Reverse Engineering of Managed Languages
|
|
- Asher York
- 5 years ago
- Views:
Transcription
1 Reverse Engineering of Managed Languages IT Security Bootcamp 2017 Dorottya Papp
2 Agenda Reverse engineering Managed languages Introduction: what makes a programming language managed? Intermediate language Distributing intermediate language code Useful techniques Dynamic loading Reflection Reverse Engineering of Managed Languages 2
3 Reverse Engineering Starting point: specification Goal: code that confirms with the sepcification Reverse Engineering of Managed Languages 3
4 Reverse Engineering Starting point: application Goal: extract knowledge or design information Bug finding, interfacing, intelligence gathering about competitors Reverse Engineering of Managed Languages 4
5 Managed Languages Reverse Engineering of Managed Languages 5
6 Managed Languages Language compiler: Compiles the source code into the intermediate language Enables platform-independent applications Outputted intermediate language code may not be optimized reverse engineering is relatively easy Examples: javac (Java), Roslyn (open sourced.net) Reverse Engineering of Managed Languages 6
7 Managed Languages Intermediate Language Code: Has its own instruction set Instructions are compact numeric operations which have» Operation code (like an ID)» Operands Interpreted by the JIT compiler Examples: bytecode (Java), Common Language Specification (.NET) Reverse Engineering of Managed Languages 7
8 Managed Languages JIT compiler: Compiles the intermediate language code into native code Has the ability to insert checks between IL instructions safer execution Analyzes IL code and performs optimization Examples: Java Virtual Machine, Common Language Runtime (.NET) Reverse Engineering of Managed Languages 8
9 Managed Languages Reversing Decompiler: IL code source code (?) (Parsing may not be perfectly accurate) Interprets IL instructions and tries to reconstruct higher-level language semantics Examples: JD-Core (Java), dotpeek, ILSpy (.NET) Reverse Engineering of Managed Languages 9
10 What does the decompiler work with? INTERMEDIATE LANGUAGE: JAVA BYTECODE
11 class Files Interpreted by the Java Virtual Machine File format to hold bytecode: a single ClassFile structure ClassFile { u4 magic; minor_version; major_version; constant_pool_count; cp_info constant_pool[constant_pool_count-1]; access_flags; this_class; super_class; interfaces_count; interfaces[interfaces_count]; fields_count; field_info fields[fields_count]; methods_count; method_info methods[methods_count]; attributes_count; attribute_info attributes[attributes_count]; } Reverse Engineering of Managed Languages 11
12 class Files Interpreted by the Java Virtual Machine File format to hold bytecode: a single ClassFile structure ClassFile { } u4 magic; // magic number: 0xCAFEBABE minor_version; major_version; constant_pool_count; cp_info constant_pool[constant_pool_count-1]; access_flags; this_class; super_class; interfaces_count; interfaces[interfaces_count]; fields_count; field_info fields[fields_count]; methods_count; method_info methods[methods_count]; attributes_count; attribute_info attributes[attributes_count]; Reverse Engineering of Managed Languages 12
13 class Files Interpreted by the Java Virtual Machine File format to hold bytecode: a single ClassFile structure ClassFile { } u4 magic; // magic number: 0xCAFEBABE minor_version; // minor version value of class file major_version; // major version value of class file constant_pool_count; cp_info constant_pool[constant_pool_count-1]; access_flags; this_class; super_class; interfaces_count; interfaces[interfaces_count]; fields_count; field_info fields[fields_count]; methods_count; method_info methods[methods_count]; attributes_count; attribute_info attributes[attributes_count]; Reverse Engineering of Managed Languages 13
14 class Files Interpreted by the Java Virtual Machine File format to hold bytecode: a single ClassFile structure ClassFile { } u4 magic; // magic number: 0xCAFEBABE minor_version; // minor version value of class file major_version; // major version value of class file constant_pool_count; cp_info constant_pool[constant_pool_count-1]; //strs, conts, access_flags; this_class; super_class; interfaces_count; interfaces[interfaces_count]; fields_count; field_info fields[fields_count]; methods_count; method_info methods[methods_count]; attributes_count; attribute_info attributes[attributes_count]; Reverse Engineering of Managed Languages 14
15 class Files Interpreted by the Java Virtual Machine File format to hold bytecode: a single ClassFile structure ClassFile { } u4 magic; // magic number: 0xCAFEBABE minor_version; // minor version value of class file major_version; // major version value of class file constant_pool_count; cp_info constant_pool[constant_pool_count-1]; //strs, conts, access_flags; // permissions to class and its props this_class; super_class; interfaces_count; interfaces[interfaces_count]; fields_count; field_info fields[fields_count]; methods_count; method_info methods[methods_count]; attributes_count; attribute_info attributes[attributes_count]; Reverse Engineering of Managed Languages 15
16 class Files Interpreted by the Java Virtual Machine File format to hold bytecode: a single ClassFile structure ClassFile { } u4 magic; // magic number: 0xCAFEBABE minor_version; // minor version value of class file major_version; // major version value of class file constant_pool_count; cp_info constant_pool[constant_pool_count-1]; //strs, conts, access_flags; // permissions to class and its props this_class; // points to class/interface of this file super_class; interfaces_count; interfaces[interfaces_count]; fields_count; field_info fields[fields_count]; methods_count; method_info methods[methods_count]; attributes_count; attribute_info attributes[attributes_count]; Reverse Engineering of Managed Languages 16
17 class Files Interpreted by the Java Virtual Machine File format to hold bytecode: a single ClassFile structure ClassFile { } u4 magic; // magic number: 0xCAFEBABE minor_version; // minor version value of class file major_version; // major version value of class file constant_pool_count; cp_info constant_pool[constant_pool_count-1]; //strs, conts, access_flags; // permissions to class and its props this_class; // points to class/interface of this file super_class; // points to superclass (if any) interfaces_count; interfaces[interfaces_count]; fields_count; field_info fields[fields_count]; methods_count; method_info methods[methods_count]; attributes_count; attribute_info attributes[attributes_count]; Reverse Engineering of Managed Languages 17
18 class Files Interpreted by the Java Virtual Machine File format to hold bytecode: a single ClassFile structure ClassFile { } u4 magic; // magic number: 0xCAFEBABE minor_version; // minor version value of class file major_version; // major version value of class file constant_pool_count; cp_info constant_pool[constant_pool_count-1]; //strs, conts, access_flags; // permissions to class and its props this_class; // points to class/interface of this file super_class; // points to superclass (if any) interfaces_count; interfaces[interfaces_count]; // points to interfaces fields_count; field_info fields[fields_count]; methods_count; method_info methods[methods_count]; attributes_count; attribute_info attributes[attributes_count]; Reverse Engineering of Managed Languages 18
19 class Files Interpreted by the Java Virtual Machine File format to hold bytecode: a single ClassFile structure ClassFile { } u4 magic; // magic number: 0xCAFEBABE minor_version; // minor version value of class file major_version; // major version value of class file constant_pool_count; cp_info constant_pool[constant_pool_count-1]; //strs, conts, access_flags; // permissions to class and its props this_class; // points to class/interface of this file super_class; // points to superclass (if any) interfaces_count; interfaces[interfaces_count]; // points to interfaces fields_count; field_info fields[fields_count]; // fields of this class/interface methods_count; method_info methods[methods_count]; attributes_count; attribute_info attributes[attributes_count]; Reverse Engineering of Managed Languages 19
20 class Files Interpreted by the Java Virtual Machine File format to hold bytecode: a single ClassFile structure ClassFile { } u4 magic; // magic number: 0xCAFEBABE minor_version; // minor version value of class file major_version; // major version value of class file constant_pool_count; cp_info constant_pool[constant_pool_count-1]; //strs, conts, access_flags; // permissions to class and its props this_class; // points to class/interface of this file super_class; // points to superclass (if any) interfaces_count; interfaces[interfaces_count]; // points to interfaces fields_count; field_info fields[fields_count]; // fields of this class/interface methods_count; method_info methods[methods_count]; // methods of this class/iface attributes_count; attribute_info attributes[attributes_count]; Reverse Engineering of Managed Languages 20
21 class Files Interpreted by the Java Virtual Machine File format to hold bytecode: a single ClassFile structure ClassFile { } u4 magic; // magic number: 0xCAFEBABE minor_version; // minor version value of class file major_version; // major version value of class file constant_pool_count; cp_info constant_pool[constant_pool_count-1]; //strs, conts, access_flags; // permissions to class and its props this_class; // points to class/interface of this file super_class; // points to superclass (if any) interfaces_count; interfaces[interfaces_count]; // points to interfaces fields_count; field_info fields[fields_count]; // fields of this class/interface methods_count; method_info methods[methods_count]; // methods of this class/iface attributes_count; attribute_info attributes[attributes_count]; // attributes Reverse Engineering of Managed Languages 21
22 Hello World Source Code public class HelloWorld { public static void main(string[] args){ System.out.println("Hello World!"); } } Reverse Engineering of Managed Languages 22
23 Hello World Header Fields >javap.exe -verbose HelloWorld.class Classfile /c:/ /demo/helloworld/helloworld.class Last modified ; size 426 bytes MD5 checksum 5c4c15156c3fb8cc6af85d656499c5c1 Compiled from "HelloWorld.java" public class HelloWorld minor version: 0 major version: 52 flags: ACC_PUBLIC, ACC_SUPER Reverse Engineering of Managed Languages 23
24 Hello World Constant Pool >javap.exe -verbose HelloWorld.class Constant pool: #1 = Methodref #6.#15 // java/lang/object."<init>":()v #2 = Fieldref #16.#17 // java/lang/system.out:ljava/io/printstream; #3 = String 18 // Hello World! #4 = Methodref #19.#20 // java/io/printstream.println:(ljava/lang/string;)v #5 = Class #21 // HelloWorld #6 = Class #22 // java/lang/object #7 = Utf8 <init> #8 = Utf8 ()V #9 = Utf8 Code #10 = Utf8 LineNumberTable #11 = Utf8 main #12 = Utf8 ([Ljava/lang/String;)V #13 = Utf8 SourceFile #14 = Utf8 HelloWorld.java #15 = NameAndType #7:#8 // "<init>":()v #16 = Class #23 // java/lang/system #17 = NameAndType #24:#25 // out:ljava/io/printstream; #18 = Utf8 Hello World! Reverse Engineering of Managed Languages 24
25 Hello World Bytecode >javap.exe -verbose HelloWorld.class public HelloWorld(); descriptor: ()V flags: ACC_PUBLIC Code: stack=1, locals=1, args_size=1 0: aload_0 1: invokespecial #1 // Method java/lang/object."<init>":()v 4: return LineNumberTable: line 2: 0 Reverse Engineering of Managed Languages 25
26 Hello World Bytecode >javap.exe -verbose HelloWorld.class public static void main(java.lang.string[]); descriptor: ([Ljava/lang/String;)V flags: ACC_PUBLIC, ACC_STATIC Code: stack=2, locals=1, args_size=1 0: getstatic #2 // Field java/lang/system.out:ljava/io/printstream; 3: ldc #3 // String Hello World! 5: invokevirtual #4 // Method java/io/printstream.println:(ljava/lang/string;)v 8: return LineNumberTable: line 4: 0 line 5: 8 Reverse Engineering of Managed Languages 26
27 DISTRIBUTING THE IL: JAVA ARCHIVES
28 Overview Java Archive is essentially a ZIP archive Provides: Lossless data compression, decompression Archiving, unpacking Distribute Java apps Tool: the jar command (java.util.jar API) cf: create tf: view contents xf: extract contents Run: java jar <jar_file> Reverse Engineering of Managed Languages 28
29 JAR File Specification META-INF/ // optional MANIFEST.MF // defined extensions, package data INDEX.LIST // location information <name>.sf // signature file <name>.dsa(rsa) // digital signature services/ // service provider config files Folder1/ subfolder1/ // and so on resourse1 resourse2 resource3 Reverse Engineering of Managed Languages 29
30 Manifest Contains information about the files packaged in a JAR file Metadata in it can be tailored versatility There is exactly one, jar tool automatically creates it In its simplest form, it contains: Manifest-Version: <manifest specification version> Created-By: < JDK version info> (<JDK vendor>) Reverse Engineering of Managed Languages 30
31 Manifest Contains information about the files packaged in a JAR file Metadata in it can be tailored versatility There is exactly one, jar tool automatically creates it In its simplest form, it contains: Manifest-Version: <manifest specification version> Created-By: < JDK version info> (<JDK vendor>) Extensions: Main-Class: <classname> // entry point of app Class-Path: <path_to_jar> // reference to another JAR file Sealed: true // all classes must come from same JAR May contain package version info Reverse Engineering of Managed Languages 31
32 Manifest Example Manifest-Version: 1.0 Created-By: 1.7.0_06 (Oracle Corporation) Name: mycompany/mypackage Specification-Title: Awesome Methods Specification-Version: 0.8 Specification-Vendor: Example Tech, Inc. Implementation-Title: mycompany.mypackage Implementation-Version: build57 Implementation-Vendor: Example Tech, Inc. Main-Class: MyPackage.MyClass Class-Path: MyUtils.jar Sealed: true Reverse Engineering of Managed Languages 32
33 Manifest Enhancing Security JAR file manifest attributes can increase the security of the app Attributes mostly apply for Java web applets Permissions attribute What level of permissions can be requested Signed apps with this attribute cannot request more permissions than the attribute allows Required in the manifest for the main JAR file of the web applet Missing: web applet is blocked sandbox: run the applet in the security sandbox, no additional permissions required all-permissions: requires access to the user s system resources Reverse Engineering of Managed Languages 33
34 Manifest Enhancing Security JAR file manifest attributes can increase the security of the app Attributes mostly apply for Java web applets Codebase attribute The codebase of the JAR file is restricted to specific domains The app cannot be redeployed on another website Values can be either domain names or IP addresses with protocol and port number, separated with spaces Note: if protocol is not HTTPS, some risks still remain (if interested, read up on man-in-the-middle attacks) Reverse Engineering of Managed Languages 34
35 Manifest Enhancing Security JAR file manifest attributes can increase the security of the app Attributes mostly apply for Java web applets Application-Name attribute Title that is shown in security prompts for signed applications Prompt shows a valid title from a signed source Value can be any valid string Reverse Engineering of Managed Languages 35
36 Manifest Enhancing Security JAR file manifest attributes can increase the security of the app Attributes mostly apply for Java web applets Application-Library-Allowable-Codebase attribute Identify locations where the applet is expected to be found Files for the applet are accessed only from known locations Values must be domains and IP addresses where files of the web applet can be found Reverse Engineering of Managed Languages 36
37 Manifest Enhancing Security JAR file manifest attributes can increase the security of the app Attributes mostly apply for Java web applets Caller-Allowable-Codebase attribute Identify domains from which JavaScript code can make calls to your app Untrusted domains cannot interact with the applet Values must be domain or IP addresses If not present, users will decide to allow or block the call Reverse Engineering of Managed Languages 37
38 Manifest Enhancing Security JAR file manifest attributes can increase the security of the app Attributes mostly apply for Java web applets Entry-Point attribute Identifies calsses that are allowed to be used as entry points Prevents unauthorized code from being run if there are multiple ways to start the applet (e.g. multiple Applet classes) Reverse Engineering of Managed Languages 38
39 Manifest Enhancing Security JAR file manifest attributes can increase the security of the app Attributes mostly apply for Java web applets Trusted-Only attribute Prevents untrusted components from being loaded Applet cannot be repurposed with untrusted components Trusted: signed components, applet requests all permissions Value: true (or missing attribute) Reverse Engineering of Managed Languages 39
40 Manifest Enhancing Security JAR file manifest attributes can increase the security of the app Attributes mostly apply for Java web applets Trusted-Library attribute Designed to allow untrusted components Allows calls between privileged and sandox Java code without prompting the user for permission Value: true (or missing attribute) To use, all classes and resources in the JAR file must be signed and request all permissions Reverse Engineering of Managed Languages 40
41 Dynamic class loading, Reflection OTHER USEFUL TECHNIQUES
42 Class Loading JVM 1. Loading Find binary representation of class/interface Create an internal representation of class/interface in the JVM Methods and interface are derived from the constant_pool table Strategy in implementation-specific (lazy vs. eager) Reverse Engineering of Managed Languages 42
43 Class Loading JVM 1. Loading Find binary representation of class/interface Create an internal representation of class/interface in the JVM Methods and interface are derived from the constant_pool table Strategy in implementation-specific (lazy vs. eager) 2. Linking Verify that the binary representation is structurally correct Prepare static fields of class/interface, initialize them to default value Resolve references additional classes/interfaces may be loaded Reverse Engineering of Managed Languages 43
44 Class Loading JVM 1. Loading Find binary representation of class/interface Create an internal representation of class/interface in the JVM Methods and interface are derived from the constant_pool table Strategy in implementation-specific (lazy vs. eager) 2. Linking Verify that the binary representation is structurally correct Prepare static fields of class/interface, initialize them to default value Resolve references additional classes/interfaces may be loaded 3. Initialization Execute the class/interface initialization method JVM is multithreaded other threads may try to initialize the same class/interface at the same time synchronization is needed Reverse Engineering of Managed Languages 44
45 Dynamic Class Loading User Triggers class loading in the JVM at runtime Goal: have a Class object which contains information Examples: Using the ClassLoader ClassLoader cl = MyClass.class.getClassLoader(); Class a = cl.loadclass(<name>); Using the Class.forName Class a = Class.forName(<name>); All types have an associated Class object (works only if the class name is known at comile-time) Class a = MyClass.class; Reverse Engineering of Managed Languages 45
46 Reflection Acquire information about classes and interfaces at runtime Inspect and modify attributes, fields Instantiate new objects Invoke methods Bypasses access modifiers (e.g. private) Don t think of them as security measures! Core security concepts are preserved (see SecurityManager) Use cases: Integrated Development Environment Debuggers Interpreters Test tools Reverse Engineering of Managed Languages 46
47 Reflection Inspecting Class Declaration // Dynamically load a class Class<?> c = Class.forName(args[0]); // Modifiers of class, e.g. public, abstract, final, int mods = c.getmodifiers(); System.out.println(Modifiers.toString(mods)); // Type parameters of class (if any) TypeVariable[] tv = c.gettypeparameters(); // Implemented interfaces Type[] ifaces = c.getgenericinterfaces(); // Superclass Class<?> ancestor = c.getsuperclass(); // Annotations, e.g. deprecated Annotation[] ann = c.getannotations(); Reverse Engineering of Managed Languages 47
48 Reflection Discovering Class Members Locating Fields getdeclaredfield (private too, not inherited), getfield (inherited, not private) getdeclaredfields (as list), getfields (as list) Locating Methods getdeclaredmethod (private too, not inherited), getmethod (inherited, not private) getdeclaredmethods (as list), getmethods (as list) Locating Constructors getdeclaredconstructor (private too), getconstructor getdeclaredconstructors (as list), getconstructors (as list) Reverse Engineering of Managed Languages 48
49 Reflection Creating New Instances If constructor takes no arguments, Class.newInstance() is okay: public class Book { } public long chapters = 0; public String[] characters = {"Alice"}; Class<?> c = Class.forName(<path_to_Book>); Book b = c.newinstance(); Reverse Engineering of Managed Languages 49
50 Reflection Creating New Instances If constructor takes no arguments, Class.newInstance() is okay: If there are arguments, use Constructor.newInstance(): class Aliases { private Set<String> aliases; private Aliases(HashMap<String, String> h) { } aliases = h.keyset(); Class<?> c = Class.forName(<path_to_ Aliases>); Constructor ctor = c.getdeclaredconstructor(hashmap.class); Aliases = ( Aliases) ctor.newinstance(new HashMap<String, String>()); Reverse Engineering of Managed Languages 50
51 Reflection Modifying Fields public class Book { public long chapters = 0; public String[] characters = { "Alice }; } Class<?> c = Class.forName(<path_to_Book>); Book b = c.newinstance(); Field chap = c.getdeclaredfield("chapters"); chap.setlong(b, 150); Reverse Engineering of Managed Languages 51
52 Reflection Invoking Methods public class Book { public long chapters = 0; public String[] characters = { "Alice" }; } public printchapters(){ } System.out.format("Chapters: %s", this.chapters); Class<?> c = Class.forName(<path_to_Book>); Book b = c.newinstance(); Method m = c.getdeclaredmethos("printchapters", null); m.invoke(b, null); Reverse Engineering of Managed Languages 52
53 Tools needed for next time: JDK 1.8, JD-GUI, something scripting ANY QUESTIONS?
301AA - Advanced Programming [AP-2017]
301AA - Advanced Programming [AP-2017] Lecturer: Andrea Corradini andrea@di.unipi.it Tutor: Lillo GalleBa galleba@di.unipi.it Department of Computer Science, Pisa Academic Year 2017/18 AP-2017-05: The
More informationCompiling for Different Platforms. Problem: Too Many Platforms! Dream: Platform Independence. Java Platform 5/3/2011
CS/ENGD 2110 Object-Oriented Programming and Data Structures Spring 2011 Thorsten Joachims Lecture 24: Java Virtual Machine Compiling for Different Platforms Program written in some high-level language
More informationCSCE 314 Programming Languages
CSCE 314 Programming Languages! JVM Dr. Hyunyoung Lee 1 Java Virtual Machine and Java The Java Virtual Machine (JVM) is a stack-based abstract computing machine. JVM was designed to support Java -- Some
More informationSOFTWARE ARCHITECTURE 7. JAVA VIRTUAL MACHINE
1 SOFTWARE ARCHITECTURE 7. JAVA VIRTUAL MACHINE Tatsuya Hagino hagino@sfc.keio.ac.jp slides URL https://vu5.sfc.keio.ac.jp/sa/ Java Programming Language Java Introduced in 1995 Object-oriented programming
More informationUnder the Hood: The Java Virtual Machine. Lecture 23 CS2110 Fall 2008
Under the Hood: The Java Virtual Machine Lecture 23 CS2110 Fall 2008 Compiling for Different Platforms Program written in some high-level language (C, Fortran, ML,...) Compiled to intermediate form Optimized
More informationUnder the Hood: The Java Virtual Machine. Problem: Too Many Platforms! Compiling for Different Platforms. Compiling for Different Platforms
Compiling for Different Platforms Under the Hood: The Java Virtual Machine Program written in some high-level language (C, Fortran, ML, ) Compiled to intermediate form Optimized Code generated for various
More informationLet s make some Marc R. Hoffmann Eclipse Summit Europe
Let s make some Marc R. Hoffmann Eclipse Summit Europe 2012 24.10.2012 public class WhatIsFaster { int i; void inc1() { i = i + 1; } void inc2() { i += 1; } void inc3() { i++; } } Why? Compilers Scrip;ng
More informationVirtual Machine Design
Virtual Machine Design Lecture 5: Inside the Java Virtual Machine Antero Taivalsaari September 2003 Session #2026: J2MEPlatform, Connected Limited Device Configuration (CLDC) Administrative Stuff There
More informationProblem: Too Many Platforms!
Compiling for Different Platforms 2 Program written in some high-level language (C, Fortran, ML,...) Compiled to intermediate form Optimized UNDE THE HOOD: THE JAVA VITUAL MACHINE Code generated for various
More information301AA - Advanced Programming
301AA - Advanced Programming Lecturer: Andrea Corradini andrea@di.unipi.it h;p://pages.di.unipi.it/corradini/ Course pages: h;p://pages.di.unipi.it/corradini/dida@ca/ap-18/ AP-2018-04: Run&me Systems and
More informationBytecode Support for the Universe Type System. Alex Suzuki
Bytecode Support for the Universe Type System Alex Suzuki Semester Project Report Software Component Technology Group Department of Computer Science ETH Zurich http://sct.inf.ethz.ch/ WS 2004/2005 Supervised
More informationCOMP 321: Introduction to Computer Systems
Assigned: 2/1/18, Due: 2/15/18, 11:55 PM Important: This assignment may be done individually or in pairs. Be sure to carefully read the course policies for assignments (including the honor code policy)
More informationBASICS.
BASICS http://www.flickr.com/photos/oskay/472097903/ CSCI 135 - Fundamentals of Computer Science I 2 Outline Computer Basics Programs and Languages Introduction to the Eclipse IDE Our First Program Comments
More informationCSE P 501 Compilers. Java Implementation JVMs, JITs &c Hal Perkins Winter /11/ Hal Perkins & UW CSE V-1
CSE P 501 Compilers Java Implementation JVMs, JITs &c Hal Perkins Winter 2008 3/11/2008 2002-08 Hal Perkins & UW CSE V-1 Agenda Java virtual machine architecture.class files Class loading Execution engines
More informationAgenda. CSE P 501 Compilers. Java Implementation Overview. JVM Architecture. JVM Runtime Data Areas (1) JVM Data Types. CSE P 501 Su04 T-1
Agenda CSE P 501 Compilers Java Implementation JVMs, JITs &c Hal Perkins Summer 2004 Java virtual machine architecture.class files Class loading Execution engines Interpreters & JITs various strategies
More informationIntroduction to Dalvik VM. Kim Seongjin Sangji Univ.
Introduction to Dalvik VM Kim Seongjin Sangji Univ. Android Architecture Dalvik VM ú Dex file format ú The Register-based VM ú Zygote 2 Android Architecture 3 Android Architecture 4 Android Architecture
More informationIntroduction Basic elements of Java
Software and Programming I Introduction Basic elements of Java Roman Kontchakov / Carsten Fuhs Birkbeck, University of London Module Information Time: Thursdays in the Spring term Lectures: MAL B04: 2
More informationRun-time Program Management. Hwansoo Han
Run-time Program Management Hwansoo Han Run-time System Run-time system refers to Set of libraries needed for correct operation of language implementation Some parts obtain all the information from subroutine
More informationThe Java Language Implementation
CS 242 2012 The Java Language Implementation Reading Chapter 13, sections 13.4 and 13.5 Optimizing Dynamically-Typed Object-Oriented Languages With Polymorphic Inline Caches, pages 1 5. Outline Java virtual
More informationIntroflection. Dave Landers BEA Systems, Inc.
Introflection Dave Landers BEA Systems, Inc. dave.landers@bea.com Agenda What is Introflection? Primary Classes and Objects Loading Classes Creating Objects Invoking Methods Java Beans Proxy What is Introflection?
More information02 B The Java Virtual Machine
02 B The Java Virtual Machine CS1102S: Data Structures and Algorithms Martin Henz January 22, 2010 Generated on Friday 22 nd January, 2010, 09:46 CS1102S: Data Structures and Algorithms 02 B The Java Virtual
More informationINTROSPECTION. We need to begin with a more basic concept called type introspection
REFLECTION 1 INTROSPECTION We need to begin with a more basic concept called type introspection The ability of a program to examine the type and properties of an object at runtime A few programming languages
More informationReflection. Based on https://docs.oracle.com/javase/tutorial/reflect/
Reflection Based on https://docs.oracle.com/javase/tutorial/reflect/ Reflection is commonly used by programs which require the ability to examine or modify the runtime behavior of applications running
More informationCS2110 Fall 2011 Lecture 25. Under the Hood: The Java Virtual Machine, Part II
CS2110 Fall 2011 Lecture 25 Under the Hood: The Java Virtual Machine, Part II 1 Java program last time Java compiler Java bytecode (.class files) Compile for platform with JIT Interpret with JVM run native
More informationCourse Overview. PART I: overview material. PART II: inside a compiler. PART III: conclusion
Course Overview PART I: overview material 1 Introduction (today) 2 Language Processors (basic terminology, tombstone diagrams, bootstrapping) 3 The architecture of a Compiler PART II: inside a compiler
More informationToday. Instance Method Dispatch. Instance Method Dispatch. Instance Method Dispatch 11/29/11. today. last time
CS2110 Fall 2011 Lecture 25 Java program last time Java compiler Java bytecode (.class files) Compile for platform with JIT Interpret with JVM Under the Hood: The Java Virtual Machine, Part II 1 run native
More informationChair of Software Engineering. Java and C# in depth. Carlo A. Furia, Marco Piccioni, Bertrand Meyer. Java: reflection
Chair of Software Engineering Carlo A. Furia, Marco Piccioni, Bertrand Meyer Java: reflection Outline Introductory detour: quines Basic reflection Built-in features Introspection Reflective method invocation
More informationJVML Instruction Set. How to get more than 256 local variables! Method Calls. Example. Method Calls
CS6: Program and Data Representation University of Virginia Computer Science Spring 006 David Evans Lecture 8: Code Safety and Virtual Machines (Duke suicide picture by Gary McGraw) pushing constants JVML
More informationThe Java Virtual Machine Specification. Release 1.0 Beta DRAFT
The Java Virtual Machine Specification Release 1.0 Beta DRAFT August 21, 1995 Copyright Information 1993, 1994, 1995 Sun Microsystems, Inc. 2550 Garcia Avenue, Mountain View, California 94043-1100 U.S.A.
More informationJava Internals. Frank Yellin Tim Lindholm JavaSoft
Java Internals Frank Yellin Tim Lindholm JavaSoft About This Talk The JavaSoft implementation of the Java Virtual Machine (JDK 1.0.2) Some companies have tweaked our implementation Alternative implementations
More informationAtelier Java - J1. Marwan Burelle. EPITA Première Année Cycle Ingénieur.
marwan.burelle@lse.epita.fr http://wiki-prog.kh405.net Plan 1 2 Plan 3 4 Plan 1 2 3 4 A Bit of History JAVA was created in 1991 by James Gosling of SUN. The first public implementation (v1.0) in 1995.
More informationAdvanced Programming Introduction
Advanced Programming Introduction Course Description The Goal The Motivation Lectures and Assignments Programming Platform Resources Evaluation Lab: problems, projects, essays easy Exam: written test hard
More informationSpace Exploration EECS /25
1/25 Space Exploration EECS 4315 www.eecs.yorku.ca/course/4315/ Nondeterminism 2/25 Nondeterministic code is code that, even for the same input, can exhibit different behaviours on different runs, as opposed
More informationCS263: Runtime Systems Lecture: High-level language virtual machines. Part 1 of 2. Chandra Krintz UCSB Computer Science Department
CS263: Runtime Systems Lecture: High-level language virtual machines Part 1 of 2 Chandra Krintz UCSB Computer Science Department Portable, Mobile, OO Execution Model Execution model embodied by recent
More informationSoftware Security. Case Study: Java 2 Security. Copyright of HeathWallace 2008
Software Security Case Study: Java 2 Security 1 Agenda About Us Objectives Introduction Foundations of Java 2 Security Tools and APIs Conclusion 2 About Us 3 About HeathWallace Dominant supplier of online
More informationProgramming Language Concepts: Lecture 2
Programming Language Concepts: Lecture 2 Madhavan Mukund Chennai Mathematical Institute madhavan@cmi.ac.in http://www.cmi.ac.in/~madhavan/courses/pl2011 PLC 2011, Lecture 2, 6 January 2011 Classes and
More informationOver-view. CSc Java programs. Java programs. Logging on, and logging o. Slides by Michael Weeks Copyright Unix basics. javac.
Over-view CSc 3210 Slides by Michael Weeks Copyright 2015 Unix basics javac java.j files javap 1 2 jasmin converting from javap to jasmin classfile structure calling methods adding line numbers Java programs
More information(A Woefully Incomplete) Introduction To Java. CSCI 4448/5448: Object-Oriented Analysis & Design Lecture 11 10/02/2012
(A Woefully Incomplete) Introduction To Java CSCI 4448/5448: Object-Oriented Analysis & Design Lecture 11 10/02/2012 1 Goals of the Lecture Present an introduction to the Java programming language Coverage
More informationCSC 4181 Handout : JVM
CSC 4181 Handout : JVM Note: This handout provides you with the basic information about JVM. Although we tried to be accurate about the description, there may be errors. Feel free to check your compiler
More informationJAVA. Reflection API. Java, summer semester
JAVA Reflection API 26.2.2013 1 Overview Reflection changes structure/state of objects Introspection exploring a structure of objects similar to RTTI in C++ but more powerful allows obtaining information
More informationProgramming Language Concepts: Lecture 10
Programming Language Concepts: Lecture 10 Madhavan Mukund Chennai Mathematical Institute madhavan@cmi.ac.in http://www.cmi.ac.in/~madhavan/courses/pl2009 PLC 2009, Lecture 10, 16 February 2009 Reflection
More informationJVM. What This Topic is About. Course Overview. Recap: Interpretive Compilers. Abstract Machines. Abstract Machines. Class Files and Class File Format
Course Overview What This Topic is About PART I: overview material 1 Introduction 2 Language processors (tombstone diagrams, bootstrapping) 3 Architecture of a compiler PART II: inside a compiler 4 Syntax
More informationThe Java programming environment. The Java programming environment. Java: A tiny intro. Java features
The Java programming environment Cleaned up version of C++: no header files, macros, pointers and references, unions, structures, operator overloading, virtual base classes, templates, etc. Object-orientation:
More informationCertified Core Java Developer VS-1036
VS-1036 1. LANGUAGE FUNDAMENTALS The Java language's programming paradigm is implementation and improvement of Object Oriented Programming (OOP) concepts. The Java language has its own rules, syntax, structure
More informationAhead of Time (AOT) Compilation
Ahead of Time (AOT) Compilation Vaibhav Choudhary (@vaibhav_c) Java Platforms Team https://blogs.oracle.com/vaibhav Copyright 2018, Oracle and/or its affiliates. All rights reserved. Safe Harbor Statement
More informationPlan for Today. Safe Programming Languages. What is a secure programming language?
cs2220: Engineering Software Class 19: Java Security Java Security Plan for Today Java Byte s () and Verification Fall 2010 UVa David Evans Reminder: Project Team Requests are due before midnight tomorrow
More informationKAIST Graduate School of Information Security SAR(Security Analysis Report)
Document # CSRC-12-03-011 Title Java Applet Vulnerability Analysis (CVE-2012-5076) Type Attack Trend Technical Analysis Specialty Analysis Data November 15, 2012 Modified November 19, 2012 Author KAIST
More informationCPSC 324 Topics in Java Programming
CPSC 324 Topics in Java Programming Lecture 24 Today Final exam review Java packages and jar files Reminder Group projects on Thursday! Reading Assignment Core: Ch. 10 pp. 493-500 (Jar files) Core: Ch.
More informationNotes of the course - Advanced Programming. Barbara Russo
Notes of the course - Advanced Programming Barbara Russo a.y. 2014-2015 Contents 1 Lecture 2 Lecture 2 - Compilation, Interpreting, and debugging........ 2 1.1 Compiling and interpreting...................
More informationCSE 431S Final Review. Washington University Spring 2013
CSE 431S Final Review Washington University Spring 2013 What You Should Know The six stages of a compiler and what each stage does. The input to and output of each compilation stage (especially the back-end).
More informationAdvances in Programming Languages: Generics, interoperability and implementation
Advances in Programming Languages: Generics, interoperability and implementation Stephen Gilmore The University of Edinburgh February 1, 2007 Understanding generic code Generic Java extends Java with generic
More informationLearning objectives. The Java Environment. Java timeline (cont d) Java timeline. Understand the basic features of Java
Learning objectives The Java Environment Understand the basic features of Java What are portability and robustness? Understand the concepts of bytecode and interpreter What is the JVM? Learn few coding
More informationChapter 4 Java Language Fundamentals
Chapter 4 Java Language Fundamentals Develop code that declares classes, interfaces, and enums, and includes the appropriate use of package and import statements Explain the effect of modifiers Given an
More informationCompiling Techniques
Lecture 10: Introduction to 10 November 2015 Coursework: Block and Procedure Table of contents Introduction 1 Introduction Overview Java Virtual Machine Frames and Function Call 2 JVM Types and Mnemonics
More informationDynamic Class Loading
Dynamic Class Loading Philippe Collet Partially based on notes from Michel Buffa Master 1 IFI Interna,onal 2012-2013 h4p://dep,nfo.unice.fr/twiki/bin/view/minfo/soceng1213 P. Collet 1 Agenda Principle
More informationOutline. Java Models for variables Types and type checking, type safety Interpretation vs. compilation. Reasoning about code. CSCI 2600 Spring
Java Outline Java Models for variables Types and type checking, type safety Interpretation vs. compilation Reasoning about code CSCI 2600 Spring 2017 2 Java Java is a successor to a number of languages,
More informationIn Vogue Dynamic. Alexander Shopov
In Vogue Dynamic Alexander Shopov [ash@edge ~]$ whoami By day: Software Engineer at Cisco {,Nov. 28} By night: OSS contributor Coordinator of Bulgarian Gnome TP Git speaks Bulgarian
More informationJava Security. Compiler. Compiler. Hardware. Interpreter. The virtual machine principle: Abstract Machine Code. Source Code
Java Security The virtual machine principle: Source Code Compiler Abstract Machine Code Abstract Machine Code Compiler Concrete Machine Code Input Hardware Input Interpreter Output 236 Java programs: definitions
More informationJava and C II. CSE 351 Spring Instructor: Ruth Anderson
Java and C II CSE 351 Spring 2017 Instructor: Ruth Anderson Teaching Assistants: Dylan Johnson Kevin Bi Linxing Preston Jiang Cody Ohlsen Yufang Sun Joshua Curtis Administrivia Lab 5 Due TONIGHT! Fri 6/2
More information1 Shyam sir JAVA Notes
1 Shyam sir JAVA Notes 1. What is the most important feature of Java? Java is a platform independent language. 2. What do you mean by platform independence? Platform independence means that we can write
More informationLecture 1: Overview of Java
Lecture 1: Overview of Java What is java? Developed by Sun Microsystems (James Gosling) A general-purpose object-oriented language Based on C/C++ Designed for easy Web/Internet applications Widespread
More informationReflection. Computer Science and Engineering College of Engineering The Ohio State University. Lecture 28
Reflection Computer Science and Engineering College of Engineering The Ohio State University Lecture 28 Motivating Problem Debugger/visualization tool Takes an object, any object Displays the methods one
More informationIntroduction to Java
Introduction to Java Module 1: Getting started, Java Basics 22/01/2010 Prepared by Chris Panayiotou for EPL 233 1 Lab Objectives o Objective: Learn how to write, compile and execute HelloWorld.java Learn
More informationOutline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Language-based Protection: Solution
Outline V22.0202-001 Computer Systems Organization II (Honors) (Introductory Operating Systems) Lecture 21 Language-Based Protection Security April 29, 2002 Announcements Lab 6 due back on May 6th Final
More information엄현상 (Eom, Hyeonsang) School of Computer Science and Engineering Seoul National University COPYRIGHTS 2017 EOM, HYEONSANG ALL RIGHTS RESERVED
엄현상 (Eom, Hyeonsang) School of Computer Science and Engineering Seoul National University COPYRIGHTS 2017 EOM, HYEONSANG ALL RIGHTS RESERVED Outline - Questionnaire Results - Java Overview - Java Examples
More informationProgramming Language Concepts: Lecture 1
Programming Language Concepts: Lecture 1 Madhavan Mukund Chennai Mathematical Institute madhavan@cmi.ac.in http://www.cmi.ac.in/~madhavan/courses/pl2009 PLC 2009, Lecture 1, 12 January 2009 Data and datatypes
More informationCompressing Java Class files
Compressing Java Class files 1999 ACM SIGPLAN Conference on Programming Language Design and Implementation William Pugh Dept. of Computer Science Univ. of Maryland Java Class files Compiled Java source
More information15CS45 : OBJECT ORIENTED CONCEPTS
15CS45 : OBJECT ORIENTED CONCEPTS QUESTION BANK: What do you know about Java? What are the supported platforms by Java Programming Language? List any five features of Java? Why is Java Architectural Neutral?
More informationLecture 1: Introduction to Java
Lecture 1: Introduction to Java 1 Programs Computer programs, known as software, are instructions to the computer. You tell a computer what to do through programs. Without programs, a computer is an empty
More informationProgramming by Delegation
Chapter 2 a Programming by Delegation I. Scott MacKenzie a These slides are mostly based on the course text: Java by abstraction: A client-view approach (4 th edition), H. Roumani (2015). 1 Topics What
More informationJava Security HotJava to Netscape and Beyond
Java Security HotJava to Netscape and Beyond Drew Dean Ed Felten Dan Wallach Department of Computer Science Princeton University 4/5/96 Introduction Q Remote Code is Everywhere Q Java - A new language
More informationStatic Analysis of Dynamic Languages. Jennifer Strater
Static Analysis of Dynamic Languages Jennifer Strater 2017-06-01 Table of Contents Introduction............................................................................... 1 The Three Compiler Options...............................................................
More informationChapter 1 Introduction to Java
Chapter 1 Introduction to Java 1 Why Java? The answer is that Java enables users to develop and deploy applications on the Internet for servers, desktop computers, and small hand-held devices. The future
More informationProgram Dynamic Analysis. Overview
Program Dynamic Analysis Overview Dynamic Analysis JVM & Java Bytecode [2] A Java bytecode engineering library: ASM [1] 2 1 What is dynamic analysis? [3] The investigation of the properties of a running
More information3/15/18. Overview. Program Dynamic Analysis. What is dynamic analysis? [3] Why dynamic analysis? Why dynamic analysis? [3]
Overview Program Dynamic Analysis Dynamic Analysis JVM & Java Bytecode [2] A Java bytecode engineering library: ASM [1] 2 What is dynamic analysis? [3] The investigation of the properties of a running
More informationAgenda. Announcements. Extreme Java G Session 2 - Main Theme Java Tools and Software Engineering Techniques
Extreme Java G22.3033-007 Session 2 - Main Theme Java Tools and Software Engineering Techniques Dr. Jean-Claude Franchitti New York University Computer Science Department Courant Institute of Mathematical
More informationIntroduction to Visual Basic and Visual C++ Introduction to Java. JDK Editions. Overview. Lesson 13. Overview
Introduction to Visual Basic and Visual C++ Introduction to Java Lesson 13 Overview I154-1-A A @ Peter Lo 2010 1 I154-1-A A @ Peter Lo 2010 2 Overview JDK Editions Before you can write and run the simple
More informationJava Class Loading and Bytecode Verification
Java Class Loading and Bytecode Verification Every object is a member of some class. The Class class: its members are the (definitions of) various classes that the JVM knows about. The classes can be dynamically
More informationGetting started with Java
Getting started with Java by Vlad Costel Ungureanu for Learn Stuff Programming Languages A programming language is a formal constructed language designed to communicate instructions to a machine, particularly
More informationCS 209 Spring, 2006 Lab 12: JAR Files Instructor: J.G. Neal
CS 209 Spring, 2006 Lab 12: JAR Files Instructor: J.G. Neal Objectives: To gain experience with the creation and use of JAR files, particularly for an applet. Notes: 1. This lab exercise corresponds to
More informationGoals. Java - An Introduction. Java is Compiled and Interpreted. Architecture Neutral & Portable. Compiled Languages. Introduction to Java
Goals Understand the basics of Java. Introduction to Java Write simple Java Programs. 1 2 Java - An Introduction Java is Compiled and Interpreted Java - The programming language from Sun Microsystems Programmer
More informationCOMP6700/2140 JDK Tools
COMP6700/2140 JDK Tools Alexei B Khorev and Joshua Milthorpe Research School of Computer Science, ANU February 2017 Alexei B Khorev and Joshua Milthorpe (RSCS, ANU) COMP6700/2140 JDK Tools February 2017
More informationCS 11 java track: lecture 1
CS 11 java track: lecture 1 Administrivia need a CS cluster account http://www.cs.caltech.edu/ cgi-bin/sysadmin/account_request.cgi need to know UNIX www.its.caltech.edu/its/facilities/labsclusters/ unix/unixtutorial.shtml
More informationIndex. Course Outline. Grading Policy. Lab Time Distribution. Important Instructions
Index Course Outline Grading Policy Lab Time Distribution Important Instructions 2 Course Outline Week Topics 1 - History and Evolution of Java - Overview of Java 2 - Datatypes - Variables 3 - Arrays 4
More informationJust-In-Time Compilation
Just-In-Time Compilation Thiemo Bucciarelli Institute for Software Engineering and Programming Languages 18. Januar 2016 T. Bucciarelli 18. Januar 2016 1/25 Agenda Definitions Just-In-Time Compilation
More information1. Java is a... language. A. moderate typed B. strogly typed C. weakly typed D. none of these. Answer: B
1. Java is a... language. A. moderate typed B. strogly typed C. weakly typed D. none of these 2. How many primitive data types are there in Java? A. 5 B. 6 C. 7 D. 8 3. In Java byte, short, int and long
More informationAssumptions. History
Assumptions A Brief Introduction to Java for C++ Programmers: Part 1 ENGI 5895: Software Design Faculty of Engineering & Applied Science Memorial University of Newfoundland You already know C++ You understand
More informationSecurity Vulnerability Notice
Security Vulnerability Notice SE-2012-01-ORACLE-11 [Security vulnerabilities in Java SE, Issues 56-60] DISCLAIMER INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
More informationGetting Started with Java. Atul Prakash
Getting Started with Java Atul Prakash Running Programs C++, Fortran, Pascal Python, PHP, Ruby, Perl Java is compiled into device-independent code and then interpreted Source code (.java) is compiled into
More informationJava: framework overview and in-the-small features
Chair of Software Engineering Carlo A. Furia, Marco Piccioni, Bertrand Meyer Java: framework overview and in-the-small features Chair of Software Engineering Carlo A. Furia, Marco Piccioni, Bertrand Meyer
More information02/03/15. Compile, execute, debugging THE ECLIPSE PLATFORM. Blanks'distribu.on' Ques+ons'with'no'answer' 10" 9" 8" No."of"students"vs."no.
Compile, execute, debugging THE ECLIPSE PLATFORM 30" Ques+ons'with'no'answer' What"is"the"goal"of"compila5on?" 25" What"is"the"java"command"for" compiling"a"piece"of"code?" What"is"the"output"of"compila5on?"
More informationWhen Java technology burst onto the Internet scene in 1995,
MOBILE CODE SECURITY SECURE JAVA CLASS LOADING The class loading mechanism, LI GONG Sun Microsystems central to Java, plays a key role in JDK 1.2 by enabling When Java technology burst onto the Internet
More informationCOMP 250 Winter 2011 Reading: Java background January 5, 2011
Almost all of you have taken COMP 202 or equivalent, so I am assuming that you are familiar with the basic techniques and definitions of Java covered in that course. Those of you who have not taken a COMP
More informationReconstructing DALVIK. Applications. Marc Schönefeld CANSECWEST 2009, MAR18
Reconstructing DALVIK Applications Marc Schönefeld CANSECWEST 2009, MAR18 Motivation As a reverse engineer I have the tendency to look in the code that is running on my mobile device Coming from a JVM
More informationRoadmap. Java: Assembly language: OS: Machine code: Computer system:
Roadmap C: car *c = malloc(sizeof(car)); c->miles = 100; c->gals = 17; float mpg = get_mpg(c); free(c); Assembly language: Machine code: Computer system: get_mpg: pushq movq... popq ret %rbp %rsp, %rbp
More informationDelft-Java Link Translation Buffer
Delft-Java Link Translation Buffer John Glossner 1,2 and Stamatis Vassiliadis 2 1 Lucent / Bell Labs Advanced DSP Architecture and Compiler Research Allentown, Pa glossner@lucent.com 2 Delft University
More informationBackground. Reflection. The Class Class. How Objects Work
Background Reflection Turing's great insight: programs are just another kind of data Source code is text Manipulate it line by line, or by parsing expressions Compiled programs are data, too Integers and
More informationCMPSC 497: Java Security
CMPSC 497: Java Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University 1 Enforcement Mechanisms Static mechanisms
More informationJava Bytecode (binary file)
Java is Compiled Unlike Python, which is an interpreted langauge, Java code is compiled. In Java, a compiler reads in a Java source file (the code that we write), and it translates that code into bytecode.
More informationHigh-Level Language VMs
High-Level Language VMs Outline Motivation What is the need for HLL VMs? How are these different from System or Process VMs? Approach to HLL VMs Evolutionary history Pascal P-code Object oriented HLL VMs
More information