow this  
nuclear123

Obtain native code from JVM or CLR?

This topic is 2535 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I understand you can pass java and .net bytecode/IL into a decompiler to reproduce the source code if possible! My question is is it possible to obtain the native code the virtual machine creates from your bytecode/IL?

Also is it possible to use a assembly line debugger to walk thru the virtual machine created native code as it executes?

Share this post


Link to post
Share on other sites
Advertisement
Yes, it is possible. Now you will not really get the exact same source code, but it will be close enough to know what was written.

As for assembly line debugger, you can use it to walk through any code that is running. I have done it many times.

So what do you really want to know? Are you trying to protect your own code or hack someone else's?

Share this post


Link to post
Share on other sites
The compilation process is like making hamburger: It's easy to turn a cow into hamburger, it is impossible to turn hamburger back into a cow.

Some information is lost; comments are lost, some names are lost, optimizations can obfuscate what was originally very readable code. Functions could have been inlined, intermediate values removed, loops unrolled. Certain pre-processed values can cause potentially huge logical statements to turn into magic numbers; the same is true for other constants that the compiler can discover. Conditionally-compiled values are gone. Dead code can be gone. Variables can be renamed or optimized away completely. New intermediate items could have been created by the compiler. Strength-reduction operations could turn things like multiplication into a series of shifts or adds, or other less recognizable operations. The list of changes that could have happened is very long.


Things get much harder when someone intentionally runs an obfuscator on the intermediate code. There are two very good reasons for it to happen; the first is it generally makes the code smaller, the second is it makes it much harder for malicious (and curious) people who would attack their code to reconstruct it.


With all that in mind, it helps to understand the reasons behind why you are doing this.

It can be a useful learning exercise to try on your own code, although it is painful. It can be an unfortunate necessity in performance tuning of your own code, and this can be mind-numbing. Or it can be an attack against another program, which can potentially be immoral and possibly illegal depending on the situation.

Share this post


Link to post
Share on other sites
My enjoyment comes along learning to reverse malicious programs. That being said i was curious about reversing the Machine code translation of the bytecode. Maybe i worded my question wrong! but im curious on how your intercept the JVM or CLR after the conversion of a specific bytecode to native code so i can investigate it during runtime! thanks!

Share this post


Link to post
Share on other sites
For .net you can obtain the machine code (or something similar, i assume it does different optimisations being offline) from ngen, which precompiles .net assemblies.
However it would be of little use for your use case of "trying to reverse malicious programs" as very few .net programs are shiped passed throught ngen so what you get is already in IL format and decompilable with existing tools.
Also (and i'm absolutely not sure about this) but i assume that already jitted or ngened assemblies still keep the msil and that the compiled code is stored alongside and not instead of it so i guess you could still use existing tools on those.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!